Re: brasil.pif
From: Karl Levinson [x y] MVP (levinson_k@excite.com)
Date: 10/23/02
- Next message: Michel Gallant (MVP): "Re: cannot open file attachments"
- Previous message: Karl Levinson [x y] MVP: "Re: MS Security Configuration Tool Set (SCTS)"
- In reply to: pete lacey: "Re: brasil.pif"
- Next in thread: pete lacey: "Re: brasil.pif"
- Reply: pete lacey: "Re: brasil.pif"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Karl Levinson [x y] MVP" <levinson_k@excite.com> Date: Wed, 23 Oct 2002 09:24:59 -0400
I'm guessing it can't be deleted because it is still in use, which would
also mean that there is a setting somewhere, possibly in the registry, that
is launching it that would cause error messages if you were able to delete
the file anyways. To delete the file, you might try doing CTRL-ALT-DEL to
find and shut down the process, though you would also want to disable the
registry setting, which you can do using the MSCONFIG command or by
downloading and running Startup Cop from www.google.com
I assume you've also already tried using your antivirus program with the
latest updates and also the Opaserv removal tool and information at
antivirus web sites such as http://www.sarc.com
A search of www.google.com for brasil.pif revealed a number of sites with
information on where to find brasil.pif in the registry, such as
http://www.sophos.com/virusinfo/analyses/w32opaservc.html IMHO you should
only try to remove viruses manually if your antivirus and any free removal
tools can detect but cannot remove the virus. It sounds like brasil.pif may
be part of the Opaserv-C variant and/or others.
Note also that [I think] you need to get all the latest Microsoft patches as
well as using antivirus, in order to block future reinfection.
"pete lacey" <peter.lacey@duni.co.uk> wrote in message
news:4d4f01c27a7f$88b65080$39ef2ecf@TKMSFTNGXA08...
> I received this I-Worm, Opaserv.A 22nd Oct. It is
> persistent with both 'scrsrv.exe and 'brasil.pif'
> attempting to access the web, prevented by Zonealarm
> firewall. I cannot rename brasil.pif in the c:\windows
> folder how did you manage this? I cannot delete it
> either.I deleted all registry keys referencing both scrsrv
> and brasil, which stopped popup errors, do not delete
> registry key for brasilia which is a 'good' key. Use find
> to locate scrsrv.exe and delete it, but how to delete
> brasil.pif eludes me.
> >-----Original Message-----
> >"Don Wieber" <jusndon@attbi.com> wrote in message
> >news:a23101c279f2$ba9fda40$36ef2ecf@tkmsftngxa12...
> >> What is "Brasil.pif? and why is it trying to communicate
> >> with some other IP from my computer? It was certainly a
> >> persistant critter, until I renamed it. Now I get an
> >> error, every time I boot, when something
> >> called "scrsvr.exe" trys to execute.
> >
> >You should be using an antivirus program that is set to
> download the latest
> >updates every day, if you're not. Sounds like the
> Opaserv worm, though
> >using an antivirus is the best way to confirm or deny and
> also remove any
> >possible viruses.
> >
> >Many [or all?] antivirus programs can have trouble
> removing files that are
> >currently running and in use under Windows. Try
> searching for Opaserv in
> >the virus information database at www.sarc.com or
> www.mcafee.com for manual
> >removal instructions. These sites may also have an
> opaserv removal tool
> >which might be worth a try.
> >
> >If this doesn't help, using the MSCONFIG command [e.g.
> Start, Run, type
> >MSCONFIG and click OK] or downloading and running Startup
> Cop from
> >www.google.com might help you disable opaserv and then
> reboot and re-run
> >antivirus.
> >
> >I believe with Opaserv you also need a Microsoft security
> patch [or better
> >yet, all of them]. Security patches can be downloaded
> from
> >www.windowsupdate.com The specific patch you especially
> need is listed at
> >the www.sarc.com virus database entry for Opaserv.
> >
> >==============
> >
> >Antivirus programs may be purchased from Internet web
> sites, from your local
> >computer store, and even from stores like Target and Wal-
> Mart. Antivirus
> >software can be found using the links below:
> >
> >www.symantec.com [Norton Antivirus]
> >www.grisoft.com [AVG Antivirus [including a free version]
> >www.f-prot.com/products [free DOS version]
> >www.f-secure.com [F-Secure]
> >www.trendmicro.com [Trend Micro]
> >www.wilders.org
> >www.download.com
> >www.tucows.com
> >
> >[Most of the antivirus products will also work on Windows
> Server products or
> >have a version for Windows Server.]
> >
> >There are also a number of web sites that will scan your
> computer for
> >viruses for free. However, using these web sites will do
> nothing to protect
> >you against future re-infection and damage to your
> computer files. Some of
> >these web sites include:
> >
> >http://security2.norton.com [Norton free one-time web-
> based scanner]
> >http://housecall.antivirus.com [Trend Micro free one-time
> web-based scanner]
> >
> >Just running an antivirus program is not enough. You
> should make sure that
> >your antivirus program can be configured to download
> updates every day [or
> >every week] automatically via the Internet, and open the
> program from time
> >to time to ensure that it is still receiving updates.
> >
> >Antivirus software is like prescription drugs or
> psychologists; the first
> >one you get might not work right for you. If one
> antivirus program fails to
> >install or causes your computer to perform slowly, you
> could contact the
> >manufacturer, or you could uninstall it and try another
> antivirus program.
> >
> >Note that you may need to set your antivirus program to
> ignore certain
> >folders, such as the folder containing your firewall
> software. Failing to do
> >so can cause speed problems or false alarms on your
> computer.
> >
> >You generally only want to install and run no more than
> one antivirus
> >program on your computer at a time. Running two memory-
> resident, on-access
> >antivirus programs simultaneously can cause false alarms
> or cause other
> >problems.
> >
> >
> >.
> >
- Next message: Michel Gallant (MVP): "Re: cannot open file attachments"
- Previous message: Karl Levinson [x y] MVP: "Re: MS Security Configuration Tool Set (SCTS)"
- In reply to: pete lacey: "Re: brasil.pif"
- Next in thread: pete lacey: "Re: brasil.pif"
- Reply: pete lacey: "Re: brasil.pif"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
