Trojan - Major problems : brastk.exe

This nasty little bugger hijacks your machine and stops you from accessing Norton, Mcafee or any spyware scanning websites. It even stops norton from starting up.

 

I can't believe there's no mention of it yet on this forum!or even in Symantecs security alerts!!!!

 

I got it by aclicking 'allow this instance'  for access to my pc. I thought it was the site 'Savefile' where I was getting a U2 video from asking so in a moment of weakness I said 'allow this instance' 2-3 times.  

 

It started by rebooting my pc, then on restart of windows, puts a red X in your active icons with a message saying your computer has been infected! no kidding!!!!!!!

 

It puts a few files on your pc :  brastk.exe and karna.dat in both c:\Windows and c:\windows\system32 and svchost.exe in c:\windows\system32\drivers. 

 

I killed it by rebooting in Safe mode and ran  a process I downloaded called Brastkremover.exe that I got from here

 

 After that, i removed all entries for brastk.exe and karna.dat that were still left in the registry and the files that were still left in windows\system32. (My boot drive is a D:\ so maybe the tool didn't fully remove it.).

 

I then rebooted and it's appeared mostly gone (No RED 'X') but I still could not go to symantec's website but  at least norton started up. I ran a quickscan and it found 'Backdoor.Tidserv'. After that I could get to the website.

 

I hope this helps someone else.