Mexican burritos, winivstr.exe and braviax on my computer
This is a very short story on how to delete annoying virus and spyware - winivstr.exe.
A few weeks ago in my company we had one computer infected by email from “Fedex”. A virus was zipped, attached and emailed to one of our employees. Of course he opened the email from Fedex and even decided to execute .exe file in attachment… Yeah.. “Shit happens” you would say.. True. But I had to deal with it!
The first indication of this type of spyware is a small red icon in your tray with this message:
Your computer is infected!
Windows has detected a spyware infection! It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you.
Click here to protect your computer from spyware!
So, if anybody has this problem - you are more than welcome to read my small manual on how to remove virus winivstr.exe, braviax.exe, buritos.exe etc. from your computer.
Basically the solution is very simple - you have to remove these files from your system. Have you tried yet? If yes - you probably noticed that they are back after a while.. I did the same thing. I also tried to install several antiviruses, including free anti virus Avast, and free Windows Defender, and honestly nothing helped (maybe I didn’t search very well).
I found two ways of removing these viruses:
- Restart your computer and start Windows in Safe Mode (hold F8 right after restart)
- Search your disk C:/ (your system disk with Windows on it) for these files:
- braviax.exe
- beep.sys
- buritos.exe
- winivstr.exe
- karina.dat
- delself.bat
- *.tmp (c:/windows/temp) - all temp files from temp folder
- ntos.exe
- Delete all of them except file beep.sys - which you have to replace with the original file (it can be found on Windows installation CD or your friends computer
). - Go to menu Start -> Run Program and enter “regedit” to open Windows Registry Editor
- Now you need to search for all occurrences of files winivstr.exe, buritos.exe and others from the list above (Press CTRL+F when you are inA? Registry Editor). Remove all records you can find.
- This should solve the problem. In order to double check, you can still run “msconfig” (From menu Start->Run program) and see if you dont have anything suspicious in “Startup” tab.
Additionally I was also able to get rid of annoying pop-up window in the windows tray, by simply replacing infected files with empty files (0 bytes) with the same name. I assume, this spyware checks if file exist, then its not creating another copy of it.
Hope this will help someone.
P.S. Any other ideas will be appreciated.
(1 votes, average: 5 out of 5)
Loading ...
Thanks for your help !
I’ll add my own experience to your post.
Before starting, I unpluged my internet access cable.
First, I zero-sized 3 files (buritos.exe braviax.exe and karina.dat) in both C:\WINDOWS\ and C:\WINDOWS\system32\ folders.
I also made them hidden and system files…
Then I restarted the computer, so that the evil hidden process is not running anymore (karina.dat).
From this time, Windows will complain many times about karina.dat, then simply click OK.
You can now repair the registry, the process won’t bother you anymore.
Go to the following registry key : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\windows
and replace appinit_dlls=C:\WINDOWS\system32\karina.dat
by appinit_dlls=C:\WINDOWS\system32\karina.da
(or anything else that makes windows not finding the file)
press the F5 key to check that the value hasn’t been set back to it’s previous value (if so, restart operation from the beginning)
Now you can safely repair the beep.sys file.
Get a safe version from the installation CD or from a friend (should be about 5kb) and put it in the 2 following folders (erasing previous file) :
C:\WINDOWS\system32\dllcache
C:\WINDOWS\system32\drivers
Now the virus should be gone, and not coming back by itself.
You must now install an efficient anti-virus in order not to get infected again when you will access internet.
FYI, I also disabled the 3 services below, but I am not sure they are viruses, and if so, they are most probably not related to braviax :
1) Gestionnaire de session d’aide sur le Bureau A?A? distance - C:\WINDOWS\system32\sessmgr.exe
2) QoS RSVP - C:\WINDOWS\System32\rsvp.exe
3) Windows Server IP Verification Service - C:\WINDOWS\system32\wsivs.exe
Good luck !!
Aurelien
Hey - thanks for these instructions… I just used them, and it appears to have resolved the issue for me.
Thanks,
Joe
Thank you very much… This is great!!! It fixed my problem too!!!
Rich
Hey, you’re more than welcome guys !
Thanks to this forum for beeing registering free
Aurelien
?? N?N??? ??N? N?????????N???, ??N????? N? N???????N?, N?N??? ??N??? ????N??? ????N?N?N?, ???? ?????????? N????? ??N???N??????? ????N???N????
??NZ??????N?N?????! ??????N????? ???? ??????N? ??????N?N?N? ????N???????N????? N???N?N??? ????????????N???N?N?N? ?????????
Дискутировать на эту тему можно бесконечно, поэтому просто поблагодарю автора. Спасибо!
Занимательно написано. А это все на основе личного опыта?Позвольте поинтересоваться
Помни, что каждый день — первый в оставшейся части жизни.
Leave your response!
Recent Posts
Highest Rated
Most Viewed
Recent Comments
Tags
airline bonus miles credit cards flyer how to ideas membership windowsBlogroll
Most Commented
Most Viewed