Windows 98 Network Virus Infected

The network in question has 3 machines. all of them are windows 98 se.

2 of the 3 machines have the w32.opaserv and w95.dupator virus........

None of the machines had a virus scanner.......

First thing I tried to do was use symantec's removal tool for the opaserv virus... I downloaded it, started in safemode, and ran it.

I also had applied the microsoft security patch that was recommended with the tool on both machines.

After the tool had finished, it said that the infection had been removed from the systems.

I then rebooted, and tried to install Norton Anti-virus 2002 professional.

Norton installs, then it reboots when done installing, and when windows tries to come back up, the machine locks up at the windows 98 screen...

This happened on all 3 machines.

loaded into safe mode

I tried uninstalling/reinstalling......... no effect.

I ran an online virus scan and it found 10-11 files infected....

the opaserv one's were just some ini files, but the dupator files where ::

notepad.exe, kernel32.dll, msconfig.exe, spool32.exe

I tried restoring a fresh copy of these, then restarting. Still i cannot install norton antivirus.

Any ideas on the best way to remove these viruses and get norton installed?

 

This is probably the most detailed thread involving the worm that we have had:

http://forums.techguy.org/showthread.php?postid=608601#post608601

 

lonesome_wolf2000,
Those ini files that have the opasrv, If I understood correctly are the very files that keep recreating the worm every time that the machine is re-booted. I cleared this disgusting little worm off of 2 machines located in one of my company's locations. I found that the repair tool did not work and I had to remove it manually, and not re-boot until I was sure it was gone.
This was the thread that helped me the absolute most in removing it. http://forums.techguy.org/showthread.php?threadid=97918
griffinspc had a horrible time with it, and thanks to him posting what he did, I had a relatiely easy time eradicating it.

Good Luck!
JustMe2

 

Ok here's an update::::::

I printed out the posts and all documents related to them.
Downloaded all the tools that i could.

Went back to the network.

After reading the materials I started with machine number 1. I copied the removal tools to the computer. Uncofigured machine for network (no shares, windows logon, etc) Restarted. unplugged the network cable. started computer in safe mode. Used the removal tools (3 or 4 of them) then i looked for the tmp.ini files, and other infected files, and deleted them.... I check the win.ini settings, as well as the other startup documents.... and removed entried from them.... I checked windows registry, nothing there.

After assuring that the most commonly found files for this virus were not there, i made dummy files of them and made them read-only. I restarted......

Computer restarts just fine.... no signs of the virus, no changes made to the startup files, everything seems squeaky clean... so i tried to install Norton Antivirus 2003. It installs, reboots, and then on startup, the computer restarts by itself. This happens just at the point that the windows 98 screen is supposed to disappear and give you the start of the desktop. When it tries to boot again, it locks at the windows 98 screen.

When i go into safe mode, i can uninstall norton. When i did this i made sure that no directories were left behind or registry entries either. I reboot, the computer comes up fine.... When reinstall Norton, the cycle repeats.

I think that the virus could be licked, but norton is wigging out on something. Ideas?

I have not hooked the machine back up to the network for fear of reinfection of the other machines... but i need to get that machine back on the network. I'm thinking about trying to install another virus scanner to see if it just norton going crazy.....

Open for suggestions at this point

Thanks

 

I don't see any specific manual uninstall instructions for NAV 2003 on their site, but the configuration is probably the same as NAV 2002 with the exception of the files in the second link below. They also have a utility which may be helpful.

From what I've seen when similar problems occur, it is necessary to go through the manual uninstall step by step, particularly regarding registry entries to ensure all have been removed.

http://service1.symantec.com/SUPPOR...6aa30052f4d0/fca3443f79ade50188256aa900509f0a

http://service1.symantec.com/SUPPOR...ec4f652f3df0fde388256c8e0066e3fd?OpenDocument