Hi
I am trying to clean a friends pc that was infected with over 3000 virus/malware/spyware. Resolved most of the infections using several different AV scans, spybot etc. The systems is running Win XP Home SP2
I was left with infections relating to braviax.exe and cru629.dat. Avira AV was installed on the pc and it would block these infections but when the pc was restarted the infections would return. These infections would also disable HJT and spybot. I managed to get both working by renaming the executable files.
HJT was not able to fix the entries for the infections.
I tried using combofix, but is completed disabled and renaming did not allow it to run.
As a desperate measure I tried to run avenger.
I typed the following into the "Input Scripts Manually" box
Files to delete:
C:\WINDOWS\SYSTEM32\crypts.dll
c:\windows\system32\msvcrtd.exe
c:\windows\system32\cru629.dat
C:\WINDOWS\system32\braviax.exe
Drivers to unload:
msupdate
The PC shut down - and when restarted the black command box appears and nothing else appears on the desktop. The Pc will not event start in safe mode.
The following files are in the root directory:
quvuaxmo.bat
reboot.bat
reboot.exe
start_.cmd
zip.exe
Any help would be gratefully appreciated.
The following is the avenger.txt report file.
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yumxtbaw
*******************
Script file located at: \??\C:\WINDOWS\system32\txcyeelm.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\SYSTEM32\crypts.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\crypts.dll failed!
Could not process line:
C:\WINDOWS\SYSTEM32\crypts.dll
Status: 0xc0000034
File c:\windows\system32\msvcrtd.exe not found!
Deletion of file c:\windows\system32\msvcrtd.exe failed!
Could not process line:
c:\windows\system32\msvcrtd.exe
Status: 0xc0000034
File c:\windows\system32\cru629.dat deleted successfully.
File C:\WINDOWS\system32\braviax.exe deleted successfully.
Registry key \Registry\Machine\System\CurrentControlSet\Services\msupdate not found!
Unload of driver msupdate failed!
Could not process line:
msupdate
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
I am trying to clean a friends pc that was infected with over 3000 virus/malware/spyware. Resolved most of the infections using several different AV scans, spybot etc. The systems is running Win XP Home SP2
I was left with infections relating to braviax.exe and cru629.dat. Avira AV was installed on the pc and it would block these infections but when the pc was restarted the infections would return. These infections would also disable HJT and spybot. I managed to get both working by renaming the executable files.
HJT was not able to fix the entries for the infections.
I tried using combofix, but is completed disabled and renaming did not allow it to run.
As a desperate measure I tried to run avenger.
I typed the following into the "Input Scripts Manually" box
Files to delete:
C:\WINDOWS\SYSTEM32\crypts.dll
c:\windows\system32\msvcrtd.exe
c:\windows\system32\cru629.dat
C:\WINDOWS\system32\braviax.exe
Drivers to unload:
msupdate
The PC shut down - and when restarted the black command box appears and nothing else appears on the desktop. The Pc will not event start in safe mode.
The following files are in the root directory:
quvuaxmo.bat
reboot.bat
reboot.exe
start_.cmd
zip.exe
Any help would be gratefully appreciated.
The following is the avenger.txt report file.
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yumxtbaw
*******************
Script file located at: \??\C:\WINDOWS\system32\txcyeelm.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\SYSTEM32\crypts.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\crypts.dll failed!
Could not process line:
C:\WINDOWS\SYSTEM32\crypts.dll
Status: 0xc0000034
File c:\windows\system32\msvcrtd.exe not found!
Deletion of file c:\windows\system32\msvcrtd.exe failed!
Could not process line:
c:\windows\system32\msvcrtd.exe
Status: 0xc0000034
File c:\windows\system32\cru629.dat deleted successfully.
File C:\WINDOWS\system32\braviax.exe deleted successfully.
Registry key \Registry\Machine\System\CurrentControlSet\Services\msupdate not found!
Unload of driver msupdate failed!
Could not process line:
msupdate
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
