Opaserv infected & am at a loss

[makoti]

First, I must apologize for even being here but I am desperate.
I managed to set up a small, two computer network and after all of 1 day, got this virus. I ran Norton virus scans and found 655 infected files. Repaired all but 18 & moved the rest to quarentine (which I now cannot get to because of scripting errors in Norton). The Opaserv repair file from Symantec ran, but all the problems persist. The list of problems right now is long, but at start-up "RunOnce", "Spool32" and "Rundll32" all give error messages.
I tried restoring an old backup file of the registry & everything else, but that did little. I managed to get to safe mode & deleted the "Run" commands so it stopped looking for Marco!.exe & others.
I can't get to the following: Regedit, msconfig, or anything else off the RUN command (did get to sysedit out of safe mode). The control Panel gives me a "Ddhelp" error, but will come up (sometimes). Can't dial up the internet.
Is there any saving this? Is there anything *I* can do? Can I D/L a copy of "Rundll32" from somewhere & put it where it needs to go?
Again - I am no tech expert & can't repay the help except with thanks, but I would be ever so grateful for any help you can muster.
The details: Win98se, PIII500, 512ram
Thank you.

 

[BuckeyeComputers]

Apparantly you have something besides opaserv... go to your windows directory and rename regedit.exe to regedit.com... open regedit and browse to
HKEY_classes_root\exefile\shell\open\command
highlight command and in the right pane default value should be "%1" %*
also check your system.ini file for
shell=explorer.exe
nothing should be after explorer
also make sure that both systems are removed from the network, remove any c: shares and run full virus scan from safemode

 

[support66]

The simple rules
When you know what is the name of the virus.

0. Do not panic
1. Go to web site of the software maker of your product
2. Search for details about the virus
3. Read understand and Follow the removal instructions step by step.
4. Be patient
5. If disinfection tools does not work reliable look for other companies removal tools

 

[makoti]

Thank you both for the help. I'll be away from the infected computer for a few days, but will try this when I return.
BuckeyeComputers, I think you are right that there is more going on. I ran Norton for about the 5th time & it started to turn up W95.Space.1445 (I think that's right) in quite a few files. I run a full scan every two weeks, so I am not sure where they came from. Guess I need it more often.
Not to be daft, but when you say nothing should follow explorer, do you mean that that should be the last entry in the file? And the Regedit file was missing, my guess is renamed & I just don't know what yet. Regedit.com was already there. I copied a Regedit.exe from another computer, put it in but no luck getting it to open. Should I still rename that .exe file & replace the .com file that is there? Tehn what do I do for the .exe it keeps looking for? I did the same for DDhelp, RunOnce, and Rundll32.exe with success (replaced them with copies, I mean).
Support66, good advice. I failed rule 0 badly. ;-) This is the first time I've seen an infected computer act up and it was quite alarming!

 

[support66]

Well if you have internet why do not try the online full scan virus that some companies offer for free?
Go to this link and choose all three of them :

http://www.virusinfo.bz/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=11;t=000010

As for rule 0 you are not the first neither the last that had failed to follow the rule.

 

[KimberTech]

If you do find that you have Opaserv as well, and you are having trouble either removing it, or keeping it out (it likes to reinfect nicely) please post here and I can offer some hands on experience.

I am in the process of writing an FAQ on the topic due to a clients infection and the ensuing mayhem, not to mention helping another member here in the forums with a similar problem.

The online antivirus is an excellent suggestion. There are several you can try, as you may have trouble with any one or another.

Trend Micro: Housecall

http://housecall.antivirus.com/housecall/start_corp.asp

McAfee

http://www.mcafee.com/myapps/mfs/scan.asp

and PandaActiveScan

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Good Luck to you. It sounds like you have your hands full. Kimber

The more I learn,I realize how much more there is to know!

 

[makoti]

Thanks for the sites.
The infected computer is not on-line at the moment. The virus has messed with my internet connection so I can't run any of the site-based ones right now (I did go ahead & check this computer though). The ones I can d/l & move to it I'll try soon.
KimberTech, it was actually the thread about your reocurring troubles with the virus that led me here. Did a Google search & up it came. Sounds like you've had a long fight with it. I'm hoping that since I am working on one computer (I don't think the laptop it was hooked up with got infected), my road will be easier.
Thanks for the offer of help. I'll let you all know how it goes.

 

[BuckeyeComputers]

if regedit.com was there then someone has already renamed it... you should be able to use it to open the registry...as far as the other exe files i dont think there is a problem with them just a registry setting that is keeping them from running as i showed in above message. and in the system.ini file the line should read:
shell=explorer.exe
if there is any thing more added to that line then it is more than likely a viral infection. ex:
shell=explorer.exe winserv.exe
remove the last part winserv.exe