Braviax Problems

Welcome to Major Geeks!

If you have read some of the threads here, you will notice that braviax.exe does prevent SUPERAntispyware, ComboFix and possibly Spybot from running but MGtools.exe has always run thus far. Give it a try and attach the requested log.

 

That is not the log from MGtools. As stated in the READ ME, the log is C:\MGlogs.zip

 

Okay you have a few other infections in addition to braviax.


Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {182C7ED7-E56D-4509-9D9B-AC49318D9895} - C:\WINDOWS\system32\urqoolm.dll
O2 - BHO: (no name) - {B70D3D3E-D560-4057-A60E-8587C952A4E5} - C:\WINDOWS\system32\pmnll.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSDrive] rundll32.exe C:\WINDOWS\system32\drvcuf.dll,startup
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvjah.dll,startup
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [d873bdac] rundll32.exe "C:\WINDOWS\system32\btfppjuq.dll",b
O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\WinReanimator.exe" /hide
O4 - HKLM\..\Run: [BMdb408e30] Rundll32.exe "C:\WINDOWS\system32\ujgligat.dll",s
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O20 - AppInit_DLLs: cru629.dat
O20 - Winlogon Notify: urqoolm - C:\WINDOWS\SYSTEM32\urqoolm.dll
O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot look for all of the above files we had Avenger attempt to delete. If you still see them, delete them yourself.

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\Daniel san\Local Settings\Temp

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.

See if you can run ComboFix and SUPERAntispyware now. If you can, then attach the logs from them too.

Make sure you tell me how things are working now!

 

Where did you save Avenger.zip and avenger.exe to? My instructions said to save them to your Desktop by I do not see them? Did you follow those instructions?

You still have more malware to fix but I need to know that Avenger is going to work properly and produce a log.