Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Firewall necessary for home computer?

Status
Not open for further replies.
olgaportland

olgaportland

Programmer
Feb 16, 2002
80
US
I had a virus, named scrsvr.exe, which changed the win.ini file. It was caught and removed by EZAntivirus (latest virus signature downloaded as of today) which says it is a worm, win32.opserv.d. Its name, scrsvr.exe, which appeared in the Windows folder, still appears, when booting, as an unaccessible file. I thought at first it (they) must be email attachments, but just now, while typing this online, after having cleaned the hard drive and not having accessed my email, another 3 worms have been found. Just being online seems to be enough. They also seem to reappear after rebooting even though they have been removed, so I don't know if they are "hiding" or being downloaded over and over. Some of the other names that have appeared in the last 24 hours are:
c:windows\brasil.pif
c:\windows\scrsvr.exe
win32.opservd
This is a home computer PIII 500 running Windows 98. The only sites I have visited today are here and my-etrust.com. Do I have to buy a firewall for a computer that is not always connected to the internet, in addition to my antivirus? Advice would be appreciated.
 
Sort by date Sort by votes
Thanks for replying. Yes I had thought of that and had made a direct cable connection with one of our old computers yesterday to get one of the old programs from it. I have downloaded the windows patch you refer to. Here is how it stands
I downloaded fixopaserv from:


They advised downloading and installing the Windows patch 273991usa8.exe from Microsoft first, which I did.


They also advised using chktrust.exe to verify the fixopserv.exe file, which I did.

After installing the patch 273991usa8.exe, then making sure file sharing was disabled, I ran the fixopserv.exe twice. The resulting message I get is "W32.Opaserv.Worm has not been found on your computer.

Yet I still get messages each time I boot, from EZ that file names Brasil or Scrsvr etc. followed by the actual worm names, win32.opaserv.a, win32.opaserv.d, win32.opaserv.f, and win32.opaserv.g are still in the win.ini and that these programs can't be accessed. The only response to this is to click "OK".

While I am working, EZAntivirus, using latest virus signatures, keeps poping up four times in a row with each of the four names and saying that these files have been found to be worms and not restored. After running a full scan with EZ, which tells me there are 0 viruses, I get the same messages upon restarting and then again the same four messages, while working.

I am no further ahead.
 
Upvote 0 Downvote
Do I have to buy a firewall for a computer that is not always connected to the internet, in addition to my antivirus? If your home computer is connecting via dial-up, then no. If your computer is connected via broadband, e.g., DSL, then yes. The reason is the latter is a constant connection, meaning your computer has a permanent IP address and may accessed via the internet. Dail-up lines change IP addresses everytime someone connects.

For the paranoid, you can get a firewall for dail-up, too. ;-) James P. Cottingham

When a man sits with a pretty girl for an hour, it seems like a minute. But let him sit on a hot stove for a minute and it's longer than any hour. That's relativity.
[tab][tab]Albert Einstein explaining his Theory of Relativity to a group of journalists.
 
Upvote 0 Downvote
Boot into safe mode and run your virus scan. I used AVG from on a friend's computer and it cleaned this virus.

I would use ZoneAlarm every time I was on the net, it doesn't matter how you connect, when you are on the net you are fair game. ZoneAlarm also detects anything trying to get out of your computer and gives you the oiption of allowing it or not.
 
Upvote 0 Downvote
For the paranoid! You don't have to that paranoid. I am amazed at the number of probes Zonealarm stops and I have a dynamic IP. Peter Meachem
peter @ accuflight.com

 
Upvote 0 Downvote
Thanks for the help. I have looked at ZoneAlarm and am trying to compare it to CA's EZArmour. As mentioned, I have EZAntiVirus - U$20 and U$10 per year, which seems to find the viruses, once they are on the hard drive, but not while they are downloading, for which I need to get Deskshield or its equivalent. EZArmour includes EZAntiVirus, EZDeskshield and EZFirewall at US$49 and US$20 per year. I find this kind of comparison a daunting task, with everyone claiming they have the ultimate solution. There are so many packages available, it's like comparing apples with oranges. I did get opaserv cleaned up, but don't want to have to worry about this sort of thing again.
 
Upvote 0 Downvote
Firstly, I don't believe that it is necessary to actually pay for basically any utility software you might need anymore, just search the web and you will find more free programs that do what you want than you could poke a stick at. Secondly I have had recently some of the worms you talked about and AVG cleaned them up, first time, with ease and that is a totally free program.

Good Luck.
 
Upvote 0 Downvote
Probes are ok, it's usually little kids doing trojan scans. I only really use anti-virus at home.

I guess it all comes down to "how important is your data?".
 
Upvote 0 Downvote
imho, as far as home machines go as long as u have a decent virus checker that runs regularly, it's just a question of knowing what your programs are doing and taking the time to find out what ports are open and close them if poss. running servering software on non-standard ports.


===============
Security Forums
 
Upvote 0 Downvote
Personally, I have a home computer that is Win 98 and a 56K dialup (extra slow speed since I live in BFE and they don't do high speed, nor update new phone lines since the 50's but that's another discussion altoghether :^) and I've got a firewall for my home computer. Frequently I see port attacks coming up in my warning messages. It just makes me feel better that I am protected from malicious use.
I've also heard the Tiny Personal Firewall is a good product but I've not used it myself.
Good luck with your firewall.
Karen
 
Upvote 0 Downvote
On the Opaserv topic....here is a good link.

they also say you have to be OFF any network and this below to get rid of it.
quote
"NOTE: There have been some reports of reinfection when using a dial-up connection. Although this has not yet been confirmed, just to be safe, you can unplug the phone line from your computer."

They can't confirm it, but I can. Watched it happen myself.


Once you reattach to your network, if any other systems are infected you can get it back.

It is a pain in the rump.....dealing with it now on someone's network.
Almost there thankfully...
Kimber

The more I learn,I realize how much more there is to know!
 
Upvote 0 Downvote
ROFLMAS!!!!

Symantec SAID THAT? They must be really pissed that they can't find the source to suggest that a PHONE LINE (which probably isn't dialed-up to an ISP) can be used by a virus to infect a PC?

Try another AV which does a sanity check after disinfecting a system, like McAfee or Kaspersky. Running a single pass check is not enough. AVChap
... my $1 worth of advise, 2cents isn't enough due to inflation
 
Upvote 0 Downvote
That is a direct quote...honest.
If you click the link in my previous post, it is under NOTE: after item 3. on the list.

Patched the systems with the Microsoft patch noted by SMAH's post earlier in this thread.
Ran the Symantec opaserv fix tool.
Finally I was able to get this out once and for all.....
I have manually had to remove the put.ini,instit.bat and gay.ini files from the hard disk, and edit win.ini to remove the references to the virus files. If you don't you get the boot errors that windows cant find the files. You get the scrsvr.exe, marco!.scr, brazil.pif errors.

This machine was also infected BY this worm with a spaces and a datom worm. Was a real mess.
The client was running the opaserv fix tool from symantec, after unsucessfully telling Norton to deal with it.Kept getting it back again.

Each time the user went back online with dial up, the system warned that the files had reappeared and were infected. The other two machines on the network were not infected. Interesting huh?

I finally manually deleted everything, scanned the entire network, checked the registry on all three machines, virus scanned with Norton 2002 rescue disks updated with the newest sig files, and then installed AVG free edition until they could get a newer anti virus program. They were using NAV2K.

Whew.....finally done....I need a vacation [3eyes] Kimber

The more I learn,I realize how much more there is to know!
 
Upvote 0 Downvote
Now installing a firewall...computer reinfected as soon as it was connected to the internet. Kimber

The more I learn,I realize how much more there is to know!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mike Lewis
  • Locked
  • Question
MsMpEng.EXE in MSE: necessary? desirable?
Replies
3
Views
248
Mike Lewis
Mike Lewis
DrB0b
  • Locked
  • Question
DKIM for Exchange 2019
Replies
1
Views
281
DrB0b
DrB0b
Olumighty
  • Locked
  • Question
BIOS PASSWORD WIPE OR CLEAR ON COMPUTER LAPTOP 1
Replies
1
Views
178
SamBones
SamBones
Henry Pence
  • Locked
  • Question
Is Norton Antivirus Necessary?
Replies
2
Views
207
Henry Pence
Henry Pence
Shimmy613
  • Locked
  • Question
Avira Free: "Your computer is not secure! A Service is not working correctly"
Replies
14
Views
482
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top