|Posted on Thursday, November 14, 2002 - 6:45 pm: |
I have a home network with two computers. Both have W98.
On BOTH computers neither Scandisk or Disk Defrag will work.
Disk Defrag locks up the computer as soon as it is started.
Scandisk starts to work, gets about 1/3 of the way through scanning disc surface data area and goes to check file allocation tables and locks up the computer. In quick and thorough scan. And from running scandisk from W98 installation disk.
I have had a W32 Ospaserv worm recently. Both computers were affected. I downloaded the Symantec worm removal tool, and cleared both computers and installed microsofts patch. Then installed a firewall. I then removed files called 'alevir", "brasil","marco!", and "gay" completely from both computers. These files are installed by the worm, but shut down by the worm removal tool, but I wanted to be certain they couldnt be reactivated.
Now I have these problems. Ive never heard of these problems being associated with the worm on any website/forum, but for the problems to affect both computers its seems an unlikely coincidence.
|Posted on Thursday, November 14, 2002 - 7:59 pm: |
Run SFC from the command line and see if there are any corrupt system files. Also you can try reinstalling windows from the desktop. Hopefully it will fix any damaged files. It won't erase any files that you have, but it's best to back up anything you don't want to lose.
|Posted on Thursday, November 14, 2002 - 9:09 pm: |
question........... were you able to use scandisk or defrag before the worm in normal mode? try going into safe mode and see if they work. some background program seems to be writing to the hard disk in normal mode and the drive must be locked to do what you are trying. it could be nothing more than an antivirus or findfast if you have office. something like that.
|Posted on Thursday, November 14, 2002 - 9:12 pm: |
oh, just an update. you may not have gotten all of the worm. it's possible that you may still have something there if things worked fine before. could be in the registry, could be a file or 2 more, could be in the win.ini or the system.ini. hard to say without looking at it. i hope you did another antivirus scan.
|Posted on Friday, November 15, 2002 - 2:51 am: |
Cecil-No corrupt system files. May try a reinstallation, but Ive tried to do this before (ages ago) without sucess.
Win-Yes both worked before worm. One computer keeps getting reinfected, the other doesnt. No-one has been able to completely get rid of the worm from thaeir computer, just render it ineffective. Noone seems to know where it lurks, but in my case I cant shut it down. Scans cant find it untill it reactivates.
|Posted on Friday, November 15, 2002 - 7:07 am: |
You may already know the info below, but I thought it might be worth a try.
W32.Opaserv.Worm is a network-aware worm that attempts to replicate across open network shares. It copies itself to the remote computer as a file named Scrsvr.exe. This worm also attempts to download updates from www.opasoft.com, although the site may have already been shut down. Indicators of infection include:
* The existence of the files Scrsin.dat and Scrsout.dat in the root of drive C. This indicates a local infection (that is, the worm was executed on the local computer).
* The existence of the Tmp.ini file in the root of drive C. This indicates a remote infection (that is, the computer was infected by a remote host).
* The registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run contains the string value ScrSvr or ScrSvrOld, which is set to c:\tmp.ini.
|Posted on Monday, November 18, 2002 - 2:07 am: |
Cecil- thanks for the info.
Im fairly sure Ive got rid of the worm.
I have 2 hard drives on both computers, and found that scandisk and disk defrag works on the non boot drive perfectly Ok. Does this narrow down the problem? If only one of my computers was acting this way Id say my boot drive was on the way out, but both at exactly the same time!
|Posted on Monday, November 18, 2002 - 4:16 pm: |
I would go ahead and reinstall win98. If that doesn't solve the problem there's only one choice left and that's repartition and format the hard drive. Whenever I work on a computer that has a virus, I always start over. That way you know you have a clean system and in many cases it's faster than playing around and hopeing the virus is gone.