Home » Ideas and thoughts

Mexican burritos, winivstr.exe and braviax on my computer

8 September 2008 6,332 views 6 Comments

how to remove spyware - virus winivstr.exe

This is a very short story on how to delete annoying virus and spyware – winivstr.exe.

A few weeks ago in my company we had one computer infected by email from “Fedex”. A virus was zipped, attached and emailed to one of our employees. Of course he opened the email from Fedex and even decided to execute .exe file in attachment… Yeah.. “Shit happens” you would say.. True. But I had to deal with it!

The first indication of this type of spyware is a small red icon in your tray with this message:

Your computer is infected!

Windows has detected a spyware infection! It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you.

Click here to protect your computer from spyware!

So, if anybody has this problem – you are more than welcome to read my small manual on how to remove virus winivstr.exe, braviax.exe, buritos.exe etc. from your computer.

Basically the solution is very simple – you have to remove these files from your system. Have you tried yet? If yes – you probably noticed that they are back after a while.. I did the same thing. I also tried to install several antiviruses, including free anti virus Avast, and free Windows Defender, and honestly nothing helped (maybe I didn’t search very well).

I found two ways of removing these viruses:

  1. Restart your computer and start Windows in Safe Mode (hold F8 right after restart)
  2. Search your disk C:/ (your system disk with Windows on it) for these files:
    • braviax.exe
    • beep.sys
    • buritos.exe
    • winivstr.exe
    • karina.dat
    • delself.bat
    • *.tmp (c:/windows/temp) – all temp files from temp folder
    • ntos.exe
  3. Delete all of them except file beep.sys – which you have to replace with the original file (it can be found on Windows installation CD or your friends computer :) ).
  4. Go to menu Start -> Run Program and enter “regedit” to open Windows Registry Editor
  5. Now you need to search for all occurrences of files winivstr.exe, buritos.exe and others from the list above (Press CTRL+F when you are inA? Registry Editor). Remove all records you can find.
  6. This should solve the problem. In order to double check, you can still run “msconfig” (From menu Start->Run program) and see if you dont have anything suspicious in “Startup” tab.

Additionally I was also able to get rid of annoying pop-up window in the windows tray, by simply replacing infected files with empty files (0 bytes) with the same name. I assume, this spyware checks if file exist, then its not creating another copy of it.

Hope this will help someone.

P.S. Any other ideas will be appreciated.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5 out of 5)
Loading ... Loading ...

6 Comments »

  • Aurelien said:

    Thanks for your help !

    I’ll add my own experience to your post.

    Before starting, I unpluged my internet access cable.

    First, I zero-sized 3 files (buritos.exe braviax.exe and karina.dat) in both C:\WINDOWS\ and C:\WINDOWS\system32\ folders.
    I also made them hidden and system files…

    Then I restarted the computer, so that the evil hidden process is not running anymore (karina.dat).
    From this time, Windows will complain many times about karina.dat, then simply click OK.

    You can now repair the registry, the process won’t bother you anymore.
    Go to the following registry key : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\windows
    and replace appinit_dlls=C:\WINDOWS\system32\karina.dat
    by appinit_dlls=C:\WINDOWS\system32\karina.da
    (or anything else that makes windows not finding the file)
    press the F5 key to check that the value hasn’t been set back to it’s previous value (if so, restart operation from the beginning)

    Now you can safely repair the beep.sys file.
    Get a safe version from the installation CD or from a friend (should be about 5kb) and put it in the 2 following folders (erasing previous file) :
    C:\WINDOWS\system32\dllcache
    C:\WINDOWS\system32\drivers

    Now the virus should be gone, and not coming back by itself.
    You must now install an efficient anti-virus in order not to get infected again when you will access internet.

    FYI, I also disabled the 3 services below, but I am not sure they are viruses, and if so, they are most probably not related to braviax :
    1) Gestionnaire de session d’aide sur le Bureau A?A? distance – C:\WINDOWS\system32\sessmgr.exe
    2) QoS RSVP – C:\WINDOWS\System32\rsvp.exe
    3) Windows Server IP Verification Service – C:\WINDOWS\system32\wsivs.exe

    Good luck !!
    Aurelien

    # 13 September 2008 at 6:01 pm
  • Netpappy said:

    Hey – thanks for these instructions… I just used them, and it appears to have resolved the issue for me.

    Thanks,
    Joe

    # 14 September 2008 at 10:53 pm
  • Rich said:

    Thank you very much… This is great!!! It fixed my problem too!!!

    Rich

    # 25 September 2008 at 10:10 am
  • Aurelien said:

    Hey, you’re more than welcome guys !

    Thanks to this forum for beeing registering free ;)

    Aurelien

    # 25 October 2008 at 6:43 pm
  • Becham said:

    Очень даже круто. Особенно третье.

    # 13 April 2010 at 10:46 pm
  • Иван Евсеев said:

    На самом деле, как говорится – Без пользы жить – безвременная смерть.

    # 2 May 2010 at 6:16 pm

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.