Privacy & Security
Information & Removal
| The removal tool/procedure for BraveSentry on this page has been replaced by Roguefix.
A new comprehensive scan and delete utility for the family of rogue scanners and their installing/accompanying trojans
Roguefix, click here
The onslaught of rogue security software that deceptively tells a computer owner their machine is infected with potentially system crippling malware continues.
BraveSentry, an application that claims to scan for malware and offer anonymous surfing is arriving in PC's uninvited, often as part of a large bundle of malicious software. My test machine had no less than eight additional malware applications installed, including an emailing worm, a dialler and 5 trojan downloaders, each immediately attempted to download more malware.
If that is not enough, a new alarming twist that has consequences that go far beyond being tricked out of money, it also downloads a pornographic movie involving a child. This movie can play automatically while the other malware is downloaded.
The bundle is being deployed from CoolWebSearch websites, by drive by downloads and file sharing networks.
the bundle contains the following-
- Multidr-FG , drops the file childporn.wmv and downloads the other trojans.
- Trojan W32/Agent.ULL, displays fake infection warnings, downloads BraveSentry
- Win32.Tibs.ai From the Tibs network, a deliverer of pornographic pop ups
- Vixup-BM downloader, disables task manager and lowers security settings
- Win32.CWS.s Coolwebsearch downloader
- Troj/Bizves-D yet another downloader, installs other rogue scanners Spysherrif or Alfacleaner.
- Trojan.Dialer.ay A premium rate dialer
- Worm.Win32.Locksky.ae Emailing Worm
Visible signs of infection
- Changes the desktop to a black and yellow warning of a spyware infection
- warning balloons are displayed near the clock which lead to the BraveSentry website, or other websites offering BraveSentry and other rogue products.
- The BraveSentry application may be installed, along with Spysheriff or AlphaCleaner
This new bundle of downloader Trojans clearly has the potential to install a lot of malware very quickly
I have written a removal program that will check for all of the Malware listed above and clean your system if infected. It will also remove BraveSentry, Spysherrif and Alfacleaner if installed. This removal tool is freeware, although donations to help develop more tools for future malware are very much appreciated.
You will need
Download KillBS.bat from Hereto your desktop.
Note - This removal tool will no longer be updated for newer variants, instead you should use its replacement Roguefix.
Ewidow Security suiteTo remove any additional Malware that may have been installed. Download, install and update the application ready for use. If after Installing Ewido your system slows down, disable the 'Realtime protection'
NoteEwido is compatible with Windows XP and 2000 only.
Ace Utilities(free trial), a comprehensive disk and registry cleaner to remove the remnants.
Cautionary note: For the purpose of completing the clean up process, please follow the instruction given for this application. This comprehensive collection of cleaning tool includes Remove Duplicate files, Remove Empty foldersand Auto-Start manager. these options should not be attempted unless you are fully able to understand and investigate the output. Acting on a misinterpretation of the results could result in damage to your System.
1)Restart your computer in Safe Mode
2)Double click on KillBS.batto run the removal tool and allow it to do its job. Your Windows or security software may alert you to a script trying to start, you will need to click 'allow' for the tool to run. This is not a malicious script.
3)Open Ewido and run a complete system scan
4)Restart your PC in Normal mode.
5)Open Ace Utilities.
Perform the following scans
Click clean up, select remove Junk Files. Scan and delete everything found. Close the remove junk files box.
Select Clean system registry.
Click optionsand select Thorough.
Close the Options box.
Scan and delete everything found.
Close the Clean system registry box.
Select Erase History, click the Windows taband select the following-
Empty the Windows Prefetch Folder.
Delete empty folders on the Windows Temp folder.
Erase Folder streams in the Windows registry.
Clear past icon history of system tray (thanks Angus)
Click Execute Now
Click the internet Explorer/MSNtab and select the following-
Delete locked URL cache file.
Delete all auto-complete Data.
Clear typed URL's of Address bar
Clear Browser History
Delete Cache (Files in temporary Internet folder)
Click Execute Now.
Your computer should now be free of BraveSentry and the associated Malware
To protect yourself against future infections, make sure you have all Windows critical updates and the latest version of java Update
This information is provided free of charge/subscription/registration and without warranty.
However, if this page has helped resolve your problems without having the expense of taking your PC to a repair shop or the hassle of reformatting, you may like to support our efforts with a small donation towards the maintenance ,further development of this site and the research to create more pages like this for future malware, even £1, $1, €1 can help make sure we are still here should you ever need us again.
Privacy & Security
hackers, crackers & firewalls
BHO's & Hijackers
Drive by downloads
Scams & Hoaxes
Free pest scan
Clean up/repair after malware infection
Prevent malware installing
Start in Safe mode
Show hidden files/folders
enable/disable Active X controls
Disable Messenger service pop-ups
Use the Host file
Removal tool for Rogue spyware removers & Fake Warnings
Kill Sdbot-ADD / lockx.exe
Kill seeve.exe / mediamotors pop ups
New Winfixer infection displays fake Blackworm warning
The real cost of Free security software