Trojan:Win32/Stration.dr

[babygigles]

I have Windows LiveOncare installed on my PC, and during a virus scan a virus
was found. Windows LiveOnecare could not remove or quarantine this virus, but
could only block it, the virus is, Trojan:Win32/Stration.dr. My operating
system is Windows XP Professional SP2, I also have updated to Internet
Explorer7. I would like any information available on how to troubleshoot this
problem.
--
babygigles(handle with care)

 

[Kayman]

"babygigles" <babygigles@discussions.microsoft.com> wrote in message
news:7D399C6F-2AEF-4C56-81C3-2295D9C4AA7E@microsoft.com...
>I have Windows LiveOncare installed on my PC, and during a virus scan a
>virus
> was found. Windows LiveOnecare could not remove or quarantine this virus,
> but
> could only block it, the virus is, Trojan:Win32/Stration.dr. My operating
> system is Windows XP Professional SP2, I also have updated to Internet
> Explorer7. I would like any information available on how to troubleshoot
> this
> problem.

1) Clearing Cache on Microsoft® Internet Explorer 7.0
Click Start, select Settings and Control Panel.
Double-click Internet Options to open Internet Properties.
Click Delete Files button.
Click Delete button across from Temporary Internet Files.
Click Yes.
Click Close.
Click Ok.

2) For non-viral malware:

SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

Ad-Aware - Free
http://www.lavasoftusa.com/products/ad_aware_free.php
http://www.download.com/3000-2144-10045910.html

Spybot Search & Destroy - Free
http://www.safer-networking.org/en/download/index.html

After the software is updated, it is suggested scanning the system in Safe
Mode.
How do you boot to Safe Mode?
By pressing/tabbing F8 (or F5 on some keyboards) during re-boot.
Alternatively:
click onto Start==>Run, type "msconfig" (without quotation marks), click OK.
Then click onto BOOT.INI tab and 'check' /SAFEBOOT then OK and click
Restart. To go back to Normal Mode, you must access the System Configuration
utility again and click the General tab then click/check the radio button
'Normal Startup'- load all device drivers and services'.
A description of the Safe Mode Boot options in Windows XP
http://support.microsoft.com/default.aspx?scid=315222

3) For viral malware:

Download David H. Lipman's MULTI_AV.EXE from the URL --
http://www.pctipp.ch/downloads/dl/35905.asp

To use this utility, perform the following...
Execute Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose Unzip
Choose Close

Execute C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your FireWall to allow it to download the needed AV vendor related
files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in
Normal Mode. This way all the components can be downloaded from each AV
vendor's web site.
The choices are Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot
the PC.

You can choose to go to each menu item and just download the needed files or
you can download the files and perform a scan in Normal Mode. Once you have
downloaded the files needed for each scanner you want to use, you should
reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again
and choose which scanner you want to run in Safe Mode.

It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help file.
http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm

4) Valuable advice from an AV expert, David H. Lipman
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Question:
"Is it advisable to turn off System Restore while cleaning the OS using
AV/A-S, and if so, when do you turn it off and then on?
Also is it was recommended to delete all restore point during this
procedure?"

Answer (David H. Lipman):
"I used to be convinced that one should dump the System restore cache PRIOR
to cleaning a system. However after many discussions and based upon
personal tests and experience, I have come to the conclusion that this
should be done AFTER a system is cleaned.

Here's the problem. Most malware are binary files that the System Restore
cache will create a backup of in restore points. When one gets infected,
copies of the infector are now stored in the System Restore cache. If you
clean the system then restore to a prior Restore Point that contains
infectors, the OS become re-infected.

If you clean a PC and don't expect to restore to a previous Restore Point
then eventually the infected files will cache-out. In that situation, one
does NOT need to dump the System Restore cache.

If you dump the System Restore cache PRIOR to cleaning the system, you will
also remove a fall back point. That is, if during the cleanup the system
becomes unstable, you will not be able to restore the system from a previous
Restore Point. If you did restore the system
back to that state, you can clean the system differently such that the
system won't become unstable and/or unusable. Thus an infected Restore
Point is better than no Restore Point at all.

Later, when the system is cleaned and verified to be stable, you can then
dump the System Restore cache, reboot the PC and then re-enable the system
Restore cache and subsequently manually create an initial Restore Point.

Thus it is better the dump the System Restore Cache AFTER and not BEFORE the
system has been cleaned of malware."
Be guided accordingly.

5) Windows OneCare as an anti virus software just isn't good at all It has
a low catch rate.
You need to remove OneCare and replace it with something more substantial
like Kaspersky or NOD32. Alternatively, you may opt for a Free AV
application which usually is sufficient for home users.

Real-time AV applications (choose one (1) only).

Do not utilize more than one (1) real-time anti-virus scanning engine!
Disable the e-mail scanning function during installation (Custom
Installation on some AV apps.) as it provides no additional protection. In
fact, most of experts (incl. Norton) believe that scanning incoming and
outgoing mail causes e-mail file corruption.

Avira AntiVir® PersonalEdition Classic - Free
http://www.free-av.com/antivirus/allinonen.html

Free antivirus - avast! 4 Home Edition
http://www.avast.com/eng/avast_4_home.html

AVG Anti-Virus Free Edition
http://free.grisoft.com/

Kaspersky® Anti-Virus 7.0 - Not Free
http://www.kaspersky.com/homeuser

ESET NOD32 Antivirus - Not Free
http://www.eset.com/
Have you seen these "extra settings for NOD32"?
http://www.wilderssecurity.com/showthread.php?t=37509

6) On-demand AV application (add it to your arsenal and use it as a "second
opinion" av scanner).
BitDefender10 Free Edition
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

 

[Milo \(MSPSS\)]

If you are a subscriber/user for Windows Live Onecare please proceed to
this site for assistance
http://forums.microsoft.com/WindowsOneCare/default.aspx?SiteID=2



"babygigles" <babygigles@discussions.microsoft.com> wrote in message
news:7D399C6F-2AEF-4C56-81C3-2295D9C4AA7E@microsoft.com...
>I have Windows LiveOncare installed on my PC, and during a virus scan a
>virus
> was found. Windows LiveOnecare could not remove or quarantine this virus,
> but
> could only block it, the virus is, Trojan:Win32/Stration.dr. My operating
> system is Windows XP Professional SP2, I also have updated to Internet
> Explorer7. I would like any information available on how to troubleshoot
> this
> problem.
> --
> babygigles(handle with care)