Braviax - How to remove

Braviax is a family of rogue anti-malware programs that was first discovered in early 2008. They have released many versions of rogue applications, but some of their behavior doesn’t change: the malicious files are added to the registry as an auto-start process and they load on system startup. Braviax programs also achieve persistence by editing system settings. At first, the infection was mainly associated with System Defender. The program used to alert users that their system is infected and that the threats can be removed with the help of System Defender software for $49,95 – getting users to buy a program they don’t need and that doesn’t work.

Braviax – Rogue Antivirus

Multiple Windows systems targeted

Since the very beginning of Braviax, things have changed dramatically. As mentioned, these malicious applications were first noticed in 2008, however, the rise of Braviax family has started in early 2010 when it started releasing multi-name rogue applications. It has released a bunch programs that have different names based on the version of Windows that a targeted computer is running, such as Vista Antivirus, XP Security, Win 7 Protection, etc.

All of these applications are able to change Windows Registry settings in order to be started every time you launch Windows. Then it supposedly runs a full system scan and reports completely false scan results. Your system may be completely fine, except for that Braviax rogue, but it will claim that you have multiple issues that must be solved as soon as possible. On top of that, you will not be able to run your normal Windows applications, as the rogue will terminate them stating that your computer is infected. You will constantly see alerts warning you about virus attacks, too. Obviously, the next step is suggesting the user purchase its full version.

Braviax removal

In short about Braviax programs:

Classification
  • PUP (potentially unwanted programs)
  • Scareware
  • Rogue Anti-Spyware
  • Scam
Problems with Braviax tools
  • Misleading or fake detections
  • Scaring the user into buying the program
  • Redundant or useless features
Distribution
Braviax removal
  • Delete malicious applications (SpyHunter)
  • Uninstall Braviax programs

You should never follow what Braviax rogues are trying to make you do. The best solution is scanning your system with a real and reputable anti-malware program, such as Spyhunter, and eliminate the rogue program for good. You can also try to remove it manually, though it can be hard to find all the malicious files and settings that need to be removed.

A flood of fake antispyware

The success of multi-name rogue infections was so great that the same year Braviax family came up with several other versions. It has added 2010 and 2011 endings to the previous names, for example, Vista Antispyware 2010, XP Home Security 2011, Win 7 Anti-Virus 2011, etc. All of these applications work identically to their previous versions, they even share the same interface and also choose the name according to the version of Windows a targeted system is running.

"Braviax', screenshots of braviax programs

Do you think Braviax had stopped here? No. In the summer of the following year, another version of the multiname was released and, unsurprisingly, the only thing that makes these programs different is again the year in their names. Vista Security 2012, Vista Internet Security 2012, XP Antivirus 2012, XP Total Security 2012, Win 7 Defender 2013, Win 7 Antispyware 2012, etc. were trending in the summer of 2011.

At the end of 2012, Braviax has released another batch of infections: Vista Total Security 2013, Vista Antivirus 2013, XP Antispyware 2013, XP Security 2013, Win 7 Internet Security 2013, Win 7 Home Security 2013, etc. It is also worth mentioning that in 2012 Braviax had the greatest success infecting systems, especially throughout the month of April, but the whole year was really profitable for these cybercriminals.

In 2013, the Braviax family was still distributing the same rogue and in 2014 they have challenged computer users again with the new versions. This is the time when Rango, Sirius, Zorton and AVbytes versions were introduced to the world. Braviax came up with such names as Rango Win 7 Antivirus 2014, Sirius XP Protection 2014, Zorton Win 7 Protect 2014, AVbytes Win 7 Antivirus 2014, etc. 2014 are also know as the year that Braviax were infecting systems running Windows 8 more and more often, therefore, you were also able to see names involving Win 8, such as AVbytes Win 8 Protection 2015, Win 8 Protection 2014, etc.

Automatic Malware removal tools

Download Spyhunter for Malware detection
(Win)

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection
(Mac)

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

Manual removal

70 responses to “Braviax

  1. Braviax.cru629 is far worse than any anti-spy/anti-virus/security companies will ever tell you. You CANNOT remove it manually (tried just about every process suggested through exhaustive internet searches/simply wasted many hours) and I seriously doubt any purchased or free programs will automatically remove all pieces of this malware. The most potent symptom of the malware (and one that no one is really talking about) is that it deftly DISABLES all anti-spyware programs that you have running or try to install, including Zone Alarm, Kaspersky, Superantispyware, Windows Defender, and more.

    The ONLY way you will ever COMPLETELY remove this from your system once you have been infected is to BACKUP all of your important data and FORMAT your hard drive. Then reinstall Windows and start over again. Good luck.

    And shame on the major security firms out there who want to pretend that this malware does not exist or is not as serious a threat as it truly is.

  2. The Easiest way to get rid of this is in safe mode, delete the braviax.exe
    cru629.dat
    files.

    Then delete all record of them in the registry, and simply create a new user account to migrate all your stuff to, (dont copy anything in your temp directorys though or you may end up copying the evil files over with them)

    then delete the old user account.

    this braviax program only affects users that are logged on at the time of getting infected, so a new user account or 1 that wasnt logged in is un affected.

  3. These are my notes:
    Each time that i unch svchost,it(svchost) adds these:
    1)braviax File not found: braviax.exe — HKLM\Software\Microsoft\Windows\CurrentVersion\Run\braviax
    2)cru629.dat File not found: cru629.dat — HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_dlls
    every time that windows is going to run update system restarts suddenly.(Doese it use of Imges?)
    steps 1&2 are added to registry automatically.
    I ran Explorer.exe but nothing happened.
    when i clicked an exe program,it addes them.I don’t know why it didn’t do theme for Explorer.exe ans someother ???
    Where is my Winlogon.exe?it has been missed.
    IMPORTANT: I can’t see any winlogon.exe that i create before!!!.BUT HOW???
    my winlogons aren’t deleted because there is windows winlogon in system32 and i get a message whene i’m creating a
    new winlogon.exe file in the same directory that i was made before.
    svchost.exe(s) are beeing terminated one by one.(it takes about 1h for each.it’s 179 minutes that my computer is up)
    what’s “Perflib_Perfdata_f90.dat” in temp.
    ———————–
    I found a way to disable braviax.Mail me to recive the file…

  4. I have personally just removed this virus and this wasthe only way that worked I tried above suggestions and nearly 50 other forums and came across this one: there are 2 braviax.exe programs one in C:\windows\system and other C:\system32 (if using WINNT the replace ‘windows’ with ‘WINNT’ the latter, if deleted, re writes itself immediately back to system32, try it and see for yourself, the idea is to stop the main program in ‘system’ allowing that re write operation into system32, if you can stop the icon appearing at the bottom right of screen then you can install and run all your AV software / spyware stuff. 1st open the actual braviax.exe found in C:\windows\system (Not system32)by right clicking and selecting “Open With” then select ‘Notepad’ a load of jargon will appear in notepad – delete one of the characters and replace it with anything letter or number, as long as it is different from what you deleted – please note you must replace the character as braviax checks / counts for missing code and replaces it if not, although it does not check the content. Next save over the original file as itself in the same location, the pc should tell you ‘file already exists etc….’ click yes to save over the file. Once saved, right click on the braviax.exe icon and select properties – take a note of the ‘created & modified’ times (write them down) close and go to C:\windows\system32 look for the Braviax.exe icon and right click that select properties and note times again. Restart windows.
    When up and running again go back to both icons and check times if they have not changed then you are nearly there if they have changed do the above again but change more characters, don’t forget to save over original program. Now for a check. once the time stamps stop changing you can delete the following C:\windows\system32\braviax.exe
    C:\windows\system32\drivers\beep.sys (this is the file that produces the ‘Beep’ on start up), the virus attaches itself to this file and it Must be deleted without question, you can replace this file later with a driver download site or your install discs. Restart Pc again.
    Now check to see if the red Icon appears in the bottom right hand side. If it doesn’t then get installing and running as many different spyware programs you can run, the braviax program is no longer running and now you can get rid of it. If the virus will not go away there is a good chance that it has embedded itself into numerous registry entries and system files, therefore it’s possible you may have to format HD. I am no computer whizz I just happened to get rid of it this way and so have numerous others so I know it does work.

  5. Braviax does affect more than the current user. Simply deleting the exe. files does nothing to stop the virus. I have done everything that all the forums state and I have eliminated it from running or causeing pop-ups but it is still there in the shadows. It is rooted in the DOS system which none of the anti-spyware programs go to. I have to completely agree with Johnny. Brian I doubt very much you have removed the virus from your computer but if you have that’s awesome.

  6. It took a long time and may trials to finally get rid of this issue (braviax.exe). I can’t even remember everything I did. In the end, this is what I KNOW I did. (I’m not going to spell out every step, just the gist; if you don’t know how to do any particular step, ask, someone will help you out — this, by the way, was an XP Home system with three user account plus the administrator account.)

    Disconnect from the internet.

    • Run AdAware (Full system scan) multiple times until clean.
    [braviax would not allow Spybot to run.]
    • Run Avast Antivirus (“Thorough Scan”) multiple times until clean.

    ** Somewhere along the way, when trying to remove braviax, it would reboot my system upon loading any user account. What was happening was, whatever piece of it was reloading itself would place a file in the “Start Menu/Programs/Startup” folder (see below), reboot the system, and on second boot, reload the malware. When rebooting into any particular user account, hold down the Ctrl key while Windows is “loading settings” to keep Startup folder programs from executing. **

    • Reboot into “Safe Mode: Command Prompt” — Administrator account (hold down Ctrl key while Windows is “loading settings”.)

    • Delete:
    o C:\windows\braviax.*
    o C:\windows\cru6*.*
    o C:\windows\system32\braviax.*
    o C:\windows\system32\cru6*.*
    o C:\windows\system32\dllcache\beep.sys
    o C:\windows\system32\drivers\beep.sys

    • at command prompt — run “explorer.exe”
    • In the explorer window “Tools:Folder Options:View” configuration option, make sure you unhide all files, including protected operating system files.

    • Browse to windows\prefetch folder
    • Find and delete any files including the word “braviax” in its name.

    • Check “Start Menu/Programs/Startup” folder for each account.
    I don’t remember the exact name of the file, but it was something like “ssny.exe”
    • Delete file.

    • Check Desktop folder for each account.
    I don’t remember the name, but it was something like “selfdel.bat”
    • Delete file.

    • Both of the above files were only found in the “All Users” account, but it doesn’t hurt to check all of them.

    • Close the Explorer window.

    • at command prompt — run “Regedit”
    o Find: braviax — delete all references
    o Find: cru6 — delete all references
    • exit “regedit”

    • use command “shutdown /l /t 00” to log off administrator account
    • Log on to next user account (holding down the Ctrl key while “loading settings”)
    • Verify the above deleted files have not regenerated.
    • Repeat the “Regedit” searches — deleting all references

    • Repeat log off/regedit searches for each (every) account.

    Just for good measure, when I was in the registry in noticed a “LocalMachine” key named “Reinstall”, which looked legitimate, but I backed it up and then deleted it. I would not suggest doing this.

    Again, just for good measure, double check to make sure the original braviax, cru629, and beep files are still gone.

    After rebooting the system (once for each account) it came up fine.

    Don’t forget to go back into your Explorer:Tools:Files Options:View configuration and reset things up the way you like them.

  7. Tried everything the pesky virus still was there so format is the only way for sure!!!!!!!

  8. Run windows in safe mode and delete C:\windows\braviax.exe, C:\windows\cru629.dat, C:\windows\system32\braviax.exe, C:\windows\system32\cru629.dat and C:\windows\system32\drivers\beep.sys.
    Then run regedit and delete all values including Braviax or cru629. Reboot and it should be gone. Only thing that worked for me.

  9. Guys, I just used Spyware Doctor WITH Anti-virus on July 17, 2009 and it worked. I think it depended on the A-V to do it, and don’t think SD did it on its own. Just rebooted and gone. No files on disk or in registry.

    THEN, I went to the website that gave it to me and it blocked the hell out of it! Worth the 39 bucks.

  10. @Marcus

    Great Job Marcus it worked here.
    Had a users laptop infected,
    This was great after reading all the others that did not work.
    Best Part this was simple and it worked.
    Well simple for me.
    It did eat norton for lunch. but thats normal with norton ( not a Norton fan)

    James

  11. @Majid
    Hi Marcus, I am only a novice on computers so if possible could you explain to me how to get rid of braviax please.
    Glenn

  12. @Brian

    I tried this numerous times – removed all cru629 and braviax entries in windows and in the regisry; killed the processes; turned off all startup items; started in safe mode; nothing worked. Oh – I also created a new user each time and started up in the new user, but there was braviax – always there waiting for me. I finally, after many hours of researching this and trying every “fix” I could find – I finally reinstalled windows, including reformatting the hard drive. Also, the braviax and Home Antivirus 2010 did something to prevent me from running any anytivirus or antispyware programs.

  13. chris, I tried exactly what you did and can’t get rid of it. And it was preventing me from using malwarebyte’s software. Here is how I finally did it..

    1. killed all braviax processes.
    2. restart windows in safe mode with network access
    3. download malwarebyte’s software
    4. setup malwarebyte
    5. tried to run it but it can’t run due to the virus recognizing mbam.exe, so I need to change the filename somehow, but the virus won’t let me change mbam.exe to something else.

    6. Download Malwarebyte’s software to another computer. Set it up. Change the mbam.exe on the same computer to zzz.exe and transfered the zzz.exe file to the virus infected computer’s malwarebyte folder.

    7. run zzz.exe on the virus infected computer.

    8. finanlly malwarebyte runs, it detected 98 irregularities.. killed most of it, and then malwarebyte ask me to reboot to kill the rest.

    9. Reboot….Virus free !!!!

  14. Steve,
    Good Job! However, you should check your PC with another remover as well (just to be safe). Trojan downloaders are a bit ugly nowdays 🙂

  15. @Marcus
    Marcus had the answer!

    It worked! I wish I could pat you on the back!

    I spent all day browsing forums and threads unsuccessfully until I cam across your little paragraph of instruction. I KNEW it had to be that straightforward.

  16. I too tried Marcus’s advice and it seems to have worked. However, I don’t trust that it’s completely gone. It modifies specific files. I hope that the antivirus software will get rid of anything that is left. I want to thank everyone for the wonderful tips.

  17. hi!
    my laptop just git infected with braviax and i tried everything to delete it without success! now i tried to format but it is not possible! i always get a blue screen, not possible to format! i got a dell laptop! i really dont know what to do? can anyone help me?
    thx martin

  18. I did all Marcus said but yrt it’s there … could there be some other detail I’m missing

  19. Yhaaaaaaa, i killed the beast 😀 this very ugly virus is infecting/replacing the file ntfs.sys in c:\windows\system32\ and in c:\windows\system32\dllcache. So how i did it?
    First i have disabled “System restore” and the virtual memory moved to 0. Then i have closed all proccesses named “BN3.tmp, BN4.tmp ….,BN50.tmp ….” and also “braviax.exe”. After this i have deleted everything from “c:\Documents adn setting\\local setting\temp” and “temporary internet files” and everything in “c:\windows\temp” Now using an utility cd with a windows live or the instructions from microsoft (http://support.microsoft.com/kb/822800) replace the ntfs.sys file with the original one.
    I hope this will help all of u who met this monster 😀

  20. Try Trend Micro Housecall 6.5 It is a web based/run antispyware/malware/grayware/virus scanner so it can run on your computer without being disabled by the virus.

  21. Jeanne: You are wrong. Lot of modern viruses/trojans first blocks anti-spyware manufacturer websites and online antivirus scanners.

  22. Andy :
    @Marcus
    Marcus had the answer!
    It worked! I wish I could pat you on the back!
    I spent all day browsing forums and threads unsuccessfully until I cam across your little paragraph of instruction. I KNEW it had to be that straightforward.

    +1
    Thx!

  23. Marcus’ instructions seemed to have worked. However, when I ran Spyware Doctor afterwards, it picked up the homeantivirus2010 string. It supposedly got rid of it, but that program supposedly got rid of pcantivirus2010 as well, and didn’t. Will go back into the reg now to see if braviax or cru629 is back because of homeantivirus2010.

  24. Apparently, Marcus solution does not clean the PC completely. There might be some trojans left (active or not). Braviax is known to distribute homeantivirus 2010 , and some removers label it so. I would try to use Spyware Doctor to remove remains or other anti-spyware program.

  25. I used a program called SuperFind and did a search in windows for
    braviax
    cru629
    beep
    I then save information where these were located.
    There were more of these files than Marcus indicated.
    I then booted in Safe Mode and deleted these files.
    I then ran regedit and ran the Find command for 3 files above
    and deleted them.
    I ran a scan for homeantivirus 2010 and found nothing.
    Keeping fingers crossed computer seems to be back to normal.
    Hope this helps.

  26. The files braviax,cru629 and beep were located in the windows folder
    also windows/system folder.
    also windows/system2 folder.
    and the windows Prefetch folder.
    also the registry.

  27. Holy shit – looks like the only thing that works for me is Orest’s instructions. All the rest were simply deleting the virus and once I’ve restarted the pc the nasty bugger would launch itself again. Check your ntfs.sys file – mine was modified on the date I caught the virus from a silly chinese website. This spyware is the worst thing happening to my PC for ages … 4 days testing all crap software till it finally worked thanks to this thread! Good luck all!

  28. I’ve tried a few things – I’ve ended up where I have no problems with pop ups, icons, reboots etc. but there is still a file named braviax in my system32 folder with no extension, just braviax. Anyone know the extent of what this thing is capable of, ie can it act as rootkit, password stealer etc?

  29. Just when I was going to sink my fist through the wall out sheer frustration, I came across this site and followed Marcus’s advice. You are the fucking man. You’re suggestions worked and I was able to nuke the Braviax tumor.

    May the blood sucking hyenas who created this virus feast on shit. They completely ruined two of my days.

  30. Thanks for the info, when I tried fixing this myself I only found braviax.exe in Safe Mode and it kept coming back.
    After cleaning up references to cru629 and replacing beep.sys with one from a clean machine, I was able to restart without it coming back.

    One other thing I don’t know if anyone else mentioned, but make sure you check your HOSTS file in WINDOWS\SYSTEM32\DRIVERS\ETC … all of the anti-virus and anti-spyware sites were redirected to bogus IP addresses.

  31. hi can you please tell me step by step how I can delete these files in safe mode? If you could also please tell me a complete list of files to delete that was be a huge help. I am not very good with computers and could really use some help removing this virus.

    AVG has found several infections including;
    C:\windows\system32\wisdstr.exe,
    C:\windows\system32\drivers\beep.sys,
    C:\windows\system32\dllcache\beep.sys,
    C:\windows\system32\cru629.dat,
    C:\windows\system32\braviax.exe,
    C:\windows\cru629.dat,
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP572\A0073357.exe

    I have a Pop-Up for PC AntiSpyware 2010, a desktop item and an icon in the bottom right near my clock all for this PC AntiSpyware 2010.

  32. Orest all i can say is thank lord! (or what ever u believe in)
    you are the fucking man not marcus, YOU mate!
    I have never dealt with such a piece of shit in my life, I have been busting my balls for almost a week on this crap!

    braviax – oh how I will never forget this name, i was almost gonna commit suicide but , now im gnna party like no tommorow!

    Sorry for the bad lang ppl but hey i feel good! please please follow this advise before doing ANYTHING else, it wiil save you a lot of time and stress!

  33. Hi all,
    very useful info over here! I’ve been fighting the whole weekend over Braviax, PC antispyware, Total Security, msword98, …
    Must’ve been hitting a terrible site somewhere…

    Meanwhile, I seem to have removed everything. Only one thing still does not work: when trying to visit e.g. AVG.com or NORTON.com, I get either redirected or a message ‘broken link’.

    Does this mean there is still something nasty running?
    Or is it ‘simply’ some explorer settings I have to fix?
    Who can help me?

  34. Aggy:
    1. Check explorer proxy server settings. Set it up to use no proxy server.
    2. Check your hosts file. It should be empty or only one line referring localhost. If not, delete everything from there.
    3. If it is not fixed by then, either your internet protocol chain is broken, or some unknown trojan is still working. Scan with some anti-spyware or antivirus.

  35. Marcus :Run windows in safe mode and delete C:\windows\braviax.exe, C:\windows\cru629.dat, C:\windows\system32\braviax.exe, C:\windows\system32\cru629.dat and C:\windows\system32\drivers\beep.sys.Then run regedit and delete all values including Braviax or cru629. Reboot and it should be gone. Only thing that worked for me.

    Marcus’s instructions were simple, concise and it worked!! Thanks Marcus!!

  36. Hello my name is Jennifer and I’ve been 6 days clean without Braivix. Thank you Marcus! The downside is that my system is now hokey as shit. Outlook is crashing about 2x/day and various processes just randomly stall. Uggh. We spent the first 15 hours fighting braviax and following all sorts of “delete all these .dll files” types of instructions before I found this forum. So I would suspect that some of those files deleted in the first 15 hours really messed things up. I’m a website developer & am in the middle of huge projects right now, so when I’m done, it’s nuke & pave time. Darn. I was so hoping to avoid having to do that.

    To those who say Marcus’ instructions aren’t working, try the “find” function in the registry repeatedly until it no longer finds braivax & cru629. I say this because the “find” function only finds one instance per search. So you’ll need to repeat the process several times before it doesn’t find any other instances.

  37. Hmm, I did Marcus thing and thought I was clean, it worked well for several days! No automatic restarts of braviax, no false messages anymore, no loading of rogue-antispyware, nothing. Except… I still had these broken link messsages when visiting avg or norton or alike. Smelly. I checked the administrators suggestions above (thanks!), but it was all clear…

    Then, quite suddenly, braviax showed up again… Once again I followed the instructions and I was clean, except… the broken link messages. Now I really was nervous for this beast and digged deeper.

    Seems I had some rootkit on my machine. Probably something that enables braviax to re-appear, although I was not able to figure out what exactly. I desparately needed my machine to work properly again. So I finally formatted my disk and re-installed windows+apps…

    I do not know how braviax spreads, but you should not only fight braviax, but also the Trojans spreading/loading it. And who knows them…? Is that doable?

  38. Aggy : broken links means one of 4 things : fake proxy through infected server, hosts files, browser pluggin or some driver/rootkit in internet protocol chain. As links were broken, I assume the trojan responsible for that was removed already (it would show fake websites in other cases usually).
    Are you sure you haven’t been re-infected again same way ? Also, you have to do followup scans for couple days even if you use manual instructions. Trojans rarely come alone. braviax is not an exception.

  39. I hope I am not reinfected… after formatting the disk and re-installing windows+all apps, all seems ok. I can visit antispyware sites again…! 🙂
    But I will follow your advice: I keep a keen eye on it and make sure I reguraly use AV the next few days. I obviously did something to get the trojans in the first place and might catch them again without realizing. Would be nice if one were able to trace back where the trojans actually came from…

  40. You can to some extent: There are utilities that notify when changes in registry or files took place. For antivirus, I recommend Eset’s NOD32, have very good experience with it.

  41. Wow I guess I’m blessed. I tried about a million different things to remove this evil thing and just when I was ready to do the ultimate give-up and reformat I decided to try a sys restore and OMG for the first time in my life it actually worked. I cannot freakin believe it still. I’m just waiting for that crappy little red circle with the white x to pop back up.

  42. Eric : Do a follow up scans for couple days with any reputable spyware scanner. Just in case some trojan downloader still is in the PC!

  43. @Jonny
    Johnny – if you don’t mind the asking or it’s not too personal, what website do you think they got into you from?

  44. “Then run regedit and delete all values including Braviax or cru629.”

    I’m terrible with pc’s.. Can u tell me how to do that? thanks

  45. @Eric

    Thanks Eric. I noticed the bastard thing today and after a bunch of unsuccessful attempts I did a system restore for the first time ever back to 10pm last night. After restore no trace of the little bastard.

    If you can remember the day you noticed that f%^%$ng red circle in your tray, and do a system restore to the day before, it should be all good.

  46. Andy : you are wrong. Your PC will be fixed if braviax is the initial infection only. This is not always the case. Sometimes trojans can be for a week without showing signs till it gets messages from botnet masters.

  47. According to my startup menu I have a braviax.exe in my system32 file but when I navigate there in exporer I can’t find it. I have already made sure hidden files are shown. Any thoughts?

  48. Mike: startup menu might link to missing files. Also, are you showing system files as well, or only hidden ones? If the file exists, but you can not see it with system&hidden file visibility turned on, then a rootkit is protecting it from beeing seen = you should scan your PC with anti-spyware.

  49. I hope all malware writers get cancer. Stupid braviax won’t be removed. I tried using SD fix and combo fix to get rid of it, but it reappeared on reboot. I tried using Marcus’s way by removing files during safe mode, but could not find many of the files in c:\windows, (view hidden files on). Used malwarebytes as well, but it reappears on restart.

    Any other solutions?

    Thanks in advance.

  50. Michael: Use marcus way and check if spyware doctor detects anything afterwards (before/after reboot). If yes, you can go with Spyware Doctor to finalise its removal.

  51. Hey everyone, listen up for a quick & painless way to get rid of braviax. As others have said, the idea is to delete the following files:

    C:\windows\braviax.exe
    C:\windows\cru629.dat
    C:\windows\system32\braviax.exe
    C:\windows\system32\cru629.dat
    C:\windows\system32\drivers\beep.sys

    BUT YOU HAVE TO KILL THE RUNNING BRAVIAX PROCESS FIRST! If you don’t, it’ll just re-populate itself on your next boot up. So here’s how you kill it.

    1. Open up Notepad and type some garbage. Do not save. Leave it open.
    2. Go to Start > Turn Off Computer > Restart

    (windows will kill all processes–including braviax–but it’ll stop when it gets to Notepad. It’ll say something about “do you want to save this file”. Hit cancel to return to Windows.

    Ok, NOW you can open up Explorer & delete all the files listed above. When you’re done, restart your computer (discard the file you started in Notebook). And voila, on your next boot, braviax should be gone. Now is when you run all your anti virus programs to really scrub your system. I recommend Spybot Search & Destroy (It’s FREE. Google it) as well as Lavasoft AdAware (another FREE one).

    Btw, remember the trick about shutting down w/ Notebook open. It comes in handy for any pesky process you can’t kill regularly.

  52. Oh My wonderful Marcus. I think I’m in Love with you. Thank you so very much. While I was in there I found antivirus pro 2010 and deleted those values too. I hit “find next” for each entry 3 times until they were all gone. I ran my cleaners in safe mode as well. You are my hero.

  53. Just my 2 cents: Did Marcus’ method and Gary’s as well. But in the end I used SUPERAntiSpyware Free Edition, did an update, and ran the quick scan. It found stuff in places that were not mentioned anywhere. It quarantined the offending files and I removed them and all is well again. Does anyone know of a good antivirus/anti-this-kind-of-nasty-trojan package? How’s BitDefender?

  54. Alvin : Typically, Braviax is not coming alone. It is rare to get single trojan nowadays.
    BitDefender is ok. I prefer NOD32 (antivirus) and Spyware Doctor (antispyware) for regular protection. AVG is ok antivirus from free ones, but it does not have proper rootkit protection and they are getting more popular now :/

  55. to kill braviax.exe :

    1-shut down internet.
    2-open task manager
    3-end braviax.exe and its creator sys32_nov.exe
    4-than open windows/system32/
    5-search find and delete with unlocker these found files sys32_nov.exe and braviax.exe in system32 folder..it means you survived braviax.exe))

  56. THIS WORKED PERFECT FOR ME Marcus! Thank you so much! This was the 5th time the kids infected me with Braviax and this was the FIRST time i didn’t have to reformat my harddrive. WOO-HOO

    @Marcus

  57. @TMALATESTA
    Perfect. Spy Doctor took care of it – Just go to Safe mode – Follow the manual instructinos everyone is posting but Prior to doing anything else Download the spy doctor and Run it in safe mode. It says not to but do it anyway. Then reboot. All is Perfect. BUT – It will be SLOWWWWW since Spy Doctor is like a 1000lbs elephant in your computer weighing everything down. I just uninstall spydoctor. Anyhow, this is a scary one and No idea how I got it but it won’t happen again.

    Thanks

  58. so looks like I removed it pretty much manually .. so its not impossbile
    this forum helped a whole lot though

    Hard to believe that ZA was fooled by braviax
    Now all I got to do is allow/deny all programs access, coz seems like braviax completely corrupted ZA’s program permission list.

    The only help I got was SysMech8’s dumbass AV program that deleted braviax.exe

    At one moment braviax looked like a damn hydra – you chop off one head and it grows back. Get that chainsaw and CHOP CHOP CHOP all at once … all dats dlls exes startup items etc.

  59. I’m running Windows Vista, and the braviax.exe file was in my User/AppData/Roaming folder and nowhere else. I checked my beep and ntfs files, and they hadn’t been modified. I don’t know if Vista’s setup is different enough that it kept it from spreading the way it normally would, or if I just caught it before it did too much damage, or if it was just dumb luck, but stopping the braviax process with Task Manager and deleting the file from my AppData folder and the braviax entry from regedit seems to have worked. The cru629 file was nowhere to be found.

Leave a Reply

Your email address will not be published. Required fields are marked *