After reading posts on braviax.exe virus ( this virus infected a USB stick as well as a PC ), I cleaned up the virus from the PC but was not sure how to get it off the stick until I saw a post about Flash_Disinfector.
I installed Flash_Disnfector on a different machine, sure enough it worked on the stick, but has infected my machine with something, now when I shutdown the desktop goes blank for a few seconds, just like it did during the stick clean, then shuts down.
AVG 8.00 does not detect what is going on, So I have just tested Flash_Disinfector again on another laptop I am replacing the hard disk on, so it does not matter wat happens to it, sure enough the same thing, the desktop goes blank for a few seconds before shutting down.
Instead of using this program, I just turn off the Autorun in the registry and clean the infection from the stick with the Latest AVG 8.00 Downloads installed.
I still need to know what is running though if anybody has any idea's.
Here is how I got rid of the braviax Virus, if you have access to a second machine, remove the hard disk and put it in a USB tray and connect to the clean PC, make sure autorun is turned off in registry on clean PC, ( TweekUI can be used for this ), and make sure AVG 8.00 is installed with Latest updates, scan the whole disk to get rid of the crap, check carefully what driver files have been infected usually just beep.sys ( but on my PC, 30 driver files where infected ) and replace these files, put the disk back in the PC and boot up, you may have a blank desktop, if you do, then remove explorer or the Debug entry from under explorer in the following registry key and reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Do a search in registry and remove all entry's for braviax, buritos, katrina and cru629, install AVG 8.0 with latest updates and scan whole machine, it should be clean after.
There is just one problem I still have on the infected PC, even though it does not actually do anything, when a clean stick any stick is placed in the USB drive, the names of 2 hidden files appear, autorun.inf and system.exe ( These are the files that will infect the PC ), these files are not actually on a clean stick, if the stick is placed in another machine they are not there, I know that a registry key does this but I am not sure what it is, anybody got any idea's, I have not tried this but placing the infected stick in the drive might restore these deleted virus files and run them, so do not use a stick that has been infected with these files, I know once this registry key is removed it will no longer restore the deleted files, I can not remember what the key is.
Edited by End To Viruses, 26 August 2008 - 08:24 AM.