How to Remove Braviax.exe or Cru629.dat Spyware from your PC

I have not found a proper way to remove this spyware anywhere online, even after searching a lot of forums. Many many people said that once this had infected your computer, you should back up your stuff and reformat your HD. This same group of viruses forced me to reformat my wife’s laptop about a year ago, but that shouldn’t be necessary if you catch it early. At the time of writing (August 2009), I was running Windows XP and this technique definitely worked. I have had comments as “recently” as 2012 saying this worked. Good luck.

I somehow got nailed with this very vicious spyware this morning. I got a very sudden error message on my real-time spyware scanner. I didn’t even have time to read it before all my programs shut down and my computer rebooted. As soon as Windows XP came back up, I had a red circle with an X through it on my systray, like it was a Windows XP error. It emulated it perfectly, even with the bubble rising up saying “Windows has detected spyware, click here to remove it.” Then it tries to install some fictitious anti-spyware software (something with ‘2010’ in the title, it looked like the Windows XP color scheme, too) against your will. This collection of files is referred to as braviax or cru629. These files are initially located in two different places on the hard drive. It disables many forms of spyware removal software entirely, gives you pop-up ads in Internet Explorer (even if you never use IE), and installs many other forms of spyware.

Note: Braviax can not be removed with any software. It must first be removed manually, then the spyware removal software can get rid of the rest of the other components. It does not help to start in “Safe Mode.” It is not a lasting fix to remove all components from the registry, either. This malware mutates itself, so some of these path names may not be correct; this is where I found the files in my instance.

Follow these steps to remove braviax.exe (in Windows XP):

  1. Hit Ctrl+Alt+Del simultaneously on the keyboard and click the ‘Processes’ tab when the Task Manager pops up
  2. Click/highlight braviax.exe and click “End Process”
  3. Click “yes” in the warning window that pops up
  4. Open Windows Notepad (Programs->Accessories)
  5. Click File->Open to open a document
  6. Near the bottom of the “Open File” dialogue, pull down the menu for “Files of Type” and choose “All Types”
  7. Navigate Notepad’s Open File dialogue to C:\Windows and open braviax.exe
  8. Once the file is loaded, you will see a bunch of gibberish characters that are not all text. Delete several characters, replacing them with letters or numbers. Do this a few times throughout the file. (Note: you must replace the same number of characters that you remove. Braviax checks for missing code or different file sizes, so it must be saved the same size that it was loaded in order to fool its self-check)
  9. Save over the original file in the same location (pc should warn you that the file already exists and you are overwriting, blah blah, click yes to save over the file)
  10. Navigate to c:\windows\system32\ and delete the file braviax.exe (In other words, delete c:\windows\system32\braviax.exe)
  11. Navigate to c:\windows\system32\drivers\ and delete the file beep.sys (In other words, delete c:\windows\system32\drivers\beep.sys) This is the initial beep that Windows plays when it boots up. The virus attaches itself to this file and it must be deleted or the virus will regenerate itself upon reboot
  12. Reboot the pc. If the red circle does not appear in the lower right corner of your screen, you are almost there. If the circle and fake error messages still appear, you may have to redo all the previous steps, replacing more characters in c:\windows\braviax.exe (I ended up replacing maybe 50 characters throughout the file, many of them consecutive)
  13. Once you get the red circle to not appear when you boot, then install/run as many spyware programs as you can to get rid of all the programs that came along with braviax

It may take several boots and scans to completely eradicate the remaining spyware files. [At the time of writing], free spyware software includes Spybot Search&Destroy (recommended) and Ad-aware, but they can not remove this software without first doing the above steps.



Related Posts Plugin for WordPress, Blogger...

8 Comments

  1. Liubomir Liubomirov
    Liubomir Liubomirov09-05-2009

    Thanks! I think that helped me! It is also important that you remove the braviax.exe from C:\Windows directory as otherwise it always tries to load during Windows startup and a dos window is displaying “C:\Windows\braviax.exe…”. Apparently the system tried to load it but the executable is spoiled due to the fake characters we entered in the file on step 8 from above and happily does NOT do its vicious job. I removed that file and then everything seemed ok, ofcourse after running some spyware programs and avast antivirus that purged several other spyware files.

  2. Evan
    Evan09-07-2009

    Excellent! I was hoping this worked for others, because sometimes viruses mutate and put themselves in different folders.

    If you delete C:\Windows\braviax.exe before you reboot, then it will reappear in its original form. Once you reboot and run spyware software, you can delete C:\Windows\braviax.exe

    Thanks for the feedback.

  3. Robert
    Robert09-09-2009

    Worked great. Beat the heck out of the various malware removal solutions, especially since one of these dang programs had defeated my wireless networking, making it difficult to download and install external programs easily.

  4. Jin-kyu Choi
    Jin-kyu Choi09-14-2009

    Thanks

  5. Claire
    Claire09-23-2009

    Thank you!!!! that worked. But it appears I have other problems, as the BSOD keeps happening– Error Code 0.X00000008E

  6. Muad_dib77
    Muad_dib7709-26-2009

    It seems unhackme5.5 beta2 is able to kill the braviax part…you still need to run something like drweb afterwards tho.. Spy Bot s&d doesnt seem to be very effective against this particular cluster of baddies.

  7. Evan
    Evan09-26-2009

    I wondered about rootkit killers. I’ve never used one. Rootkits are much more complicated than most other forms of Malware. Well, I’m glad that there may be another solution!

  8. Woody
    Woody07-16-2012

    Thanks soooo much followed as you said and it worked great. thank you

Leave a Reply