quote:

---

We thought better to just get a new pc instead of having to pay for consulting and work which can end up cost big bucks in labor time.

---

said by zteardrop :

said by Doctor Olds :

said by on my pc today :

Hi anyone know anything about this nasty (Braviax.exe) found it in the startup.
Made one of our pc just constantly turn on an off. but i finally got into the pc and first i got a message your pc is infected,funny how Norton did not stop it.
Way to go Norton!!!.

Norton isn't an Anti-Spyware or Anti-Malware program. It is an Anti-Virus program.

Absolutely incorrect. Its all of the above.

quote:

---

In the case of this braviax\cru629 infection, it took me hours of research and tinkering to finally get rid of it.

This malware was detected by Windows Defender as Win32/Renos. The malware promptly terminated Windows Defender's process and would not let it restart. Some Defender! Symantec detected it as PERFCOO and claimed to remove it, which it did not.

---

said by Telly Boot :

would it be useful to have a thread listing which programs are effective at removing Braviax ?
CounterSpy? »research.sunbelt-software.com/th···d=203602
Is there an agreed name for it? Braviax, cru629 or Trojan-Downloader.Hertu (?) Doesn't show up in Norton under any of those.

quote:

---

The filename BRAVIAX.EXE was first seen on Jan 31 2008 in The EUROPEAN UNION. It has also been seen in the following geographical regions of the Prevx community:

* ARGENTINA on Mar 7 2008
* SPAIN on Feb 26 2008
* The UNITED STATES on Feb 26 2008

The filename BRAVIAX.EXE refers to many versions of an executable program.
The most common file size is 18,432 bytes. But the following file sizes have also been seen:

* 11,264 bytes
* 16,384 bytes
* 16,896 bytes

The filename is associated with the malware group SystemDefender:Spyware-a.
These files have no vendor, product or version information specified in the file header.

BRAVIAX.EXE has been seen to perform the following behavior(s):

* The Process is packed and/or encrypted using a software packing process
* Changes the Internet Explorer Search Page
* Disables the Notification Baloon for the Windows Security Center
* Disabling the Windows Built in Firewall enabling rogue processes to access the internet without user knowledge or permission
* This Process Creates Other Processes On Disk
* This Process Deletes Other Processes From Disk
* Can communicate with other computer systems using HTTP protocols
* Executes a Process
* Registers a Dynamic Link Library File
* Creates a new Background Service on the machine
* Looks at the contents of the autoexec.bat file
* Reads email address and phone book details
* Opens pop up browser windows
* Includes file creation code which could be used to test for interception by security products
* Creation and Registration of a Browser Helper Object in Internet Explorer
* Modifies Windows Initialization And System Settings Used On Start up
* Changes the Internet Explorer Home Page Settings

BRAVIAX.EXE has been the subject of the following behavior(s):

* Added as a Registry auto start to load Program on Boot up
* Created as a process on disk
* Executed as a Process
* Registered as a Dynamic Link Library File
* Has code inserted into its Virtual Memory space by other programs
* Terminated as a Process

BRAVIAX.EXE can also use the following file names:

* 023342-3496F479.EXE
* 76187864.EXE
* 04836836.SVD
* 012877-24401E90.EXE
* 27044453.SVD
* 57134588.DAT
* A0193409.EXE
* A0193418.EXE
* A0193419.EXE
* BEHAVIAX.EXE
* 56846728.EXE
* BRAVIAX.EX_
* 63594485.EXE
* 16782586.SVD
* 37741952.EXE
* 37483906.SVD

---