ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Braviax.exe removal

Updated on July 31, 2014

Had this nasty little piece of spyware on my pc last night, along with one called burito.exe and delself. These three together gave me many hours of headaches until I finally got them out. I decided to put down what I did to remove them. Be warned, they are very malicious, so do not sign into anything or any accounts while you have this on. The warning signs of braviax are a new item on your taskbar that has a red x in a circle. It pops up a message "Warning, your pc is infected with spyware, click here for windows to remove it". Sounds very legitimate, but don't. This is a new means of either spreading more spyware, or getting you to buy something that may or may not delete the spyware. This happens to be a trend with spyware lately, it impersonates a windows operating system message, and in turn you download more spyware.

The following steps are a good piece of pre-emptive work everybody should do when they can. First, make sure your antivirus software is up and current. Also make sure you have Spybot Search and destroy loaded and updated, and I also use Ad-Aware. Also download a nifty little file called killbox.

Keep Spybot and Ad-aware updated at all times, and run once or twice a week. Also if you don't have your anti-virus running in the background, make sure you force a complete system scan once a week. Also it is wise to have your firewall running. I know they are a resource hog and sometimes annoying, but they are still pretty much necessary at all times to prevent this crap.

Killbox is a nifty little tool that will stop, or stop and delete any windows process running. Use this carefully, as it will stop and delete any windows process.

Now, for the main part, you have the nasy little braviax virus. First thing to do is print this off then disconnect from the internet. You have probably noticed adaware, spybot, and your antivirus are probably not running, or you can't get them to run. Killbox isnt running either. Don't panic.

Once disconnect from the internet, click start>>Run and type in msconfig. Be very careful here. Click the startup tab, and look for the following: Braviax.exe, burito.exe, delself, cru629. Uncheck any and all instances of this appearing there. Click apply, then ok. It will ask to reboot, do so now.

While rebooting, you need to reboot in safe mode. That means hitting F8 during boot up. Choose safe mode only, then proceed to boot. Once booted do the following.

Start>>Search. Search all files and folders, including hidden ones for braviax. Delete any and all instances you find. Repeat the process for delself, cru629, and burito. Empty your recycle bin.

Click start>>run and type in cmd, hit enter. This brings up the cmd prompt. type cd.. until you get to just the C> prompt.

Now because these like to hide, type del braviax.exe and hit enter. Doesn't matter if it does or doesn't find it. Repeat that except put cru629.dat, then burito.exe, and finally delself.exe Make sure to type del before each of these. So you will have done something that looks like the following:

C> del braviax.exe

C> del cru629.bat

C> del delself.exe

C> del burito.exe

Now you want to change directery so type in cd windows. This puts you in the windows directory. Repeate the above processto where you have done the following:

C:\WINDOWS> del braviax.exe

C:\WINDOWS> del cru629.bat

C:\WINDOWS> del delself.exe

C:\WINDOWS> del burito.exe

Make sure your spelling is correct. Next, cd system32. Your prompt should look like the following: C:\WINDOWS\system32> Complete the following commands.

C:\WINDOWS\system32> del braviax.exe

C:\WINDOWS\system32> del cru629.bat

C:\WINDOWS\system32> del delself.exe

C:\WINDOWS\system32> del burito.exe

Type exit to exit the command prompt. Next is a very important and potentially hazardous step unless you know what you are doing, or you follow directions very well. Click start>>Run and type regedit then hit enter. Now be very careful here. At the top of the registery editor, click my computer. Then click edit>>Search. Type in just the word braviax, hit enter. Delete every single instance of this word that pops up. When one does, delete, then hit F3 to continue to search. Repeat the process for cru629, burito, and delself. Once you have deleted all these, exit out. Check and empty your recycle bin if need be.

Now, to spybot. Odds are it should up and run normally at this point. If not, do the following. Find where spybot is installed on your computer, and rename the .exe file to SDmain1.exe This will allow it to start up unnoticed by any virus or spyware. Run it, clean everything it gets. Repeat with Ad-Aware and your antivirus. Reboot into normal mode and check things out. If you still have virus or spyware, you may need to take it in. Or update your definitions and re-run spybot, adaware, and your antivirus. Also be sure and rename anything whose name you changed back to the original. I usually just add a 1, it seems to work well.

Comments

    0 of 8192 characters used
    Post Comment

    • profile image

      taylocan 

      8 years ago

      to kill braviax.exe :

      1-shut down internet.

      2-open task manager

      3-end braviax.exe and its creator sys32_nov.exe

      4-than open windows/system32/

      5-search find and delete with unlocker these found files sys32_nov.exe and braviax.exe in system32 folder..it means you survived braviax.exe))

    • profile image

      LBow 

      9 years ago

      I had the same issue. I followed all steps and everything seemed great. When I rebooted in normal mode I noticed I still have the same red circle. When I checked the startup programs in the msconfig I noticed Braviax.exe was still checked. The one step I was unuser of as when I checked in the registry. The search for each of these registry setting returned many rows but only one per exe with the acual name. I only deleted the ones with the name. Am i supposed to delete all registry items even if the exe name is not in the name? Once again thanks for your assistance. I feel like I am getting somewhere finally

    • profile image

      Lil D 

      9 years ago

      Had the nasty braviax and followed your instructions and it finally got it removed. THANK YOU. I was 2 days working on this until I found your post...bless you!

    • profile image

      GravityGuy 

      9 years ago

      I just got hit by Braviax. The other files were ms18_word.exe and rncsys32.exe. They were running as processes in Task Manager. I was able to kill the processes and pretty much follow tngolfplayer's instructions with success. I am now running various anti-spyware programs to make sure. I recently installed IE8 and have all the XP updates. It still got through. I am not pleased that IE8 let this through.

      At the regedit stage, I found that these 3 programs were lumped together in the same keys. If anyone finds associated programs with the main one, chances are that they are related.

    • profile image

      GravityGuy 

      9 years ago

      test

    • tngolfplayer profile imageAUTHOR

      tngolfplayer 

      9 years ago from Knoxville

      Uninstall google toolbar, run adaware or spybot. More then likely it is using the addon to hide.

    • profile image

      Barney 

      9 years ago

      Ok, so far so good. It turns out I only had the getmodule27.exe and brastk.exe files resident in my C: drive but all the files mentioned originally plus these two were listed in my registry. After I followed the procedure the virus warning red cirlce-X was no longer causing problems from the system tray but now I'm getting regular pop-ups that links to some goofy spyware offer site, which of should not be clicked. SOmething else must have changed because previously my Google bar and/or the Trend Micro software were blocking pop-ups so that issue still needs to be worked out. In addition the entire system is rather unstable and sometimes locks up at boot-up. Other times the computer completely locks up after 5 or 10 minutes after hooking up to the web, with a phone modem connection. I guess the next step is to load up some additional clean-up software like Spybot, etc. Gee, this is fun...

    • tngolfplayer profile imageAUTHOR

      tngolfplayer 

      9 years ago from Knoxville

      Ouch, good luck there.

      These are some of the nastiest variations of a virus I have seen.

    • profile image

      Barney 

      9 years ago

      Oh my, it looks like I have this as well. I'll need to try this fix tonight. I've also got getmodule27.exe and brastk.exe lurking in my PC. I was going around in circles last night trying to get on top of this and also had figaro.sys in the mix at one point. Trend Micro warned me that I was exposed to something nasty (I think it was the delself.bat file) at which point Windows shut down and the computer rebooted on it's own. The mistake was probably getting back on the web at that point. At this point the entire computer locks up after several minutes of hooking up to the web. Horrible and nasty sure would describe it.

      Tomorrow I'll either have my computer back or a big shiny paper-weight. More news later!

    • profile image

      Big D 

      9 years ago

      Thank you for your assistance! I had the same issue, but the names of the infecting files were: mir12g.exe, getmodule27.exe, and brastk.exe ... your directions worked like a charm. Thank you again!

    • ajcor profile image

      ajcor 

      9 years ago from NSW. Australia

      Thank you tngolfplayer I run Dr Norton and so far have been lucky but I am keeping this info on hand for just in case. cheers.

    • tngolfplayer profile imageAUTHOR

      tngolfplayer 

      9 years ago from Knoxville

      ann:

      Seem there may be more wrong then a virus. Make sure you are in safe mode and disconnected from the internet.

    • profile image

      ann 

      9 years ago

      please help...i've been trying to go through the process but every time i'm in safe mode the computer shuts down after five minutes or so.

    • profile image

      dal 

      9 years ago

      had this and followed your instructions. Thank you - it worked a treat and my computer is now all better. Thanks again

    • tngolfplayer profile imageAUTHOR

      tngolfplayer 

      9 years ago from Knoxville

      I just created an email address at

      tngolfplayer at live dot com

      Send it there.

      Thanks

    • profile image

      dellia54 

      9 years ago

      i've snapshot it...but i'm not sure how to send it thorugh here be because they don't allow attachments.

    • tngolfplayer profile imageAUTHOR

      tngolfplayer 

      9 years ago from Knoxville

      To open and use the antivirus software, you have to change the name of the .exe file.

      find the malware folder, and the malware.exe file. rename it malware1.exe

      It should run then.

      If you can, open up your startup menu as mentioned above, expand it, screenshot it and email it to me through this page. I will look and get back to you if there is anything I can do.

    • profile image

      dellia54 

      9 years ago

      for some reason i was able to open my computer normally. i followed the directions you gave above, but i was still unable to find delself...i had deleted the icon from my desktop, but i still have the red circle with the x through it in my toolbar. are there any other names i should be looking for in the system32 folder? i also tried to launch malware - the antivirus device, which saved onto my computer, but it will not open and. if you have any other advice i'd appreciate it. thanks!!

    • tngolfplayer profile imageAUTHOR

      tngolfplayer 

      9 years ago from Knoxville

      It sounds like there may actually be more then one problem.

      Logging in and freezing sounds like there is something wrong with your boot sector. At that point, I would attempt to use your windows cd and boot and repair.

      To find the delself, get into windows safe mode. Double click my computer, tools, folder options.

      Uncheck the option to hide file extensions for known files.

      Check the option to show hidden files and folders.

      Uncheck Hide protected operating system files.

      Click apply, then ok.

      Manually look for delself under your c:\windows\system32

    • profile image

      dellia54 

      9 years ago

      i'm having a similar issue as dan. when i run my computer is will only opperate in safe mode, it will not even go into my normal desktop it either goes black or begins going through the process of logging me in and then freezes. when i tired finding the files in safe mode i couldn't find anything, aside from the delself icon. i tried looking manually for the files, but i'm not sure where exactly to look. anyhelp would be appreciated - because right now i can't do much on my computer and i'm worried i'm goign to lose all my files. please, and suggestions?

    • profile image

      conncrewsly 

      9 years ago

      All I can say is "Thank You" so much for your help. I was about ready to throw this freggin computer out the window because of this delself thing. I followed your steps and waalaa!Your a real pro man, keep up the great work! Thanks Again!!

    • tngolfplayer profile imageAUTHOR

      tngolfplayer 

      9 years ago from Knoxville

      I would make sure you are off the internet, or intranet, reboot into safe mode, look again. If you still can't find it, manually delete what you can see, do a search on it, delete that, then proceed to do the registry fix. This is a horribly nasty and hiding virus.

    • profile image

      Dan 

      9 years ago

      Can't find any of the files in the startup/autostart-tab when running through first steps of removal, even though I've got the delself-file on my desktop and the red cross in a circle... Any suggestions?

    • profile image

      Karlos707 

      9 years ago

      worked a treat thanks for the help, the step by step guide was excellent.

    working

    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, hubpages.com uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at: https://hubpages.com/privacy-policy#gdpr

    Show Details
    Necessary
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the googleapis.com or gstatic.com domains, for performance and efficiency reasons. (Privacy Policy)
    Features
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Marketing
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Statistics
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)