PPRuNe Forums - View Single Post - Opaserv virus (Brazil variant)
Thread: Opaserv virus (Brazil variant)
View Single Post
Old 17th June 2003 | 06:22
  #3 (permalink)  
TR4A
 
Joined: Mar 2000
Posts: 2,809
Likes: 0
From: Bothell WA
Symantec

W32.Opaserv.E.Worm is a variant of W32.Opaserv.Worm. It is a network-aware worm that spreads itself across open network shares. It copies itself to the remote computer as the file Brasil.exe or Brasil.pif.

This worm also attempts to download updates from www.n3t.com.br, although the site may have already been shut down. Indicators of infection include:

The existence of the files Brasil.dat and Brasil!.dat, or Put.ini in the root of drive C. This indicates a local infection (that is, the worm was executed on the local computer).
The existence of the Put.ini file in the root of drive C. This may indicate a remote infection (that is, the computer was infected by a remote host).
TR4A is offline