Can not remove a I-Worm/Stration

Q.dot · 04-22-2008, 02:10 AM

Hello - I think the problem I have is fairly new and I don't really know what to say. I don't know what happened but now know my computer has been infected by a worm. One day, when I started up Neverwinter nights 2, a threat was detected which was a I-Worm/Stration.GVE which came from the autorun file on my Neverwinter nights2 CD. I know my CD couldn't be infected because it's a CD. Commercial CD's aren't rewritable and I have run this file many times before. I searched the AVG virus encyclopedia which recommended the vcleaner. I downloaded it and followed the instructions which was run the allocator in safe mode which I did. I restarted my computer and ran Neverwinter nights 2. It came up again with I-Worm/Startion. After some more searching on the net I found that the effects other people have from this worm are nothing like mine. Another thing is that when I search the net with the file with the file type included (which was .GVE) nothing came up. Someone please help me with some info of how to get rid of this thing.

tetonbob · 04-22-2008, 11:05 AM

It's possible that new AVG definitions are seeing the autorun.inf file on the CD as a threat.

Autorun infections are a major threat these days.

You should be able to explore the CD, examine the autorun.inf file to see if it seems legitimate. You may want to upload the file to AVG if you believe it to be a false positive.

See instructs here:

http://forum.grisoft.cz/freeforum/re...,backpage=,sv=

Also, scan the file at VirusTotal just to be sure.

You may also want to pose a query at the AVG support forums, which are run by users of AVG.

http://forum.grisoft.cz/freeforum/

Read this first:

http://forum.grisoft.cz/freeforum/re...,backpage=,sv=

Q.dot · 04-22-2008, 08:30 PM

So you are saying that AVG thinks that the the auto run file on my CD is a threat but it really isn't. And by the way, it says it's the Autorun.exe that is infected, not the Autorun.inf file.

tetonbob · 04-22-2008, 08:41 PM

It's a manufactured CD, right? You've not added files to it, right? autorun.exe has been there since it was created?

Yes, I would say that it's a likely false positive. New definitions are reacting to a pre-existing file in a new way.

Once you're sure it is indeed a false positive, if you use that CD often, I would think there's a way to add the file to exclusions.

If you follow through the steps I outlined, scan the file and contact AVG about it, they may well change definitions in future updates.

Q.dot · 04-22-2008, 08:56 PM

Thanks for the info.

04-22-2008, 02:10 AM	#1 (permalink)
Q.dot Registered User Join Date: Mar 2008 Posts: 5 OS: XP	Can not remove a I-Worm/Stration Hello - I think the problem I have is fairly new and I don't really know what to say. I don't know what happened but now know my computer has been infected by a worm. One day, when I started up Neverwinter nights 2, a threat was detected which was a I-Worm/Stration.GVE which came from the autorun file on my Neverwinter nights2 CD. I know my CD couldn't be infected because it's a CD. Commercial CD's aren't rewritable and I have run this file many times before. I searched the AVG virus encyclopedia which recommended the vcleaner. I downloaded it and followed the instructions which was run the allocator in safe mode which I did. I restarted my computer and ran Neverwinter nights 2. It came up again with I-Worm/Startion. After some more searching on the net I found that the effects other people have from this worm are nothing like mine. Another thing is that when I search the net with the file with the file type included (which was .GVE) nothing came up. Someone please help me with some info of how to get rid of this thing.

04-22-2008, 11:05 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,564 OS: 2000 Pro; XP Pro; XP Home	Re: Can not remove a I-Worm/Stration It's possible that new AVG definitions are seeing the autorun.inf file on the CD as a threat. Autorun infections are a major threat these days. You should be able to explore the CD, examine the autorun.inf file to see if it seems legitimate. You may want to upload the file to AVG if you believe it to be a false positive. See instructs here: http://forum.grisoft.cz/freeforum/re...,backpage=,sv= Also, scan the file at VirusTotal just to be sure. You may also want to pose a query at the AVG support forums, which are run by users of AVG. http://forum.grisoft.cz/freeforum/ Read this first: http://forum.grisoft.cz/freeforum/re...,backpage=,sv= __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

04-22-2008, 08:30 PM	#3 (permalink)
Q.dot Registered User Join Date: Mar 2008 Posts: 5 OS: XP	Re: Can not remove a I-Worm/Stration So you are saying that AVG thinks that the the auto run file on my CD is a threat but it really isn't. And by the way, it says it's the Autorun.exe that is infected, not the Autorun.inf file.

04-22-2008, 08:41 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,564 OS: 2000 Pro; XP Pro; XP Home	Re: Can not remove a I-Worm/Stration It's a manufactured CD, right? You've not added files to it, right? autorun.exe has been there since it was created? Yes, I would say that it's a likely false positive. New definitions are reacting to a pre-existing file in a new way. Once you're sure it is indeed a false positive, if you use that CD often, I would think there's a way to add the file to exclusions. If you follow through the steps I outlined, scan the file and contact AVG about it, they may well change definitions in future updates. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

04-22-2008, 08:56 PM	#5 (permalink)
Q.dot Registered User Join Date: Mar 2008 Posts: 5 OS: XP	Re: Can not remove a I-Worm/Stration Thanks for the info.