activeds.exe - Dangerous
activeds.exe
Manual removal instructions:
Antivirus Report of activeds.exe:
activeds.exe
WORM_OPASERV.T
This memory-resident worm a member of the OPASERV family of worms, spreads via shared network drives.
Its destructive payloads are executed when the system date is between December 24 to 31 or when the year is greater than 2002.
This worm deletes files, overwrites the boot sector and destroys the CMOS.
It also modifies the registry and the configuration file, WIN.INI, so that it automatically executes every Windows startup.
It uses a known exploit that enables malicious users to access shared drives, as discussed in a security bulletin from Microsoft.
Removing autostart entries from the registry prevents the malware from executing during startup:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Run
IASHLPR="%Windows%\IASHLPR.EXE"
FONTVIEW="%Windows%\FONTVIEW.EXE"
MPREXE="%Windows%\MPREXE.EXE"
Scr="%System\scr.scr"
BIOS1="%Windows%\BIOS1.EXE"
HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run,
Winsrv=%Windows%\winsrv.exe
CLICONFG="%Windows%\CLICONFG.EXE"
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>RunServices
LoadManager="%Windows%\msload.exe"
ACTIVEDS="%Windows%\ACTIVEDS.EXE"
Use RegRun to automatically remove these registry items.
| activeds.exe | Malware |
| activeds.exe | Dangerous |
| activeds.exe | High Risk |
This memory-resident worm a member of the OPASERV family of worms, spreads via shared network drives.
Its destructive payloads are executed when the system date is between December 24 to 31 or when the year is greater than 2002.
This worm deletes files, overwrites the boot sector and destroys the CMOS.
It also modifies the registry and the configuration file, WIN.INI, so that it automatically executes every Windows startup.
It uses a known exploit that enables malicious users to access shared drives, as discussed in a security bulletin from Microsoft.
Removing autostart entries from the registry prevents the malware from executing during startup:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Run
IASHLPR="%Windows%\IASHLPR.EXE"
FONTVIEW="%Windows%\FONTVIEW.EXE"
MPREXE="%Windows%\MPREXE.EXE"
Scr="%System\scr.scr"
BIOS1="%Windows%\BIOS1.EXE"
HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run,
Winsrv=%Windows%\winsrv.exe
CLICONFG="%Windows%\CLICONFG.EXE"
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>RunServices
LoadManager="%Windows%\msload.exe"
ACTIVEDS="%Windows%\ACTIVEDS.EXE"
Use RegRun to automatically remove these registry items.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.