General discussion

Locked

how to remove w32.stration@mm

By it ·
can you please tell me how to remove this virus coz am not able to get rid of it

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Trend Micro solution

by netwrk_admn In reply to how to remove w32.stratio ...

Trend Micro documents this virus fairly well.

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FSTRATION%2EWO&VSect=Sn

This virus got into our network and we only have AV for the gateway, not directly scanning our exchange store so I can't tell you how to remove the message other than using AV. Do not scan your exchange store with regular anti virus tho.

Collapse -

Here is Symantec answer to your question

by HAL 9000 Moderator In reply to how to remove w32.stratio ...

http://tinyurl.com/uhj77

It basically says this

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

Update the virus definitions.
Run a full system scan.
Submit the files to Symantec Security Response.

For specific details on each of these steps, read the following instructions.

1. To update the virus definitions
A generic detection can often occur if the antivirus program discovers a threat, but does not have the latest definitions. In these cases, you should download the latest definitions, then run the scan again.

The Intelligent Updater virus definitions are posted daily. You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the document: Virus Definitions (Intelligent Updater). The latest Intelligent Updater virus definitions can be obtained here: Intelligent Updater virus definitions. For detailed instructions read the document: How to update virus definition files using the Intelligent Updater.

2. To scan for the infected files
Start your Symantec antivirus program and make sure that it is configured to scan all the files.
For Norton AntiVirus consumer products: Read the document: How to configure Norton AntiVirus to scan all files.
For Symantec AntiVirus Enterprise products: Read the document: How to verify that a Symantec Corporate antivirus product is set to scan all files.
Run a full system scan.
If the files previously detected as generic are now detected as another threat, please read the threats writeup for removal instructions.
If the files are still detected as this generic threat, continue with the next step.

3. To submit the files to Symantec Security Response
Symantec Security Response suggests that you submit any files that are detected as generic to Symantec Security Response. For instructions on how to do this, read the following documents:

Norton AntiVirus: How to submit a file to Symantec Security Response using Scan and Deliver
Symantec AntiVirus Corporate Edition and Norton AntiVirus Corporate Edition: How to submit a file to Symantec Security Response using Scan and Deliver

Depending on your AV product the directions will vary quite a lot but there is one standard response that very few tell you to do and that is to run the Scans in Safe Mode as you are far more likely to get rid of the infections when they are not loaded & running along with other Critical Windows Applications.

Col

Collapse -

What is "Safe Mode"/ downloader beware

by jopaul101 In reply to Here is Symantec answer t ...

tinyurl brings out a good point about "safe mode". Most antivirus programs and even Window programs will have preferences to safe mode applications. My main business concerns are sales and service of a small trades business.
A small amount of my time is spent at my ill-equipped pc. My DSL provider runs their antivirus, pop-up, etc., etc. as a free-bee.
There safe mode did well until I decided to download anything on to my pc. I happened along a Quicktime download-up of
codec, along with this download came what appeared to be a virus and a pop-up with the virus advertising 4 programs to over come the infection. Three days later, after running anti-this and that's that I have successfully used in the past, I could not get rid of the problem, a continuous pop-up ad of me being infected and had the only alternative of buying one of the advertised anti-programs or try a clean boot. Well it seemed easier to buy one of the programs. I chose Winanitvirus 2006. I don't known if these antivirus software suppliers were behind the adware or just went along for the ride. Maybe some of you techpeople know or have your own opinions about situations like these. How creative to create your own infestation that only you can get rid of.
No matter what "Safe Mode" you are in, once you bring anything into your pc there is no real safe mode. My moral is downloader "beware". Even a reputable out fit like Apple can lead you astray. After another two day's of running my newWin of constant up-dates the adware was still there.
One of its' targets was my email, it wouldn't let me stay on the net to get any thing out.
When once I got some email out reporting the problem to anyone I could, some unfimiliar
email advised me of the report right on the ad page that took me to the problem. A program that Quicktime/codec had installed in my computer. All I had to do was to go to my ad/remove and remove the program disguised under what look to be normal Quicktime program.

Collapse -

Well for your information

by HAL 9000 Moderator In reply to What is "Safe Mode"/ down ...

Never Enable Safe Mode with Networking It's dangerous and potentially lethal to the system. I did say to boot to Safe Mode not Safe Mode with Networking because the AV products are not running correctly in this mode nor are most of the Windows Programs or for that matter even Windows Itself.

Safe Mode should only be used for performing scans to clean up the system. If you need to download something reboot the system into normal mode and perform the download. While it's admirable that your ISP provides some form of AV product there is still no alternative to having one locally so keep anything unwanted out of your computer. The ISP provided AV Product can give a False Sense of Security as you don't know how well this service is maintained and how it is kept up to date. There are also things like Redirection links that will not be picked up with an ISP provided AV Solution as well so you really need a local AV and Spy Ware programs installed and run regularly.

If this is of any help I've never actually picked up a Viral Infection off the Net but I regularly remove 20 - 30 Spy Ware programs per week from this workstation and it is used very little on the net at least. I visit my Regular suppliers daily nd download price lists, my ISP to see how much I've downloaded the previous day and TR as well as a few different Web Pages when required places like Apple to download the latest I Tunes for a client and things like that. I also once made the mistake of not installing an AV product onto a rebuild and only connected to the MS Live Update Page and picked up several infections which required the thing to be wiped and rebuilt again so now I never consider running any computer that can be connected to the Internet in any form without a AV product and some Spy Ware Products.

You can pick up the AVG AV product free from here

http://tinyurl.com/prs9k

And for Spy Ware products you can use these

http://tinyurl.com/lvov4

http://tinyurl.com/yrwy2

The only thing that you need to watch out for is with Spy Bot S & D you need to check any thing that it picks up as it can pickup things that you are actually using so you need to untick these items before proceeding to remove them or you will disable some programs that you are using. the Windows Defender used to be picked up by this and quite often Internet Banking Programs so you need to look before deleting so that you do not remove something that you use.

Col

Collapse -

Safe Mode; it's not really safe.

by gary.plummer In reply to What is "Safe Mode"/ down ...

Hi
I think you have been misled somewhat by the term 'Safe Mode'. All Safe Mode is is a loading of Windows with a minimal set of drivers so as to enable you to troubleshoot changes you do not want.
It does not provide you with a safe environment from which to operate; normal computer operations are not intended to be carried out while in 'Safe Mode'.
You must protect each and every Internet connected computer with Anti Virus software loaded with the latest virus definitions and a Firewall (hardware or software). It is far easier to keep a computer clean than it is to clean up infected computers.
Best Regards
Gary

Collapse -

Symantec not responsive

by dketter In reply to Here is Symantec answer t ...

Symnatec never responded to my email on this virus after I found I was infected. Symantecs tool for sending file does not work for 2 infected files (windows\system32\el.dll and encddpva.dll) saying can not remove from present location. I am about to try copying/renaming to another location then sending to symantec. Norton Antivirus is not able to repair or remove this virus, so I will next try boot into Safe Mode and removal.

Collapse -

Procedure to remove stration

by sandeep5_24 In reply to how to remove w32.stratio ...

The best way is to boot the system in safe mode and run a scan using mcafee's sdat too. you can download this from mcafee site. The tool is a update file of virusscan
Download the file and copy to a folder. Go to command prompt--- c:\sdat
command-- sdat4568/e ( whatever number is present in the site)
scanpm /adl/all/clean
This would run a scan and clean the virus.

Back to Malware Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums