So I had this lovely joy in my life called braviax... and after a very painful process it seems to be gone, mostly.
I classify myself as an experienced Windows user. I have experience with manually handling some of Windows' more delicate internals, including regedit.
1. Ran SDFix which ate braviax
2. Ran trend micro's house call which took out all remnants except for C:\Program Files\Protection System\core.dll
3. I booted into a bootable windows CD and removed that file manually
Braviax seems to have eaten AVG (which couldn't get rid of the virus anyway).
Now what's left is what I believe is a DLL loading itself inside of explorer.exe. Every ~15 minutes, IE will try to pop up with an ad. (I use Chrome as my default browser).
I used ProcessExplorer from sysinternals to find out that explorer.exe was the one launching internet explorer. I also used some other tool from sysinternals (forgot name) to monitor explorer.exe's activity, and doubly confirmed that it launced IEXPLORE.EXE
What made me believe this even stronger is this:http://www.bleepingcomputer.com/tutorials/windows-program-automatic-startup-locations/
Here are my entries for this key:
I am unsure if my actual explorer.exe is infected.
I tried to launch autoruns.exe also from sysinternals, but I believe very heavily that this virus blocks the use of it. After < 2 seconds of being open, it always closes. The virus then seems to lock the file. An example of why I think the virus locks the file is because I can no longer run the exe after running it once, but I can run the exe from the original .zip over and over ;)
Safe mode is a strong possibility. The virus, braviax, and this don't seem to be activated then. However, autoruns.exe does not run under safe mode, and I'm not sure if this last remnant loads itself in safe mode or not.
So aside from the IE popup, this virus seems to have been removed enough to no longer have self replicating, auto starting, etc. properties. But....
1. This last remnant is pesky. I strongly believe it is blocking certain programs from running. These include SpyBot, MBAM Installer, HijackThis Installer
2. This last remnant may be affecting TaskManager
Tools at my disposal:
Windows Install disc
Windows Bootable CD
Kaspersky Rescue Disc (Bootable antivirus, didn't even remove braviax. Was unable to connect to the internet, not useful)
Ubuntu / Puppy / DSL (Live linux CDs)
Another Windows computer
Well I would have included a hijackthis log... but not being able to install it, I'm not sure what I should do next.