Tuesday, June 17, 2008

BEWARE : "Braviax.exe" Virus!!!

Assalamualaikum, well..hari ani not in a good mood jua, pasal something is happen last night masa surfing menyurfing atu, kan di jadikan cerita kan my PC sudah di serang Virus bernama braviax.exe, walaupun PC ku udah dilengkapi dengan perisian Anti Virus AVG Pro yang sentiasa updated, Aku yang kan tidur awal malam atu terpaksa membatalkan niat murni lagi suci ku atu demi memberi bantuan kecemasan kepada PC ku, mujur Al-hamdulillah PC ku dapat diselamatkan, dan masa ani PC ku berada dalam keadaan pemantauan ketat mana tau masih lagi ada saki baki virus jahanam atu yang bersembunyi dalam PC ku..

MACAMANA BOLEH KANA ATU ? : malam atu aku surfing bah, mencari bahan.., iatah masuk tah ku arah satu website ani, selalunya ku masuk kesana nothing happen, kalinya malam atu aku klik timbul satu pop up minta izin allow untuk mainkan flash or java disana, dan arah pop up atu ada note yg perisisan atu adalah tergolong dalam trusted zone, iatah dengan penuh confidentnya ku klik tah jua, lagipun aku memakai perisian Anti Virus AVG Pro (bukan yang free punya) yang berada dalam kedudukan Top 10 (banar kah inda tu sukatinya saja membuat Top10), iatah dalam masa ku menyambung surfing atu, dalam masa 1 minit kemudiaan PC ku tertutup dan terestart sendiri, masa atu tahu tah aku yang PC ku udah di serang Virus atau Spyware, Bila saja masuk window segala setting dalam PC ada kacau sedikit, pop up timbul menimbul mengatakan PC ku ada Spyware betapuk (so annoying), Window FIREWALL tertutup sendiri, paksa ku on sendiri jua, update AVG dan SCAN tarus, nasib braviax.exe ani inda dapat lari lebih jauh lagi, lapas atu surf internet lagi mencari apa jenis virus ani, apa kegemarannya? laki kah bini? dan kata dorang virus ani buleh melembabkan pergerakan internet seseorang, dalam hal ani aku inda dapat memastikan sendiri sebab dalam 3-4 hari ani services internet kembali inda memuaskan hatiku, dan disarankan OFFLINE kan internet dulu semasa bantuan kecemasan dibuat, maka berusah tah ku dan sambil mengharapkan yang AVG Pro ku ani mampu mengatasi Braviax.exe ani..

Berikut adalah hasil daripada carian ku dalam internet mengenai Virus Braviax.exe ani you translate sendiri lah :

Braviax EXE Bad News
By BigDadGib • February 23rd, 2008

I’ve done more searching into this little bug.
It turns out, this is more than just a little bug. I got this virus through an optimization program.
Here is what we know so far.
The filename BRAVIAX.EXE was first seen on Jan 31 2008 in The EUROPEAN UNION. It has also been seen in the following geographical regions:

The UNITED KINGDOM on Feb 24 2008
SPAIN on Feb 4 2008
The filename BRAVIAX.EXE refers to many versions of an executable program.
The most common file size is 11,264 bytes. But the following file size has also been seen:
13,312 bytes

The unsafe files using this name are associated with the malware group SystemDefender:Spyware-a.
These files have no vendor, product or version information specified in the file header.
BRAVIAX.EXE has been seen to perform the following behavior(s):

The Process is packed and/or encrypted using a software packing process

- Changes the Internet Explorer Search Page
- Disables the Notification Baloon for the Windows Security Center
- Disabling the Windows Built in Firewall
- This Process Creates Other Processes On Disk
- This Process Deletes Other Processes From Disk
- Can communicate with other computer systems using HTTP protocols
- Executes a Process
- Registers a Dynamic Link Library File
- Creation and Registration of a Browser Helper Object in Internet Explorer
- Changes the Internet Explorer Home Page Settings
- Modifies Windows Initialization And System Settings Used On Start up
- BRAVIAX.EXE has been the subject of the following behavior(s):

- Added as a Registry auto start to load Program on Boot up
- Created as a process on disk
- Executed as a Process
- Writes to another Process’s Virtual Memory (Process Hijacking)
- BRAVIAX.EXE can also use the following file names:

Use Notepad to Edit Braviax.exe, change ANY character to something that it is not already and save the file. Reboot & the virus will blow up upon execution ! Make sure you only change one character as the virus checks the length of the module to see if it has been modified, and if it has it replaces it. It does NOT check the time stamp of the module, as that varies based upon its creation date.
Delete C:\WINDOWS\SYSTEM32\DRIVERS\Beep.sys &C:\windows\system32\cru629.dat
If C:\>WINDOWS\SYSTEM32\Braviax.exe is still there with the same timestamp, delete it, if not, you $^$^@# up. Do it right this time & repeat….
Reboot.If C:\>WINDOWS\SYSTEM32braviax.exe is gone this time, you have stopped the repetitive installer, which is the real problem….

This will allow you to download/update, etc. a reliable AV product like AVG ( that will actually remove the parts that exist as a result of this virus. McAfee & Norton don’t even acknowledge the existence of this virus….. Once you have successfully used AVG to remove all of the Braviax parts, you should be fine, and as an added bonus, you will be using the best AV product on the market at any price (FREE, you morons)…. run AVG & have it delete all the other Trojans & Backdoors that BRAVIAX downloaded
I have done this on about 12 different PCs from 4 different clients (now - new clients, not previous clients, as I would have slapped them silly!)

What is the easiest way to make a ANY program not run?????( Make it blow up!) I simply edited the executable module & it no longer runs…. DUH!
It does not make any difference if you are connected to the Internet if you make the program BLOWUP! DUH!
You do not need to boot in Safe Mode nor DOS mode. You need to Disable the gateway program for this Virus so you can actually use your computer!
The above was sent in by a young person who felt it necessary to call me names. Nevertheless, I appreciated his suggestion.
Here is another…
I believe I have fixed Braviax.exe on my Win XP - am still running various AV, etc. (with disconnected internet) for double checking and will do the same under the internet-connected environment later. This is what I did:
Ran computer under “Safe Mode”, with disconnected internet, and ran McAfee to get rid of 2 Braviax.exe and cru629.dat (located at winnt and winnt\system32, respectively), and their Register KEYs, 2 beep.sys, users32.dat, FiGaro.sys, and winivstr.exe (which is a part of Winreanimator spyware). All these files can be deleted manually, as well, by doing a “search” and “RegEdit” (do a backup first). NOTE: I believe it is very important to disconnect internet, as braviax will keeps on downloading more craps from internet, while the software is running the scan.
Then connected to internet, ran BitDefender Online Scan, which deleted c:\winnt\…\StartUp\qiqn.exe (I believe this is the one that keeps installing braviax.exe when window starts), c:\winnt\system32\bnbs.dll, and a Trojan (Trojan-Downloader:win32.Agent.1CA).
Then disconnected the internet again, and ran various AV softwares to clean up the PC.
Restarted the computer on normal mode (with the disconnected internet), and ran various AV to clean up. No red circle at the start and no braviax.exes found. Mcafee scanned finished “clean”; so far. Running Spyware Doctor right now…
By the way, Braviax is visible in the “taskmanager” box for about 10 sec at the startup of window, under normal window mode. I found that if I “end process” of it when it is visible, I can manually delete/replace it and the red circle with X will disappear. Then all AV sofewares can start working again.
Hope my post help!
The above I tried, but it didn’t work for me.
Here is yet one more…
That was a pig of a virus to get rid of, I got rid of the startup and reg run entries, moved to a dual boot and deleted the files, and it still bloody came back! never heard of anything writing to beep.sys before… Looks like it writes stuff in there relating to AV software it doesn’t like too, because there are entries for Norton and the like that I’ve never even had installed on my PC. Was tempted to try editing the file, but for the sake of the box beeping when it starts up I really can’t be arsed.
Just to add [something], you’re not guaranteed to crash an exe by replacing only one character (though it might work), better to change a few while you’re at it to ensure you overwrite someting critical, i.e. an instruction word.