Sign In
Create Account
1
I didin't want to post this again but I see that "hijacking" threads is not preferred so I will repost my problem here:
I am posting here because I have the following issue: Initially my MCafee reported that I had the braviax virus and sure enough I found braviax.exe and some registry entries associated with it. I tried to clean this up with no success. Now, I have found that any programs I install to scan for this virus are rendered useless because the virus is resetting the security on the actual .exe for any scanning program I install. The following is a list of software I am using to try and clean my Windows XP media edition PC ( doen in safe mode so I can reset permissions after they are wiped):
Mcafee (mcods.exe)
Windows Defender
SDFIX
ComboFix
Hijackthis.exe
MBAM
Running any of these prgrams results in them shutting down almost instantly. If you try to run them again, you get the "file could not be found or you do not have permission" error message. If you look at the permissions tab for any of the associated .exe files you will see that "everyone" has been given full control but "system" "administrators" and any current user accounts have been completely removed or all of the their permissions removed.
Another groovy side effect is that I searched for files on the PC that were time stamped at the time I got the infections and sure enough I found a hidden directory in %system%/system32. When I clicked on the directory in the search results window, permissions on explorer.exe were reset and the GUI went black except for the little "safe mode" banner at the top and bottom of the screen.
Some Background: This started as the "windows antivirus pro/ Braviax" infection as initially detected by Mcafee (before the virus hosed mcafee) now it's something else... possibly a rootkit that I cannot scan as it detects and wipes any file that attempts to access it.
Please help and sorry but I cannot get HJT or MBAM to produce a log.
Back to top
#2
Posted 10 August 2009 - 01:51 PM
-
- Members
-
- 4 posts
New Member
Bump...
Still infected still no response.
More info:
McAfee detected this as Generice FakeAlert.d!gen and FakeAlert-GD (trojan) before being disabled
Windows Defender detected it as Win32/Renos and Win32/FakeScanti
However, I have cleaned up manually what I have found on the Internet about these and whatever infection showed up as this is still lurking.
Still infected still no response.
More info:
McAfee detected this as Generice FakeAlert.d!gen and FakeAlert-GD (trojan) before being disabled
Windows Defender detected it as Win32/Renos and Win32/FakeScanti
However, I have cleaned up manually what I have found on the Internet about these and whatever infection showed up as this is still lurking.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
