VARIANTS SPREADS IN THE WILD
Virus Name : Worm/Opaserv.K
Alias : Opaserv.K,
Virus type : Network
level : Medium
is a modified variant of Opaserv worm, spreads using shared
network drives. Opaserv.K infects only the network shares and
it will not spread using e-mail attachments. It
contains a destructive payload, when executed it will
overwrite all the hard disk sectors.
modifies the registry entries to start automatically. The
registry modification will be HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current
Version\Run= Mqbkup or qbkupdbs. In case of remote infection,
it modifies WIN.INI to load automatically on the next startup.
executed, it searches for Windows folder in the local system
and copies to "Mqbkup.exe". The worm also creates
the files C:\Boot.exe and C:\Mslicenf.com. The worm uses
C:\AUTOEXEC.BAT to load these files automatically.
Mslicenf.com is a destructive file. When executed on the next
startup, it destroys the hard disk data by overwriting all the
starting sectors with its own copy.
displays this message:
Windows license detected!
You are in violation of the Digital Millennium Copyright Act!
Your unauthorized license has been revoked.
For more information, please call us at:
If you are outside the USA, please look up the correct contact
on our website, at:
Business Software Alliance
Promoting a safe & legal online world.
worm is also known as Worm/Opaserv.K, W32.Opaserv.M.Worm,
detects and removes all Opaserv variants without problem.
How can I protect my
Solo has incorporated Opaserv.K worm in its signature file to protect users from
this worm attack. Solo antivirus registered users
are already protected from this worm. Make sure
that you have installed registered version of
Solo Antivirus to protect your system from all
to remove this worm?
you are already infected with this worm, download and install
security patches from the link http://www.microsoft.com/technet/security/bulletin/MS00-072.asp
. Then run Solo anti-virus and choose Delete option to remove the worm
Opaserv is a network aware worm. If you are connected with network, you have to remove
worm from all the machines connected with network at one stretch
to avoid re-infection. Also password protect your C drive share or set the C drive share to read only access.
Right click on the C drive in the Windows explorer and password protect your network share.
Then edit your C:\Windows\win.ini file and remove the line
antivirus can detect and remove Opaserv.K worm safely.
Use the following link to Download 30 day trial version of
to remove viruses from your computer.
Solo anti-virus not only
scans for all viruses, it contains a unique System
Integrity Checker to protect you from
New Internet Worms, Backdoors and
malicious VB, Java Scripts. It also
effectively removes all existing Internet Worms,
File viruses, malicious VB, Java scripts,
Trojans, Backdoors, boot sector, partition table
and macro viruses.
purchase Solo antivirus using the link