alevrius

Ryoko · Feb 6, 2003, 09:14 PM

yesterday as i was monitoring net watcher, i saw a user with computer name "alevrius" open up a shared resource on one of my computers and drop a file named "brasil.exe" into the computer's windows directory. i disconnected the computer immediately and deleted the file. i looked on google for any information, but all i found was speculation that it might be a virus. does anyone here know anything about "alevrius"?

peroni · Feb 6, 2003, 09:23 PM

Brasil.exe contains a virus called W32/Opaserv.worm.f
You can find information here http://vil.nai.com/vil/content/v_99729.htm

The question is, how did he get access to your shares?
Are you leaving netbios over tcp enabled?

Ryoko · Feb 6, 2003, 10:50 PM

Quote:

Originally posted by peroni
Brasil.exe contains a virus called W32/Opaserv.worm.f
You can find information here http://vil.nai.com/vil/content/v_99729.htm

thanks, reading up on it now...

Quote:

Originally posted by peroni
The question is, how did he get access to your shares?
Are you leaving netbios over tcp enabled?

i actually haven't changed anything in tcpip... it's all set to default win98se values.

i disconnected when 12k of it had been copied to my comp. it says it's 28k in size, so i should be safe from this particular instance.

Matth · Feb 7, 2003, 03:48 PM

Go directly to
http://grc.com/su-bondage.htm

Ensure that you do NOT leave file and printer sharing bound to TCP/IP on any outgoing adapter.
If you do not share on a local network, then remove altogether!

Feb 6, 2003, 09:14 PM	#1
Ryoko American Soldier Join Date: May 2002 Location: Williamsburg, VA Posts: 1,725 Rep Power: 0	alevrius yesterday as i was monitoring net watcher, i saw a user with computer name "alevrius" open up a shared resource on one of my computers and drop a file named "brasil.exe" into the computer's windows directory. i disconnected the computer immediately and deleted the file. i looked on google for any information, but all i found was speculation that it might be a virus. does anyone here know anything about "alevrius"?

Feb 6, 2003, 09:23 PM	#2
peroni DriverHeaven Senior Member Join Date: May 2002 Location: The Netherlands Posts: 591 Rep Power: 0	Brasil.exe contains a virus called W32/Opaserv.worm.f You can find information here http://vil.nai.com/vil/content/v_99729.htm The question is, how did he get access to your shares? Are you leaving netbios over tcp enabled? __________________ Gaming Rig 3DMark2k1 PCMark2k2 The Server 3Dmark2k1 PCMark2k2 Notebook 3Dmark2k1 PCMark2k2

Feb 7, 2003, 03:48 PM	#4
Matth Flash Banner Hater Join Date: Jun 2002 Location: UK Posts: 3,426 Rep Power: 93 System Specs	Go directly to http://grc.com/su-bondage.htm Ensure that you do NOT leave file and printer sharing bound to TCP/IP on any outgoing adapter. If you do not share on a local network, then remove altogether!