|
1. Been infected with spyware? Tell us about your problem. 2. Protect your PC from viruses, spyware. 3. For fast automatic spyware removal, try CounterSpy, SUPERAntiSpyware |
How to remove braviax.exe/cru629.dat/users32.dat malware
braviax.exe is an malware that also installs rogue security applications and display false alert on compromised computer. If your computer infected, then you have a red circle with a white X in your taskbar that is constantly telling you, that you have a virus
Your computer is infected!…
HijackThis shows it:
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O20 - AppInit_DLLs: cru629.dat
Download SDFix and save the file to your desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)
Download combofix.
Reboot your PC in Safe mode.
1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.
Open the SDFix folder and double-click RunThis.bat.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Close any open browsers.
Double click on combofix.exe and follow the prompts.
Note 1: Can`t run anti spyware programs ? rename them and try again.
Note 2: Some variants of braviax very difficult for removing from PC.
If in a combofix log you have found Win32.Agent.zb header with list of infected files, then you should remove and install these apps again.
If you are still having problems with spyware after completing these instructions, it`s possible, then please follow the steps: How to use Spyware Removal Forum - MUST READ
March 15, 2008 on 6:14 am | In Tutorials - "How to" | |Submit to: Digg | SlashDot | Del.icio.us
47 Comments »
RSS feed for comments on this post. TrackBack URI
Leave a comment
Previous Posts:
- VirusRemover2008 - fake antispyware | How to remove
- Fresh rogue antispyware: WistaAntivirus, WinDefender, SpywareScanner2008
- FixIEDef - free program for removing rogue antispyware
- Found new fake antispyware - PestSweeper
- MalwareProtector2008 - fresh rogue antispyware.
- How to disable the autorun feature to prevent malware from spreading
- Zinaps - fresh fake antispyware
- How to remove trojans that uses autorun.inf file
- Fresh rogue antispyware: AdvancedXPFixer and DisableSpyware
- Found new rogue antispyware - XPSecurityCenter
- AntiSpywareMaster and RegistryGreat | How to remove
- How to remove new rogue antispywares Malware Bell and IE Antivirus
- How to remove softwarereferral/safewebnavigate hijackers and etlrlws toolbar
- How to uninstall combofix
- Found new rogue antispyware programs
- How to remove braviax.exe/cru629.dat/users32.dat malware
- VirusHeat rogue antispyware - How To Remove
- Fresh updates to Ad-Aware and SpyBot-search & Destroy
- How to remove core.cache.dsk and parportt.sys
- How to remove CID popups
Forum posts:
- Removing CiD pop-ups
- Win:32KdCrypt(Cryp)
- Have a Joke-Bluescreen and XP Antivirus 2008 problem
- Adware and PUA - i need help
- Combofix Virus [W32.Scrapkut worm]
- Need help with antivirus spyware
- XP Antivirus 2008/2009, Malaware
- autorun malware removal
- Popup Problems
- xpsecuritycenter infection, as well as braviax
- Empty Device manager list = (apropos virus??)
- HijackThis log here, help please :) [ AntivirusXP ]
- False Pop-UPs Help
- Joke Bluescreen - HELP!!! [Antivirus XP]
- Windows Explorer closes by itself.
- prorat infection that doesnt go away
- Please help w/ Vundo
- Infected with Trojan.Vundo PLEASE HELP
- Infected with Zinaps7 virus. Hijackthis log included.
- Bifrose detected, what to do? using combofix?
Categories:
- Pop-Up Blockers and Firewalls (rss) (5)
- Adware (rss) (10)
- Anti Virus Software (rss) (11)
- Best Programs (rss) (3)
- Browser Hijacking (rss) (13)
- Critical patch (rss) (21)
- Exploits & Vulnerabilities (rss) (58)
- FAQ (rss) (8)
- Free Software (rss) (64)
- Identity Theft (rss) (8)
- Internet Browsers and Mail and News readers (rss) (12)
- Linux (rss) (4)
- Malware (rss) (11)
- Online Scanners (rss) (11)
- Phishing (rss) (2)
- Rogue Anti Spyware (rss) (43)
- Rookit (rss) (3)
- spyware (rss) (2)
- Spyware protection and removal (rss) (76)
- Tips (rss) (79)
- Trojan (rss) (36)
- Tutorials - "How to" (rss) (68)
- Updates (rss) (16)
- Virus (rss) (19)
- Worms (rss) (14)
Archives:
- July 2008 (3)
- June 2008 (4)
- May 2008 (5)
- April 2008 (1)
- March 2008 (4)
- February 2008 (3)
- January 2008 (2)
- December 2007 (7)
- November 2007 (27)
- October 2007 (4)
- July 2007 (2)
- June 2007 (3)
- April 2007 (1)
- March 2007 (6)
- February 2007 (6)
- December 2006 (1)
- November 2006 (2)
- October 2006 (7)
- September 2006 (2)
- August 2006 (10)
- July 2006 (7)
- June 2006 (22)
- May 2006 (18)
- April 2006 (12)
- March 2006 (24)
- February 2006 (33)
- January 2006 (52)
- December 2005 (50)
- November 2005 (66)
Blogroll
- PC Tips
- Sans Org - Internet Storm Center
- Spyware RU
- Sun Belt Blog
Help Us:
- MyAntiSpyware needs your support. Please make link from your site to us.
Use the button:
Bookmark Us:
MY ANTI SPYWARE Powered by WordPress with Pool theme design by Borja Fernandez.
Entries and comments feeds.
Valid XHTML and CSS. ^Top^
after many many failed attempts to remove braviax.exe
this instruction to use sdfix and combofix did the trick!!
Thank you thank you
Comment by Gary — April 11, 2008 #
Been really suffering with braviax etc (its a real nasty one!) but this seems to have worked….only time will tell if its still lurking somewhere on my machine…..
Brilliant THANX!
Comment by Alex — April 14, 2008 #
i checked both the above mentioned softwares yet the problem is not resolved. below is the report text of combobox
…
Comment by mahendra.t.s — May 17, 2008 #
2 mahendra.t.s, please follow the steps: How to use Spyware Removal Forum
Comment by Patrik — May 17, 2008 #
braviax is dead! THANK YOU!!
Comment by ed — June 17, 2008 #
followed these instructions and kicked braviax\’s ass.
Highly recommended, thank you very much,
Steve
Comment by steve b — June 19, 2008 #
I suggest your site and method to all my readers. Thank you very, very much.
BigDadGib
Comment by BigDadGib — June 21, 2008 #
came home, found this on the family pc - shitty norton and zonealarm did nothing to proect it, spybot and avg wouldn\’t install, hijackthis wouldn\’t run, but these two tools got me right.
one note - sdfix must be run in safe mode, and at least for me, it took a really long time to start up, I thought it had locked, but it was actually still working.
thanks for putting the info out there
Comment by Richard — June 22, 2008 #
BigDadGib, glad to help your readers.
Comment by Patrik — June 22, 2008 #
Richard, i`ve just added “Safe mode” step in the tutorial.
Glad to help you.
Comment by Patrik — June 23, 2008 #
I ran sdfix in safe mode, it took a really long time and now I can\’t get past my screensaver. It doesn\’t seem to do anything anymore. Help!
Comment by braveheart — June 23, 2008 #
braveheart, probably your screensaver has been infected and sdfix removed it.
I would recommend that you follow the instructions and post your logs in the spyware removal forum.
Comment by Patrik — June 23, 2008 #
Wow, it worked.
Ty man
Comment by Raymon — June 28, 2008 #
Patrik,
My computer has the braviax.exe malware. I followed your instructions on How to remove braviax.exe/cru629.dat/users32.dat malware . I installed ERUNT and ran it. It worked fine. Then I saved SDFix on the desktop and ran it, but it did nothing. It did not create the directory: C:\SDFix.
I registered under KASF in the forum and installed HijackThis. It provided an Icon, but when launched did nothing – it does not give - Do a system scan and save a logfile button.
Can you give me any help on what to do next?
Thanks,
KASF
Comment by KASF — June 28, 2008 #
Worked for me too! Thanks! Whew, I’m glad that piece of trash is gone.
Comment by Tom — June 28, 2008 #
Never mind the earlier note. After changing the file name to SDFix1, I was allowed to run it. Then there was a problem in Safe Mode with “Cannot load VDM IPX/SPX support”. There is a fix for that at rumkin.com/reference/problems/csnw.php. After those two changes were made, it worked!!!! It took awhile (especially the first 25% in Safe Mode), but it is well worth it.
Thank you so much! It is wonderful to have my computer back again!
KASF
Comment by KASF — June 28, 2008 #
Thank you for your help!! This is the one and only solution to get rid of the braviax problem. Great job!!
Comment by Geoffrey — June 29, 2008 #
Thanks! Great instructions. They really did the job. Who makes these shitty trojans?
Comment by Peter, Sweden — June 29, 2008 #
unknown peoples
Comment by Patrik — June 30, 2008 #
Just ran the fix, and all is well again!!!! Thanks a mil!
Comment by GA_fan — June 30, 2008 #
tried my usual methods to fix this but was unsuccessful… followed your instructions and it cleared up the infection… i would have liked to also know how to do a manual search and removal of this problem to have a better understanding of exactly what needed to be done and how to manually do that. Thanks for your clear and simple instructions and help in resolving this (these?) problems.
Comment by m_matthews — July 1, 2008 #
Wished you’d mentioned what Windows systems this is compatible with…wasted a lot of time trying to get the SDFIX.exe file to open in WIN XP…which, of course, is not compatible with either SDFIX or COMBOFIX.
Any recommendations for XP users?
Comment by t. wanner — July 5, 2008 #
My SINCEREST thanks for all who are involved in this site, and most of all, to the creators of SDFix and combofix!!! Incredible! I was terrified like a little CHILD when faced with braviax and cru629! THANK YOU! I LOVE YOU! GOD BLESS!! SDFix worked on all but the cru629 garbage, which it could not remove. Combofix took care of it easily. You have NO idea how grateful I am! Please let me know what I can do to support you! I will be spreading the good word in the meantime….
Comment by Rory Concannon — July 5, 2008 #
T.Wanner, sdfix and combofix 100% compatible with windows XP.
Comment by Patrik — July 6, 2008 #
Rory Concannon, if you want to support Myantispyware site, then make a link from your site to us.
Comment by Patrik — July 6, 2008 #
Thanks Patrik & co, that worked!
T.Wanner - It does work for XP - read note 1 above. The variant of this nasty bit of malware that I had prevented me from running hijackthis or SDFix without renaming - click on them and nothing happens.
Comment by coherers — July 6, 2008 #
Kaspersky couldn’t handle it. But you have nailed it!! Thank you . . . I was reaching for the restore disc!
Comment by Jamie — July 9, 2008 #
I battled AntiVirus XP 2008 and Malware Protector 2008 for two weeks. Never knew about Braviax or your fix until today (07/10/08). Looks like the problem is resolved. Thanks a mil.
Comment by Alvin — July 10, 2008 #
Ok…so far ive renamed SDFix and Combofix, restarted in Safe Mode, hit install in SDFix…then what? Where do i “open SDFix folder and double click RunThis.bat”? Please help, im a hack with computers…
Comment by nedo — July 10, 2008 #
wow what an ordeal. CRU629.DAT keeps on popping back, even after inserting a read-only file in it\\\\\\\’s place. All types of trojans were on the machine. Various antispyware programs were used to clean them out and none can clean up this mother of all trojans. How does it get infected in the first place? This machine never surf the web at all. And what does it do?
Comment by dennis — July 10, 2008 #
You Sir, are a GOD amongst men. I\’m right smack in the middle between PC retarded and ignorant, and with your instructions I\’m back in business in less than an hour? Where are located? If in NY I\’ll buy you a beer, if elsewhere I\’ll Paypal you the beer, LOL. THANKS
Comment by Thewhitetiger — July 12, 2008 #
Nedo, you should double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix)
After that, reboot your PC in safe mode …
Comment by Patrik — July 13, 2008 #
Dennis, probably your PC has been infected using autorun virus/trojan. (infected USB or CD drives)
Comment by Patrik — July 13, 2008 #
Thewhitetiger, glad to help you
But BIG thank you for your BEER!!! 
My help is free.
But you can to help, if you`ll make a link from your site to Myantispyware or this article.
Comment by Patrik — July 13, 2008 #
I ran the SDFix and rebooted. After the txt. file ran, my icons loaded, and now I cant cursor to anything; Im stuck on hourglass. I tried control alt delete, and I dont show any Applications working, and the processes are up. I can use the cursor on the task manager window, but when I go over to the desktop it goes to hourglass. I hit my windows key, and it doesnt even pull up my Start window. I tried rebooting to no effect. Im stumped.
Comment by Numacs — July 15, 2008 #
Numacs, make a HijackThis log and post in the spyware removal forum.
Comment by Patrik — July 16, 2008 #
Thank you very much for your help. Damn the virus.
Comment by Daniel — July 16, 2008 #
Have Windows XP and I installed SDFix in safe mode and ran. Then downloaded Combofix and ran in safe mode. It automatically restarted after running Combofix. It is now in safe mode, however, no icons or windows start menu - just a black safe mode screen.
How do I even return to normal mode, with no windows toolbar? What should I do next? Please help!!
Comment by Clayton — July 23, 2008 #
see: Win32.Renos
at: http://www.microsoft.com/security/portal/Entry.aspx?name=Win32%2fRenos
Easier to remove…
Comment by Frank — July 23, 2008 #
Clayton, are you have black safe mode screen everytime when you starting Windows ?
Comment by Patrik — July 23, 2008 #
Hi Patrik,
I was able to get to normal mode and I ran Combofix again. All desktop icons and windows menu comes back after running. However, after rebooting again, nothing comes back except for the wallpaper picture. I can use task mananger to run programs. By the way, braviax is the reason I was running these programs.
Comment by Clayton — July 23, 2008 #
Clayton, make a new topic and post your sdfix log (usually at C:\sdfix\logReport.txt)and last combofix log (usually at C:\QooBox\combofix.txt) in the spyware removal forum.
Comment by Patrik — July 23, 2008 #
I followed the instructions and was able to clean up 2 pcs just fine. So THANK YOU!. Here are my notes about the process:
Download SDFix.exe and Combofix.exe as stated. SDFix needs to be run first from a DIFFERENT computer to unpack the files; the virus prevents it from unpacking them on the infected machine. So unpack the files somewhere else and then copy them to the infected machine. OR perhaps they will unpack after you start the pc in Safe Mode.
When the pc reboots in the middle of SDFix (started in Safe Mode), let it reboot in NORMAL Mode. SAFE MODE DOES NOT WORK if you invoke it here so just let it boot.
For combofix.exe it is then OK to restart in Safe Mode (well, it worked for me).
If all goes well, the tray icon and popups will only disappear at the end of the combofix run.
If the nasty icon disappears, you are doing well, and your pc is running in normal (not Safe) mode. Now run your anti-virus program (you DO have one, dont you?) and download the latest updates. You will find that it runs again. Also download Spybot S&D (www.safer-networking.org), and run that including all updates and immunizations
Comment by PJBeee — July 25, 2008 #
remainder of the posting -
Find Problems (Search and Destroy) part of the program yet.
Reboot in Safe Mode, do a FULL Anti-Virus scan of all hard drives, and run a full scan after that with Spybot S&D.
The anti-virus program will find lots of leftover stuff, and Spybot will probably find at least one leftover registry entry and who-knows-what-else.
Now reboot again in normal mode. You should be good to go at this point, based upon my experience and what I’ve read online.
FYI, My anti-virus program is the Symantec corporate edition, version 10.x. It is possible that their latest definitions will clean up more of this than mine did with previous definitions. They were able to clean some of the parts of this version of the virus as of 7/25/08.
Comment by PJBeee — July 25, 2008 #
The above instructions worked for me. I can’t promise that they will work for you, nor can I assure you that you won’t do further damage. BACK EVERYTHING UP FIRST IF YOU CAN.
Comment by PJBeee — July 25, 2008 #
THANK YOU! works like a charm, took 20 minutes though. Very much worth it
Comment by vorak — July 27, 2008 #
It took awhile to run, but it worked. Thank you. Now to break the fingers of the guy who was stupid enough to run this thing in the first place…
Comment by Rosewood — August 3, 2008 #