Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BRASTK.EXE and antispywarexp 2009 problems .exe issues


  • Please log in to reply
7 replies to this topic

#1 truevenus

truevenus

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 26 October 2008 - 08:37 PM

Hi, I'm new to this site and this is my first time posting to the forum. I hope that I've posted in the right category for help. My problems started today with the little red circle with the x through it that told me my computer was infected. I researched online and found out that it was BRASTK.EXE and that it had placed a file called beep.sys in my drivers folder. I deleted it and started in safemode and ran super antispyware professional. It found and removed the Brastk.exe, the red circle is gone and there is no sign of this file in the system 32 folder where it was earlier.

Then the issue with antispywarexp 2009. I don't remember downloading this program, but may have as I was trying desperately to find a free antispyware program online to fix my computer quickly. Regardless of how it got there I now have even bigger issues...I used it's uninstall option to get rid of this program, now I'm missing so many .exe files I want to cry! I can't run most of my programs... IE does not even load, fortunately I have a back up of Avant browser in my downloads folder that I could reinstall because it too had the .exe file missing. I can't run my Sonic program to backup my pictures or documents because it tells me the mediahub.exe file is missing. Alot of my games like Sims2 and others are also missing their .exe files. Can they be fixed? or will I have to reinstall? The Sonic program came with my pc and I don't have a recovery disk, I didn't get one.

Also when I go to my control panel I get a message from my Intel® Proset stating 'Resources are not available' I am totally confused, and at this point have not much of an idea of how to fix all this except for looking for help here. I need to start at step 1 and keep going...Please help...I appreciate any advice on how to get my pc running back the way it was :'(

Thank you in advance for your time, I really appreciate it.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:48 AM

Posted 26 October 2008 - 11:03 PM

Hello and welcome. lets strat with our sellf help tutorial. Post back the scan log and Let us know how the PC is doing and if you still have the CAN'T run/find issues.

How to remove XP Antispyware 2009 (Uninstall Instructions)
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 truevenus

truevenus
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 28 October 2008 - 05:03 PM

Thanks so much for your time and response, I have run the malwarebytes program and here is the following log from the scan

Malwarebytes' Anti-Malware 1.30
Database version: 1325
Windows 5.1.2600 Service Pack 3

10/27/2008 7:54:14 AM
mbam-log-2008-10-27 (07-54-14).txt

Scan type: Quick Scan
Objects scanned: 60592
Time elapsed: 10 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\antispywarexp2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pauline\Start Menu\Programs\AntiSpywareXP2009 (Rogue.AntispywareXP) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pauline\Local Settings\Temp\GLK89.tmp (Rogue.EvidenceEliminator) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pauline\Local Settings\Temporary Internet Files\Content.IE5\G8VJ9FKE\._file[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\htmlayout.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Program Files\AntiSpywareXP2009\pthreadVC2.dll (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pauline\Start Menu\Programs\AntiSpywareXP2009\AntiSpywareXP2009.lnk (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pauline\Start Menu\Programs\AntiSpywareXP2009\Uninstall.lnk (Rogue.AntispywareXP) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pauline\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiSpywareXP2009.lnk (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pauline\Local Settings\Temp\TDSS7cb4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pauline\Cookies\dynihigen.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pauline\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pauline\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pauline\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pauline\Local Settings\Temp\wrdwn8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSmhju.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSqubg.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSqxud.dll (Rootkit.Agent) -> Quarantined and deleted successfully.


Now I still have the issue with my missing exe files, I am still unable to run IE, Irfanview (photo editor), our Sims2 and other games to name a few. I can reinstall most of them with disks and redownloading but I'm wondering if there is an easier way to recover the exe files for these programs? I know the data is still on my computer somewhere and I'm assuming it has to do with the registry but not savvy enough to do it all on my own. I'm currently running another malware scan but a full scan because I noticed I've only run a quick scan on the last one and want to be sure everything is gone.

Thanks again for your time and help.

Edited by truevenus, 28 October 2008 - 05:06 PM.


#4 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 28 October 2008 - 05:11 PM

Unfortunately one or more of the files found were rootkits. In your case, "C:\WINDOWS\system32\TDSSqxud.dll (Rootkit.Agent)" and "C:\WINDOWS\system32\TDSSmhju.dll (Rootkit.Agent)" There is no way to know for sure if your computer will ever be secure/trusted again. The only surefire way to know is to do a reformat/reinstall of windows, that however is time consuming and most people won't want to go that route, you can still be helped. However, like I said, there will be no way to ever trust your computer 100% without a reinstall (Don't quote me on this information though, I am not an expert but this is my understanding of the detrimental effects of a rootkit, it would be in your best interests to wait for a response from boopme as he has way more experience and knowledge than me.)

From Wikipedia:

A rootkit is malware which consists of a program (or combination of several programs) designed to take fundamental control (in Unix terms "root" access, in Windows terms, "Administrator" access) of a computer system, without authorization by the system's owners and legitimate managers. Access to the hardware (e.g., the reset switch) is rarely required as a rootkit is intended to seize control of the operating system running on the hardware. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security mechanisms. Often, they are Trojans as well, thus fooling users into believing they are safe to run on their systems. Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system.


Edited by xblindx, 28 October 2008 - 05:18 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,331 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:48 AM

Posted 28 October 2008 - 07:46 PM

Now I still have the issue with my missing exe files


Are you getting A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message or a different error mesage?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 truevenus

truevenus
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 29 October 2008 - 05:47 AM

Thanks for all the responses....I'm certainly learning alot. I'm not able to reformat and reinstall Windows XP with my system as I did not get a recovery disk from the manufacturer when I purchased my pc (unless it's restorable from the hard drive?). I'll have to wait until I can upgrade my system to windows vista...which I'm not 100% ready to do yet.

As for the error message boopme....it's "missing shortcut" "windows is searching for '***.exe' To locate the file yourself, click browse" With Irfanview once I click cancel I get a pop up that says "The item you selected is unavailable. It might have been moved, renamed or removed. Do you want to remove it from the list?" Aaaaarggghh....this is soooooo frustrating....my computer is such a mess :thumbsup:

I do have a question though....my 13 year old loves to play online games...do these online games have anything to do with spyware as well? Some of them asked her to download something to the pc in order to play the game? I would like to know so that I can educate her on security of websites like those in the future.

I can't tell you how much I appreciate any help/advice you can give me. Thanks

#7 xblindx

xblindx

  • Banned
  • 1,923 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:48 AM

Posted 29 October 2008 - 06:49 AM

A missing shortcut means that the file the shortcut is pointing to is missing. Are you sure the programs are still on your computer? Try to create a new shortcut to the file by navigating directly to the file.

#8 rigel

rigel

    FD-BC


  • Members
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:05:48 AM

Posted 29 October 2008 - 07:12 AM

You may also wish to reload Irfanview. He updates the program fairly regularly.

Some online games do have their hazards. Just like everything else in life, nothing is ever free. They advertise on their site, and sometimes help themselves by loading adware and malware onto your computer. It depends on the site. Not all sites are bad, but you have to use caution, especially if a "addon" is needed.

You may wish to look at a HOSTS file too. MVPS HOSTS

I suggest the next step to be running SDFix. Please follow these steps carefully...


Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users