internetinspiration logo
Home Internet Guides Privacy & Security Must have software Internet Shopping Earn Money Fun & Games Freebies

Privacy & Security
Information & Removal

The removal tool/procedure for BraveSentry on this page has been replaced by Roguefix.
A new comprehensive scan and delete utility for the family of rogue scanners and their installing/accompanying trojans
Roguefix, click here

The onslaught of rogue security software that deceptively tells a computer owner their machine is infected with potentially system crippling malware continues.

BraveSentry, an application that claims to scan for malware and offer anonymous surfing is arriving in PC's uninvited, often as part of a large bundle of malicious software. My test machine had no less than eight additional malware applications installed, including an emailing worm, a dialler and 5 trojan downloaders, each immediately attempted to download more malware.

If that is not enough, a new alarming twist that has consequences that go far beyond being tricked out of money, it also downloads a pornographic movie involving a child. This movie can play automatically while the other malware is downloaded.

The bundle is being deployed from CoolWebSearch websites, by drive by downloads and file sharing networks.

the bundle contains the following-
  • Multidr-FG , drops the file childporn.wmv  and downloads the other trojans.
  • Trojan W32/Agent.ULL, displays fake infection warnings, downloads BraveSentry
  • From the Tibs network, a deliverer of pornographic pop ups
  • Vixup-BM downloader, disables task manager and lowers security settings
  • Win32.CWS.s Coolwebsearch downloader
  • Troj/Bizves-D yet another downloader, installs other rogue scanners Spysherrif or Alfacleaner.
  • Trojan.Dialer.ay A premium rate dialer
  • Emailing Worm

  • Visible signs of infection

  • Changes the desktop to a black and yellow warning of a spyware infection
  • warning balloons are displayed near the clock which lead to the BraveSentry website, or other websites offering BraveSentry and other rogue products.
  • The BraveSentry application may be installed, along with Spysheriff or AlphaCleaner

  • This new bundle of downloader Trojans clearly has the potential to install a lot of malware very quickly

    Removal Procedure

    I have written a removal program that will check for all of the Malware listed above and clean your system if infected. It will also remove BraveSentry, Spysherrif and Alfacleaner if installed. This removal tool is freeware, although donations to help develop more tools for future malware are very much appreciated.

    You will need

    Download KillBS.bat from Hereto your desktop.

    Note - This removal tool will no longer be updated for newer variants, instead you should use its replacement Roguefix.

    Ewidow Security suiteTo remove any additional Malware that may have been installed. Download, install and update the application ready for use. If after Installing Ewido your system slows down, disable the 'Realtime protection'
    NoteEwido is compatible with Windows XP and 2000 only.

    Ace Utilities(free trial), a comprehensive disk and registry cleaner to remove the remnants.
    Cautionary note: For the purpose of completing the clean up process, please follow the instruction given for this application. This comprehensive collection of cleaning tool includes Remove Duplicate files, Remove Empty foldersand Auto-Start manager. these options should not be attempted unless you are fully able to understand and investigate the output. Acting on a misinterpretation of the results could result in damage to your System.

    Removal procedure

    1)Restart your computer in Safe Mode

    2)Double click on KillBS.batto run the removal tool and allow it to do its job. Your Windows or security software may alert you to a script trying to start, you will need to click 'allow' for the tool to run. This is not a malicious script.

    3)Open Ewido and run a complete system scan

    4)Restart your PC in Normal mode.

    5)Open Ace Utilities.

    Perform the following scans

    Click clean up, select remove Junk Files. Scan and delete everything found. Close the remove junk files box.

    Select Clean system registry.
    Click optionsand select Thorough.
    Close the Options box.
    Scan and delete everything found.
    Close the Clean system registry box.

    Select Erase History, click the Windows taband select the following-
    Empty the Windows Prefetch Folder.
    Delete empty folders on the Windows Temp folder.
    Erase Folder streams in the Windows registry.
    Clear past icon history of system tray
       (thanks Angus)
    Click Execute Now

    Click the internet Explorer/MSNtab and select the following-
    Delete cookies
    Delete locked URL cache file.
    Delete all auto-complete Data.
    Clear typed URL's of Address bar
    Clear Browser History
    Delete Cache (Files in temporary Internet folder)

    Click Execute Now.

    Your computer should now be free of BraveSentry and the associated Malware

    To protect yourself against future infections, make sure you have all Windows critical updates and the latest version of java Update

    This information is provided free of charge/subscription/registration and without warranty.
    However, if this page has helped resolve your problems without having the expense of taking your PC to a repair shop or the hassle of reformatting, you may like to support our efforts with a small donation towards the maintenance ,further development of this site and the research to create more pages like this for future malware, even £1, $1, €1 can help make sure we are still here should you ever need us again.
Privacy & Security




hackers, crackers & firewalls





BHO's & Hijackers

Drive by downloads


Scams & Hoaxes

Hijack this-
automatic analysis

Free pest scan

Unwanted processes

How to-Tutorials

Clean up/repair after malware infection

Prevent malware installing

Install Hijackthis

Start in Safe mode

Show hidden files/folders

enable/disable Active X controls

Disable Messenger service pop-ups

Use the Host file

Roguefix -
Removal tool for Rogue spyware removers & Fake Warnings
removal tool

Kill E2Give

Kill MySearch

Kill Sdbot-ADD / lockx.exe

Kill seeve.exe / mediamotors pop ups

Kill Winfixer2005

Kill SysProtect


New Winfixer infection displays fake Blackworm warning

The real cost of Free security software

About us Contact us FAQ Links Privacy Statement Site Map Webmasters
Click here to add this page to your favorites
©Internet Inspiration, 2003.      All registered trademarks are observed and respected.
If you receive advertising pop ups whilst viewing this site, you are infected with an ad-serving parasite, because we don't use pop ups. See our Privacy & security section for help with detection and removal.