********************************************************************* Virus Information *********************************************************************
Virus Name: Brasil Aliases: Infects: Floppy and Master Boot Records Likelihood: Common Length: 520 bytes
Characteristics
Memory Resident Yes Triggered Event No Size Stealth No Encrypting No Full Stealth Yes Polymorphic No
Comments No additional information.
That's all I could find.
[ November 21, 2002, 10:20 PM: Message edited by: Si Allen ]
-------------------- Si Allen #562 La Mirada, CA. USA
(714) 521-4810
si.allen on Skype
siallen@dslextreme.com
"SignPainters do It with Longer Strokes!"
Never mess with your profile while in a drunken stupor!!!
Brushasaurus on Chat Posts: 8831 | From: La Mirada, CA, USA | Registered: Nov 1998
| IP: Logged |
posted
Bob - did a google search on Brasil.pif and learned that the worm is also called w32/opaserv c.
Then went to McAfee and did a search on opaserv which took me to a virus removal tutorial that starts out...
How do I remove the Opaserv worm?
This article will also apply to the following Aliases: BackDoor-ALB, Backdoor.Opasoft, Bck/Opasoft (Panda), W32.Opaserv.Worm (Symantec), W95/Scrup.worm, Worm.Win32.Opasoft (AVP), WORM_OPASOFT (Trend)
It says you need a firewall to prevent reinfection after you clean it out of the registry. I would guess, based on that, the bug comes in on an unprotected dsl or similar connection.
You got it or you just heard about it? It does not show up on McAfee's hot lists. Vic G
-------------------- Victor Georgiou Danville, CA , USA Posts: 1746 | From: Danville, CA , USA | Registered: Dec 1998
| IP: Logged |
DrCAS Custom Lettering and Design Saint Cloud, Minnesota
"Things work out best for the people who make the best of the way things work out." - Art Linkletter Posts: 6451 | From: Saint Cloud, Minnesota | Registered: Jun 1999
| IP: Logged |
posted
I can shed some if not a LOT of light on this one.
I have been for 3 weeks now been chasing this one out of all 3 of my work pc's. This virus comes in many strains. It can show up as Brasil.pif, Brasil.exe, scrsvr.exe, alevir.exe, institu.bat, marco!.pif and I'm sure there is more that I missed.
It attacked networks and shared drives, it is a pain in the ass. The only way I finally got rid of it was to be diligent, disconnect any and all pc's from the network and go through all the different strains listed on Norton's site, find and erradicate all the file in the win.ini, the root drive which in my case was c:\ and the registry, then like victor stated install a firewall program.
I beleive this virus once activated marks you as a target to another pc because as I was installing the Norton's internet security program and doing the live update, it came back twice. And it happens only when your online. After the program has been running now for the week it has not showed up once.
Good luck if you have it, and pray that you never get it if you don't.
-------------------- Bob Rochon Creative Signworks Millbury, MA 508-865-7330
"Life is Like an Echo, what you put out, comes back to you." Posts: 5149 | From: Millbury, Mass. U.S. | Registered: Nov 1998
| IP: Logged |
Making the simple complicated is commonplace; making the complicated simple, awesomely simple, that's creativity. — Charles Mingus Posts: 6724 | From: Mendocino, CA. USA | Registered: Nov 1998
| IP: Logged |
posted
Here's what I had to do to get rid of the infected files...
Click START then RUN
Type REGEDIT
Click on SOFTWARE folder
Click on MICROSFT folder
Click on WINDOWS folder
Click on RUN folder
In the RUN folder, there will (should) be program lines with the viruses' names. Delete these command lines.
Also - go to your win.ini file (you find this through Windows Explorer - usually in the Windows directory) and make sure that there are no command lines to direct the viruses. If there are, delete the lines that have (example) RUN BRASIL.EXE (SCRVN.PIF) etc.
The update Norton's or McAfee and run a virus scan.
Hope this helps.
Good Luck!
-------------------- Pat Neve, Jr. 321-537-8675 Capt. Sign
posted
Rick, when you are connected to the web via dsl or something similar, that electronic pipeline runs in both directions. Not only can you send information out, but strangers can send information in - not unlike a network in your own office.
Firewalls monitor the electronic traffic and stop unauthorized inbound data.
Hardware routers have a firewall built in.
The most popular firewall software is a freeware called ZoneAlarm which is available from their website and also from ZD and CNet.
posted
Don, I'm still cracking up at your reply. Bob, good luck, it's aweful to get a computer Virus. The largest reason we have been switching to Mac is that very ( I mean VERY) few virus's are written for the Mac platform.
-------------------- Jeff Bailey Rapid Tac Inc. Grants Pass, Oregon Posts: 231 | From: Grants Pass, Oregon, USA | Registered: Feb 2001
| IP: Logged |
![[Razz]](tongue.gif)
![[Confused]](confused.gif)
![[Smile]](smile.gif)
Printer-friendly view of this topic