On Sat, 26 Oct 2002, Joe wrote: > > > Anyone noticing an increase in the amount of port 137 scans? > I've seen just just over 100 in the last 1 hour. When I probe the > offender I see them as MS items with their Harddrives shared wide open. > Only thing in common is they all appear to have some file called put.ini > in their root directory with a line that looks to be from a win.ini and > states brasil.pif or exe. Maybe some new virus? >
It looks like the W32/Opaserv-C virus: http://www.sophos.com/virusinfo/analyses/w32opaservc.html -- Allan Liska [EMAIL PROTECTED] htt://www.allan.org
