Braviax Question

When visiting a website, I got a warning message from ESET Nod32 AV about
a threat..."braviax", but there was no way to clean it or terminate the page. Then
my WinXP laptop shut itself down. Upon reboot, a red circular icon with a black
"x" appeared in the taskbar. I went into Control Panel/System Restore and restored
my system to a checkpoint from yesterday. The "braviax" icon is now gone.

After a search, I found no "braviax.exe" under Windows/System32 or anywhere
else on the hard drive. Then, I did a thorough search of the registry, and there are
no "braviax" entries anywhere in the registry.

Is it likely that my computer is rid of this trojan?

It is unlikely that this malware is a trojan. This is probably rogue
antimalware.

Even if no evidence seemingly remains, download, update and run in
"Normal Mode" with "Quick Scan" the freeware version:

MBAM - <http://www.malwarebytes.org/>

Please update this thread with an update with your progress.

Rogue anti malware software are trojans.

I downloaded Malwarebytes and did a complete scan. It found "trojan.download"
and "trojan.agent", both of which it removed completely. The scan showed no trace
of "braviax", which is good news!

Thanks for the tip on the Malwarebytes software. I will upgrade to the full version.

I'm happy to hear of your success. Some of us follow MBAM with a
"Safe Mode" full scan with SAS:

<http://www.superantispyware.com/>

SAS & MBAM seemed to have always worked & played well with others.

SAS is also freeware upgradeable to a lifetime subscription.

These are both excellent programs. Do you know any programs of comparable
usefulness that I can run on Windows 98?

I'm sorry Scott, but my last reasonable encounter with W98SE was about
four years ago.

Try posting in this newsgroup with the subject: "Ping Virus Guy".

He's a Windows 98 enthusiast.

While I don't know how those two programs differ from your
run-of-the-mill antivirus programs (maybe someone else can explain), I
can tell you that Norton AntiVirus 2002 (which runs very well on Windows
98) can be updated via the Symantec Intelligent Updater package to
current viral definitions and scan engine. Symantec Corporate antivirus
(version 9 I think) is still supported and it also runs on Win-98. I'm
sure that both are available via torrent.

Avast still (apparently) runs on win-98.

Windows 98 is some-what unaffected by a lot of moderm malware, because
malware today is designed to run soley on win-XP and other NT-based
OS's. I think that's especially true for malware that boot-straps it's
way onto your system in ways that involves no concious effort on the
part of the user (what we think of as trojans and viruses that exploit
OS or java or browser or acrobat vulnerabilities).

Best recommendation for win-98 is that you keep your Java runtime engine
updated (and remove ALL previous versions, including the one that
shipped with win-98), use Firefox as your default browser, run Spybot
Search & Destroy ("innoculation" function), maybe Spyware Blaster for
the same reason. Spybot SD has the ability to monitor certain registry
keys in real time (something that doesn't get talked about much here).
Set your web-browser so that it asks what you want to do with pdf files
(save or open) instead of opening them up automatically with adobe
acrobat. Disable java or other script options in your pdf viewer
(acrobat or other).

The use of a third-party hosts file can also provide some machine-level
protection against rogue domains, but be aware that some of them might
also perform content-censorship against the user at the same time.
Because domains that host malware usually have a brief lifespan, hosts
files are more effective at blocking click-tracking and advertizing than
anything else.

The use of a firewall on win-98 for security reasons is largely a waste
of time and system resources because win-98 was never vulnerable to
penetration and control via unsolicited in-bound packets, unlike
NT-based PC's where there have been about 6 or 7 different forms of such
vulnerability during the past 8 or 9 years. Even so, any system that's
behind a NAT router will have defacto blocking of in-bound unsolicited
packets. If your win-98 system has an ip address that starts with
192.168 then it is behind a nat-router. Software firewalls have a
history of being deactivated by malware such that they are useless at
alerting the user of unauthorized out-bound activity indicative of
active malware.

You might want to have a look at microsoft.public.win98.gen_discussion
and read past posts or ask new question there.

superantispyware
System Requirements SAS:
Windows 98, 98SE, ME, 2000, XP, Vista or Windows 2003

As the names suggest both MBAM and SAS are anti-spyware/adware.
They are NOT anti-virus.
Norton AV 2002 is anti-virus.

I would have both types of programs on a Win98(se) PC.

If that does not work, maybe an earlier version will work on Win98(se).
This goes for a lot of programs.

To add to SAS:
- Spybot Search & Destroy
scroll one page down and read:
Supported operating systems - Windows 98 Fully functional

For passive defense (useful companion for IE) you could use:
- SpywareBlaster
System Requirements:
SpywareBlaster works on Windows 98, ME, NT, 2000, XP, or Vista.
There are no automatic updates, but check here:
(updates available about every two weeks)

If a software item is deemed to be "spyware", then what exactly does it
do that makes it different than what is ordinarily defined to be broadly
malware, or specifically viral or trojan?

For one it doesn't prepend, append or insert code into other binaries.

It causes information to flow outward that the user might not want to
flow outward.

This is as opposed to adware, where the program causes inward flow of
(perhaps undesired) information.

The term 'trojan' refers more to how a program presents itself to the
user than it does to the actual function of the program when executed.
In the case where its function is self replication, it is termed a virus
or worm (it is understood that virally infected programs present as
trojans and some worms do as well).

All of my systems now use SAS and MBAM. I feel much more secure now.

I've gotten all that paranoia ware off of my system
I feel more secure now.
No elaborate AV, AS, needed
to keep evil away from my door.