W32/Opaserv-L

Category: Viruses and Spyware Protection available since:27 Jan 2003 00:00:00 (GMT)
Type: Win32 worm Last Updated:27 Jan 2003 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Opaserv-L is a member of the W32/Opaserv family. When run W32/Opaserv-L copies itself into the Windows folder as svr32.exe and sets the following registry entry to run itself automatically when Windows starts up:

HKLM\Software\Microsoft\Windows\CurrentVersion\
Run\Svr32 = C:\Windows\svr32.exe

W32/Opaserv-L spreads over the internet using Windows network shares. The worm copies itself over to the Windows folder of the remote computer as svr32.exe and sets the following entry in the [Windows] section of win.ini:
run=C:\Windows\svr32.exe

This entry will start the worm on the remote computer when Windows starts up.

W32/Opaserv-L will attempt to remove older variants of the W32/Opaserv worm by removing the following files from the Windows folder:

alevir.exe
scrsvr.exe
brasil.exe

The following registry entries will also be removed:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SCRSVR
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ALEVIR
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\BRASIL

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy