Brastk virus problems

Status
Not open for further replies.

crispydog

Posts: 10   +0
Got this horror on Wednesday.It disabled all my AV checkers,HJT, & corrupted ZA,stopped me visiting any security sites & redirected any security searches on google.
Through this & other forums advise I have managed to delete all references/files with the names brastk,karna & antispyware 2009 from programs & registry.
I have managed to reload ZA.I have run the 8-step guide,Avira (found 8 trojans),Avast & AVG all these now show me as being clean.
Problems:
Downloaded Malwarebytes & super anti spyware both will not install.
XP system restore does not work.
Cannot directly access sites like grisoft.com,symantec.com,trend etc,I get the unable to connect window,if I try to access thes sites via a google search I get redirected to some obsure search pages.
HJT log attached any help would me much appreciated.
 
Try this
Uninstall your current Antivirus software (hang on I'll check what it is...)

Huh

Un-install AVG
and un-install Avast
You cannot have 2 of them

Un-install any other live protecting softwares as well
 
Well done :grinthumb

But sadly as per the guide, all attachments must be supplied
These logs help diagnose your issue further
Especially the MBAM log, this one, if issues found, can be updated and scanned again (as sometimes infections hide other infections, a double scan is required, obviously removing all issues at the end of the scan if found))
 
Under extreme cases
Where the support may take longer than actually re-installing Windows, and all drivers\Windows updates\ Programs and user data and settings
It is sometimes stated just to re-install clean
 
If you are not using RegistryBooster 2009, please un-install it
Otherwise just stop it from running at startup by ticking and then fixing the following line in HJT
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
Then restart


Malwarebytes found and removed a few entries (which is great news)
But I would suggest that you re-open it
Then update it again (third tab)
Then run a full scan again
Basically malware can hide malware, running the second scan, can remove the hidden ones ;)

Please reply back with a new Malwarebytes scan log
And if anymore malware entries were found and removed
Restart
Run CCleaner again
Then open HijackThis, and provide a new HJT log :)
 
Please re-open HJT and tick and fix the following
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

By the way, if you don't use PartyPoker, please un-install it from Add\Remove programs
PartyPoker Description
PartyPoker is a spyware cookie associated with an online casino website. PartyPoker tracks your personal information and browsing habits as you surf the web. Information can be retrieved by the parent company.

The same (as all above) may apply here:
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://casinoclassic.microgaming.com/casinoclassic/FlashAX2.cab

Then please re-run CCleaner, once more

Once complete
Please restart, once more
And then reply with how the computer is presently running.?
Can you now access sites like: grisoft.com ?

If not, try this one last approach: (IE Reset) https://www.techspot.com/vb/post682762-2.html
 
Seems to be running very well at mo,I can access all the sites that were denied previously with no redirects.
A question about the reason to remove
O4 - Global Startup: BN-WD54G Wireless Client Utility.lnk = C:\Program Files\BLUENEXT\BN-WD54G\Installer\WINXP\BCU.exe

this is my wireless receiver/transmitter dongle.

Many thanks for all the help,much appreciated.
Russ.
 
Please leave that entry in
Sorry about that, a search for BCU.exe came up with possible spyware
As your file is attached to C:\Program Files\BLUENEXT\BN-WD54G\Installer\WINXP\BCU.exe
Please leave it alone

I have also amended the above reply of mine
 
Status
Not open for further replies.
Back