How to remove brastk.exe/karna.dat trojan (FakeAlert trojan)

brastk.exe/karna.dat are two main components of trojan (trojan.fakealert) that may represent security risk for the infected computer. The trojan.fakealert uses rootkit techniques designed to hide the software presence in the system and also blocks user access to security websites. Once running, this trojan will display a red circle with a white X in your taskbar and a fake security alerts that tells you to install a rogue antispyware application to delete the infection.

Your computer is infected!
Windows has detected a spyware infection!
It’s recommended to use special antispyware tools to pervent (sic) data loss.
Windows will now download and install the most up-to-date antispyware for you.
Click here to protect your computer from spyware!

These alerts are a fake and should be ignored!

Symptoms in a HijackThis Log.

O4 – HKLM\..\Run: [brastk] brastk.exe
O20 – AppInit_DLLs: karna.dat

Use the following instructions to remove brastk.exe/karna.dat trojan (trojan.fakealert).

Download Avenger from here and unzip to your desktop.

Run Avenger, set the following: “Scan for rootkits” and “Automatically disable any rootkits found”.

Copy, then paste the following text in Input script Box:

Drivers to delete:
TDSSserv.sys

Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | brastk

Files to delete:
C:\WINDOWS\system32\wini10894.exe
C:\WINDOWS\brastk.exe
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\karna.dat
C:\WINDOWS\system32\karna.dat

You will see window similar to the one below.

Avenger

Click on ‘Execute’. You will be asked Are you sure you want to execute the current script?. Click Yes.

You will now be asked First step completed — The Avenger has been successfully set up to run on next boot. Reboot now?. Click Yes.

Your PC will now be rebooted.

Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.

Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded you will see window similar to the one below.

Malwarebytes Anti-Malware Window

Select “Perform Quick Scan”, then click Scan. The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.

Malwarebytes Anti-malware, list of infected items

Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.

Questions and answers.

I cannot download a suggested antispyware tool.

Method 1:
– Restart your computer.
– After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
– Instead of Windows loading as normal, a menu should appear
– Select the “Safe mode with networking”, to run Windows in Safe Mode.
– Try download an antispyware tool again.
Method 2:
– Download antispyware program on another PC and transfer the file to your PC using pendrive.

I cannot run suggested antispyware program.

Rename a downloaded file, using any random name and run the program again.

If you need help with the instructions, then post your questions in our Spyware Removal forum.