ကၽြန္ေတာ္ခ်စ္ေသာသူငယ္ခ်င္းမ်ားအတြက္
...: ပညာေရး၊စီးပြားေရး၊ ဘာသာေရး၊ ဂီတ၊ ရုပ္ရွင္၊ စာေပ၊ နည္းပညာ၊ အိုင္တီ၊ ကူးယူရန္ေဆာ႔ဖ္၀ဲလ္မ်ားနဲ႕ အျခားေနရာမ်ားကို ဒီေနရာေလးကေန ေ၀မွ်ေပးလိုက္ပါတယ္ :...

... BE PEACEFUL AND HAPPY ALL THE MOMENTS, ALL MY FRIENDS ...

Nov 28, 2008

Killing and Removing Brastk.exe Malware

"Brastk.exe" (this link will open Google search with brastk.exe keyword) is a malware program and it stay in the following directories, and many paths of the registry.
C:Windows\
C:Windows\System32\
When a PC is infected with this malware,
- it appear in system tray with red icon with X,
- frequently display of a message, that The system is infected with a virus ... .
- if we click that message, then it tries to install "XP Antispyware 2009" (also a fake antispyware).
So it is very annoyed to infected PC and user.
To remove this malware from the infected pc, I used the following tools and techniques.

Tools

 1. TCPView (this link to SysInternal and will open in new window) to check all the open ports.
 2. Revo Uninstaller (this link to Revo Uninstaller Download page and will open in new window) to check and remove all "Auto Run" files and other unnecessary files.
 3. Hijackthis (this is direct download link to HijackThis and will open in new window) to check the contents of key areas of the Registry and hard drive--areas that are used by both legitimate programmers and hijackers.
 4. Malwarebytes' Anti-Malware program (this link to MBAM Download page and will open in new window) to check all malware finally.

Techniques

 1. Disable network connection.
 2. Run the Registry and look for the “brastk.exe”, all its paths and keys, and delete all.
 3. Find and delete the “brastk.exe” under C:\Windows\directory
 4. Used the tool “TCPView” to check all the open ports of infected PC. This “Brastk.exe” used, UDP port 1025. Then selected the process of “brastk.exe”, and use “End Process…” command from Process menu of the TCPView. This “brastk.exe” program run away at once from system tray.
After Killing the “brastk.exe” with TCPView,
 1. Delete the “brastk.exe” under C:\Windows\system32\ directory.
 2. Clean all temp files from %tmp%, %temp% and %prefetch%.
 3. Run Revo Uninstaller to check all start up files and unwanted files.
 4. Run Hijackthis and check all key areas of the Registry and hard drive again.
 5. Use Malwarebytes' Anti-Malware program to recheck all the rest of malware threats.
 6. Finally, Restart the infected PC and check again.
Now everything will be OK on the infected PC.
Any new ways and comments for this solutions are welcome.