Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Opaserv-V

Nov 17, 2003 12:17AM PST

Type
Win32 worm

W32/Opaserv-V is a worm which spreads by copying itself to network shares.
The worm drops copies of itself to the Windows folder as Banda!, Podre!! and speedy.pif, then adds an entry to the registry at

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Spees3

to run itself on system restart.

The worm attempts to copy itself to the Windows folder on networked computers with open shared drives. The worm then modifies the win.ini on the remote machine to ensure it will be run on system restart.

W32/Opaserv-V also attempts to update itself periodically from a pre-configured website.

http://www.sophos.com/virusinfo/analyses/w32opaservv.html

Discussion is locked