W32 Stration Word - Help!

[GrnEyedLdy]

Hello all,

I have machine that was infected with the W32 Station worm recently. I have followed all recomendations and deleted all registry keys. However there is one that keeps repopulating itself in the registry

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENT VERSION\WINLOGON\NOTIFY\Wshaplus

I delete it an it comes back. Have done everything from SAFE mode as well.

Any help greatly appreciated!

Thanks,

Patty

 

[Isis1959]

Try this:

http://www.sophos.com/security/analyses/w32strationx.html?_log_from=rs

 

[kjv1611]

If you can't end up 100% getting rid of it, it wouldn't be a bad idea to use something like DBAN (Darik's Boot 'N' Nuke) to format the C: drive in the machine, and start over - just back up everything first.

I only say this because if you're doing it in Safe Mode, and deleting all the registry entries, it would almost seem that there may be also a copy of the malware outside of the OS, on an "unformatted" portion of your hard drive.

By using DBAN, you'll get everything, garaneed, and then can just start fresh - that is if getting rid of the virus is more important than having the machine up and running within the next couple hours.

Just a suggestion.

 

[cmeagan656]

If your machine is XP or ME then there chould be a copy in your system restore files. Disable and then enable your system restore to clear all your restore points.

Cheers.