Braviax virus and assorted other malware

Hello, I have unfortunately been infected with the Braviax virus. I had managed to find and kill the process and deleted the files associated with it and ran a scan, but as I later found out it reinstalls itself which it did whilst my OH was using the pc.


He sat with this running for about an hour, connected to the net and now I have a pc that won't connnect to the internet, is asking me to reactivate Windows XP and when in safe mode after about 2 minutes it displays an error message stating


This system is shutting down. Shutdown initiated by NT Authority/System
C:\Windows\System 32\services.exe terminated unexpectedly with status code -1073741819. The system will now shut down

which it does and then restarts itself. A friend has tried to run combofix on it but as i can't connect to the internet it is impossible to do this. Have tried to restore to a previous point but there are no available points to restore to. Can anyone help???

Hello Risha,


A concern is that the changes you all are making are possibly worsening the situation. I will provide some initial ideas you can try, and then see if you can get some scan log info to post back here for review.

First just see if you can stop the shutdowns from occurring.

1 - Before it shuts down, go to Start - Run, type in shutdown -a (and OK).

2 - Right-click My Computer, and then click Properties.

3 - Click the Advanced tab.

4 - Under Startup and Recovery, click Settings to open the Startup and Recovery dialog box.

5 - Clear the Automatically restart check box, and click OK the necessary number of times.

----------------

Try working in Safe Mode, or Safe Mode with Networking. At startup tap the F8 key about once per half-second then select Safe Mode from the menu.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

Thanks, will try this but am unsure if I can get connected to the net. Doesn't seem to be allowing me to do so (am using another pc for this). It won;t allow me to start in safe mode with networking as it says I need Windows installed to do so. Is it okay to download RSIT and HijackThis to disc and run them from there?

The problem would be how to get the log results to post back here. Infection does infect USB/flash/thumb drives when used sometimes, so you have to be cautious about moving files back and forth. I would also like to see if those shutdowns created a file to check.


Navigate (right click My Computer, left click Explore) to the following folder:

c:\windows\minidump

And if one is there, locate in it any recent minidump(date-somenumber).dmp files created, where "date-somenumber" matches dates of any recent crashes there. If they exist, then just zip a copy of it, and send it to jintan AT malwarecrypt.com (change the "AT" to @) as an attachment. Please place "Submitted Files - Risha/bg/dmp" as the email Subject.

This might show what needs to be disabled to stop the crashes.

Thanks, will look for that. OH was complaining so contacted microsft. fat lot of good that did. spent 1 hr for her to go through everything i had already tried for her then to tell me that I'll have to do a full system restore! aaaaaarrgghhh!!! Or reinstall windows (which I do not have a disk for). Many thanks for your help tho.

Stepping back to your first post, see if you can download and rename the ComboFix executable, then use that on the problem computer.

Rename it to alg.exe, place that in the problem computer's C folder and click to run it from there. If it runs, you may still not be able to allow it to install the Recovery Console (which it will want, but you have no net access), but it will still effect some good repairs there.

Managed to run combofix, it deleted some files and told me I had appgtmnt.dll(sp?) missing. I deleted IE8 on the advice of someone which has then allowed me to reactivate Windows and connect to the net, unfortunately the darn virus is still there and keeps recreating itself and copying itself everytime I try and log on to the net.


Can you help me find the file that causes it to reinstall? Have tried googling it but I mainly get sites trying to get me to download some sort of antivirus/spyware software and I obviously don't want to download anything that is going to make my pc worse. Have tried to install One Care as a friend had an unused disc and although the firewall is running it won't activate anypart of the anti-virus system.



Tis really driving me demented but I now know more about the internal workings of my pc than i ever thought i would.

You are doing your own repairs there, and I have no log information to work from to provide any suggestions or solutions. If you check other request threads you will see how to have a successful repair process with our work here, by doing the suggested steps and posting the requested results. A team effort. Right now my end of the team is in the dark.

to kill braviax.exe :

1-shut down internet.
2-open task manager
3-end braviax.exe and its creator sys32_nov.exe
4-than open windows/system32/
5-search find and delete with unlocker these found files sys32_nov.exe and braviax.exe in system32 folder..it means you survived braviax.exe))