Remove W32.Opaserv worm
It seems that even after running the fix for this virus it comes back. Below is a temporary work around until another fix is created.
  1. Disconnect from the Network if you are on one temporarily. If you are not on a Network continue with step 2.
    1. Right-click the Network Neighborhood icon on the Windows desktop.
    2. Click Properties.
    3. Click the Configuration tab.
    4. Click Client for Microsoft Networks.
    5. Click File and Print Sharing.
    6. Uncheck both boxes, and then click OK.
    7. Restart the computer for the changes to take effect.
  2. Download and run the fix provided by Symantec.
  3. Edit the line run= in the Win.ini file.
    1. Go to Start and Run.
    2. Type in msconfig and click OK.
    3. Select the Win.ini tab.
    4. Double click on Windows to expand it.
    5. You will see a line run=
      Click on run, to highlight and select edit.
    6. Remove the c:\tmp.ini after the =
  4. Check the following registry entries and delete any with ScrSvr %windir%\ScrSvr.exe or ScrSvrOld [original worm name]

    HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run

    HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Run-

    HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\RunOnce

    HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\RunOnce-

    HKEY_LOCAL_MACHINE\Software\Microsoft\ CurrentVersion\RunServices

    HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\RunServices-

    To Enter the registry click on Start and Run. Type regedit and click on OK.

  5. Delete the file C:\Windows\Scrsvr.exe
  6. After going thru the recommended procedures deleting scrsvr.exe, several people have created (using notepad) a junk file named scrsvr.txt, renamed it scrsvr.exe, inserted it into the C:\Windows folder. The above has worked for many however, some have had to perform these additional steps.
  7. Use a firewall to block port 139.
  8. Modify the sharing of the C: drives in all PC's for free read-only access but a four letter password protection for full access.
Note: Back up your current registry settings.
         Go to Start and Run. Type scanregw and click          on OK. It will ask if you want to backup again          today? Say yes.

Thanks to the many who helped provide the above information and in the links below.

References:

Send your questions, comments about this Web page to comments@mesich.com

Best Regards and Wishes,
Mesich and The Count