• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Your Go-To Destination for Scam Awareness, Malware Removal, Antispyware Downloads, and Expert Guidance

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Trojan › Tutorials - HowTo › How to remove brastk.exe/karna.dat trojan (FakeAlert trojan)

How to remove brastk.exe/karna.dat trojan (FakeAlert trojan)

Myantispyware team November 19, 2008     2 Comments    

brastk.exe/karna.dat are two main components of trojan (trojan.fakealert) that may represent security risk for the infected computer. The trojan.fakealert uses rootkit techniques designed to hide the software presence in the system and also blocks user access to security websites. Once running, this trojan will display a red circle with a white X in your taskbar and a fake security alerts that tells you to install a rogue antispyware application to delete the infection.

Your computer is infected!
Windows has detected a spyware infection!
It’s recommended to use special antispyware tools to pervent (sic) data loss.
Windows will now download and install the most up-to-date antispyware for you.
Click here to protect your computer from spyware!

These alerts are a fake and should be ignored!

Symptoms in a HijackThis Log.

O4 – HKLM\..\Run: [brastk] brastk.exe
O20 – AppInit_DLLs: karna.dat

Use the following instructions to remove brastk.exe/karna.dat trojan (trojan.fakealert).

Download Avenger from here and unzip to your desktop.

Run Avenger, set the following: “Scan for rootkits” and “Automatically disable any rootkits found”.

Copy, then paste the following text in Input script Box:

Drivers to delete:
TDSSserv.sys

Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | brastk

Files to delete:
C:\WINDOWS\system32\wini10894.exe
C:\WINDOWS\brastk.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\karna.dat
C:\WINDOWS\system32\karna.dat

You will see window similar to the one below.

brastk-exe-karna-dat-avenger
Avenger

Click on ‘Execute’. You will be asked Are you sure you want to execute the current script?. Click Yes.

You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.

Your PC will now be rebooted.

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

malwarebytes-antimalware1
Malwarebytes Anti-Malware Window

Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

trojan-alert-mbam
Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Questions and answers.

I cannot download a suggested antispyware tool.

Method 1:
– Restart your computer.
– After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
– Instead of Windows loading as normal, a menu should appear
– Select the “Safe mode with networking”, to run Windows in Safe Mode.
– Try download an antispyware tool again.
Method 2:
– Download antispyware program on another PC and transfer the file to your PC using pendrive.

I cannot run suggested antispyware program.

Rename a downloaded file, using any random name and run the program again.

If you need help with the instructions, then post your questions in our Spyware Removal forum.

Trojan Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

2 Comments

  1. cleeve sherouse
    ― January 26, 2009 - 2:03 pm  Reply

    just want to say thanks guys you removed virus,maximusA from my computer,me and the wife are speaking again,3 days of hell.thanks again.
    moose

  2. Much Abliged!!
    ― March 13, 2009 - 8:09 pm  Reply

    Thank you soooo much for your info. You made my college students PC start to smile again. Your the Man!!!

Leave a Reply Cancel reply




New Guides

Azop ransomnote
How to remove Azop ransomware, Decrypt .Azop files.
Shed Clearance Sale scam
Beware the Shed Clearance Sale Scams: What You Need to Know 🚨
EWheels EW-14 Four Wheel Scooter scam store
Beware of the EWheels EW-14 Four Wheel Scooter Scam on Facebook
Appearancte.com scam store
Appearancte.com Review: Is This Online Shop a Scam?
Bangsearch.pro redirect virus
Remove Bangsearch.pro Redirect: Chrome, Edge, Firefox 🚨

Follow Us

Search

Useful Guides

Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)
browser redirect virus
How to remove Browser redirect virus [Chrome, Firefox, IE, Edge]
Managed by your organization chrome virus
Chrome Managed by your organization malware removal guide
How to reset Internet Explorer settings to default
Malwarebytes won’t install, run or update – How to fix it

Recent Posts

How to use F-Secure Online Virus Scanner
How to remove VirusTrigger (Delete instructions)
How to remove SecureFileShredder or SecureFile Shredder (Removal instructions)
How to remove Ultra Antivirus
How to remove TDSS, Backdoor.Tidserv, Alureon trojan/rootkit

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2023 MASW - Myantispyware.com.