This past Thursday after an IE freeze-up that I had to kill at the process level, I noticed an icon on my desktop that wasn't supposed to be there (delself.bat) and a red "X" alert box in the lower right corner of the taskbar with a text bubble stating that my computer was infected, and to "click here" to download anti-spyware to remove the threat (it also kept resetting my home page to google for some reason). I obviously didn't click on anything; my first instinct was to run spybot, but it wouldn't open (the process didn't even initiate in task manager).
To make a long story short(er), after the usual fiddling in safe mode and uninstalling/reinstalling my anti-spyware and AV programs, I seem to have rid myself of this problem. I had noticed a program named "brastk.exe" in my startup menu in msconfig, and unchecked it. Initial scans using Ad-Aware, MalwareBytes, Spybot, and AVG each returned a few threats, which I removed (one of which was the aforementioned brastk.exe). Subsequent scans performed over the past couple of days have been clean, and my computer's performance has been asymptomatic.
However, I just downloaded and ran a Hijack This registry scan, and have been googling anything that looks unfamiliar. In my AppInit_DLLs, I have a file named karna.dat, which, according to what I've read, frequently comes paired with brastk.exe and is considered malware. My questions are these:
1) Is deleting "karna.dat" from my AppInit_DLLs via regedit safe? I want to make sure it's not tied to any necessary system process (google says otherwise, but I'd like to ask the GA experts ). Is doing so simply a matter of clicking "modify" and then deleting the "karna.dat" text from the "Value Data" field? (I've never edited anything in the registry before.)
2) There is a "brastk" folder in the startup subfolder of the msconfig folder in the registry. One of the commands therein points to brastk.exe, which should no longer exist on my system. Can I delete the entire brastk subfolder safely? I assume this would remove it from my startup menu completely in msconfig? (As opposed to simply being deselected, as it is currently.)
3) How would you best judge when your computer is "clean"? I've been avoiding doing any online banking etc. since this occurred, and would like to know when I can resume normal activity. Originally I figured one week of problem-free use and clean scans, but now I'm worried about possible lingering malicious files/programs.
Both brastk.exe and karna.dat (or any files containing those strings) do not exist on my system according to searches (I allowed hidden files and protected OS files). In light of this, how do you think I should proceed re: the above questions? Any help would be appreciated. Thanks.
To make a long story short(er), after the usual fiddling in safe mode and uninstalling/reinstalling my anti-spyware and AV programs, I seem to have rid myself of this problem. I had noticed a program named "brastk.exe" in my startup menu in msconfig, and unchecked it. Initial scans using Ad-Aware, MalwareBytes, Spybot, and AVG each returned a few threats, which I removed (one of which was the aforementioned brastk.exe). Subsequent scans performed over the past couple of days have been clean, and my computer's performance has been asymptomatic.
However, I just downloaded and ran a Hijack This registry scan, and have been googling anything that looks unfamiliar. In my AppInit_DLLs, I have a file named karna.dat, which, according to what I've read, frequently comes paired with brastk.exe and is considered malware. My questions are these:
1) Is deleting "karna.dat" from my AppInit_DLLs via regedit safe? I want to make sure it's not tied to any necessary system process (google says otherwise, but I'd like to ask the GA experts ). Is doing so simply a matter of clicking "modify" and then deleting the "karna.dat" text from the "Value Data" field? (I've never edited anything in the registry before.)
2) There is a "brastk" folder in the startup subfolder of the msconfig folder in the registry. One of the commands therein points to brastk.exe, which should no longer exist on my system. Can I delete the entire brastk subfolder safely? I assume this would remove it from my startup menu completely in msconfig? (As opposed to simply being deselected, as it is currently.)
3) How would you best judge when your computer is "clean"? I've been avoiding doing any online banking etc. since this occurred, and would like to know when I can resume normal activity. Originally I figured one week of problem-free use and clean scans, but now I'm worried about possible lingering malicious files/programs.
Both brastk.exe and karna.dat (or any files containing those strings) do not exist on my system according to searches (I allowed hidden files and protected OS files). In light of this, how do you think I should proceed re: the above questions? Any help would be appreciated. Thanks.