TechSpot

Braskt.exe causing restarts/faulty webpages

By mtbtrigger
Nov 8, 2008
  1. I've read a few of the topics about braskt.exe (currently on my laptop) and have begun the 8 steps on my desktop. I have my desktop in diagnostic mode and it is not allowing me to access the internet, is this normal?

    Also i have run CCleaner, and am currently running a full scan with Malwarebytes. CC fixed quite a few problems, but I was wondering if i should use the registry fix function of that application. It also has a function to remove locked files, I was wondering if this could be used to move the braskt.exe from my sys32 folder (currently I am only able to delete the one from my windows folder).

    I attempted to download Avira and Superantispyware, but both will not run from the desktop. HijackThis is also failing to initialize

    The malwarebytes is taking quite a long time, 1 hour 31 minutes at this point, but i will attempt to post a log when it is complete.


    Any help would be greatly appreciated, I will check back frequently
     
  2. momok

    momok TS Rookie Posts: 2,265

    We'll need to see those logs before we can comment much. Braskt infection has proven tricky in the past though.
     
  3. mtbtrigger

    mtbtrigger TS Rookie Topic Starter Posts: 21

    It seems this is going to take quite a while to run, and im already incredibly tired from this. I will let it run and post the logs in the morning.
     
  4. mtbtrigger

    mtbtrigger TS Rookie Topic Starter Posts: 21

    While in diagnostic mode I managed to run CCleaner and Malwarebytes. CC was fast but Malware took over 15 hours, however it seemed to get rid of all the popups and whatever was blocking the other programs. I am now running Superantispyware and after that I will be running HijackThis, I will post the logs as soon as I can (probably in the morning).

    Just wanted to post this up for anyone having problems, try to run windows in diagnostic mode (this prevents your computer from restarting every 10 minutes, or at least it did for me) and run your scans there. Do as many of the 8 steps as possible!!!

    EDIT: even after a restart the braskt.exe files are no longer in my windows and sys32 folders. I'm sure i have other problems, but this seems to be a good start.
     
  5. momok

    momok TS Rookie Posts: 2,265

    Its tough, but keep it going! Once you get your logs out, we'll be able to provide more insight and analyses to ensure your system is thoroughly clean.
     
  6. mtbtrigger

    mtbtrigger TS Rookie Topic Starter Posts: 21

    heres logs: when i put it in normal mode it came back

    back on my laptop, as soon as i hit post message it shut my desktop down. Thats the only log i can get to before it shuts itself off

    more logs attached to this one

    EDIT: One useful tip i just discovered to keep your computer from restarting open the msconfig, untick brastk, then just leave the system configuration utility open. When you shut the config down, some process is reticking brastk and then restarting the machine, but i think (not sure) if its not ticked it will not restart

    EDIT2: Just for clarification, when I left the diagnostic mode and returned to normal mode I began having the "your computer is infeced!" popups again. My computer also restarts every 15 mins (except when i leave the system config open, that seems to keep it from restarting).

    that last HijackThis log was before i ran some of the other spyware things. I am having trouble opening it so here is the log (probably because i had to rename all of the folders to run HJT):
     

    Attached Files:

  7. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi mtbtrigger

    Looks like you have done a good job at following momok's instructions as all looks pretty well.

    Looks like I am the servant of momok today as he likely needed a rest.

    Update and run MalwareBytes again Full Scan and even again until it comes up clean or finds something it can not clean. It should not take long this time as you are not running in Safe Mode and your long run has removed a lot of issues.

    Running it alone will be test as if it does take much longer than an hour there is likely another issue not apparent yet .

    Do the same for SAS Update Full Scan make sure you select and remove all, the last log looks as if you did not.

    Post their final logs and then a new HJT log.

    Mike
     
  8. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi mtbtrigger

    You pasted the last HJT log while I was composing my last post offline.

    If you get this in time do the below before my last post!!!!

    Run HJT scan only

    Select remove the following
    O4 - HKLM\..\Run: [brastk] brastk.exe
    O20 - AppInit_DLLs: karna.dat

    Then tell me if you know what this is? Do not execute it if you do not know!
    C:\Program Files\do this\do this\do this.exe

    In Add/Remove programs uninstall Viewpoint Manager

    Now do my last post!

    Mike
     
  9. mtbtrigger

    mtbtrigger TS Rookie Topic Starter Posts: 21

    do this is what i renamed hijackthis to :p

    I managed to get Avira installed, updated, and it is currently at 98.4% done. Once it is complete I will redo HJT and update and rerun the rest.

    Thanks for the reply I will keep you updated.

    EDIT: should i post what avira finds before removing any of it?

    EDIT2: I am unable to update SAS and MAM, seems something is blocking them. Should I attempt to restart and try again now that i have removed these files?
     
  10. mflynn

    mflynn TS Rookie Posts: 2,655

    No remove what Avira finds.

    On the HJT do the removals I requested but do not post a new HJT log until after the repeated runs of MWBAM and SAS!

    HJT log last!

    Mike
     
  11. mtbtrigger

    mtbtrigger TS Rookie Topic Starter Posts: 21

    Avira just quarantined a bunch of stuff, do i need to remove them or just leave them in quarantine?

    EDIT: If i need to remove them which of the buttons do a press, seems like all the ones available would just take it off the quarantine list
     
  12. mflynn

    mflynn TS Rookie Posts: 2,655

    Leave them in Quarantine for now!

    Mike
     
  13. mtbtrigger

    mtbtrigger TS Rookie Topic Starter Posts: 21

    First of all thanks for the help Mike, much appreciated

    Second, i am unable to update MWB or SAS, how should i proceed?
     
  14. mflynn

    mflynn TS Rookie Posts: 2,655

    Update them in full mode, then but the reboot to Safe mode to do the scans.

    Or do you not have Internet access.

    Did you boot to safe mode only? I don't understand why you cannot update these 2 programs.

    Mike
     
  15. mtbtrigger

    mtbtrigger TS Rookie Topic Starter Posts: 21

    I am in full mode, but when I hit update it tells me that the update failed. I do have internet access, im wondering if i should reboot now that i have removed quite a few problems (i have not rebooted since i ran avira or used HJT).
     
  16. mflynn

    mflynn TS Rookie Posts: 2,655

    Absolutely!

    Mike
     
  17. mtbtrigger

    mtbtrigger TS Rookie Topic Starter Posts: 21

    Still having the update problem here is the quote when i hit update on MWB - "Update failed. Make sure you are connected to the Internet and your firewall is set to allow Malwarebytes' Anti-Malware to access the internet."

    I am not currently running a firewall, and i have internet access

    same thing happens with SAS
     
  18. mflynn

    mflynn TS Rookie Posts: 2,655

    Do 2 things.

    Try from Safe Mode Networking. If you get the same then go back to the 8 Steps and reinstall both programs.

    If that don't work we will take another route so get back.

    Mike
     
  19. mtbtrigger

    mtbtrigger TS Rookie Topic Starter Posts: 21

    safe mode did not work, same messages. Any chance the update .exe's can be posted here?
     
  20. mflynn

    mflynn TS Rookie Posts: 2,655

    Hmmm!

    Lets go a different route and come back to this.

    Do the below looks big and complex but just step thru my steps.

    Reboot clean run no Apps!

    Download SDFix to Desktop among other things it runs GMER and Catchme to look for RootKits.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into regular Safe Mode (not with networking)

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SDFix. Double-click to enter SDFix.

    Double-click to execute RunThis.bat. Type Y to begin.

    SDFix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished, hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.

    Attach the Report.txt file to your next post.

    =========================================
    Immediately without executing other Apps do the following

    Download OTScanIt:

    http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe

    Close all Apps and Browsers

    Download and save to Desktop and Dbl Click to extract the files to an OTScanIt Folder.

    If Firewall or other Security or Malware protections pop you should allow them to let OTScanit to run.

    Enter the OTScanit folder and run OTScanit.exe.

    In Additional Scans select BotCheck, Disabled MS Config Items and Eventviewer Errors/Warnings

    Top Left click Run Scan.

    The scan can take some time so allow it time.

    Then finished a log will open, save log, post back as an Attachment.

    Mike
     
  21. mtbtrigger

    mtbtrigger TS Rookie Topic Starter Posts: 21

    do i need to download those other programs for the first one to work? or are they just included?
     
  22. mflynn

    mflynn TS Rookie Posts: 2,655

    Forget the programs that will not update for now!

    Just do my last post from beginning to end.

    Now you said the others would not update. I surly hope these 2 SDFIX and OTScanit will download as they do not require updating yet!

    Mike
     
  23. mtbtrigger

    mtbtrigger TS Rookie Topic Starter Posts: 21

    sorry for the confustion, do i need to download gmer and catchme for SDfix or are they included?
     
  24. mflynn

    mflynn TS Rookie Posts: 2,655

    No they are included.

    Get started!:)

    I will be up for another hour or so then to bed.

    Will be watching until then.

    Mike
     
  25. mtbtrigger

    mtbtrigger TS Rookie Topic Starter Posts: 21

    when i type the first address in it gives me a cannot display. Should i use my flash drive and DL it on my laptop and just transfer it over?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...