|
Posted by =?Utf-8?B?Skc=?= on October 31, 2006, 3:49 pm
If you were Registered and logged in, you could reply and use other advanced thread options
PC is very sluggish and receives virtual memory errors. Upon Symantec AV
scan W32.Stration.DB@mm virus is found. Followed Symantec instructions
(http://www.symantec.com/security_response/writeup.jsp?docid=2006-102013-1415-99):
disabled system restore, updated virus definitions, ran a full system scan in
safe mode and then seached for values in the registry to delete. Wasn't able
to find any of the values in the registry. It seems the virus is still
present because numerous messages continue to pop up about emails going out.
Any ideas would be appreciated. Thanks.
Win XP SP2
SAV 10.1.0.394
--
JG
|
|
Posted by David H. Lipman on October 31, 2006, 4:58 pm
If you were Registered and logged in, you could reply and use other advanced thread options
| PC is very sluggish and receives virtual memory errors. Upon Symantec AV
| scan W32.Stration.DB@mm virus is found. Followed Symantec instructions
|
(http://www.symantec.com/security_response/writeup.jsp?docid=2006-102013-1415-99):
| disabled system restore, updated virus definitions, ran a full system scan in
| safe mode and then seached for values in the registry to delete. Wasn't able
| to find any of the values in the registry. It seems the virus is still
| present because numerous messages continue to pop up about emails going out.
| Any ideas would be appreciated. Thanks.
|
| Win XP SP2
| SAV 10.1.0.394
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.
You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file. http://www.ik-cs.com/multi-av.htm
Additional Instructions:
http://pcdid.com/Multi_AV.htm
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by =?Utf-8?B?UGFuZGFfbWFu?= on October 31, 2006, 5:01 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> PC is very sluggish and receives virtual memory errors. Upon Symantec AV
> scan W32.Stration.DB@mm virus is found. Followed Symantec instructions
>
(http://www.symantec.com/security_response/writeup.jsp?docid=2006-102013-1415-99):
> disabled system restore, updated virus definitions, ran a full system scan in
> safe mode and then seached for values in the registry to delete. Wasn't able
> to find any of the values in the registry. It seems the virus is still
> present because numerous messages continue to pop up about emails going out.
> Any ideas would be appreciated. Thanks.
>
> Win XP SP2
> SAV 10.1.0.394
> --
> JG
Hello JG !
Stration is mass-mailing worm "travelling" around the world with its many
variants . Again Symantec is not the top company to detect all or at least
most Strations
Kaspersky (thanks to hourly update) and NOD32 (thanks to heuristics and
signatures) are the top to detect Stration/Warezov .
The sollution I offer is the following (you may also want to print it or
save it somewhere) :
Download Avanger from http://swandog46.geekstogo.com/avenger.zip
Exctact this ZIP file into new folder
Download this file then
http://eset.bg/forum/postsimages/stration.txt
Start Avenger . Choose "Load script from file" . Choose the file stration.txt
Click on the button with the lights and choose restart when prompt
After restart , Startion files should be gone - all known files and most of
the registries fixed/removed
After restart Avenger tool will generate a report in its folder . In most
times it will report all files successfully eliminated .
Download the trial version of NOD32 for DOS
http://u4.eset.com/eval/msdos/noddosen.exe
Run the exe and it will auto-extract into a new fodler called DOS32
Make sure you goto "Setup" tab and check with the mouse all possibilities
such as Run-time packers and heuristics . Save the configuration and Exit it
Boot in Safe Mode (how here http://support.microsoft.com/kb/315222) and open
NOD32 for DOS and run full scan of all hard drives
Reboot in Normal Mode . You should now be clean ! :-)
Tell us how you go after that . Remember to strictly follow all suggestions .
Regards!
--
Panda_man
Silver level Contributor
|
|
Posted by =?Utf-8?B?RW5nZWw=?= on November 2, 2006, 1:04 am
If you were Registered and logged in, you could reply and use other advanced thread options
This is what I get today:
+++++++++++++++++++++++++
VIRUS BLOCKER ALERT
+++++++++++++++++++++++++
This email included an attachment which was identified
as containing a virus known as 1. document.elm.pif: W32.Stration.DL@mm
For your protection, the attachment was cleaned or removed.
+++++++++++++++++++++++++
Powered by Symantec
+++++++++++++++++++++++++
------------ Original message text follows ------------
The message cannot be represented in 7-bit ASCII encoding
and has been sent as a binary attachment.
---------------------------------------------------------------------
That is an another variant, this time Symatec work good for mi.
I keep my anti-virus Norton 2003 up to day. And screen all my e-mail coming
in, the mail going out, ussually the ISP scanners take care off.
So, check your settings for your e-mail, and keep your anti-virus update.
Good luck
--
"JG" wrote:
> PC is very sluggish and receives virtual memory errors. Upon Symantec AV
> scan W32.Stration.DB@mm virus is found. Followed Symantec instructions
>
(http://www.symantec.com/security_response/writeup.jsp?docid=2006-102013-1415-99):
> disabled system restore, updated virus definitions, ran a full system scan in
> safe mode and then seached for values in the registry to delete. Wasn't able
> to find any of the values in the registry. It seems the virus is still
> present because numerous messages continue to pop up about emails going out.
> Any ideas would be appreciated. Thanks.
>
> Win XP SP2
> SAV 10.1.0.394
> --
> JG
|
|
Posted by =?Utf-8?B?Skc=?= on January 3, 2007, 5:34 pm
If you were Registered and logged in, you could reply and use other advanced thread options
able to clean the original system with this issue, plus a second system where
this came up in our network. Thank you.
|
| Similar Threads | Posted | | Clean Clean DocumentEmail MicrosoftInternetExplorer4 | January 26, 2006, 11:27 am |
| Trojan:Win32/Stration.dr | August 31, 2007, 5:46 am |
| w32:Banker.adz Canīt clean it! | March 4, 2006, 8:08 pm |
| REGISTRY CLEAN POP UPS | February 5, 2007, 12:29 pm |
| Re: Is there a tools to clean Trojan-psw ? | May 25, 2007, 2:13 pm |
| RE: Is there a tools to clean Trojan-psw ? | June 23, 2007, 2:51 am |
| How to clean an infected computer? | October 30, 2007, 2:27 am |
| Virus Persists After Clean-Install | October 23, 2006, 6:01 pm |
| Re: Server Infected by virus and unable to clean | May 31, 2007, 2:04 am |
| dmserver.dll has a virus, how to install clean version. | September 29, 2008, 5:46 pm |
|
XML site map