Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement



Process Name  : Brasil.exe

Process Path : %WINDOWS%\Brasil.exe [ C:\Windows\brasil.exe ]

Process type    : Network Worm

Malware Name : Worm/Opaserv

Alias             : Opaserv.E, WORM_OPASERV_E, W32.Opaserv.E.Worm

Threat level : Low

Process Details

                     Brasil.exe belongs to Opaserv.E. It is a modified variant of Opaserv worm, spreads using shared network drives.  Opaserv.E infects only the network shares and it will not spread using e-mail attachments. This worm is also known as Opaserv.E, W32.Opaserv.E.Worm, WORM_OPASERV.E.

                     When executed, it searches for Windows folder in the local system and network and copies to "Brasil.exe" and "Brasil.pif". It also creates scrin.dat and scrout.dat in the root drive of C. Incase of remote infection; it creates put.ini in the root drive of C. 

Opaserv modifies the registry entries to start automatically. The registry modification will be HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run= Barsil or BrasilOld. In case of remote infection, it modifies WIN.INI to load automatically on the next startup.

                     Right now four variants of Opaserv worm reported in the wild. Solo detects and removes all Opaserv variants without problem.

How can I protect my system?

                   Solo has incorporated brasil.exe in its signature file to protect users from this worm attack. Solo antivirus registered users are already protected from this worm. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this worm?

                   If you are already infected with this worm, download and install security patches from the link . Then run Solo anti-virus and choose Delete option to remove the worm components.

                   Opaserv is a network aware worm. If you are connected with network, you have to remove worm from all the machines connected with network at one stretch to avoid re-infection. Also password protect your C drive share or set the C drive share to read only access. Right click on the C drive in the Windows explorer and password protect your network share. Then edit your C:\Windows\win.ini file and remove the line run=c:\Windows\Brasil.exe,c:\Windows\Brasil.pif,c:\Windows\marco!.scr, c:\windows\scrsvr.exe,c:\windows\instit.bat.

                   Solo antivirus can detect and remove brasil.exe process safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VB, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link