Got infected with Braviax, did the steps outlined, help please.

Ok, so last night my PC randomly shuts off and when I restarted it, WinReanimator was doing something so I immediately knew something was going on. I disconnected my internet, booted up in safe mode, tried to delete the braviax.exe and cru629.dat files from the registry but it would continue to show up everytime I would restart.

So I did the steps outlined in the tutorial (great btw) and got the 3 logs. Can the Gods here at MG help a brother out? I also want to mention that prior to doing the cleansing process, I did run Windows Defender and Windows Malicious Software Removal Tool. Defender found like 6 trojan entries (and I was freaking out), Windows Malicious Software Removal tool found nothing.

Any help would be appreciated.

 

Hi w00terz,
Welcome to Major Geeks!

Your computer is not in msconfig normal startup mode. Please go to Start / Run and type in msconfig and click on ok. In the window that opens up, click on the box next to normal startup, click on apply and then on ok.

After your computer changes to normal startup mode, please rerun the MGtools by going to the MGTools folder under C and finding the file called GetLogs.bat. Double click on this and allow it to run to completion. When you upload your files as attachments, you'll find the MGlogs.zip directly under C.

abri

 

Thank you for the quick reply, Abri. Also thanks for the Welcome. I went ahead and changed startup to normal startup mode (didn't realize I had it on selective) and re-ran the MGtools program as requested.

I uploaded the new log, it is in the attachment. Again I want to thank you for taking the time to help me with my computer problems.

 

Hi w00terz,

1) Please disable your guest account if this has not already been done.

2) Go to add/remove programs and uninstall the below:

Viewpoint Media Player
J2SE Runtime Environment 5.0 Update 11
Java(TM) 6 Update 3

3) Reboot after uninstalling the above.

4) Install the current version of Sun Java from: Sun Java Runtime Environment

5) If you do not use Windows Messenger (not to be confused with MSN Messenger!!) I would like you to run Disable/Remove Windows Messenger

6) Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)

Does the following belong to a program you know or want to keep? If not, please fix it as well.

O23 - Service: Dcbcligers - Unknown owner - (no file)

After you click fix, just close hijackthis.


7) Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

8) Please run CCleaner.


9) Please run C:\MGtools\GetLogs.bat and attach the fresh MGlogs.zip it generates along with the Avenger log.


Let me know how things are running now?

abri

 

Thanks again for the reply, Abri!

I went ahead and performed the steps outlined in your post. Everything seems to be working the same (fine).

I attached the two logs. Does this mean I've been cleansed of all "infections?"

 

Hi w00terz,

What is the following item? Did you try to fix it or did you decide to leave it? If it's something you tried to have hijackthis fix and it didn't get fixed, then wait with the instructions in the box below.

O23 - Service: Dcbcligers - Unknown owner - (no file)

Other than that one entry, your logs look fine. Please do the final cleanup instructions in the box:

abri

 

What's up Abri? I really have no idea what that thing was, I decided to fix it (I'd rather play it safe than sorry). I'm not sure if hijackthis fixed it? Anyways, I'll do the final cleanup and what not. I REALLY, REALLY appreciate your help, I can't believe you guys spend time doing this for people for free. I can't thank you enough.

If there's anything else, please let me know. Again, I sincerely thank you dude!

 

Hi w00terz,
The only thing about the 023 entry in HijackThis is that it may be necessary to stop the service before it can be fixed. If you have not yet run the final cleanup instructions, go to the MGTools folder and find analyse.exe and double click on it to run it. Select Do a system scan only. Allow it to run and see if the O23 - Service: Dcbcligers - Unknown owner - (no file) entry is still there. If it's still there, it needs to be disabled before it can be fixed.
abri