Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I-worm/stration.gve


  • Please log in to reply
8 replies to this topic

#1 roquesantacruz

roquesantacruz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 21 April 2008 - 06:39 PM

Hi all,

I am having a problem relation to the Stration worm and would appreciate any help.

I have recently purchased a new computer (couple of months old) and have been using it without issue (except normal vista ones!!) til now.

Today I tried to play Test Drive Unlimited (which I have played previously with no problems) and i got a warning from AVG antivirus of I-worm/stration.gve in the file E:\Autorun.exe which i find somewhat confusing. I used the heal function of AVG but after restarting the worm was still present.

I couldn't find any information on stration.gve on the internet, but did use the vcleaner tool from avg. ( in safe mode having cleared the recycle bin and deactivating system restore) However the worm was still present after rebooting.

I tried it once more and still the worm was there after rebooting.

I would be very thankful for any help.

Cheers,

Roque


EDIT: sorry forgot to mention I am using Vista Home premium

EDIT2: sorry meant to post in infections forum - could a mod please move this to the appropriate page? Sorry!

Edited by roquesantacruz, 21 April 2008 - 06:46 PM.


BC AdBot (Login to Remove)

 


#2 Juha

Juha

  • Members
  • 512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:03:56 PM

Posted 21 April 2008 - 09:51 PM

This link from AVG looks like it's got information on the worm: http://www.grisoft.com/ww.virbase.idv-288751

Since you've used the suggested utility on the page without success, try removing the worm manually:

->> try uninstalling from 'Add/Remove Programs' utility if present

->> search in 'All File and Folders' and delete all instances of 'Worm.Stration'. Go to Start > Search > All Files or Folders. In the "All or part of the the file name" section, type in "Worm.Stration". Select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.

And then try this online virus scanner (Kaspersky) to check for presence of the infection or others (which could be missed by AVG): http://www.kaspersky.com/virusscanner

Hope that helps in the meantime.

#3 roquesantacruz

roquesantacruz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 22 April 2008 - 07:06 AM

Cheers Juha,

Tried the Add/Remove programs route but nothing there, also nothing found in the search function of windows. However this is Vista search and seems a bit naff to me. I tried searching 'Everywhere' for 'worm', 'stration' and 'worm.stration' all to no avail.

I tried the online kaspersky virus checker but it found nothing.

Any other tips?

#4 Juha

Juha

  • Members
  • 512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:03:56 PM

Posted 22 April 2008 - 07:25 AM

Sorry, I forgot that we were dealing with Vista...

Is AVG still alerting you of the presence of the virus?

You can also try two more Online virus scanners to increase detection:
BitDefender Online Scanner
Trend Micro HouseCall

Also try fully updating your AVG anti-virus and then scan in Safe Mode.

If nothing is detected after this, then you're probably not infected...


Regards,
Juha

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:56 AM

Posted 22 April 2008 - 09:33 AM

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
Please download Sysclean Package & save it to your desktop.
  • Create a new folder on drive "C:\" and rename it Sysclean - (C:\Sysclean).
  • Place the sysclean.com inside that folder.
  • Then download the latest Virus Pattern Files - (Pattern files are usually named lptxxx.zip, where xxx is the pattern file number)
  • Extract (unzip) the lptxxx.zip pattern file into the Sysclean folder where you put sysclean.com. (Click here for information on how to extract a file if your not sure how to do this. DO NOT scan yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with Sysclean as follows:
  • Open the Sysclean folder and double-click on sysclean.com to start the scanning process.
  • Put a check mark on the "Automatically clean or delete infected files" option by clicking in the checkbox.
  • Click the Advanced >> button.
  • The scan options appear. Select the "Scan all local fixed drives".
  • Click the "Scan button" on the Trend Micro System Cleaner console.
  • It will take some time to complete. Be patient and let it clean whatever it finds.
  • Another MS-DOS window appears containing the log file (sysclean.log) generated in the same folder where the scan is completed - C:\Sysclean.
  • To view the log, click the "View button" on the Trend Micro System Cleaner console. The Trend Micro Sysclean Package - Log window appears.
    • The Files Detected section shows the viruses that were detected by System Cleaner.
    • The Files Clean section shows the viruses that were cleaned.
    • The Clean Fail section shows the viruses that were not cleaned.
  • Exit when done, reboot normally and re-enable your anti-virus program.
Instructions with screenshots are here if you need them.

When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have access rights to scan some locations. You can also Use the "Run As" Command to Start a Program as an Administrator. Even when doing that, the scanning process may result in "Access Denied" messages for some files. This is normal because these files are protected by the system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 roquesantacruz

roquesantacruz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 22 April 2008 - 10:45 AM

Hi Juha, AVG is still detecting the I-Worm/Stration.GVE

I tried both the BitDefender and Trend Micro online scans and found nothing besides cookies.

I am now trying the AVG in safe mode scan. It is still going but what is curious is that its saying "Boot sector of disk - Reading error" Anyone know what this means?

Hi quietman7 will try your tips after. Cheers for the help. Much appreciated.

EDIT: quick question the sysclean page doesn't say its compatible with Vista. Is this just an oversight on their behalf?

Edited by roquesantacruz, 22 April 2008 - 10:47 AM.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:56 AM

Posted 22 April 2008 - 11:05 AM

Forgot to mention that AVG claims the vcleaner tool will remove all files related to this infection. You may want to try that first in safe mode, then do a comprehensive scan with with Sysclean.

Using the Trend Micro System Cleaner

Operating System: Windows Vista, Windows XP - SP2, Windows 2000 Professional Edition - SP4
Published: 3/26/08


Edited by quietman7, 22 April 2008 - 11:07 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 EL5

EL5

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 22 April 2008 - 12:54 PM

Forgot to mention that AVG claims the vcleaner tool will remove all files related to this infection. You may want to try that first in safe mode, then do a comprehensive scan with with Sysclean.

Using the Trend Micro System Cleaner

Operating System: Windows Vista, Windows XP - SP2, Windows 2000 Professional Edition - SP4
Published: 3/26/08


Hi quietman7,

I am also having the same problem as Roque.

Strangely, it seem that the detection of this file which AVG highlights is not on the Hard disk. Instead it is pointing towards the CDROM drive of mine.

Meaning, AVG detected the virus on the autorun file which is located on my CDROM Drive. This is kinda confusing and weird.

Vcleaner doesn't scan CDROM drives, and i wonder how can a CDRom drive be infected with such a file as it isn't suppose to be further written on.

I wonder what exactly is the problem, is it a false alarm by AVG or is it really during the production of Atari games was the virus included.

Rgds
EL5

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:56 AM

Posted 22 April 2008 - 01:18 PM

Welcome to BC EL5

If you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members in the same thread with different problems. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users