Braskt.exe causing restarts/faulty webpages

[mtbtrigger]

I've read a few of the topics about braskt.exe (currently on my laptop) and have begun the 8 steps on my desktop. I have my desktop in diagnostic mode and it is not allowing me to access the internet, is this normal?

Also i have run CCleaner, and am currently running a full scan with Malwarebytes. CC fixed quite a few problems, but I was wondering if i should use the registry fix function of that application. It also has a function to remove locked files, I was wondering if this could be used to move the braskt.exe from my sys32 folder (currently I am only able to delete the one from my windows folder).

I attempted to download Avira and Superantispyware, but both will not run from the desktop. HijackThis is also failing to initialize

The malwarebytes is taking quite a long time, 1 hour 31 minutes at this point, but i will attempt to post a log when it is complete.


Any help would be greatly appreciated, I will check back frequently

 

[momok]

We'll need to see those logs before we can comment much. Braskt infection has proven tricky in the past though.

 

[mtbtrigger]

It seems this is going to take quite a while to run, and im already incredibly tired from this. I will let it run and post the logs in the morning.

 

[mtbtrigger]

While in diagnostic mode I managed to run CCleaner and Malwarebytes. CC was fast but Malware took over 15 hours, however it seemed to get rid of all the popups and whatever was blocking the other programs. I am now running Superantispyware and after that I will be running HijackThis, I will post the logs as soon as I can (probably in the morning).

Just wanted to post this up for anyone having problems, try to run windows in diagnostic mode (this prevents your computer from restarting every 10 minutes, or at least it did for me) and run your scans there. Do as many of the 8 steps as possible!!!

EDIT: even after a restart the braskt.exe files are no longer in my windows and sys32 folders. I'm sure i have other problems, but this seems to be a good start.

 

[momok]

Its tough, but keep it going! Once you get your logs out, we'll be able to provide more insight and analyses to ensure your system is thoroughly clean.

 

[mtbtrigger]

Heres logs: when I put it in normal mode it came back

back on my laptop, as soon as I hit post message it shut my desktop down. Thats the only log I can get to before it shuts itself off

more logs attached to this one

EDIT: One useful tip I just discovered to keep your computer from restarting open the msconfig, untick brastk, then just leave the system configuration utility open. When you shut the config down, some process is reticking brastk and then restarting the machine, but I think (not sure) if its not ticked it will not restart

EDIT2: Just for clarification, when I left the diagnostic mode and returned to normal mode I began having the "your computer is infeced!" popups again. My computer also restarts every 15 mins (except when I leave the system config open, that seems to keep it from restarting).

that last HijackThis log was before I ran some of the other spyware things. I am having trouble opening it so here is the log (probably because I had to rename all of the folders to run HJT):

 

[mflynn]

Hi mtbtrigger

Looks like you have done a good job at following momok's instructions as all looks pretty well.

Looks like I am the servant of momok today as he likely needed a rest.

Update and run MalwareBytes again Full Scan and even again until it comes up clean or finds something it can not clean. It should not take long this time as you are not running in Safe Mode and your long run has removed a lot of issues.

Running it alone will be test as if it does take much longer than an hour there is likely another issue not apparent yet .

Do the same for SAS Update Full Scan make sure you select and remove all, the last log looks as if you did not.

Post their final logs and then a new HJT log.

Mike

 

[mflynn]

Hi mtbtrigger

You pasted the last HJT log while I was composing my last post offline.

If you get this in time do the below before my last post!!!!

Run HJT scan only

Select remove the following
O4 - HKLM\..\Run: [brastk] brastk.exe
O20 - AppInit_DLLs: karna.dat

Then tell me if you know what this is? Do not execute it if you do not know!
C:\Program Files\do this\do this\do this.exe

In Add/Remove programs uninstall Viewpoint Manager

Now do my last post!

Mike

 

[mtbtrigger]

do this is what i renamed hijackthis to

I managed to get Avira installed, updated, and it is currently at 98.4% done. Once it is complete I will redo HJT and update and rerun the rest.

Thanks for the reply I will keep you updated.

EDIT: should i post what avira finds before removing any of it?

EDIT2: I am unable to update SAS and MAM, seems something is blocking them. Should I attempt to restart and try again now that i have removed these files?

 

[mflynn]

No remove what Avira finds.

On the HJT do the removals I requested but do not post a new HJT log until after the repeated runs of MWBAM and SAS!

HJT log last!

Mike

 

[mtbtrigger]

Avira just quarantined a bunch of stuff, do i need to remove them or just leave them in quarantine?

EDIT: If i need to remove them which of the buttons do a press, seems like all the ones available would just take it off the quarantine list

 

[mflynn]

Leave them in Quarantine for now!

Mike

 

[mtbtrigger]

First of all thanks for the help Mike, much appreciated

Second, i am unable to update MWB or SAS, how should i proceed?

 

[mflynn]

Update them in full mode, then but the reboot to Safe mode to do the scans.

Or do you not have Internet access.

Did you boot to safe mode only? I don't understand why you cannot update these 2 programs.

Mike

 

[mtbtrigger]

I am in full mode, but when I hit update it tells me that the update failed. I do have internet access, im wondering if i should reboot now that i have removed quite a few problems (i have not rebooted since i ran avira or used HJT).

 

[mflynn]

Absolutely!

Mike

 

[mtbtrigger]

Still having the update problem here is the quote when i hit update on MWB - "Update failed. Make sure you are connected to the Internet and your firewall is set to allow Malwarebytes' Anti-Malware to access the internet."

I am not currently running a firewall, and i have internet access

same thing happens with SAS

 

[mflynn]

Do 2 things.

Try from Safe Mode Networking. If you get the same then go back to the 8 Steps and reinstall both programs.

If that don't work we will take another route so get back.

Mike

 

[mtbtrigger]

safe mode did not work, same messages. Any chance the update .exe's can be posted here?

 

[mflynn]

Hmmm!

Lets go a different route and come back to this.

Do the below looks big and complex but just step thru my steps.

Reboot clean run no Apps!

Download SDFix to Desktop among other things it runs GMER and Catchme to look for RootKits.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

On Desktop run SDdFix It will run (install) then close.

Then reboot into regular Safe Mode (not with networking)

At Desktop
My Computer C: drive. Double-click to open.

Look for a folder called SDFix. Double-click to enter SDFix.

Double-click to execute RunThis.bat. Type Y to begin.

SDFix does its job.

When prompted hit the enter key to restart the computer

Your computer will reboot.

On normal restart the Fixtool will run again and complete the removal process then say Finished, hit the Enter key to end the script and load your desktop icons.

Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.

Attach the Report.txt file to your next post.

=========================================
Immediately without executing other Apps do the following

Download OTScanIt:

http://download.bleepingcomputer.com/oldtimer/OTScanIt.exe

Close all Apps and Browsers

Download and save to Desktop and Dbl Click to extract the files to an OTScanIt Folder.

If Firewall or other Security or Malware protections pop you should allow them to let OTScanit to run.

Enter the OTScanit folder and run OTScanit.exe.

In Additional Scans select BotCheck, Disabled MS Config Items and Eventviewer Errors/Warnings

Top Left click Run Scan.

The scan can take some time so allow it time.

Then finished a log will open, save log, post back as an Attachment.

Mike

 

[mtbtrigger]

do i need to download those other programs for the first one to work? or are they just included?

 

[mflynn]

Forget the programs that will not update for now!

Just do my last post from beginning to end.

Now you said the others would not update. I surly hope these 2 SDFIX and OTScanit will download as they do not require updating yet!

Mike

 

[mtbtrigger]

sorry for the confustion, do i need to download gmer and catchme for SDfix or are they included?

 

[mflynn]

No they are included.

Get started!

I will be up for another hour or so then to bed.

Will be watching until then.

Mike

 

[mtbtrigger]

when i type the first address in it gives me a cannot display. Should i use my flash drive and DL it on my laptop and just transfer it over?