Jump to content

Windows Antivirus Pro/ Braviax/ Something Nasty


Recommended Posts

I didin't want to post this again but I see that "hijacking" threads is not preferred so I will repost my problem here:

I am posting here because I have the following issue: Initially my MCafee reported that I had the braviax virus and sure enough I found braviax.exe and some registry entries associated with it. I tried to clean this up with no success. Now, I have found that any programs I install to scan for this virus are rendered useless because the virus is resetting the security on the actual .exe for any scanning program I install. The following is a list of software I am using to try and clean my Windows XP media edition PC ( doen in safe mode so I can reset permissions after they are wiped):

Mcafee (mcods.exe)

Windows Defender

SDFIX

ComboFix

Hijackthis.exe

MBAM

Running any of these prgrams results in them shutting down almost instantly. If you try to run them again, you get the "file could not be found or you do not have permission" error message. If you look at the permissions tab for any of the associated .exe files you will see that "everyone" has been given full control but "system" "administrators" and any current user accounts have been completely removed or all of the their permissions removed.

Another groovy side effect is that I searched for files on the PC that were time stamped at the time I got the infections and sure enough I found a hidden directory in %system%/system32. When I clicked on the directory in the search results window, permissions on explorer.exe were reset and the GUI went black except for the little "safe mode" banner at the top and bottom of the screen.

Some Background: This started as the "windows antivirus pro/ Braviax" infection as initially detected by Mcafee (before the virus hosed mcafee) now it's something else... possibly a rootkit that I cannot scan as it detects and wipes any file that attempts to access it.

Please help and sorry but I cannot get HJT or MBAM to produce a log.

Link to post
Share on other sites

Bump...

Still infected still no response.

More info:

McAfee detected this as Generice FakeAlert.d!gen and FakeAlert-GD (trojan) before being disabled

Windows Defender detected it as Win32/Renos and Win32/FakeScanti

However, I have cleaned up manually what I have found on the Internet about these and whatever infection showed up as this is still lurking.

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.