| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 26258 | 2002-10-23 04:26:00 | What is this file | deedinky (2324) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 92053 | 2002-10-23 04:26:00 | Came across the file brasil.exe in the c:\windows directory in win me. Does anyone know what it does?? Thanks, Don |
deedinky (2324) | ||
| 92054 | 2002-10-23 04:29:00 | W32/Opaserv-C Aliases Opaserv-E Type Win32 worm Description W32/Opaserv-C is a variant of W32/Opaserv-A and is a worm that spreads via network shares . When executed the worm will create a file called brasil . exe or brasil . pif in the Windows folder on the current drive . W32/Opaserv-C then adds one of the following registry entries to run itself when the system starts: HKLM\Software\Microsoft\Windows\CurrentVersion\Run \Brasil = C:\WINDOWS\brasil . exe or HKLM\Software\Microsoft\Windows\CurrentVersion\Run \Brasil = C:\WINDOWS\brasil . pif The worm attempts to copy itself to the Windows folder on networked computers with open shared drives . It then modifies the win . ini file on the remote machine to ensure the copied file will be run on system start . The worm also searches local IP addresses for open C: shares and attempts to copy itself to the Windows folder of the share . W32/Opaserv-C also attempts to connect to a website that is currently unavailable . This attempted connection is most likely intended as a means of updating the worm executable . The following three non-viral files may be found in the root folder of infected systems: put . ini scrsin . dat scrsout . dat |
godfather (25) | ||
| 92055 | 2002-10-23 04:30:00 | Which begs the question, why your antivirus software fails to pick it up? What are you using in the way of virus protection, and how up to date is it? |
godfather (25) | ||
| 92056 | 2002-10-23 04:32:00 | i did a search on google and came up with the following results (www.google.co.nz). it's a worm or virus thingy. cheers, v.K------------------ :D |
vk_dre (195) | ||
| 92057 | 2002-10-23 04:35:00 | Hi there from what I can gather it seems looks to be a virus, in fact it is appears to be a variation of the Win32 worm. I suggest you update your virus definitions and run a full system scan, if you do not have an anti-virus program then now would be a good time to get one. Have a look at the following links on the information I found on brasil.exe, remember viruses can take on many different forms and names so if the file on your machine is not exactly the same as described don't go thinking your safe. www.sophos.com also this one (I'm not too sure if this one is related or not but it may be) [url=http://securityresponse.symantec.com/avcenter/venc/data/w32.toal.a@mm.htmlhttp://securityresponse.symantec.com/avcenter/venc/data/w32.toal.a@mm.html[/url] |
Sam H (525) | ||
| 1 | |||||