New viruses threaten PC users' Xmas cheer

James Pearce, ZDNet Australia

24 December 2002 09:40 AM

Tags: opaserv, yaha, opaserv.l, yaha.m, worm, virus, worms, panda

Virus protection company Panda Software has reported a new Opaserv virus which attempts to trick the victim into believing their computer has been shut down by the Business Software Alliance.

The worm, Opaserv.L, installs itself into the Windows directory under the name mqbkup.exe. If the date is December 24 or later Opaserv.L creates several more files and then restarts the machine, displaying the following message in an MS-DOS window:

"NOTICE:
Illegal Microsoft Windows license detected!
You are in violation of the Digital Millennium Copyright Act
Your unauthorized license has been revoked
For more information, please call us at:
NOPIRACY
If you are outside the USA, please look up the correct contact information on our website, at:
www.bsa.org
Business Software Alliance
Promoting a safe & legal online world"

Finally, Opaserv.L deletes the content of the computer's CMOS and hard disk. Panda has not had any reports of the virus in the wild, so users who update their antivirus programs should be protected.

MessageLabs have also detected a new variant of the Yaha worm that is active in the Middle East and Australia. Yaha.M contains its own e-mail program, and may launch a denial of service attack against infopak.gov.pk.

Yaha.M forges its envelope-from and header-from addresses, and uses a variety of subjects, attachment names and content to attempt to fool the user to run the program.

Talkback (8)
Print
E-mail
Share
- del.icio.us
- Digg
- Reddit
- Slashdot
- StumbleUpon

Talkback 8 comments

Add your opinion

don't understand how to recognize a virus. Don't understan how to find one. am PC beginner....HELP!!!!Anonymous -- 24/12/02

don't understand how to recognize a virus.
Don't understan how to find one. am PC beginner....HELP!!!!

a new Opaserv virus http://www.zdnet.com.au/newstech/security/story/0,2000024985,20270853,00.htm Please help!!! My computer already got infected with the BSA message everytime I boot the machine. All anti-Virus software compaPaul -- 30/12/02

a new Opaserv virus

http://www.zdnet.com.au/newstech/security/story/0,2000024985,20270853,00.htm

Please help!!!

My computer already got infected with the BSA message everytime I boot the machine. All anti-Virus software companies only tell us how to "protect" from the virus. Now I already got it in my computer. Could anyone help me with it?

Thanks,
Paul
year2000@lycos.com

I dunno if it's relevant, but janjan515@shaw.ca is repeatedly trying to send this worm to me via Hotmail. The subject of the e-mails were mainly about friendship or love. The e-mail size is approx. 46-47 kb. McAfee Virus Scan on Hotmail didn't detect the Joe Cool -- 01/01/03

I dunno if it's relevant, but janjan515@shaw.ca is repeatedly trying to send this worm to me via Hotmail. The subject of the e-mails were mainly about friendship or love. The e-mail size is approx. 46-47 kb. McAfee Virus Scan on Hotmail didn't detect the .scr(screensaver) or .exe(program) files as a virus. Once you download the file the worm will start to work. It stopped all my virus scan programs and made several programs stop functioning. Though i'm not sure downloading the virus will infect your system immediately because I installed the love.scr. Then the problems started... Hope this helps...Happy New Year!!^_^

my computer is infected with the W32/Yaha.k worm i deleted it but now my computer seems screwed when i start up there are about 12 popups saying they cannot find "blahblah.exe" and when i try to access programs through the staAnonymous -- 03/01/03

my computer is infected with the W32/Yaha.k worm
i deleted it but now my computer seems screwed
when i start up there are about 12 popups
saying they cannot find "blahblah.exe" and when i try to access programs through the start then programs menu it says they cannot find the file but when i go to search for the files and type in the name the files are there
this is true for every one of my files now
what happened?????????????????????

I've been hit with the BSA worm and it delivered the payload. Does anyone know if recovery is possible?Bob -- 10/01/03

I've been hit with the BSA worm and it delivered the payload. Does anyone know if recovery is possible?

I have the virus Xmas Cheer On my Pc and now I can not get it of my harddrive.I have tride to format,fdisk and even low level format but still the pc boots into the "NOTICE" ILLEGAL MICROSOFT WINDOWS LICENSE DETECTED " every time How do I rAndries Smit -- 28/01/03

I have the virus Xmas Cheer On my Pc and now I can not get it of my harddrive.I have tride to format,fdisk and even low level format but still the pc boots into the "NOTICE" ILLEGAL MICROSOFT WINDOWS LICENSE DETECTED " every time How do I repair it? Please help me Thank You

There is all this fuss and fear over these virus's but there actually a very simple and highly understated way to make your computer and all your files completely immune. And no its not an anti-virus app. Sure they help but you want to be immune in the fiAnonymous -- 07/02/03

There is all this fuss and fear over these virus's but there actually a very simple and highly understated way to make your computer and all your files completely immune. And no its not an anti-virus app. Sure they help but you want to be immune in the first place. I sat down with a group of really cleaver technology experts to come up with a way of avoiding these evill viruses and to keep our files safe. And we did find a way: buy a mac.

I hope appearences are not what they seem,if so,Troj. 32 mb blah blah,windows killer,found its home in my computer at least 1 and a half years ago.Anonymous -- 01/02/04

I hope appearences are not what they seem,if so,Troj. 32 mb blah blah,windows killer,found its home in my computer at least 1 and a half years ago.

Add your opinion

Latest Videos

Play now

Snow Leopard in the wild
It's a hands-on preview of Snow Leopard with a few goodies Apple hasn't shown off; iPhone 3GS' are now availab… Watch it now
Play now

Guy Kawasaki: What makes innovation?
At Cisco Live in San Francisco, Silicon Valley entreprenuer Guy Kawasaki, author of Reality Check, talks about… Watch it now
Play now

How the iPhone 3GS is faring
With earnings season looming, ZDNet correspondent Sumi Das and senior editor Sam Diaz look ahead at July and d… Watch it now
More videos »

Blogs

PayPal launches Aussie developer program
PayPal announced the opening of its certification program for Australian developers today, making Australia the first country outside of the US to offer certification.
Cash cow in a BigTinCan?
Around one third of Australia's telcos have shut their doors over time, but that isn't stopping new ventures hoping to chip away at carriers' mobile call bonanza. By fighting carriers at the smartphone rather than the home phone, could the latest two contenders be onto something big?
A third of the way to a zettabyte
This week on Twisted Wire we look at how internet usage is changing in Australia and around the world. How are we meeting this demand and how is the cost structure changing for the service provider?
More blogs »

Reader Services

Essentials

iPhone Centre
We bring you everything you need to know about Apple's latest iPhone including the latest news, photos and videos.
The Best Firewall is...
Read about unifited threat management under the microscope.
Audience Profile Survey
Take part in our Audience Profile survey for your chance to win $500!
Top 10 Laptops
Check out the latest and most popular products in laptops.
Broadband Plan Finder
Not sure which broadband plan to choose? Try our Broadband Plan Finder.
Mobile Phone Plan Finder
Pick the best mobile phone plan deal with our Mobile Phone Plan Finder.

New viruses threaten PC users' Xmas cheer

James Pearce, ZDNet Australia

24 December 2002 09:40 AM

Tags: opaserv, yaha, opaserv.l, yaha.m, worm, virus, worms, panda

Talkback 8 comments

don't understand how to recognize a virus. Don't understan how to find one. am PC beginner....HELP!!!!Anonymous -- 24/12/02

a new Opaserv virus http://www.zdnet.com.au/newstech/security/story/0,2000024985,20270853,00.htm Please help!!! My computer already got infected with the BSA message everytime I boot the machine. All anti-Virus software compaPaul -- 30/12/02

I dunno if it's relevant, but janjan515@shaw.ca is repeatedly trying to send this worm to me via Hotmail. The subject of the e-mails were mainly about friendship or love. The e-mail size is approx. 46-47 kb. McAfee Virus Scan on Hotmail didn't detect the Joe Cool -- 01/01/03

my computer is infected with the W32/Yaha.k worm i deleted it but now my computer seems screwed when i start up there are about 12 popups saying they cannot find "blahblah.exe" and when i try to access programs through the staAnonymous -- 03/01/03

I've been hit with the BSA worm and it delivered the payload. Does anyone know if recovery is possible?Bob -- 10/01/03

I have the virus Xmas Cheer On my Pc and now I can not get it of my harddrive.I have tride to format,fdisk and even low level format but still the pc boots into the "NOTICE" ILLEGAL MICROSOFT WINDOWS LICENSE DETECTED " every time How do I rAndries Smit -- 28/01/03

There is all this fuss and fear over these virus's but there actually a very simple and highly understated way to make your computer and all your files completely immune. And no its not an anti-virus app. Sure they help but you want to be immune in the fiAnonymous -- 07/02/03

I hope appearences are not what they seem,if so,Troj. 32 mb blah blah,windows killer,found its home in my computer at least 1 and a half years ago.Anonymous -- 01/02/04

Just In

Most Popular

Most Discussed

Latest Videos

Blogs

Tags

Reader Services

Popular Topics

Essentials

Sponsored Links

Featured

Services

Around the Network

Around ZDNet Australia

News > Security

New viruses threaten PC users' Xmas cheer

James Pearce, ZDNet Australia

24 December 2002 09:40 AM

Tags: opaserv, yaha, opaserv.l, yaha.m, worm, virus, worms, panda

Related stories

Alerts

Talkback 8 comments

don't understand how to recognize a virus. Don't understan how to find one. am PC beginner....HELP!!!!Anonymous -- 24/12/02

a new Opaserv virus http://www.zdnet.com.au/newstech/security/story/0,2000024985,20270853,00.htm Please help!!! My computer already got infected with the BSA message everytime I boot the machine. All anti-Virus software compaPaul -- 30/12/02

I dunno if it's relevant, but janjan515@shaw.ca is repeatedly trying to send this worm to me via Hotmail. The subject of the e-mails were mainly about friendship or love. The e-mail size is approx. 46-47 kb. McAfee Virus Scan on Hotmail didn't detect the Joe Cool -- 01/01/03

my computer is infected with the W32/Yaha.k worm i deleted it but now my computer seems screwed when i start up there are about 12 popups saying they cannot find "blahblah.exe" and when i try to access programs through the staAnonymous -- 03/01/03

I've been hit with the BSA worm and it delivered the payload. Does anyone know if recovery is possible?Bob -- 10/01/03

I have the virus Xmas Cheer On my Pc and now I can not get it of my harddrive.I have tride to format,fdisk and even low level format but still the pc boots into the "NOTICE" ILLEGAL MICROSOFT WINDOWS LICENSE DETECTED " every time How do I rAndries Smit -- 28/01/03

There is all this fuss and fear over these virus's but there actually a very simple and highly understated way to make your computer and all your files completely immune. And no its not an anti-virus app. Sure they help but you want to be immune in the fiAnonymous -- 07/02/03

I hope appearences are not what they seem,if so,Troj. 32 mb blah blah,windows killer,found its home in my computer at least 1 and a half years ago.Anonymous -- 01/02/04

Just In

Most Popular

Most Discussed

Latest Videos

Blogs

Tags

Reader Services

Popular Topics

Essentials

Sponsored Links

Featured

Services

Around the Network

Around ZDNet Australia