malware braviax.exe installing malware winreanimator.exe

[subhuman_bob]

I just created this account, and can't reply to the existing posts for some reason. I assume it's a "new account" validation type of thing. Anyway, much like the people here, I ran into braviax.exe and winreanimator.exe on a friend's machine. Much like the others, no automated tools would do the job, and manual removal instructions from multiple sites were also ineffective. Tools worked fine for removal of winreanimator, but as long as braviax persists it will keep reinstalling winreanamator- so it's no real progress.
My solution isn't a total fix, but it's sure as hell a lot better than letting malware reside on your machine. Braviax is your real problem, winreanimator is merely a symptom.
Braviax.exe resides in two places:
\windows
\windows\system32
the copy in \windows\system32 is in memory upon boot, so it cannot be deleted. If you boot to command-line and remove it, it comes back.
My solution was to copy a harmless program to those locations with that name. Once they're in place, you're set.
step 1:
boot from CD to the recovery console
cd windows
del braviax.exe
cd system32
del braviax.exe
copy cmd.exe braviax.exe
attrib +S braviax.exe
cd ..
copy c:\windows\system32\cmd.exe braviax.exe
attrib +S braviax.exe
reboot

This has placed the command interpreter (cmd.exe) in the places where braviax.exe tries to be, and with its name. Braviax can no longer copy itself there and load itself.

It's an incomplete fix because every time you reboot, the command window will open- but at least it's harmless and easily closed. I can find no registry references to braviax.exe, so I don't know what's actually calling it in the first place. I'll be the first to admit I'm not a Windows guy (gimme OS/2 any day:P)
It's incomplete, and a little messy- but it will get that malware out of RAM and stop it from reloading winreanimator.
If anyone follows these steps, remember that it should be considered a temporary solution until a permanant complete fix is posted.

[chaslang]

Welcome to Major Geeks!

As you have stated this is not a fix. It is a work around but it does not remove the root problems. You really need to remove the root cause of the infection and any other garbage it may have installed. We fix this all the time without requiring the use of the Recovery Console which is also not an option for many people since they do not have a bootable copy of their Windows CD. A couple of example threads where it was removed are the below:

http://forums.majorgeeks.com/showthread.php?t=151994
http://forums.majorgeeks.com/showthread.php?t=152341
http://forums.majorgeeks.com/showthread.php?t=151983

That is just 3 examples but you get the idea. By running our required cleaning procedures we can then give specific instructions for each person to remove their problems. You will see us making use of special tools like ComboFix and Avenger which allow us to remove files without needing the Recovery Console.


If you would like to properly fix your PC ( which I would bet still has the root infection ) then follow the below instructions and we will remove all of the problems rather than masking it.

Attach the requested logs when you finish these instructions.

READ & RUN ME FIRST. Malware Removal Guide