Hi,

I'm hoping you can help me although I really don't know where to begin - so many issues are occuring! Ackkkkkk!!!!

The other day while reading an email, a virus message poped up and my system went wacky and shut down. I turned it back on and found that my Norton's was gone "poof" and that my browser window would not open. I could access my email client and the weather bug so I know I have an internet connection, ...just couldn't get my browser window to load.

So, thinking I could fix this myself, I reset my settings to restore the Windows browser. I now can access the internet, but I CAN'T follow a link or download ANYTHING. I keep getting a "internet explorer cannot display the webpage" error message. I've been searching through this site and I think I may have "hijacked browser" ...not sure though what that means or how to fix it?

Okay, also, at this time, I had received a message with instructions on how to update my Norton's. I was able to start that process, ...which means that it said it had to remove the previous version of Norton's before it could install the latest version. It removed the old, but now I can't download the newer version so I have NO virus protection on my computer. I tried to access other sites, such as the AVG 8.0 for a FREE product to try and get my system protected, but once again, I cannot get the page to load, so I'm just unable to download it.

I tried to do a system restore and it is not working either, ...keeps saying it can't restore, try another date. I did, my apparently that feature just doesn't work anymore. I even tried to create a new date and it won't.

So, no Norton's, browser won't open new windows, no system restore, ...oh, and other pop up messages as well.

Sorry this is so long, ...just not sure what to try and fix first.

I appreciate any help you can provide.

Thanks!

BetsC

You've already gone too far! One interesting thing-weather bug- this is going to be a big of part of your problem. It comes bundled with spyware/adware!

Please go to the follow page here and begin the malware cleaning step. If necessary, download the programs to a flash drive, then run on your system:
http://www.techspot.com/vb/post645589-1.html

Do Not attempt to use restore until the system is clean and we have removed the old restore points. they can become infected with the malware and since they are protected files, the cleaning programs don't reach the restore points.

Try to get some online AV program to a flash drive and get it on to the system. Do it in Safe Mode if needed. Chances are if you didn't use the Norton Removal Tool, you will have some protection left.

Once you attach the logs, we can begin helping you.

You've been hit by spyware. I also recommend you ditch Symantec-Norton in favour of AVG 8.

I recommend running the following 3 anti-spyware utilities (all available in the Download section at this site):

• AVG 8
• Ad-Aware 2008
• Spybot Search & Destroy

Repost with results.

Best,
-- Andy

The infection is called Spyware2009 and comes with two things. First - in your bottom right toolbar a red circle with white cross. This gives a popup that includes the word "prevent" mis-spelled, thus highlighting it as a virus. Second, it comes with a file called Brastke.exe which will be in two places - one in C:Windows and one in C:WINDOWS/System32. I have found I can delete one via Explore under one user login and then have to go to another user login to kill the other before it gets started. This malware infection is quite clever in that it totally disables any anti-virus software installed (like Norton or AVG), it also will not allow you to run any newly downloaded software and in most cases will not allow you to open any webpages associated with anti-virus software - so you can open Norton motorcycle webpages, but not norton antivirus pages! As you will see, I have discovered the program, but not how to kill whatever is replacing the Bratsk.exe files when the PC is re-booted. The instructions I found elsewhere on the net include using Trend Micro's Hijack This to kill the startup program (as MSconfig is not going to work), but the virus won't allow the Hijack This to start up now I have downloaded it. I suspect it is a registry problem - but then I'm a basic user and I don't even know how to find those and kill the correct registry entries and none of the recommended software will open up - save 1 - Spyhunter 3. Can anyone offer any further help? Preferably something that does not involve downloading and running a program - because the little bugger won't let it happen!

I'd try Task Manager (if it isn't blocked from running by the spyware) and look in the process list for Brastk.exe and kill it. Then see if you can install/run anti-spyware. I gave my recommended 3 anti-spyware utilities in a previous post.

-- Andy

Download EndItAll
Extract, then run Setup
Then run the EndItAll application
Then click on the skull heads
Then close EndItAll

Then continue over to Viruses/Spyware/Malware Preliminary Removal Instructions

@Bobbye please update your link to the direct link provided here

One other thing about Bratsk - It killed my Cid malware problem which we have had for over 12 months now and could not get rid of! Frying pan and fire spring to mind.



Kimsland - I have just run enditall and there are no skulls - perhaps because I have surpressed the program by deleting the two Bratsk.EXE files in Windows and system32. Specifically, what I need to know is how to find out what puts these two EXE files back in the Windows and system32 files when i re-boot? If I can stop it doing this I can kill it. What i detailed above is enough to take back control of the PC - but it doesn't stop this thing preventing anti-virus software being opened and run. Thnaks for your help.



I think the thread "Viruses are destroying my computer and I need help" is the same issue. Perhaps this is affecting quite a lot of people worldwide.

It is obvious that a program is set to run at startup, therefore editing the registry might be the best option. The problem is where to look for the entry;Run regedit:

1. Win logo key + R, then type regedit
2. When regedit opens browse to the following:

Look here for any strange entries.

Also browse to:
Look for any strange entries.

Also observing the string value should reveal the location of the file.
Note:Before you delete anything be sure that it is the offending entry. Posting it for conformation maybe best.

Please go to MSCONFIG Diagnostic mode
Start->Run-> MSCONFIG

Then restart your computer

In Diagnostic mode none of your startups will happen.
This may help to continue repairing your issue

But once all is done, you will need to go back and run MSCONFIG and return it to Normal mode

This is a lot simpler.

Under: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] nothing appears incorrect.

Under [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] there's (under suspicion):-

(Default) Reg_SZ (value not set)
Carpservice Reg_SZ carpserv.exe
dmtxe.exe Reg_SZ C\Windows\system32\dmtxe.exe
dmzsy.exe Reg_SZ C\Windows\system32\dmzsy.exe
Kernalfaultcheck Reg_Expand_SZ %systemroot%\system32\dumprep 0 -k
Love default global mess Reg_SZ C\Documents and settings\all users\Application Data \ great coal love default \ warn once.exe - wtf???
Pinnacle Driver Check Reg_SZ C\Windows\System32\PSDrvCheck.exe
winlogin Reg_SZ

Everything else looks kosher

Thanks for your assistance

Kimsland - re your MSconfig re-boot - I don't feel confident enough to follow your instructions since "In Diagnostic mode none of your startups will happen" - so what will happen and "once all is done, you will need to go back and run MSCONFIG and return it to Normal mode" - will it be obvious how to do this? If I lose the tinternet through following these instructions I lose all the help I am getting from you guys.

Thanks again

Once the infection or issue is resolved, you can then return MSCONFIG back to normal

Or use the Msconfig Cleanup utility (preferred)

First things first - does anything look wrong in the list I supplied - anything on the "kill" list? What about the loving coals thing?

Second - do I run the MSconfig cleanup (which I have just downloaded) instead of doing the MSCONFIG and re-boot your computer?

Third - you type MSconfig and a window pops up. What then? Do I just go start>turn off computer>restart? or do I change something in the MSconfig window?

I did say I am a basic user!

Unable to find any info on the entries below. My guess is that they are no good.
Do not delete anything yet. I would love to get conformation from others.

I will leave you in tw0rld capable support
His support here is actually helping you more
I agree the above entries should be removed from startup, and then deleted

I found this if it helps you with giving me advice?

http://www.techsupportforum.com/secu...exe-virus.html

Huh! One of my old forums I was member on for a while
I find TechSpot much better
But I do refer to links to other sites as well

Please continue to follow tw0rld support (above ^^)

Apparently the warn once.exe file went by another name THAT SOFTWARE DEAD ONCE.EXE


This might explain your inability to run programs. Go ahead and delete those three entries, by browsing to their directories. Also run msconfig and deselect,

1. dmtxe.exe
2. dmzsy.exe
3. warn once.exe

click apply, then ok.

After restart use msconfig cleanup to remove those entries mentioned above.

Tanks kimlsland. I've been meaning to do that. Reminder helped.

In Regedit I deleted the three entries you highlighted (tw0rld) by selecting each, right clicking and deleting.

I rebooted the pc - Bratsk.exe returned to the two locations in windows and system32.

I installed and ran MSconfig cleaner. This did nothing but come up with a box saying "there are no disabled startup items in MSConfig". The choices are select all / deselect all / quit. Not much help. Am I missing something?

I will have to return to this in the morning (UK time).

Please continue to offer more advice for the simplest of minds and abilities. I am determined to kill this bug.

Thanks