Worm


  #1  
Old 10-04-06, 07:54 AM
F
Member
Thread Starter
Join Date: Feb 2005
Location: Northern New Jersey
Posts: 468
Upvotes: 0
Received 0 Upvotes on 0 Posts
Worm

Has anybody out there run into W32.STRATION@MM worm ?. My computer is infected, and I haven't been able to fully remove it. I've been to the Norton site, and the McAfee site. They can both detect it, but can't fully remove it. I got further by manually editing the registry, but I am weary of doing that and breaking something even worse.
 
  #2  
Old 10-04-06, 08:09 AM
AxlMyk's Avatar
Banned. Rule And/Or Policy Violation
Join Date: Dec 2005
Location: Earth
Posts: 869
Upvotes: 0
Received 0 Upvotes on 0 Posts
If Norton and MaCafee can't get rid of it, then your only option is re-install.. Goto your harddrive manufacturers website and get their utility for disk maintenance.. It will create a bootable floppy or CD.. Use that to low-level format the drive.. It writes 0s to every sector of the drive.. That's the ONLY sure way of getting rid of a virus/worm/trojan etc..
 
  #3  
Old 10-04-06, 10:42 AM
I
Member
Join Date: Feb 2006
Posts: 124
Upvotes: 0
Received 0 Upvotes on 0 Posts
What is the error you are getting when Norton tries to remove the virus? Is it unable to delete certain files?

Have you tried this:
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.aspx

Have you tried the other free antivirus programs listed in this thread?
http://forum.doityourself.com/showthread.php?t=157468

This virus is not destructive so you should not have to reinstall windows to get rid of it. You may just have to manually delete some files.

-Mike
"Romulan Ale. Why, Bones, you know this is illegal."
"I only use it for medicinal purposes. "
 
  #4  
Old 10-05-06, 10:22 AM
F
Member
Thread Starter
Join Date: Feb 2005
Location: Northern New Jersey
Posts: 468
Upvotes: 0
Received 0 Upvotes on 0 Posts
ironhead1230,

WHat happens is that when I boot in normal mode, I get a huge amount of non-stop disk activity. If I look at task manager, I see a steady decrease of available memory, and within 10 minutes or so, the memory is exhausted and the machine stops.

I have Norton, and if I run a scan in Safe Mode, it finds and deletes infected DLL's, etc., but as soon as I go back to normal mode it happens again. I really would hate to have to low level format and reinstall......that would really stink for me.

The name of the affected DLLs so far are MIGLNTMA.DLL, and MSIHHAC.DLL. There are also a couple of .TMP files that keep popping up.....APQ4.TMP, and APQD.TMP......I Googled all of these and found lots of hits for the DLLs, and some hits on a chinese web page for the .TMP files. The translation wasn't very good, so I could not make heads or tails out of what was going on.......it was like reading chinese, if you pardon the pun.....(humor is all I have left at this point).

I found some stuff from SOPHOS that I intend to try tonight.

BTW.......thank God for my PC at work, otherwise this thread would not be happening.......


thanks.
 

Last edited by DIYaddict; 10-12-06 at 10:41 AM. Reason: Removed quote as it's unnecessary to quote the entire post directly above yours
  #5  
Old 10-05-06, 10:09 PM
B
Member
Join Date: Oct 2006
Location: Fresno
Posts: 27
Upvotes: 0
Received 0 Upvotes on 0 Posts
fxcarden,

The CPU & Memory usage you're seeing is the worm running it's SMTP engine. The "MM" in the worm name signifies "Mass Mailer", basically the worm uses it's own SMTP engine to email addresses it finds on your computer. If you look in your Task Manager, you'll probably see a process called "svchost32.exe" hogging up quite a bit of system resources.

When you boot into Safe Mode and run Norton to clean the infected files, did you first disable setting a System Restore point? If you haven't yet done this, I highly recommend doing so & attempting to remove the worm again.

Let me know what happens. If that didn't work, we'll move on to Plan B.

To disable setting a System Restore Point:
1. Right click on My Computer and select Properties
2. Click the System Restore tab
3. Put a check mark next to "Turn off System Restore on all drives"
4. Click OK
5. When prompted to restart, do so into safe mode & attempt cleaning.
 
  #6  
Old 10-12-06, 08:29 AM
F
Member
Thread Starter
Join Date: Feb 2005
Location: Northern New Jersey
Posts: 468
Upvotes: 0
Received 0 Upvotes on 0 Posts
beantowner

I wound up running the antivirus software that Sophos puts out, right from the DOS prompt (Safe Mode with Prompt). I set the options to "DELETE", and this got rid of the worm, however I think the AV software deleted a component of windows, since now I can't seem to VPN. Other than that the computer is operating properly now, although it seems to be running slower than before for some reason.

At some later time, I will wipe out the HDD and reinstall everything. I just need to have enough alcohol available to get thru it.


Thanks for the help.
 

Last edited by DIYaddict; 10-12-06 at 10:42 AM. Reason: Removed quote as it's unnecessary to quote the entire post directly above yours
  #7  
Old 10-12-06, 07:54 PM
tae's Avatar
tae
tae is offline
Member
Join Date: Nov 2002
Posts: 2,451
Upvotes: 0
Received 0 Upvotes on 0 Posts
you can try this:
http://www.snapfiles.com/get/winsockxpfix.html

or you could reinstall vpn.

Alot of times, worms will take over your connection settings, especially since they need them to mass mail or other things. When the worm is deleted, it can take part of that with it.
 
 

Thread Tools
Search this Thread
 
Ask a Question
Question Title:
Description:
Your question will be posted in: