Braviax.exe removal

Had this nasty little piece of spyware on my pc last night, along with one called burito.exe and delself. These three together gave me many hours of headaches until I finally got them out. I decided to put down what I did to remove them. Be warned, they are very malicious, so do not sign into anything or any accounts while you have this on. The warning signs of braviax are a new item on your taskbar that has a red x in a circle. It pops up a message "Warning, your pc is infected with spyware, click here for windows to remove it". Sounds very legitimate, but don't. This is a new means of either spreading more spyware, or getting you to buy something that may or may not delete the spyware. This happens to be a trend with spyware lately, it impersonates a windows operating system message, and in turn you download more spyware.

The following steps are a good piece of pre-emptive work everybody should do when they can. First, make sure your antivirus software is up and current. Also make sure you have Spybot Search and destroy loaded and updated, and I also use Ad-Aware. Also download a nifty little file called killbox.

Keep Spybot and Ad-aware updated at all times, and run once or twice a week. Also if you don't have your anti-virus running in the background, make sure you force a complete system scan once a week. Also it is wise to have your firewall running. I know they are a resource hog and sometimes annoying, but they are still pretty much necessary at all times to prevent this crap.

Killbox is a nifty little tool that will stop, or stop and delete any windows process running. Use this carefully, as it will stop and delete any windows process.

Now, for the main part, you have the nasy little braviax virus. First thing to do is print this off then disconnect from the internet. You have probably noticed adaware, spybot, and your antivirus are probably not running, or you can't get them to run. Killbox isnt running either. Don't panic.

Once disconnect from the internet, click start>>Run and type in msconfig. Be very careful here. Click the startup tab, and look for the following: Braviax.exe, burito.exe, delself, cru629. Uncheck any and all instances of this appearing there. Click apply, then ok. It will ask to reboot, do so now.

While rebooting, you need to reboot in safe mode. That means hitting F8 during boot up. Choose safe mode only, then proceed to boot. Once booted do the following.

Start>>Search. Search all files and folders, including hidden ones for braviax. Delete any and all instances you find. Repeat the process for delself, cru629, and burito. Empty your recycle bin.

Click start>>run and type in cmd, hit enter. This brings up the cmd prompt. type cd.. until you get to just the C> prompt.

Now because these like to hide, type del braviax.exe and hit enter. Doesn't matter if it does or doesn't find it. Repeat that except put cru629.dat, then burito.exe, and finally delself.exe Make sure to type del before each of these. So you will have done something that looks like the following:

C> del braviax.exe

C> del cru629.bat

C> del delself.exe

C> del burito.exe

Now you want to change directery so type in cd windows. This puts you in the windows directory. Repeate the above processto where you have done the following:

C:\WINDOWS> del braviax.exe

C:\WINDOWS> del cru629.bat

C:\WINDOWS> del delself.exe

C:\WINDOWS> del burito.exe

Make sure your spelling is correct. Next, cd system32. Your prompt should look like the following: C:\WINDOWS\system32> Complete the following commands.

C:\WINDOWS\system32> del braviax.exe

C:\WINDOWS\system32> del cru629.bat

C:\WINDOWS\system32> del delself.exe

C:\WINDOWS\system32> del burito.exe

Type exit to exit the command prompt. Next is a very important and potentially hazardous step unless you know what you are doing, or you follow directions very well. Click start>>Run and type regedit then hit enter. Now be very careful here. At the top of the registery editor, click my computer. Then click edit>>Search. Type in just the word braviax, hit enter. Delete every single instance of this word that pops up. When one does, delete, then hit F3 to continue to search. Repeat the process for cru629, burito, and delself. Once you have deleted all these, exit out. Check and empty your recycle bin if need be.

Now, to spybot. Odds are it should up and run normally at this point. If not, do the following. Find where spybot is installed on your computer, and rename the .exe file to SDmain1.exe This will allow it to start up unnoticed by any virus or spyware. Run it, clean everything it gets. Repeat with Ad-Aware and your antivirus. Reboot into normal mode and check things out. If you still have virus or spyware, you may need to take it in. Or update your definitions and re-run spybot, adaware, and your antivirus. Also be sure and rename anything whose name you changed back to the original. I usually just add a 1, it seems to work well.

Comments 24 comments

Karlos707 8 years ago

worked a treat thanks for the help, the step by step guide was excellent.


Dan 8 years ago

Can't find any of the files in the startup/autostart-tab when running through first steps of removal, even though I've got the delself-file on my desktop and the red cross in a circle... Any suggestions?


tngolfplayer profile image

tngolfplayer 8 years ago from Knoxville Author

I would make sure you are off the internet, or intranet, reboot into safe mode, look again. If you still can't find it, manually delete what you can see, do a search on it, delete that, then proceed to do the registry fix. This is a horribly nasty and hiding virus.


conncrewsly 8 years ago

All I can say is "Thank You" so much for your help. I was about ready to throw this freggin computer out the window because of this delself thing. I followed your steps and waalaa!Your a real pro man, keep up the great work! Thanks Again!!


dellia54 8 years ago

i'm having a similar issue as dan. when i run my computer is will only opperate in safe mode, it will not even go into my normal desktop it either goes black or begins going through the process of logging me in and then freezes. when i tired finding the files in safe mode i couldn't find anything, aside from the delself icon. i tried looking manually for the files, but i'm not sure where exactly to look. anyhelp would be appreciated - because right now i can't do much on my computer and i'm worried i'm goign to lose all my files. please, and suggestions?


tngolfplayer profile image

tngolfplayer 8 years ago from Knoxville Author

It sounds like there may actually be more then one problem.

Logging in and freezing sounds like there is something wrong with your boot sector. At that point, I would attempt to use your windows cd and boot and repair.

To find the delself, get into windows safe mode. Double click my computer, tools, folder options.

Uncheck the option to hide file extensions for known files.

Check the option to show hidden files and folders.

Uncheck Hide protected operating system files.

Click apply, then ok.

Manually look for delself under your c:\windows\system32


dellia54 8 years ago

for some reason i was able to open my computer normally. i followed the directions you gave above, but i was still unable to find delself...i had deleted the icon from my desktop, but i still have the red circle with the x through it in my toolbar. are there any other names i should be looking for in the system32 folder? i also tried to launch malware - the antivirus device, which saved onto my computer, but it will not open and. if you have any other advice i'd appreciate it. thanks!!


tngolfplayer profile image

tngolfplayer 8 years ago from Knoxville Author

To open and use the antivirus software, you have to change the name of the .exe file.

find the malware folder, and the malware.exe file. rename it malware1.exe

It should run then.

If you can, open up your startup menu as mentioned above, expand it, screenshot it and email it to me through this page. I will look and get back to you if there is anything I can do.


dellia54 8 years ago

i've snapshot it...but i'm not sure how to send it thorugh here be because they don't allow attachments.


tngolfplayer profile image

tngolfplayer 8 years ago from Knoxville Author

I just created an email address at

tngolfplayer at live dot com

Send it there.

Thanks


dal 8 years ago

had this and followed your instructions. Thank you - it worked a treat and my computer is now all better. Thanks again


ann 8 years ago

please help...i've been trying to go through the process but every time i'm in safe mode the computer shuts down after five minutes or so.


tngolfplayer profile image

tngolfplayer 8 years ago from Knoxville Author

ann:

Seem there may be more wrong then a virus. Make sure you are in safe mode and disconnected from the internet.


ajcor profile image

ajcor 8 years ago from NSW. Australia

Thank you tngolfplayer I run Dr Norton and so far have been lucky but I am keeping this info on hand for just in case. cheers.


Big D 8 years ago

Thank you for your assistance! I had the same issue, but the names of the infecting files were: mir12g.exe, getmodule27.exe, and brastk.exe ... your directions worked like a charm. Thank you again!


Barney 8 years ago

Oh my, it looks like I have this as well. I'll need to try this fix tonight. I've also got getmodule27.exe and brastk.exe lurking in my PC. I was going around in circles last night trying to get on top of this and also had figaro.sys in the mix at one point. Trend Micro warned me that I was exposed to something nasty (I think it was the delself.bat file) at which point Windows shut down and the computer rebooted on it's own. The mistake was probably getting back on the web at that point. At this point the entire computer locks up after several minutes of hooking up to the web. Horrible and nasty sure would describe it.

Tomorrow I'll either have my computer back or a big shiny paper-weight. More news later!


tngolfplayer profile image

tngolfplayer 8 years ago from Knoxville Author

Ouch, good luck there.

These are some of the nastiest variations of a virus I have seen.


Barney 8 years ago

Ok, so far so good. It turns out I only had the getmodule27.exe and brastk.exe files resident in my C: drive but all the files mentioned originally plus these two were listed in my registry. After I followed the procedure the virus warning red cirlce-X was no longer causing problems from the system tray but now I'm getting regular pop-ups that links to some goofy spyware offer site, which of should not be clicked. SOmething else must have changed because previously my Google bar and/or the Trend Micro software were blocking pop-ups so that issue still needs to be worked out. In addition the entire system is rather unstable and sometimes locks up at boot-up. Other times the computer completely locks up after 5 or 10 minutes after hooking up to the web, with a phone modem connection. I guess the next step is to load up some additional clean-up software like Spybot, etc. Gee, this is fun...


tngolfplayer profile image

tngolfplayer 8 years ago from Knoxville Author

Uninstall google toolbar, run adaware or spybot. More then likely it is using the addon to hide.


GravityGuy 7 years ago

test


GravityGuy 7 years ago

I just got hit by Braviax. The other files were ms18_word.exe and rncsys32.exe. They were running as processes in Task Manager. I was able to kill the processes and pretty much follow tngolfplayer's instructions with success. I am now running various anti-spyware programs to make sure. I recently installed IE8 and have all the XP updates. It still got through. I am not pleased that IE8 let this through.

At the regedit stage, I found that these 3 programs were lumped together in the same keys. If anyone finds associated programs with the main one, chances are that they are related.


Lil D 7 years ago

Had the nasty braviax and followed your instructions and it finally got it removed. THANK YOU. I was 2 days working on this until I found your post...bless you!


LBow 7 years ago

I had the same issue. I followed all steps and everything seemed great. When I rebooted in normal mode I noticed I still have the same red circle. When I checked the startup programs in the msconfig I noticed Braviax.exe was still checked. The one step I was unuser of as when I checked in the registry. The search for each of these registry setting returned many rows but only one per exe with the acual name. I only deleted the ones with the name. Am i supposed to delete all registry items even if the exe name is not in the name? Once again thanks for your assistance. I feel like I am getting somewhere finally


taylocan 7 years ago

to kill braviax.exe :

1-shut down internet.

2-open task manager

3-end braviax.exe and its creator sys32_nov.exe

4-than open windows/system32/

5-search find and delete with unlocker these found files sys32_nov.exe and braviax.exe in system32 folder..it means you survived braviax.exe))

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working