Braviax in the cobofix log and in msconfig startup

Welcome to Major Geeks!

You are in pretty good shape but we have a little to do.

Run this Disable/Remove Windows Messenger to remove Windows Messenger. Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

You need to copy this file C:\I386\BEEP.SYS to the below two folders to replace the infected ones that were deleted
C:\WINDOWS\SYSTEM32\DLLCACHE
C:\WINDOWS\SYSTEM32\DRIVERS
Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe

After clicking Fix, exit HJT. And then reboot your PC before doing the below.

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it.

Then attach the below log:

• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

Re: Braviax in the combofix log and in msconfig startup

Read my message again. You don't need your disk.

Just delete it.

Based on your logs, you did not perform the fix I gave you with HijackThis (analyse.exe) in my last message. Please run those steps again and make sure you click Fix checked after selecting the lines and after making sure all browsers are closed.

 

Re: Braviax in the combofix log and in msconfig startup

You're welcome.

Yes you did it right!

You forgot to delete the below:
C:\Documents and Settings\Kelly B. Griffith\Desktop\delself.bat

After deleting the above file your logs will be clean.

If you are not having any other malware problems, it is time to do our final steps:

2. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN
   • Now type combofix /u in the runbox and click OK.
   • Note: The space between the X and the /U, it must be there.
3. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
4. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
5. If you are running Windows XP or Windows ME, do the below:
   • Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
6. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

Re: Braviax in the combofix log and in msconfig startup

Then just delete the below yourself:
C:\Documents and Settings\Kelly B. Griffith\Desktop\ComboFix.exe
C:\ComboFix.txt
C:\QooBox <-- this is a folder

The tools are updated very frequently and you must always make sure you are using current versions. Thus, you should always be redownloading the tools to make sure you are current. The READ & RUN ME changes too, so you must always make sure you are following instructions from the current online copy before posting here.