FrEn

E-mail Print PDF

Brastk (Brastk.exe) Remover

Written by Administrator  |  Thursday, 17 September 2009 18:48
AddThis Social Bookmark Button

Information A malicious backdoor trojan that runs in the background and allows remote access to the compromised system.

File

  • <System>\brastk.exe
  • <System>\delself.bat
  • <System>\dllcache\beep.sys
  • <System>\dllcache\figaro.sys


Registry

  • Created Registry Values:
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
    • 1208 = 0x00000000
    • 2500 = 0x00000003
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
    • 1208 = 0x00000000
    • 2500 = 0x00000003
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
    • 1208 = 0x00000000
    • 2500 = 0x00000003
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
    • 1208 = 0x00000000
    • 2500 = 0x00000003
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
    • 1208 = 0x00000000
    • 2500 = 0x00000003
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    • brastk = "%System%\brastk.exe"
  • [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    • Enable Browser Extensions = "yes"
    • Search Bar = "http://www.google.com/ie"
  • [HKEY_CURRENT_USER\Software\Microsoft\Security Center]
    • AntiVirusDisableNotify = 0x00000001
    • FirewallDisableNotify = 0x00000001
    • UpdatesDisableNotify = 0x00000001
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    • brastk = "%System%\brastk.exe"
  • Registry Values modified:
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
    • Default_Search_URL = "http://www.google.com/ie"
    • Search Page = "http://www.google.com"
    • Start Page = "http://www.google.com"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
    • SearchAssistant = "http://www.google.com"
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
    • 1201 = 0x00000000
    • 1804 = 0x00000001
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
    • 1201 = 0x00000000
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
    • 1201 = 0x00000000
    • 1804 = 0x00000001
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
    • 1201 = 0x00000000
  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
    • 1200 = 0x00000000
    • 1201 = 0x00000000
    • 1608 = 0x00000000
    • 1804 = 0x00000001
  • [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    • Start Page = "http://www.google.com"
    • Search Page = "http://www.google.com"


ATTENTION Once the virus installed on your computer, it will connect to http://do-scan-progress.com/?wmid=1058&l=33&it=2&s=1 and tries to download a file named wini10581.exe , puts it in the Windows directory and installs an application called XP AntiSpyware 2008 (or 2009) or XP AntiVirus 2008 or 2009.

Download

 

Add comment


Security code
Refresh

Related articles
Latest posts
Free malware removal tool to remove Dr. Guard
_WRITTEN_BY Administrator 01/03/2010
Dr. Guard is a rogue Antispyware from the Paladin Antivirus Family, it's a malware that pretends to be an Antivirus. It is a wolf in sheep's clothing. It conducts a fake scan of your system; you are…Read more...
Free malware removal tool to remove Paladin Antivirus
_WRITTEN_BY Administrator 27/02/2010
Paladin Antivirus is a rogue Antispyware, a scareware, it's a malware that pretends to be an Antivirus. It is a wolf in sheep's clothing. It conducts a fake scan of your system; you are warned by a…Read more...
Free malware removal tool to remove PC Defender
_WRITTEN_BY Administrator 24/02/2010
PC Defender is a rogue Antispyware, it's a malware that pretends to be an Antivirus. It is a wolf in sheep's clothing. It conducts a fake scan of your system; you are warned by a fake alarm that…Read more...
Free malware removal tool to remove Control Manager
_WRITTEN_BY Administrator 24/02/2010

Control Manager is another fake Antivirus that install itself on your computer. Once installed, it tries to trick you into buying a full version of the program, that doesn't even exist, because…Read more...

Free virus removal tool to remove Mal.Resdro-A
_WRITTEN_BY Administrator 24/02/2010

Resdro-A is a virus that may reprensent a security risk for your system. Mal/Resdro-A shows a Adobe Flash Player Update, ignore this, this is a fake warning.

Once on your system, this fake…Read more...

.
Information | Contact

© All Rights Reserved. net-studio.org 2009