brastk.exe & delself.bat karna.dat

I tried to do the read and run me first malware removal guide (I downloaded the programs) but I stopped after trying both SAS and Spybot. Both programs installed but when I double click them nothing loads. I can't run the programs. Actually I already had Spybot installed but it wouldnt load the first time so I uninstalled it and then downloaded a new one and installed it but it still won't run.

This is how my problem started. I was looking for a video converter. I clicked on a link and a web page opened. when it came up I heard IE clicks like I was clicking on links but I wasn't then I got an error about WAB.exe couldn't finish loading or something. Then my computer just restarted. Now I have the little Red button with the white X in my systray and it keeps popping up messages to say I am infected (no kidding). I never clicked it because it just looks like spyware to me.

I see delsef.bat on my desktop, brastk.exe in my C:windows directory and karna.dat in a couple of places. I deleted delsef.bat and brastk.exe. Of course brastk.exe just reappears with each restart of my computer.

I'm not sure where to go from here since I can't even run thru the "run me first".

Anyone with any ideas?

 

Ok I went ahead and tried MBAM and it worked and seems to have removed the red circle with the white X.

 

I've run Combo Fix and MG Tools and the logs are attached.

Things seem to be normal.

If anyone can tell me if it looks good it would be most appreciated.

 

1) What can I say, I procrastinate. I need to get virus protection reinstalled. I've been without it for... well a stupid amount of time.
2) Yes I installed it and it is fine. It is a internet monitoring software I use. (aka kids)..
3) I have no idea on those two drivers. I did a file search and couldn't find either of them. I tried looking at the path and couldn't find the file. I did a registry search and I find the seriall.sys in a couple of places. One path for example is HKEY_Local_Machine\SYSTEM\ControlSet003\Services\seriall Then it is listed under the Imagepath Key. bDMusicb.sys shows up at this location in the registry HKEY_USERS-1-5-21-1123561945-343818398-68200-3330-1003\Software\Microsoft\earch Assistant\ACMru\5604 The Key Name is 000 the data line is bDMusicb.sys. But again I have no idea what it is related to and I can't find that actual file on the computer. I'm guessing if the files aren't on the computer it is fairly safe to delete the registry entries. Any opinions?

4) You are correct I changed the filename to deletebrastak.exe, it has now been deleted.

I'll run the HJT or analyse.exe.

 

The log is attached.

Can I delete any registry key that contains the seriall.sys or the bDMusicb.sys values?

 

It appears to have deleted them when I ran combofix this time around. I just did a search thru the registry and it doesn't find any reference to those two drivers now.

I just downloaded a new 2009 PC-cillin. Now that we seem to have this fixed I will install it.

Thanks again for your help. cool:cool

 

If you are not having any other malware problems, it is time to do our final steps:

1. We recommed you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significan amount of resources ( except a little disk space ) until you run a scan.
2. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
3. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /u
     • Notes: The space between the combofix" and the /u, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
   • Delete the C:\combofix folder from combofix (if it exists)
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis.
8. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
9. If you are running Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!