Tech Support Forum - View Single Post

Gary R · 10-29-2008, 06:13 PM

OK looking much better, still some work to do.

Download OTMoveIt3 by Old Timer and save it to your Desktop.

Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below.

Code:

:Files
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\karna.dat
D:\Info.exe

:Commmands
[EmptyTemp]

Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3

Next

Run a scan with HJT and when finished check the following items (if found).

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'Default user')

O20 - AppInit_DLLs: karna.dat

Now close all open windows and click Fix Checked to remove them.

Next

I need you to run an online scan for me

Please go to Kaspersky Online Scanner.
Read through the requirements and privacy statement and click on the Accept button.
It will start downloading and installing the scanner and virus definitions.
- You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they're not, please tick them and click on the Save button:
- Spyware, Adware, Dialers and other potentially dangerous programs.
- Mail databases.
Under Scan, click on My Computer.
Once the scan is complete, it will display the results.
- Click on View Scan Report.
You will see a list of infected items.
- Click the Save Report As... button (see red arrow below)
- In the Save as... prompt, select Desktop
- In the File name box, name the file KAVScan
- In the Save as type prompt, select Text file (see below)
- Copy and paste that information in your next post please.

Finally

Run a new scan with HJT and post me the log please.

Summary of the logs I need from you in your next post:
OTMoveIt log

Kaspersky log

New HJT log

Please post each log separately to prevent them being cut off by the forum post size limiter.

10-29-2008, 06:13 PM	#8 (permalink)
Gary R Analyst, Security Team Join Date: Jul 2008 Posts: 110 OS: XP SP2	Re: Infected with brastk.exe, wini10802.exe? OK looking much better, still some work to do. Download OTMoveIt3 by Old Timer and save it to your Desktop. Double-click OTMoveIt3.exe to run it. Copy the lines in the codebox below. Code: :Files C:\WINDOWS\system32\brastk.exe C:\WINDOWS\system32\karna.dat D:\Info.exe :Commmands [EmptyTemp] Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar), and paste it in your next reply. Close OTMoveIt3 Next Run a scan with HJT and when finished check the following items (if found). O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'Default user') O20 - AppInit_DLLs: karna.dat Now close all open windows and click Fix Checked to remove them. Next I need you to run an online scan for me Please go to Kaspersky Online Scanner. Read through the requirements and privacy statement and click on the Accept button. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run. When the downloads have finished, click on Settings. Make sure these boxes are checked (ticked). If they're not, please tick them and click on the Save button: Spyware, Adware, Dialers and other potentially dangerous programs. Archives. Mail databases. Under Scan, click on My Computer. Once the scan is complete, it will display the results. Click on View Scan Report. You will see a list of infected items. Click the Save Report As... button (see red arrow below) In the Save as... prompt, select Desktop In the File name box, name the file KAVScan In the Save as type prompt, select Text file (see below) Copy and paste that information in your next post please. Finally Run a new scan with HJT and post me the log please. Summary of the logs I need from you in your next post: OTMoveIt log Kaspersky log New HJT log Please post each log separately to prevent them being cut off by the forum post size limiter. __________________