Braviax, Winreanimator issues

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by bobbolden, May 7, 2008.

  1. bobbolden

    bobbolden Private E-2

    My laptop is infected with Braviax and the Read and Run Me First procedure did not remove the virus. I experienced the following problems while running the cleaning procedures:
    I was able to remove the old java and download the 6.4 version but the system will not allow me to run it
    I downloaded and ran all the tools excep SpyBot which would not run after the download. However, the virus turned on TeaTimer and after repeadedly turning it off I removed SpyBot
    After running all the tools I began getting cfontinual popups for SuperAntiSpyware and also removed that software

    Currently I can run my laptop in Safe mode (network version) without any problems. When I boot in normal mode, the virus shuts down the system after I log on and reboots. It has begun to do this multiple times and I have not run in normal mode for 3 days.

    I attached the MGlogs.zip file, the browse function does not seem to recognize the Malwarebytes log files which I know exist and can review but I could not attach them, also the ComboFix.txt file is not found. The SuperAntiSpyware log was unfortunately deleted with the software.

    What should I do next.

    Thanks for your help.

    Bob
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Guess we need to do this in safe mode......first, Disable Spybot's TeaTimer as requested in the READ ME

    * Run Spybot and click Mode
    * Select Advanced Mode.
    * Then click Tools and select Resident.
    * Now in the right window pane, uncheck TeaTimer.
    * Also while this is open, in the left column now select IE Tweaks
    * and then in the right pane make sure all the Miscellaneous locks are unchecked.
    * Now quit Spybot!

    Please disable all anti-virus and anti-spyware programs while we do the following:

    Run C:\MGtools\analyse.exe by double clicking on it. This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    After clicking Fix, exit HJT.

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Now download The Avenger by Swandog469, and save it to your Desktop.
    * Extract avenger.exe from the Zip file and save it to your desktop
    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

    Now download and install:
    Java Runtime 6

    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.
     
  3. bobbolden

    bobbolden Private E-2

    TimW,

    I started with your instructions and have encountered problems (possibly due to running in safe mode) I previously uninstalled SpyBot so I didn't have to disable teatimer. My Symantec Antivirus program options are locked, so I was unable to disable that system. The Hijack This scan identified three of the four items you marked for fixing but the braviax entry was not there, possibly because I am running in safe mode and have previously run Malwarebytes to remove infections. I selected the three items and ran the fix. When I copied the bold text into notepad and tried to save it to my desktop, save as all file types was not an option. I saved it as rich text and downloaded the Avenger program but have not extracted the .exe file since we probably need to compete the prior steps first. Should I attempt to log in in normal mode to run these fixes? Any other options?

    Thanks for your reply.

    Bob
     
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes....we may try normal mode....

    Question...was the reg, patch titled Fixme.reg (and as all files) it should have left a reg patch icon on the desktop and run when double clicked.

    You need to go ahead and run the avenger program and delete those files/folders.

    When done, try normal mode and get me a new MGLogs.zip.
     
  5. bobbolden

    bobbolden Private E-2

    TimW

    I ran the avenger software and rebooted in normal mode. My computer did not reboot on its own:). I ran a new MGlog and inserted 05-09 into the name to identify the current log which I attached. Things are looking much better. However, I am sure there is more that needs done.

    Thanks for your help.

    Bob:)
     

    Attached Files:

  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    The HJT log looks good, but I wanted the full MGLogs.zip ....(did you attach the wrong log?)

    Did you run the registry patch with success?

    run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file and the log from running Avenger.
     
  7. bobbolden

    bobbolden Private E-2

    TimW

    I have attached the MGlogs.zip and Avenger.txt log files. The registry cleaner did not run. Should I go back to that step and retry?

    Thankis again.

    Bob:)
     

    Attached Files:

  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Things are looking better...but still a few things to do:

    What is on your desktop is:
    C:\Documents and Settings\bbolden\Desktop\fixME.rtf
    it should be fixMe.reg ....and saved as "all files" type.

    However......
    * Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
    o If it is not on your Desktop, the below will not work.
    * Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):
    Code:
    KILLALL::
    
    File::
    C:\WINDOWS\0.log        
    C:\WINDOWS\axojunej.dl
    C:\WINDOWS\vpc32.INI
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CMDSERVICE\0000]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR]
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NETWORK_MONITOR\0000]
    
    * Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
    * At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
    * You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
    * Now use your mouse to drag CFscript.txt on top of ComboFix.exe
    * Follow the prompts.
    * When it finishes, a log will be produced named c:\combofix.txt
    * I will ask for this log below

    Note:

    Do not mouseclick combofix's window while it is running. That may cause it to stall.

    Attach the log.
     
  9. bobbolden

    bobbolden Private E-2

    TimW,

    I ran combofix with the script you provided and attached the log. PC continues to run much better.:)

    Thanks.

    Bob
     

    Attached Files:

  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Either I missed some......

    * Run avenger.exe by double-clicking on it.
    * Do not change any check box options!!
    * Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

    * Now click the Execute button.
    * Click Yes to the prompt to confirm you want to execute.
    * Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    * Your PC should reboot, if not, reboot it yourself.
    * A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger.
     
  11. bobbolden

    bobbolden Private E-2

    TimW,

    I ran Avenger and attached the log, then ran the MG program to get that log. Both are attached.

    Bob
     

    Attached Files:

  12. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Sweet...that should do it....Your logs look clean.

    If you are not having any other malware problems, it is time to do our final steps:

    1. If we used ComboFix then UNINSTALL COMBOFIX (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    2.
    * Click START then RUN
    * Now type "%userprofile%\Desktop\cf" /u in the runbox and click OK.
    * Note: The space between the cf and the /U, it must be there.
    3. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    4. You can delete the C:\MGtools folder and the C:\MGtools.exe file. You can also delete the C:\MGlogs.zip
    5. If you are running Windows XP or Windows ME, do the below:
    * Refer to the cleaning steps in the READ ME for your Window version and see the steps to Disable System Restore which will flush your Restore Points.
    * Then reboot and Enable System Restore to create a new clean Restore Point.
    6. After doing the above, you should work thru the below link:
    How to Protect yourself from malware!
     
  13. bobbolden

    bobbolden Private E-2

    TimW,

    Thanks again for all your help. I completed the final steps and my PC is running great.

    Bob
     
  14. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are welcome...safe surfing. :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds