Gone Green

After many different directions, I have decided to take this blog green. In addition to the occasional other news I may pop off on, I will be offering green tips and tricks from myself and the web. I hope you enjoy.

Wednesday, September 3, 2008

Braviax.exe spyware removal

Had this nasty little piece of spyware on my pc last night, along with one called burito.exe and delself. These three together gave me many hours of headaches until I finally got them out. I decided to put down what I did to remove them. Be warned, they are very malicious, so do not sign into anything or any accounts while you have this on. The warning signs of braviax are a new item on your taskbar that has a red x in a circle. It pops up a message "Warning, your pc is infected with spyware, click here for windows to remove it". Sounds very legitimate, but don't. This is a new means of either spreading more spyware, or getting you to buy something that may or may not delete the spyware. This happens to be a trend with spyware lately, it impersonates a windows operating system message, and in turn you download more spyware.

The following steps are a good piece of pre-emptive work everybody should do when they can. First, make sure your antivirus software is up and current. Also make sure you have Spybot Search and destroy loaded and updated, and I also use Ad-Aware. Also download a nifty little file called killbox.

Keep Spybot and Ad-aware updated at all times, and run once or twice a week. Also if you don't have your anti-virus running in the background, make sure you force a complete system scan once a week. Also it is wise to have your firewall running. I know they are a resource hog and sometimes annoying, but they are still pretty much necessary at all times to prevent this crap.

Killbox is a nifty little tool that will stop, or stop and delete any windows process running. Use this carefully, as it will stop and delete any windows process.

Now, for the main part, you have the nasy little braviax virus. First thing to do is print this off then disconnect from the internet. You have probably noticed adaware, spybot, and your antivirus are probably not running, or you can't get them to run. Killbox isnt running either. Don't panic.

Once disconnect from the internet, click start>>Run and type in msconfig. Be very careful here. Click the startup tab, and look for the following: Braviax.exe, burito.exe, delself, cru629. Uncheck any and all instances of this appearing there. Click apply, then ok. It will ask to reboot, do so now.

While rebooting, you need to reboot in safe mode. That means hitting F8 during boot up. Choose safe mode only, then proceed to boot. Once booted do the following.

Start>>Search. Search all files and folders, including hidden ones for braviax. Delete any and all instances you find. Repeat the process for delself, cru629, and burito. Empty your recycle bin.

Click start>>run and type in cmd, hit enter. This brings up the cmd prompt. type cd.. until you get to just the C> prompt.

Now because these like to hide, type del braviax.exe and hit enter. Doesn't matter if it does or doesn't find it. Repeat that except put cru629.dat, then burito.exe, and finally delself.exe Make sure to type del before each of these. So you will have done something that looks like the following:
C> del braviax.exe
C> del cru629.bat
C> del delself.exe
C> del burito.exe

Now you want to change directery so type in cd windows. This puts you in the windows directory. Repeate the above processto where you have done the following:
C:\WINDOWS> del braviax.exe
C:\WINDOWS> del cru629.bat
C:\WINDOWS> del delself.exe
C:\WINDOWS> del burito.exe

Make sure your spelling is correct. Next, cd system32. Your prompt should look like the following: C:\WINDOWS\system32> Complete the following commands.

C:\WINDOWS\system32> del braviax.exe
C:\WINDOWS\system32> del cru629.bat
C:\WINDOWS\system32> del delself.exe
C:\WINDOWS\system32> del burito.exe

Type exit to exit the command prompt. Next is a very important and potentially hazardous step unless you know what you are doing, or you follow directions very well. Click start>>Run and type regedit then hit enter. Now be very careful here. At the top of the registery editor, click my computer. Then click edit>>Search. Type in just the word braviax, hit enter. Delete every single instance of this word that pops up. When one does, delete, then hit F3 to continue to search. Repeat the process for cru629, burito, and delself. Once you have deleted all these, exit out. Check and empty your recycle bin if need be.

Now, to spybot. Odds are it should up and run normally at this point. If not, do the following. Find where spybot is installed on your computer, and rename the .exe file to SDmain1.exe This will allow it to start up unnoticed by any virus or spyware. Run it, clean everything it gets. Repeat with Ad-Aware and your antivirus. Reboot into normal mode and check things out. If you still have virus or spyware, you may need to take it in. Or update your definitions and re-run spybot, adaware, and your antivirus. Also be sure and rename anything whose name you changed back to the original. I usually just add a 1, it seems to work well.

Good luck and hope this helps.


Anonymous said...

Excellent help - Thanks!!

Anonymous said...

Can anyone recommend the top performing RMM tool for a small IT service company like mine? Does anyone use Kaseya.com or GFI.com? How do they compare to these guys I found recently: N-able N-central remote pc access software
? What is your best take in cost vs performance among those three? I need a good advice please... Thanks in advance!

Anonymous said...

Your blog keeps getting better and better! Your older articles are not as good as newer ones you have a lot more creativity and originality now keep it up!

Anonymous said...

Dear Alyce,

For long time I use this freeware: [url=http://www.freeflvtomp3converter.com]FLV to MP3 free converter[/url].

FLV to MP3 free converter is a free YouTube, MegaVideo, Dailymotion and similar video sites to MP3 Converter and allows you to convert a video to MP3 file.

This software is fast, free, and requires no signup. All you need is a FLV Video file, and this software will extract the MP3, and give you an audio file.

So you are able to listen to your favorite YouTube tracks on every MP3 player.

You can download it for free at [url=http://www.freeflvtomp3converter.com]www.freeflvtomp3converter.com[/url].

I hope this help you.

Anonymous said...

You could easily be making money online in the undercover world of [URL=http://www.www.blackhatmoneymaker.com]seo blackhat[/URL], You are far from alone if you have no clue about blackhat marketing. Blackhat marketing uses little-known or misunderstood ways to produce an income online.

JustinBarley said...

This has been a very significant blog indeed. I’ve acquired a lot of helpful information from your article. Thank you for sharing such relevant topic with us. I really love all the great stuff you provide. Thanks again and keep it coming

removals London

Anonymous said...

Thank you for sharing such relevant topic with us. I really love all the great stuff you provide. Thanks again and keep it coming

man and van London