- Computers & Software
Had this nasty little piece of spyware on my pc last night, along with one called burito.exe and delself. These three together gave me many hours of headaches until I finally got them out. I decided to put down what I did to remove them. Be warned, they are very malicious, so do not sign into anything or any accounts while you have this on. The warning signs of braviax are a new item on your taskbar that has a red x in a circle. It pops up a message "Warning, your pc is infected with spyware, click here for windows to remove it". Sounds very legitimate, but don't. This is a new means of either spreading more spyware, or getting you to buy something that may or may not delete the spyware. This happens to be a trend with spyware lately, it impersonates a windows operating system message, and in turn you download more spyware.
The following steps are a good piece of pre-emptive work everybody should do when they can. First, make sure your antivirus software is up and current. Also make sure you have Spybot Search and destroy loaded and updated, and I also use Ad-Aware. Also download a nifty little file called killbox.
Keep Spybot and Ad-aware updated at all times, and run once or twice a week. Also if you don't have your anti-virus running in the background, make sure you force a complete system scan once a week. Also it is wise to have your firewall running. I know they are a resource hog and sometimes annoying, but they are still pretty much necessary at all times to prevent this crap.
Killbox is a nifty little tool that will stop, or stop and delete any windows process running. Use this carefully, as it will stop and delete any windows process.
Now, for the main part, you have the nasy little braviax virus. First thing to do is print this off then disconnect from the internet. You have probably noticed adaware, spybot, and your antivirus are probably not running, or you can't get them to run. Killbox isnt running either. Don't panic.
Once disconnect from the internet, click start>>Run and type in msconfig. Be very careful here. Click the startup tab, and look for the following: Braviax.exe, burito.exe, delself, cru629. Uncheck any and all instances of this appearing there. Click apply, then ok. It will ask to reboot, do so now.
While rebooting, you need to reboot in safe mode. That means hitting F8 during boot up. Choose safe mode only, then proceed to boot. Once booted do the following.
Start>>Search. Search all files and folders, including hidden ones for braviax. Delete any and all instances you find. Repeat the process for delself, cru629, and burito. Empty your recycle bin.
Click start>>run and type in cmd, hit enter. This brings up the cmd prompt. type cd.. until you get to just the C> prompt.
Now because these like to hide, type del braviax.exe and hit enter. Doesn't matter if it does or doesn't find it. Repeat that except put cru629.dat, then burito.exe, and finally delself.exe Make sure to type del before each of these. So you will have done something that looks like the following:
C> del braviax.exe
C> del cru629.bat
C> del delself.exe
C> del burito.exe
Now you want to change directery so type in cd windows. This puts you in the windows directory. Repeate the above processto where you have done the following:
C:\WINDOWS> del braviax.exe
C:\WINDOWS> del cru629.bat
C:\WINDOWS> del delself.exe
C:\WINDOWS> del burito.exe
Make sure your spelling is correct. Next, cd system32. Your prompt should look like the following: C:\WINDOWS\system32> Complete the following commands.
C:\WINDOWS\system32> del braviax.exe
C:\WINDOWS\system32> del cru629.bat
C:\WINDOWS\system32> del delself.exe
C:\WINDOWS\system32> del burito.exe
Type exit to exit the command prompt. Next is a very important and potentially hazardous step unless you know what you are doing, or you follow directions very well. Click start>>Run and type regedit then hit enter. Now be very careful here. At the top of the registery editor, click my computer. Then click edit>>Search. Type in just the word braviax, hit enter. Delete every single instance of this word that pops up. When one does, delete, then hit F3 to continue to search. Repeat the process for cru629, burito, and delself. Once you have deleted all these, exit out. Check and empty your recycle bin if need be.
Now, to spybot. Odds are it should up and run normally at this point. If not, do the following. Find where spybot is installed on your computer, and rename the .exe file to SDmain1.exe This will allow it to start up unnoticed by any virus or spyware. Run it, clean everything it gets. Repeat with Ad-Aware and your antivirus. Reboot into normal mode and check things out. If you still have virus or spyware, you may need to take it in. Or update your definitions and re-run spybot, adaware, and your antivirus. Also be sure and rename anything whose name you changed back to the original. I usually just add a 1, it seems to work well.