malware braviax.exe installing malware winreanimator.exe

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by subhuman_bob, Feb 24, 2008.

  1. subhuman_bob

    subhuman_bob Private E-2

    I just created this account, and can't reply to the existing posts for some reason. I assume it's a "new account" validation type of thing. Anyway, much like the people here, I ran into braviax.exe and winreanimator.exe on a friend's machine. Much like the others, no automated tools would do the job, and manual removal instructions from multiple sites were also ineffective. Tools worked fine for removal of winreanimator, but as long as braviax persists it will keep reinstalling winreanamator- so it's no real progress.
    My solution isn't a total fix, but it's sure as hell a lot better than letting malware reside on your machine. Braviax is your real problem, winreanimator is merely a symptom.
    Braviax.exe resides in two places:
    \windows
    \windows\system32
    the copy in \windows\system32 is in memory upon boot, so it cannot be deleted. If you boot to command-line and remove it, it comes back.
    My solution was to copy a harmless program to those locations with that name. Once they're in place, you're set.
    step 1:
    boot from CD to the recovery console
    cd windows
    del braviax.exe
    cd system32
    del braviax.exe
    copy cmd.exe braviax.exe
    attrib +S braviax.exe
    cd ..
    copy c:\windows\system32\cmd.exe braviax.exe
    attrib +S braviax.exe
    reboot

    This has placed the command interpreter (cmd.exe) in the places where braviax.exe tries to be, and with its name. Braviax can no longer copy itself there and load itself.

    It's an incomplete fix because every time you reboot, the command window will open- but at least it's harmless and easily closed. I can find no registry references to braviax.exe, so I don't know what's actually calling it in the first place. I'll be the first to admit I'm not a Windows guy (gimme OS/2 any day:p)
    It's incomplete, and a little messy- but it will get that malware out of RAM and stop it from reloading winreanimator.
    If anyone follows these steps, remember that it should be considered a temporary solution until a permanant complete fix is posted.
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    As you have stated this is not a fix. It is a work around but it does not remove the root problems. You really need to remove the root cause of the infection and any other garbage it may have installed. We fix this all the time without requiring the use of the Recovery Console which is also not an option for many people since they do not have a bootable copy of their Windows CD. A couple of example threads where it was removed are the below:

    http://forums.majorgeeks.com/showthread.php?t=151994
    http://forums.majorgeeks.com/showthread.php?t=152341
    http://forums.majorgeeks.com/showthread.php?t=151983

    That is just 3 examples but you get the idea. By running our required cleaning procedures we can then give specific instructions for each person to remove their problems. You will see us making use of special tools like ComboFix and Avenger which allow us to remove files without needing the Recovery Console.


    If you would like to properly fix your PC ( which I would bet still has the root infection ) then follow the below instructions and we will remove all of the problems rather than masking it.

    Attach the requested logs when you finish these instructions.

    READ & RUN ME FIRST. Malware Removal Guide
     
    Last edited: Feb 26, 2008

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds