Archive for virus

Jul
31
08

Online? At Risk! Storm Worm

Posted by: Gib@CBO | Comments (2)
This is important thus, I am telling my readers about it.  Contrary to what you may have heard, you DO NOT need to go to a porn site to get a virus or worm on your computer.

I talked about my fight with the Braviax.exe worm and the problems of getting rid of it.  Someone left the comment that I must have been surfing the net for porn when I got infected.

This is far from the truth people.  It is true, however, to get a virus, you must be online and connected.  If you are online, you are at risk.

Here is an article from the Newsmax team about a new threat

FBI Warns of Storm Worm Virus

Wednesday, July 30, 2008 2:18 PM
By: Newsmax Staff

The FBI and its partner, the Internet Crime Complaint Center (IC3), have received reports of recent spam e-mails spreading the Storm Worm malicious software, known as malware.

These e-mails, which contain the phrase “F.B.I. vs. facebook,” direct e-mail recipients to click on a link to view an article about the FBI and Facebook, a popular social networking website. The Storm Worm virus has also been spread in the past in e-mails advertising a holiday e-card link.

Clicking on the link downloads malware onto the Internet connected device, causing it to become infected with the virus and part of the Storm Worm botnet. A botnet is a collection of compromised computers under the remote command and control of a criminal “botherder.”

Most owners of the compromised computers are unsuspecting victims. They have unintentionally allowed unauthorized access and use of their computers as a vehicle to facilitate other crimes, such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware.

Because of their widely distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy.

“The spammers spreading this virus are preying on Internet users and making their computers an unwitting part of criminal botnet activity. We urge citizens to help prevent the spread of botnets by becoming web-savvy. Following some simple computer security practices will reduce the risk that their computers will be compromised,” said Special Agent Richard Kolko, Chief, FBI National Press Office.

To be safe, everyone should consider the following:

  • Do not respond to unsolicited (spam) e-mail. NEVER
  • Be skeptical of individuals representing themselves as officials soliciting personal information via e-mail.
  • Do not click on links contained within an unsolicited e-mail. NEVER
  • Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders.
  • Validate the legitimacy of the organization by directly accessing the organization’s website rather than following an alleged link to the site.
  • Do not provide personal or financial information to anyone who solicits information. NEVER

    Clicking on a link that is contained on an unknown website can lead you to the same bad virus as clicking on a link in an e-mail.  Porn sites are a major carrier of infections.  Stay away from them.  If you ARE surfing the net for porn, you ARE asking for trouble.

    Here is my point.  My readers know me and my reputation.  They know if I ask them to click here and SEE A STUPID GUY IN HIS UNDIES, they will get a picture of a stupid guy in his undies.  But if you are new to my site, you know nothing about me or BigDadGib or things look suspicions, DO NOT CLICK ON ANY LINKS ON THIS PAGE.

    This has been a public service announcement because I love my readers!

    • Share/Save/Bookmark

    Categories : Trouble, contributed, news, opinion, trojan, virus
    Comments (2)
    Jun
    12
    08

    Good News for Braviax Removal

    Posted by: Gib@CBO | Comments (2)

     Several months ago, my lap top was stricken down by the Braviax.exe virus.  It is a nasty little bug that places a red button in the tool bar that says you have a virus.  It then downloaded tons of Spyware, Adware and basic crap that slowed, jumbled and finally stopped my computer.

    At that time, this was a new threat to computers and little was known about it.  Removal was deemed difficult but doable.  For my complete removal of the Braviax.exe removal, I had to reload my operating system and start with a fresh, clean hard drive and storage system.  Since that time, there have been several methods suggested, tried and proven.

    update1

    Here is one great method that I found:

    Please see this Site My Anti Spyware for instructions on removing this Braviax threat.

    If it worked for you, as it did for me, please come back here and leave a comment as to your success or lack thereof.

    Share/Save/Bookmark

    Categories : virus
    Comments (2)
    Apr
    06
    08

    Removal of Braviax Update II

    Posted by: Gib@CBO | Comments (2)

    I have had some great comments about how to remove this nasty little beast.  The beast I am referring to is the Braviax.exe virus.

    Personally, I had to reformat my hard-drive and reload my windows and all my programs.

    Here are some other ideas.  (Try any or all of these at your own risk)

    Use Notepad to Edit Braviax.exe, change ANY character to something that it is not already and save the file. Reboot & the virus will blow up upon execution ! Make sure you only change one character as the virus checks the length of the module to see if it has been modified, and if it has it replaces it. It does NOT check the time stamp of the module, as that varies based upon its creation date.

    Delete C:\WINDOWS\SYSTEM32\DRIVERS\Beep.sys &
    C:\windows\system32\cru629.dat

    Reboot.

    If C:\>WINDOWS\SYSTEM32\Braviax.exe is still there with the same timestamp, delete it, if not, you $^$^@# up. Do it right this time & repeat….

    Reboot.
    If C:\>WINDOWS\SYSTEM32braviax.exe is gone this time, you have stopped the repetitive installer, which is the real problem….

    This will allow you to download/update, etc. a reliable AV product like AVG (www.free.grisoft.com) that will actually remove the parts that exist as a result of this virus. McAfee & Norton don’t even acknowledge the existence of this virus….. Once you have successfully used AVG to remove all of the Braviax parts, you should be fine, and as an added bonus, you will be using the best AV product on the market at any price (FREE, you morons)…. run AVG & have it delete all the other Trojans & Backdoors that BRAVIAX downloaded

    I have done this on about 12 different PCs from 4 different clients (now - new clients, not previous clients, as I would have slapped them silly!)

    What is the easiest way to make a ANY program not run?????( Make it blow up!) I simply edited the executable module & it no longer runs…. DUH!

    It does not make any difference if you are connected to the Internet if you make the program BLOWUP! DUH!

    You do not need to boot in Safe Mode nor DOS mode. You need to Disable the gateway program for this Virus so you can actually use your computer!

    The above was sent in by a young person who felt it necessary to call me names.  Nevertheless, I appreciated his suggestion.

    Here is another…

    I believe I have fixed Braviax.exe on my Win XP - am still running various AV, etc. (with disconnected internet) for double checking and will do the same under the internet-connected environment later. This is what I did:

    Ran computer under “Safe Mode”, with disconnected internet, and ran McAfee to get rid of 2 Braviax.exe and cru629.dat (located at winnt and winnt\system32, respectively), and their Register KEYs, 2 beep.sys, users32.dat, FiGaro.sys, and winivstr.exe (which is a part of Winreanimator spyware). All these files can be deleted manually, as well, by doing a “search” and “RegEdit” (do a backup first). NOTE: I believe it is very important to disconnect internet, as braviax will keeps on downloading more craps from internet, while the software is running the scan.

    Then connected to internet, ran BitDefender Online Scan, which deleted c:\winnt\…\StartUp\qiqn.exe (I believe this is the one that keeps installing braviax.exe when window starts), c:\winnt\system32\bnbs.dll, and a Trojan (Trojan-Downloader:win32.Agent.1CA).

    Then disconnected the internet again, and ran various AV softwares to clean up the PC.

    Restarted the computer on normal mode (with the disconnected internet), and ran various AV to clean up. No red circle at the start and no braviax.exes found. Mcafee scanned finished “clean”; so far. Running Spyware Doctor right now…

    By the way, Braviax is visible in the “taskmanager” box for about 10 sec at the startup of window, under normal window mode. I found that if I “end process” of it when it is visible, I can manually delete/replace it and the red circle with X will disappear. Then all AV sofewares can start working again.

    Hope my post help!

    The above I tried, but it didn’t work for me.

    Here is yet one more…

    That was a pig of a virus to get rid of, I got rid of the startup and reg run entries, moved to a dual boot and deleted the files, and it still bloody came back! never heard of anything writing to beep.sys before… Looks like it writes stuff in there relating to AV software it doesn’t like too, because there are entries for Norton and the like that I’ve never even had installed on my PC. Was tempted to try editing the file, but for the sake of the box beeping when it starts up I really can’t be arsed.

    Just to add [something], you’re not guaranteed to crash an exe by replacing only one character (though it might work), better to change a few while you’re at it to ensure you overwrite someting critical, i.e. an instruction word.

    Good luck my friend.  BigDadGib

    Share/Save/Bookmark

    Categories : Trouble, opinion, trojan, virus
    Comments (2)
    Mar
    21
    08

    Braviax Wins Battle - Not War

    Posted by: Gib@CBO | Comments (3)

    crying-baby Several weeks ago, my laptop contracted a nasty little virus.  This Braviax.exe did some wicked things to my computer.

    I had gone through many steps including cleaning, shredding, stripping and crying.  Things seemed to go from bad to real bad.  The laptop slowed to a crawl and locked up continuously.

    Finally, I had to do a complete reformat of the main hard drive.  I saved what I could on 4 gigs of flash stick memory.  I have spent a good portion of today getting things back to normal so I can navigate, publish and work like I was prier to Braviax.

    For the steps and comments on the previous post, go HERE.

    Share/Save/Bookmark

    Categories : Trouble, bigdadgib, trojan, virus
    Comments (3)
    Feb
    24
    08

    True Removal of Braviax

    Posted by: Gib@CBO | Comments (27)

    I hate CrapWare!

    By: Gilbert Purtee

    After finding someone who could give me the right steps to take and who could explain it in simple terms, I got rid of this pesky braviax.exe malware.

    Thanks to CM2 Consulting and this post they offered.

    (I would print these instructions before starting the process)

    1. spydrDownload and install a reputable spyware detection and removal program such as Spyware Doctor which is available free as part of the Google Pack. Spyware Doctor did not detect or remove the braviax/cru629 infection, but is useful in detecting and removing the crap that it downloads.  [BigDadGib: I use Spyware Doctor.  It's great]
    2. Disconnect your computer from the Internet. If the crapware can’t find the Internet, it can’t download any more crap.
    3. Restart your computer from the installation CD in Recovery Console mode. With my PC, I had to hit F12 during the boot process and tell it to boot from the CD ROM. When the "Welcome to Windows Installation" window came up, I pressed R to enter the Recovery Console. (These instructions are specifically for XP.)
    4. Navigate to the Windows directory. (If you are at the C:\> prompt you would type cd windows and hit enter. If you need to back up to get to the C:\> prompt, type cd .. and hit enter until you get there.) Once you are at the C:\WINDOWS> prompt type del braviax.exe and hit enter. When your computer returns to the prompt, type del cru629.dat and hit enter.
    5. Navigate to the System32 directory by typing cd system32 and hitting enter. Once you are at the C:\>WINDOWS\SYSTEM32> prompt type del braviax.exe and hit enter. Then type del cru629.dat and hit enter.
    6. Navigate to the C:\WINDOWS\SYSTEM32\DLLCACHE> directory. Type del beep.sys at the prompt and hit enter. [*VERY IMORTANT]
    7. Navigate to the C:\WINDOWS\SYSTEM32\DRIVERS> directory. Type del beep.sys at the prompt and hit enter. [*VERY IMPORTANT]
    8. Type exit and hit enter to exit the Recovery Console and reboot the computer. You will want to reboot in safe mode. To do this on my PC one must begin madly pressing F8 until a boot menu comes up. Once you have booted to safe mode, open regedit (Click on the "Run" option on the Start menu, type regedit into the text box and hit enter). Once the Registry Editor is open, select My Computer. Then click on the Edit menu item and select Find.
    9. In the find dialog box type in braviax (you may omit the .exe part so it will find all references to the nastyware.) When the search finds a value or key containing the word braviax, delete it. Keep searching until all instances have been found and deleted. Repeat this process for cru629. When all instances have been found and deleted, close the Registry editor. Your computer should now be clean of this crap.
    10. You may run Spyware Doctor, your anti-virus, and Windows Defender (which should now be runnable). Spyware detectors may find crap that braviax downloaded.

    *The key to keeping the crapware from reinstalling itself seems to be the removal of beep.sys which normally is a legitimate Windows program. It does not seem to be critical to the operation of the computer. Your machine may not now beep upon start up.

    If you miss the beep, you could find an uninfected computer with the same operating system as yours and replace the file with a copy from it. That may or may not work. Personally, I’ll live without the bleeping beep.

    Related post… here, here, here

    Share/Save/Bookmark

    Categories : bigdadgib, news, virus
    Comments (27)
    Next Page »
    Subscribe

    Recent Posts

    Past Post

    A List

    WORDPRESS

    Pastor Jons Network

    User stuff...

    More Great Stuff

    My Flash Banner
    Flash Banner Placeholder.

    Read Daily

    RSS For The Love Of WordPress

    • Happy New Year
      Can’t go through the midnight hour without a shout out to the new year… May you have a wonderful 2009!
      bigdadgib
    • New Themes
      Working a little overtime to produce some new works. Check out the newest of the bunch.
      bigdadgib
    • PayPal is Our Pal
      bigdadgib
    • Restart That Dead Blog
      How to Restart a Dead or Dormant Blog Posted in: Miscellaneous Blog Tips Got an old dead blog that you want to restart? In this guest post David Peralty of College Crunchshares some tips on how to get it going again! Over the course of time, you might have left one of your blogs, or maybe your [...]
      bigdadgib
    • Great Hosting
      Laughing Squid “Laughing Squid Web Hosting is an independently owned and operated web host, based out of San Francisco, that provides friendly, dependable and secure web hosting services to artists, individuals, bloggers, non-profits, and small businesses. We are open source geeks who are here to help you get your content online and rescue you from the […]
      bigdadgib
    • Merry Christmas To You
      From the staff at “For The Love Of  WordPress”, We wish you and your’s a very, Merry Christmas.
      bigdadgib
    • Christmas Wish
      bigdadgib
    Click here for a free menu maker !