The_Unbeliever
Honorary Master
- Joined
- Apr 19, 2005
- Messages
- 103,196
Way back in 2002-2003 I was fortunate enough to meet the Opaserv worm.
The PC's in question was Windows98 and 98SE with Norton 2003.
Norton would pick up the worm and clean it out, but could not stop the worm from infecting the PC.
So what we did was the following :
We would check for the name of the executable which Norton deleted/quarantined, and then we would create a folder of exactly the same name in the c:\windows and c:\windows\system folders.
So, for example, one variant of the Opaserv worm created an executable called BRASIL.EXE or BRASIL.PIF. Then one would just create a folder with the exact same name, and this stopped the worm cold. No more infection, until some bright spark at the other side tweaked the worm's code and it created other executables. Same method applied - check with Norton, create a folder.
Which brings us to 2010 - and beyond.
Recently I had to go to site to test an iBurst setup. The target PC had a nasty floozy trojan which would infect my memory stick, and I had to clean it every time I want to use it.
Brainwave.
I checked the memory stick with a Linux PC, and found that :
1. More often than not, the poxy trojan/worm/virus would create an autorun.inf file which would point to some random executable hidden within the Recycler folder.
So, I deleted the autorun.inf file, and created a folder with the name of autorun.inf
And I also created a file called Recycler
From that point onwards my memory stick remained clean and no further infections was possible even though the PC I introduced my memory stick to, was infected.
Please note that this might be of help to you in a tight spot, but I cannot guarantee that it will work 100%.
Regards
Libs
The PC's in question was Windows98 and 98SE with Norton 2003.
Norton would pick up the worm and clean it out, but could not stop the worm from infecting the PC.
So what we did was the following :
We would check for the name of the executable which Norton deleted/quarantined, and then we would create a folder of exactly the same name in the c:\windows and c:\windows\system folders.
So, for example, one variant of the Opaserv worm created an executable called BRASIL.EXE or BRASIL.PIF. Then one would just create a folder with the exact same name, and this stopped the worm cold. No more infection, until some bright spark at the other side tweaked the worm's code and it created other executables. Same method applied - check with Norton, create a folder.
Which brings us to 2010 - and beyond.
Recently I had to go to site to test an iBurst setup. The target PC had a nasty floozy trojan which would infect my memory stick, and I had to clean it every time I want to use it.
Brainwave.
I checked the memory stick with a Linux PC, and found that :
1. More often than not, the poxy trojan/worm/virus would create an autorun.inf file which would point to some random executable hidden within the Recycler folder.
So, I deleted the autorun.inf file, and created a folder with the name of autorun.inf
And I also created a file called Recycler
From that point onwards my memory stick remained clean and no further infections was possible even though the PC I introduced my memory stick to, was infected.
Please note that this might be of help to you in a tight spot, but I cannot guarantee that it will work 100%.
Regards
Libs