First, you know you got it when you get it. It installs a little application which puts a red circle with a white X in it in your sytem tray and periodically pops up a balloon telling you that your computer is infected and it's going to download a solution and would you please click here. Well, it downloads something, but not anything that could be called a solution. It downloads more spyware, trojans, malware, crapware, etc.
If you try to fix it, none of the major antivirus antispyware software will fix it really. You're going to have to do it manually.
A lot of websites advised taking out some of the programs, but none of them seem to work correctly. After about a week of tinkering, I came up with a method that worked for me.
- Disconnect your computer from the internet. That way it can't reinstall itself.
- Reboot your computer in safe mode with command prompt. That's when you keep pressing F8 at the start up screen until you get back to the old DOS like screen.
- Go to the Windows directory on your C drive. Delete braviax.* and cru629.*
- Next, go to the \systems32 subdirectory and do the same.
- Next, go to the \dllcache and \drivers directories and delete the beep.sys file. Unfortunately, you won't hear a beep anymore on startup unless you save it from another computer and reinstall it on this one.
- Last, go into regedit and do a search for the braviax and cru629 programs. Just delete the named registery edits for the two programs.
Congradulations! You should now be clear of the virus.
6 comments:
So how do you delete the cru629.dat file from c:\windows\system32?
It just keeps re=appearing when you delete it from the registry or windows explorer.
So how do you delete the cru629.dat file from c:\windows\system32?
It just re-appears if you delete it from the registry or windows explorer.
You have to disconnect your computer from the internet and delete it from DOS. That way the automatic installer will not automatically download it and reinstall it. If you delete all of the other files as well while you are there, including the beep.sys where the reinstaller seems to hide itself, you should be fine unless you have an evolved form of the virus that hides itself in a different software.
Because of these virus I've twice reinstalled system in 2 days. Second time I decided to install Linux parallel with XP and surf with Linux ! I hope if I get it again your instructions will be helpfull ! Thanx !
Joel: You're a life saver. However, I did unplug the internet connection but I didn't go back in through dos; I just started normally and I used regedit in Start/Run to edit the files you wanted me to find there, and it found more reanimator files including the Winivstr file, but it's the beep file that is crucial I think as well as the registry edits. Thank you so much.
Allen
April 21, 2008
Joel: You're a life saver. Thanks. I did disconnect from the internet but then I didn't use dos. I just went back on and used regedit in the Start/Run menu to edit the registry, putting in the files you wanted me to delete and it found others as well including the Winivstr file. But the beep files I think are the key.
Post a Comment