This is one nasty bugger! WOW!
It starts out with an annoying pop-up message on your taskbar over by the clock. When the balloon error message disappears, you get a red X like the Microsoft Red X inside the security shield. This message however, is missing the security shield that windows uses.
The other thing I want to point out about the error message, is read the wording. Although this looks like a typical windows message, Microsoft can spell and uses proper grammar! Specifically, the message says, “It is recommended to use special antispyware tools to prevent data loss.” BAD GRAMMAR! Not Microsoft.
The message further states that “Windows will now download….” Another dead giveaway that this is not Microsoft. They NEVER ask your permission to do anything! (SMILE)
But seriously, here is the actual message pop-up.
What’s bad about this one is that it does look like a typical windows message. In the case of my sisters PC, Trend blocked the reanimator from downloading its dastardly tools that would plant a nice Trojan onto the machine. But, we needed to get this thing out of her PC!
There were two affected files: winivstr.exe and braviax.exe that was hidden in the Windows folder and the Windows/system32 folder. Braviax.exe was slated to run at startup in MSCONFIG.
This bugger also totally disabled and hid Spybot Search & Destroy! We could not use it even when I found it by unhiding the hidden files and folders.
I booted in safe mode to no available.
I removed the files in safe mode, removed the prefetch files, turned off the msconfig startup of the file, and removed registry files only to have it reappear on normal boot.
It was listed inside the windows .dat files for Internet Explorer and the desktop. The more I tried to eliminate it, the more it returned.
After hours of trying to remove this sucker manually, I gave up and did a Google search to see if anyone else had successfully deleted it.
I’m always squeamish when it comes to freeware, but at this point I was ready to try anything.
And I’ve got to tell you that I found the most awesome removal tool for this thing!
Now, mind you that this website goes totally against everything I teach in my new CyberSleuthing Websites eBook, but it was worth the risk. If I couldn’t get the darn thing out of the computer, I’d have to reformat anyway. So if Trend PC-cillin decided that this tool was also a bad guy, either way I lost nothing. At best, these guys would be legitimate and we’d clean the machine!
Well, it worked! I couldn’t believe how fast and easy it was! And Trend didn’t mind it at all.
The tool? MALWAREBYTES ANTI-MALWARE.
Kudo’s to the folks at Malwarebytes.org!
Once the bugger was removed, guess what became available again? Spybot S&D! And even that played nice with Malwarebytes Anti-Malware program.
I am really, really, really impressed!
written by Admin
\\ tags: anti-malware, antimalware, braviax.exe, malwarebytes, reanimator, trojan, univers32.dat, wantvi.e, winivstr.exe
Recent Comments