Vicious Viruses and Horrible Horses

By sergeant259 ยท 55 replies
Nov 6, 2008
  1. Vicious Viruses and Horrible Horses - Need Help!

    Hi all,
    I'm new and pretty much completely pc iliterate as far as tech/support stuff, but I'm having real problems with a trojan horse/virus. Some of the names/files I'm suspicious of are:

    -Antivirus Pro 2009

    It's really messed up my machine good - I can't connect with the AVG server any more, just about all links and pages I've been sent to seem to be blocked by the horse/virus, it won't allow a system restore or even let me create a new restore point. It's corrupted many of my programs as well. I've deleted files and folders, but of course the problems return upon reboot. I'm not sure what to do and being as pc ignorant as I am I would greatly appreciate any and all help you could offer.

    I understand that info about my system would be helpful to those with advice, but the virus is apparently keeping me from even installing the free SIW program and I get "cannot find server" (as typical with most links I've been told are helpful) when I try to get to the free Everest program.

    I am running XP and of course would be more than happy to provide any other info if you can tell me what you want to know and how to find it.
  2. Texaus

    Texaus TS Rookie Posts: 50

    I recently experienced exact same symptoms. All were solved for me on this forum. Go to and download the following programs: CCleaner, Malwarebytes Anti-Malware, SuperAntiSpyware. Do not run those programs until you open up and follow 8 step removal process outlined at top of page on this forum.

    Disclaimer: I am not an expert in this. Just experienced exact same symptoms as original poster and thought I'd share my recent experience.
  3. igglybiggly

    igglybiggly TS Rookie Posts: 19

    I too have had this problem and now managed to sort it. The first step is to take back control of your PC. To do this, when you boot up and sign in, go immediately to Explore (Start>Explore) and delete the File Bratsk.exe in the files C:\Windows (first) then C:\Windows\System32 (you may have to log in as someone else to get the one in system32).

    Read my help given on this board:

    I am not an expert either - but I had this "Bratsk.exe" problem and I have beaten it with the help of the good people on here. Bratske.exe will disable your anti-virus programs and also stop you going to websites that have antivirus software. Take note especially of the Hijack This and having to rename it to get it to work.

    Further note - Bratsk.exe re-starts whenever you re-boot even if you have deleted the files in the above locations - so clean before rebooting.
  4. sergeant259

    sergeant259 TS Rookie Topic Starter Posts: 29

    Thanks for the reply - I was sure I wasn't the only one this has happened to. Do you have a link to the thread with your problem?

    As for the download suggestions - I'll get on it ASAP.

    As for the 8 step removal process - I'm stumped on step 1. What are "Real Time Monitoring Programs?" (I'm really stupid when it comes to these things) I tried to get to the instructions to disable them through the link posted but got the "Cannot Find Server" message again.

    Again, thanks for the reply - though I'm going to have to do some more research and hear from some others before I do anything, but will definitely get those downloads (if the virus will allow me to get to the sites and actually download).
  5. Texaus

    Texaus TS Rookie Posts: 50

    That just means you need to temporarily turn off any antivirus programs you already have installed. My thread is lower down on forum page "help me help my computer".
  6. sergeant259

    sergeant259 TS Rookie Topic Starter Posts: 29

    Thank you, sir! Looks like there's a lot of info in that link relevant to my problem. I still have a lot of reading to do - I want to be sure I know what I'm doing before I start taking action, so any other comments and advice are welcome and appreciated.

    It sounds like the "8 step removal process" is the place to start, right? I want to be sure I'm clear on the steps and know what I'm doing before I start running the suggested downloads. If step one is what I need to start with I have to figure out what real time monitoring programs I have running and how to temporarily disable them? Any suggestions with that, anyone? Or should I start with something else?

    My brain is starting to get sticky - think I'm going to have to get some rest before I get to work on this. I'll check back in later - thanks again for the help.



    I figured it meant something like that - why didn't they just say that :p

    Thanks again! I'll keep reading and hopfully crack this thing for good before too long.
  7. sergeant259

    sergeant259 TS Rookie Topic Starter Posts: 29

    Getting started with clean up

    I'm having trouble getting started

    igglybiggly - I have deleted brastk.exe in C:\\Windows but can't remove it from C:\\Windows\System32 even if I change users - Error reads:

    "Cannot delete brastk: Access is denied.

    Make sure the disk is not full or write-protected
    and that the file is not currently in use."

    Also I'm not entirely clear on the first 2 of the 8 steps - If step 1 "Temporarily Disable Real Time Monitoring Programs" means I should trun off any antivirus programs" Why does step 2 tell me to run "Antivirus Scanning"? That's just confusing, man!

    Edit: I was able to download the reccomended Free Anti Virus: "Avira Free" but not either of the reccomended Free Firewalls - I get the "Page Cannot be Displayed" message... again. Can I move on to step 3 or find another firewall option?

    Edit 2: I was able to install and have begun running the Avira Free software.
  8. igglybiggly

    igglybiggly TS Rookie Posts: 19

    I repeat, I am a newcomer not an expert. I didn't follow the 8 step process. Read through the entire thread of my help and you will see what I did and how some things didn't work. I would rather not post to this thread and leave it to the experts.

    Re getting to the system32 file. As soon as I clicked on log in for another user I went to explore, clicked C, clicked windows and clicked system32 found the Bratsk.exe and deleted it before it protected itself. Having already deleted the C:Windows version of Bratsk, it takes a little longer to get to running the system 32 one, so I was able to delete it, but sometimes I had to log in to different users to try to get to it. Don't wait for the desktop to fully load up - it's too late. Get to it as soon as the desktop starts to load.

    Also, I re-emphasis the point about possibly having to run HJT by renaming the file and folders it is contained in in order to run the program.

    Good luck
  9. wdawg

    wdawg TS Rookie Posts: 37


    I just went (still finishing up getting back to good condition again) through this same deal with the brastk.exe. I don't know if you've gotten to download the Malwarebytes program yet or know to download the ComboFix program, but ComboFix was the one that got it purged from my system.

    You definitely want to get those programs listed in the 8 step process. If you can get to the Malwarebytes first - however you've got to get it - run that program first and let it clean what it finds and that should get you going to be able to access more sites.

    Also, there's a suggestion about resetting your IE settings (RIES). Look for my thread (near yours) on the first page, I believe. There's a post from Tw0rld that talks about how to do this. Really simple and I think it helps take back control on your internet surfing.

    ***I'm no expert, either - just gone through the same thing you're going through. Best of luck.
  10. sergeant259

    sergeant259 TS Rookie Topic Starter Posts: 29

    Your posts are much appreciated! As I understand, from reading around the forum, the 8 steps are not necessarily a "fix" but should able me to narrow down the problem and get me the logs I need to post so the pros can better help me - I may not have the all the exact same problems you have, indeed I may have more/bigger problems. Also, it seems I'm just not fast enought to get to C:\\Windows\System32 to delete brastk before it gets set in. :(

    And thanks to you too! I don't want to do too much before I get direction from some of the more sinior users here, but the 8 steps seems like the place to start so I can get the logs for them... I think

    Thanks again guys! I hear ya about "not being an expert" I'm certainly not either, but it's good to hear from somebody and know I'm not alone over here.


  11. sergeant259

    sergeant259 TS Rookie Topic Starter Posts: 29

    My Step 2 status

    I have downloaded, installed, updated and run Avira Free.

    I'm going to try to attach the report in this post... I think I did it...

    I'm going to now try again to get one of the suggested free firewalls then try to move on to step three.

    Still eager to hear more specific advice/directions, but thanks for the help so far. :)


  12. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Hi sergeant259

    I just read the thread, I certainly see why you may be feeling that the support from the other replies does not sound very, what's the word?, .. trusting :)

    But through their confusing replies I must state that the 8-step process is not just to "narrow down" but also in many cases actually "fix" members issues.
    Therefore as a "senior" here, I must strongly advise you to complete the following:

    Viruses/Spyware/Malware Preliminary Removal Instructions
  13. sergeant259

    sergeant259 TS Rookie Topic Starter Posts: 29

    quote removed

    Thank you! I am working on getting through the steps - still not able to download either of the free firewalls... May I just engage my "windows firewall" and move to step 3 or should that be temporarily disabled per step 1?
  14. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Do not download any firewalls, and definately turn off, or if you wanted my real thoughts - Remove ! any 3rd party live protection software. As per step#1 :)

    Your Windows firewall should automatically engage. But if you have this disabled, then so be it, just don't Google during the process.
  15. sergeant259

    sergeant259 TS Rookie Topic Starter Posts: 29

    quote removed

    I'm still not clear on the intructions on the 8 steps page... If step 1 is to disable all Anti virus programs isn't step 2 "Antivirus Scanning" a bit of a contradiction?

    I had AVG before I came to TechSpot, but my horses/viruses/worms seem to have disabled it - I believe I've shut it down (uninstall in Add/Remove Programs isn't working either, at least not with AVG and many other programs) and I did download, install, update and have the Avira Free program running currently (I posted the Report Log a couple posts up) as recommended in Step 2... Should I shut that down too or by "Remove ! any 3rd party live protection software" do you mean that I should uninstall it?

    Also, I have engaged my Windows Firewall. In effort to "... complete ALL steps" and "NOT SKIP ANY INSTRUCTIONS" I haven't even tried to download CCleaner yet... Should I be okay to go ahead and start working on that now?

    Thanks for your help - hope your patient because I am a bit ignorant about these things.

    Edit: I maybe pretty pc ignorant, but I'm a quick study. I've noted your removal of text I've quoted and will make better use of the Quotes from now on. Thanks :)
  16. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    I understand your concern, you would like to know why the step#2 exists, even though it may contradict Step#1

    The reason for this, is many users believe they have a good Antivirus, when in fact they may only have some small live protection program running

    You had AVG previously.
    AVG tends to fall over once Virus\Malware exists, therefore again the guide actually is orientated specifically for you :) (just by chance!)

    Ideally un-install AVG and install one of the others mentioned (I note you have already installed Avira and scanned your system, well done :grinthumb)

    Please continue the steps. And be advised that these steps have taken many weeks and much Member input to put together. If you follow them to the "T" you will be safe. :)
  17. sergeant259

    sergeant259 TS Rookie Topic Starter Posts: 29

    Much thanks for your patients and understanding!

    I'm off to step #3 - will post results when I finish with step #8 or post questions as the come up. Again, Thank you very much! :D
  18. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    I have just re-read your replies, and then slowly read the removal guide proceedure again. I note this statement in Step#2
    I am going to ask for a slight change to this statement, to read like this:
    I am also going to question the Firewall requirement (as this may not be required to remove Virus\Malware on an infected system)

    Thank-you for bringing this issue\confusion to my attention :grinthumb
  19. sergeant259

    sergeant259 TS Rookie Topic Starter Posts: 29

    Progress - I've made it to Step 5

    kimsland: I'm happy my ignorance and lack of understanding could help! :D Though just to clarify what stumped me - it wasn't the "some" part - it was Step #1's instruction to Disable Ativirus Software contradicting with Step #2's suggestion to download and run Antivirus software. Your explanation of: "The reason for this, is many users believe they have a good Antivirus, when in fact they may only have some small live protection program running" cleared that up. Though it's still unclear as to whether or not the recommended Anti Virus software should be running while you work your way through the steps (I ran Avira while surfing this site and downloading files, but disabled it while running the programs listed in the steps).

    I have made it through Step #4, though it was a little tricky - the links from the 8 Steps page kept directing me to a file named "downloadget.php" instead of "mbam-setup.exe" I was unable to get to because of the "page cannot be displayed" error presumably caused by my horse/virus/worm - I had to goto to download Malwarebytes Anti-Malware 1.30.

    I did have some trouble installing and running the program - it seems the horse/virus/worm was making my system try to reinstall a program for my CD creator - which came up with errors that I knocked down and I had to cancel it's attempts to install several times, but eventually I got the Malwarebytes program running. I was not able to check for updates as I got the "unable to connect" message that the horse/virus/worm likes to throw up when you try to go somewhere that might kill it, though it seemed 1.30 was the latest version and since I couldn't get an update I ran the program anyway and it has seemed to clear up a lot of my problems.

    I think I'm ready to move through Step #5 :)

    The Malwarebytes Anti-Malware Report Log should be attached to this post

    Again, thank you for your instructions and explanations, it's very much appreciated.

  20. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Certainly the infection you have is quite bad

    But because you have not been able to run updates, it will mean that you will need to re-visit and run Malwarebytes again, possibly once finished, and a reset is done.

    By the way, make sure to restart before creating the HJT log, as many infections are not removed until a restart has been completed.

    Please continue. Note: I understand that you are presently going through the steps, but it is possible that I may be offline when you complete them. I apologize, but I have now been on for about 6Hrs, which is a long time!
  21. sergeant259

    sergeant259 TS Rookie Topic Starter Posts: 29

    Understood! I'll run the malware program from Step #4 again (after an update, of course) before going any further. I have rebooted as necessary after Steps 4 & 5.

    6 Hours?! Take a break! :D

    And thank you very much again - I think I'm getting the hang of this. Things are cleaning up nicely - it's a great relief.

    Here's the log from the SuperAntiSpyWare Report

    Thanks for all the help! :)
  22. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Fantastic, keep going :grinthumb

    On a side note, I have contacted our Virus\Malware expert who is working on what to possibly change (or amend) in the 8-step guide

    All because of you!.

    Thank-you :)
  23. sergeant259

    sergeant259 TS Rookie Topic Starter Posts: 29

    Excellent! I see the updated 8 Steps - that is less confusing. Glad I could contribute in my own stupid way :D

    And I'm also glad you mentioned getting the Malware update - I was able to do that this time - it did find, and hopfully removed, more problems (the latest log should be attached to this post).

    I am now stuck on Step #6. I have downloaded and installed the latest Java Version - "Version 6 update 10." But I cannot uninstall any of the older versions via "add/remove programs" Error reads: "Fatal error during installation." I'm not sure what to do now... Do you think I'm unable to uninstall because the horse/virus/worm is still active or might it simply be because of my windows firewall - should I disable that and try again? Should I move on to Step #7 or perhaps repeat the previous steps?
  24. kimsland

    kimsland Ex-TechSpotter Posts: 14,523

    Hi sergeant259

    As I'm only recently back on, I am going through the many replies from many members
    So I apologize for your wait here

    Yes please continue, and disregard removing older versions of Java (at this point)

    I would also like to say (again on a side note) that the 8-step process has now been amended. Thanks again
  25. sergeant259

    sergeant259 TS Rookie Topic Starter Posts: 29

    Oh no, no - Thank YOU! I don't mind the wait at all. I appreciate your help and understand there are many here who need it. I'll continue through the steps and post questions as they come or hopfully post the final results when I'm done.

    Again thanks for your advice and directions. :)
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...