[ale] XP Malware - XP Security Center
Daniel Howard
dhhoward at comcast.net
Thu Jul 3 11:17:25 EDT 2008
Got it! And didn't have to use JDWS (Jim's Draconian Windows Solution),
although was considering it last nite...but I'd hate to lose the
ability to run my Matlab files since FreeMat won't run them yet.
Downloaded Avast as recommended by Paul Cartwright, and it found the
files braviax.exe, cru629.dat, beep.sys (this is how it keeps
reinstalling itself), and finally a copy of the trojan in my
hiberfil.sys hibernate file. Although Avast didn't get rid of it
entirely (I think because it didn't fix the registry links), at least
now I was able to Google properly to find the right solution. Found one
link that told how to go into power management, disable hibernation, and
then delete hiberfil.sys. But after googling braviax and beep.sys, this
link really had the right stuff:
http://www.bigdadgib.net/2008/02/24/true-removal-of-braviax/
Only thing missing on the above site is the disabling and removal of
hiberfil.sys. Used my XP recovery disk as directed, deleted all
instances of braviax.exe and cru629.dat, then rebooted in safe mode and
used regedit to find all instances of "braviax" and "cru629" (lots of
both of them!), and voila, it's gone.
Ditched clamwin and now have Avast running in task bar. Seems to slow
access on Firefox and email just a hair, but assumedly due to it
scanning for malware.
Thanks to all, and hope the above case helps anyone else with this
particular nasty malware.
Best,
Daniel
--
Daniel Howard
President and CEO
Georgia Open Source Education Foundation
More information about the Ale
mailing list