http://net-studio.org >> Patch>

brastk (brastk.exe) Remover


	Patchs for virus
	Tutorials
	Tips
	Forum
	Windows Optimum
	USB FireWall
	Boost Google Search

	Information
	A malicious backdoor trojan that runs in the background and allows remote access to the compromised system.
	File
	<System>\brastk.exe <System>\delself.bat <System>\dllcache\beep.sys <System>\dllcache\figaro.sys
	Registry
	Created Registry Values: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] 1208 = 0x00000000 2500 = 0x00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] 1208 = 0x00000000 2500 = 0x00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1208 = 0x00000000 2500 = 0x00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 1208 = 0x00000000 2500 = 0x00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] 1208 = 0x00000000 2500 = 0x00000003 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] brastk = "%System%\brastk.exe" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] Enable Browser Extensions = "yes" Search Bar = "http://www.google.com/ie" [HKEY_CURRENT_USER\Software\Microsoft\Security Center] AntiVirusDisableNotify = 0x00000001 FirewallDisableNotify = 0x00000001 UpdatesDisableNotify = 0x00000001 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] brastk = "%System%\brastk.exe" Registry Values were modified: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] Default_Search_URL = "http://www.google.com/ie" Search Page = "http://www.google.com" Start Page = "http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] SearchAssistant = "http://www.google.com" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0] 1201 = 0x00000000 1804 = 0x00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1] 1201 = 0x00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] 1201 = 0x00000000 1804 = 0x00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3] 1201 = 0x00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4] 1200 = 0x00000000 1201 = 0x00000000 1608 = 0x00000000 1804 = 0x00000001 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] Start Page = "http://www.google.com" Search Page = "http://www.google.com"
	ATTENTION
	Once the virus installed on your computer, it will connect to http://do-scan-progress.com/?wmid=1058&l=33&it=2&s=1 and tries to download a file named wini10581.exe , puts it in the Windows directory and installs an application called XP AntiSpyware 2008 (or 2009) or XP AntiVirus 2008 or 2009.

Link

Latest fixs:

Antivirus 360 (av360.exe)
Spyware Guard (spywareguard.exe, Mal/EncPk-CZ, Rootkit.Win32.TDSS, SpywareGuard2008, Program:Win32/FakeSpyguard)
Brastk (Win32/Wantvi.I, Brastk.exe)
Braviax (Win32/Wantvi.I, Braviax.exe)
XP AntiSpyware 2009 (XP_AntiSpyware.exeL, Downloader.Win32.Agent.bs,New Malware.aj)
FlashGuard.exe (DriveGuard.exe,Win32.Worm.Autoit.AL, AUTORUN.TZ)
cradle of filth (cradle_of_filth.vbe, Notre Gates qui est à Seattle)

COPYRIGHT (C) 2008 NET STUDIO, ALL RIGHT RESERVED