||||
Symantec.com > Security Response > Threats and Risks > W32.Opaserv.K.Worm
PRINT THIS PAGE

W32.Opaserv.K.Worm

Risk Level 2: Low

Printer Friendly Page

Discovered: December 24, 2002
Updated: February 13, 2007 11:41:59 AM
Also Known As: W32/Opaserv.worm.m [McAfee], W32/Opaserv.worm.n [McAfee], W32/Opaserv-H [Sophos], W32/Opaserv-I [Sophos], W32/Opaserv-L [Panda], Opaserv.F [F-Prot], WORM_OPASERV.M [Trend]
Type: Worm
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
CVE References: CVE-2000-0979


W32.Opaserv.K.Worm is a network-aware worm that spreads across open network shares. This worm copies itself to the remote computer as a file named Mqbkup.exe. It is compressed with a PECompact packer.

Before you follow the steps in this document, if you are running Windows 95/98/Me, download and install the Microsoft patch from: http://www.microsoft.com/technet/security/bulletin/MS00-072.asp.

NOTE: Some of W32.Opaserv.K.Worm functionality is specific to the Windows 95/98/Me systems, while some of it is only functional on Windows NT/2000/XP.

If you are on a network or have a full-time connection to the Internet, such as a DSL or cable modem, disconnect the computer from the network and the Internet before attempting to remove this worm. If you have shared the files or folders, disable them. When you have finished the removal procedure, if you decide to re-enable file sharing, Symantec suggests that you do not share the root of drive C. Instead, share the specific folders. These shared folders must be password-protected with a secure password. Do not use a blank password.

Recently, a new variant of the W32.Opaserv.K.Worm was discovered. The differences between this new variant and the old one are:
  • File name is Mmstask.exe, instead of Mqbkup.exe.
  • Registry key that the new variant adds is Mstask or Mstasksys.
  • File size is 20,480 bytes.
Other differences between the two variants have not been discovered.
Symantec antivirus products have already detected this new variant as W32.Opaserv.K.Worm.

Protection

  • Initial Rapid Release version December 24, 2002
  • Latest Rapid Release version November 13, 2009 revision 034
  • Initial Daily Certified version December 24, 2002
  • Latest Daily Certified version November 13, 2009 revision 033
  • Initial Weekly Certified release date December 24, 2002

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Moderate
  • Removal: Moderate

Damage

  • Damage Level: High

Distribution

  • Distribution Level: Medium

Writeup By: Serghei Sevcenco
Search by name
Example: W32.Beagle.AG@mm
Limited Time Offers! Save up to 50%
Windows Vista Security
©1995 - 2009 Symantec Corporation
Site Map|
Legal Notices|
Privacy Policy|
|
Contact Us|
Global Sites|
License Agreements|
RSS