Infected with Trojan.Brisv.A!inf

By BWise38
Mar 13, 2009
  1. My computer has been infected with the Trojan.Brisv.A!inf trojan for some months now and I still havent been able to remove it. I've tried Symnatecs removal tool, but its been no help. I've scanned my PC with Malwarebytes Anti Malware, SuperAntiSpyware Pro, CCleaner and the like, with no results.

    Your help would be greatly appreaciated in removing this nuisance.

  2. kritius

    kritius TS Guru Posts: 2,084

    I need you to follow all the steps HERE and then post back with the three requested logs as attachments

    • Malwarebytes
    • SAS
    • Hijackthis
    Dont forget to make sure that Malwarebytes is set to remove the results.
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    A note: to the information kritius left for you: you have indicated that you have scanned with both Malwarebytes and SuperAntispyware, but you have not provided a logs for either. You will need to UPDATE each of these programs and run new scans. Then attack those two logs on your next post.

    Download and run HijackThis AFTER you have scanned with the other two programs and also include that log.

    There are additional steps in the link kritius left for you. It's best you follow all of those steps. Some malware requires special cleaning programs but unless we see the logs, we cannot make that determination.
  4. BWise38

    BWise38 TS Rookie Topic Starter

    Here are my logs.

    Attached Files:

  5. kritius

    kritius TS Guru Posts: 2,084

    Download random's system information tool (RSIT) by random/random from HERE and save it to your Desktop.

    • Double click on RSIT.exe to run.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • log.txt <will be maximized and info.txt <will be minimized
    • Please attach both logs in the next reply.
  6. BWise38

    BWise38 TS Rookie Topic Starter

    I've attached the Log.txt and Info.txt files as requested.
  7. kritius

    kritius TS Guru Posts: 2,084

    I'm not seeing anything particularly bad in the logs. Are you still having problems?

    Fix entries using HiJackThis

    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618)" -""

    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    I would like you to do an online scan so that we can what else may be in your system,

    Run Kaspersky online scanner

    With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed

    Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.

    Do not go surfing while your resident protection is disabled!

    Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.

    Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.

    • The program will launch and then start to download the latest definition files.
    • Once the scanner is installed and the definitions downloaded, click Next.
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:

      o Scan using the following Anti-Virus database:

      o Extended (If available, otherwise use standard)

      o Scan Options:

      o Scan Archives

      o Scan Mail Bases
    • Click OK
    • Under select a target to scan, select My Computer
    • The scan will take a while so be patient and let it run.
    • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
    • Click the Save Report As... button (see red arrow below)


    • In the Save as... prompt, select Desktop
    • In the File name box, name the file
    • In the Save as type prompt, select Text file (see below)


    • Include the report in your next post.
  8. BWise38

    BWise38 TS Rookie Topic Starter

    I tried the Kaspersky Online Scanner but it keeps telling me 'You need to install Java version 1.6 or later to run Kaspersky Online Scanner 7.0' even though I have Java 6 Update 12 installed. So thus far i cannot perform a scan.
  9. kritius

    kritius TS Guru Posts: 2,084

    Please go >here< to run Panda's ActiveScan
    • Once you are on the Panda site, click the Scan your PC now button
    • A new window will the Scan Now button
    • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
    • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
    • When the scan has finished, click on Export To
    • Save the file as Activescan.txt to your Desktop
    • Close the Activescan window then go to your Desktop
    • Double-click on Activescan.txt and it will open in Notepad, attach it.
  10. BWise38

    BWise38 TS Rookie Topic Starter

    Panda Activescan.txt attached.
  11. kritius

    kritius TS Guru Posts: 2,084

    Please Download VirtumundoBeGone by secured2k
    • Save the file to your desktop
    • Close all running programs (including your Internet Browser)
    • Double-click VirtumundoBeGone.exe on the desktop
    • Read the introductory information, and then click Continue
    • Click Start
    • When asked if you want to continue, click Yes to run the fix
    • Click "Save Log"

    Note: It is normal for the the fix to terminate by producing a BLUE SCREEN OF DEATH so don't be concerned when this happens. It requires you to manually reboot to restore your normal windows desktop.

    The log created by VirtumundoBeGone called VBG.TXT will be on located on your desktop. Please retain VBG.TXT.

    Empty Recycle Bin.

    Reboot and attach the VBG.TXT into this thread.
    Also please describe how your computer behaves at the moment.

    Also run a fresh scan with HJT

    How is the computer running?

    You also don't need to quote me in your responses
  12. BWise38

    BWise38 TS Rookie Topic Starter

    Attached the VBG.txt filed.

    As for how the computer is running, its running well. I havent recieved the message of infection in a few hours, so I'll see how it goes tomorrow and the days following. Hopefully the problems been fixed.

    Thanks for all your help.
  13. kritius

    kritius TS Guru Posts: 2,084

    Posta fresh HijackThis and we'll see how things look.
  14. BWise38

    BWise38 TS Rookie Topic Starter

    Unfortuntaely when I turned on my computer this morning I got the same message from Norton that I'm still infected.

    Heres the fresh Hijack log.
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You are saying this doesn't work?

  16. BWise38

    BWise38 TS Rookie Topic Starter

    Thanks for all those who contributed to my thread.

    I re ran the symnatec removal tool in safe mode and this time it did the trick. So once again, thanks to the senior members at techspot for their assistance.

    Is there anything you recommend I do to safe guard my pc from these type of infections in the future?

  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I thought that you might not have used Safe Mode. Glad that worked for you.

    Yes, keep in mind that YOU are the first line of security for your computer! Where you go, what you do, how you handle mails and attachments, where you leave your email address. So, if you'll forgive me, I'm going to put your user name to 'use:

    BWise is which site you surf to.
    BWise and don't click on pop-ups.
    BWise and don't open email from someone you don't know.
    BWise and don't open attachments EVEN if they are from someone you know unless you know they are coming and what the content is.
    BWise and never leave your personal email address on the internet.
    BWise and install one good antivirus program, one firewall and at least 2 spyware/adware programs. Update and scan with them regularly.
    BWise and stay away from file sharing programs and sites.
    BWise and be careful of what you down;oad and the site you download from.
    BWise and only have those processes starting on boot that you need: the antivirus, firewall (if you have 3rd. party firewall, touchpad for laptop, possible network process.
    BWise and do regular maintenance on the system: disc cleanups, error check, defrag, uninstall any program you aren't using.

    If you are really this 'wise', you should have safe and enjoyable computing!
  18. kritius

    kritius TS Guru Posts: 2,084

    Good post Bobbye
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Thanks kritius. I sure hope BWise has a sense of humor and doesn't rush out to change that user name!
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...