brastk.exe & delself.bat

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by tenaciouslee, Oct 13, 2008.

  1. tenaciouslee

    tenaciouslee Private E-2

    I am using windows xp home, with service pack 3 installed.

    I have delself.bat icon on my desktop, I had this a few months ago coupled with braviax.exe and was able to eliminate it (though darned if I remember how) but this time I can't find a braviax file, though I do see a couple of brastk.exe entries under the "startup" tab when I run msconfig.

    This is coupled with the little red circle w/white x that warns me of a spyware attack in the system tray. I also sometimes have a similar icon that is a yellow triangle with an '!' in the middle (like a caution sign). In addition the desktop wallpaper has been replaced by a blue screen with a similar warning message and a link to a url that wants to sell me antispyware.

    Additionally the desktop flashes every little bit as if refreshing the desktop. and occasionally a fake windows security message comes up prompting me to enable my firewall but again just redirects to a url.

    I am running the newest version of kaspersky antivirus which seems to be able to see the trojan downloader but has had little success removing it so far.

    Any help you can give me will be greatly appreciated, I attached my hijackthis logfile.
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Welcome to Major Geeks!

    Please uninstall HJT as it will be properly installed when you do the following:

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    READ & RUN ME FIRST. Malware Removal Guide

    Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can running steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools on another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
     
  3. tenaciouslee

    tenaciouslee Private E-2

    Apologies, I hadn't seen the READ ME RUN ME sticky until after I had posted my thread.

    After running all the scans I have noticed a dramatic improvement, so much so that I daresay it seems I'm cured. However, as I mentioned above I had the same virus (malware program? I think that's too nice a term for such a nightmare, but c'est la vie).
    At any rate, I would appreciate if you would check my logs and make sure that I am free and clear for good. Also, if there are additional steps (aside from the described toggling of the system restore) and which programs (superantispyware, malwarebytes, etc) I should keep and which to get rid of, and any special steps needed to remove those aside from deleting them from my desktop and/or uninstalling them via the control panel.

    Also, from now on do you think I will be safe using Kaspersky antivirus (I only installed it after I was infected, so while it wouldn't remove this problem would it adequately prevent it in the future?) or should I keep superantispyware as well, and if so how should I configure it? (obviously these are subjective questions, but I'm deferring to your much more educated judgement at the moment, so any recommendations you could make would be appreciated)

    Thank you very much for your time, I don't know what I would have done had I not found this website!
     
  4. tenaciouslee

    tenaciouslee Private E-2

    Whoops, forgot the logs.
     

    Attached Files:

  5. tenaciouslee

    tenaciouslee Private E-2

    One more.
     

    Attached Files:

  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

    download The Avenger by Swandog469, and save it to your Desktop.

    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
    C:\WINDOWS\Temp
    C:\Documents and Settings\%username%\Local Settings\Temp

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.
     
  7. tenaciouslee

    tenaciouslee Private E-2

    Ok, done all that (and even deleted some files from today in the temp folders; it let me delete some and claimed some of the others were being used by another program).

    Just let me know what the next step is!
     

    Attached Files:

  8. tenaciouslee

    tenaciouslee Private E-2

    Ok, crap. My pc was working great and it seemed everything had been fixed, I was just waiting for the final word before I toggled system restore, and windows update went and updated while I wasn't looking. It then restarted, as it tends to do afterward and now I can't boot up at all, including into safe mode. I can boot into the recovery console that we installed with combofix, but I don't know how to use it or what to do.

    Also, the windows file I downloaded and dragged into combofix may have been deleted (after dragged into combofix), could that be the cause of my problem? (or cause another problem I haven't even gotten into yet?)

    When it asks if I want to go into safe mode there are several options, but if I hit F8 there are several more, none of which I know how to use. I have tried booting using the last known good configuration but it does the same thing; tries to boot then kicks me back to the safe mode selection screen.

    Please help!
     
  9. tenaciouslee

    tenaciouslee Private E-2

    Oh, and in case you can't tell, I'm posting this from another computer, I can't get mine started at all.
     
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

  11. tenaciouslee

    tenaciouslee Private E-2

    Option one calls for the windows xp cd, while I do not have one I have a Toshiba recovery cd which appears to have a similar function, the only problem being that The only option I have is to restore the OS to "out of the box" status, basically an entire reinstall (which at this point I wouldn't even mind, but there's quite a few files I'd like to get off the hard drive before she gets wiped).

    The second option warns not to use it if I'm running an OEM operating system, which as far as I know means factory-installed, which is what I've got. Is that just a precaution and should I try it anyway? And aren't I likely to run into the same problem when I try to boot from that disk that only wants a complete wipe?

    Is there any other way to get the files I need off the hard drive before I restore the OS?
     
  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I believe with the Toshiba recovery disc you will have the option to save your data and files...is that not correct?

    Edit---> you may wish to ask that in the software section to be sure.
     
  13. tenaciouslee

    tenaciouslee Private E-2

    'Fraid not, it warned me several times that it would remove all my files and that I should back them up before starting, but when I clicked that I hadn't backed up yet it kicked me off and shut down.

    I was able to do "system restore thru recovery console and followed all directions to the letter, and I'm still having the same problem; won't boot into anything except for system recovery (and booting from the cdrom = a complete reinstall)
     
  14. tenaciouslee

    tenaciouslee Private E-2

    Oh, I should note that to boot into recovery console I'm using the one combofix installed on the hdd, and that I'm not booting from the CD as instructed, since I don't have the xp cd.
     
  15. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    In order not to loose your data, I suggest you remove your harddrive and slave it to another computer so you can backup your data.

    Then put it back in and try the corrupt registry patch....as you will have nothing to lose by doing it at that point. :(
     
  16. tenaciouslee

    tenaciouslee Private E-2

    Yeah, that's what I had to do. The good news is I found a bigger faster hdd so I just installed that and installed the old one in an external usb kit. I managed to get most of my important data out, but there's still a few things, could you recommend a good data recovery tool that is free? I haven't been able to find one (I know this really isn't the right forum for that but I thought I'd take a shot).

    Otherwise, thanks a lot for all of your help, we got very close to having repaired everything and windows reared it's ugly head.
     
  17. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    PCInspector File Recovery works well....and yes, malware can wreck havoc these days.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds