Braviax.exe Removal

Discussion in 'Malware Help (A Specialist Will Reply)' started by adamjanuk, Sep 19, 2009.

  1. adamjanuk

    adamjanuk Private E-2

    adamjanuk, Sep 19, 2009
    #1
  2. adamjanuk

    adamjanuk Private E-2

    adamjanuk, Sep 19, 2009
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!


    There are a few problems with the logs you supplied us.
    1. MGtools did not run properly at all and is very incomplete. Did you receive any errors while running it?
    2. ComboFix ran in reduced functionality mode which means either your antivirus was still running, ComboFix was out of date and you did not update it, or it was because you put it here: F:\combofix.exe The instructions clearly stated that it MUST be on your Desktop.
    With the above incomplete info, it is difficult to provide you with a complete fix since we cannot see everything we need to see. In fact, we see very little in the way of problems. Let's get started by doing the below.

    YOu should delete the below files or move them somewhere else if you want them. They do not belong in the C:\Program File folder.
    Code:
    2007-10-14 06:37 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-03-29 03:49 207872 ----a-w- c:\program files\Monopoly 3.doc
2006-03-24 22:36 6715392 ----a-w- c:\program files\WindowsDefender.msi
2005-12-20 01:54 20921040 ----a-w- c:\program files\AdbeRdr705_enu_full.exe
2005-12-20 01:04 34412848 ----a-w- c:\program files\iTunesSetup.exe
2005-12-17 03:06 6910088 ----a-w- c:\program files\MicrosoftAntiSpywareInstall.exe
2005-12-17 02:41 7230264 ----a-w- c:\program files\install.exe
2005-12-17 02:19 16150144 ----a-w- c:\program files\avg71free_371a669.exe
2005-12-17 01:43 11477288 ----a-w- c:\program files\DivXPlay.exe
2005-12-17 01:39 9692886 ----a-w- c:\program files\vlc-0.8.4a-win32.exe
    Do you recognize the below Registy Entries? Are they valid?
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    \Shell\AutoRun\command - K:\BYBaseballLauncher.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{47b4a388-9161-11db-b741-000c6e5e7849}]
    \Shell\AutoRun\command - g:\system\viewer\Viewer.exe
    \Shell\View your videos\command - g:\system\viewer\Viewer.exe

    You need to run MSconfig and put your PC into Normal Startup mode as requested in step 4 of the READ & RUN ME.

    Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.


    Now download The Avenger by Swandog46, and save it to your Desktop.
    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
    Now run Ccleaner. Only use the Run Cleaner button. Do not run anything else on any other forms.

    Now download the current version of ComboFix and save it to your Desktop. The shutdown ALL protection software and double click on ComboFix to run it.

    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


    Then attach the below logs:
    • C:\avenger.txt
    • C:\combofix.txt
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Sep 25, 2009
    #3
  4. adamjanuk

    adamjanuk Private E-2

    1. No I didn't recieve any errors while running Mgtools.
    2. The problem with combofix is that I cannot get connectivity to the internet with that particular machine. Combofix cannot update and it can not download Microsoft Windows Recovery console.
    3. The [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
    \Shell\AutoRun\command - K:\BYBaseballLauncher.exe
    I would assume is associated with my sons Back Yard Baseball game.
    4. The others I do not recognize. Unless that has to do with BYB game and Power ISO drive emulator.
    5. I tried to uninstall AVG free to run comofix but I kept getting an error about a registry key and it would not uninstall. Therefor I could not disable it for the scan. There is no internet connection so it still can not update nor can it put the Recovery Console on. I have been downloading everything via my lap top and transfering it with my flash drive.

    I can not attach the avenger log because it is pasword protected and I cant copy it to my flash drive so that I can move it to my lap top and email it.

    View attachment MGlogs.zip

    View attachment log.txt

    Just a recap: I still cant get an internet connection. I show conectivity on my network but no internet. I cant remove avg. I dont know of any other way of disabling it. I don't know any other way of attaching the avenger file because it's password protected.

    Thanks,

    Adam
     
    adamjanuk, Sep 26, 2009
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No you are not looking at the Avenger log. You are looking at the Avenger backup of what was deleted and that is a ZIP file. The Avenger log is just a plain old text file named C:\avenger.txt as stated and that is what you need to attach. It is right where my instructions said it would be.


    Just a recap: I still cant get an internet connection. I show conectivity on my network but no internet. [/QUOTE]What do you mean by "no internet"? Do you mean you cannot browse? Have you tried using IP addresses rather than URLs? Like use 66.249.80.104 instead of www.google.com

    Have you checked your ethernet settings? Are you getting the proper IP address and other setting for your network? Run ipconfig /all from a command prompt and check that settings are correct.


    Your logs are clean but you should do the below.


    Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

    After clicking Fix, exit HJT.
     
    chaslang, Oct 2, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds