WinReanimator Removal Instructions (WinReanimator)
March 2nd, 2008 by Alex
WinReanimator Descriptions:
WinReanimator is the latest counterfeit anti-spyware software that endangers the world of computers. WinReanimator usually installed itself onto your PC without your permission, through Vundo Trojan, Virus or fake software. WinReanimator will display fake system alerts or fake security alerts to trick user to buy the paid version of WinReanimator, in order to remove the potential and reported problems. Likely error messages include, “Windows has detected spyware infection! It is recomended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you. Click here to protect your computer from spyware!” Not only does it cause your machine to slow down dramatically, it would also put your privacy and data in risk.
Download SpyHunter* Spyware Detection Utility.
Manual Removal Instructions:
Stop WinReanimator Processes:
(Learn how to do this)
WinReanimator.exe
Find and Delete these WinReanimator Files:
(Learn how to do this)
WinReanimator.exe
WinReanimator.lnk
WinReanimator.url
Uninstall WinReanimator.lnk
Remove WinReanimator Registry Values:
(Learn how to do this)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinReanimator
Digg
del.icio.us
Google
Yahoo
Reddit
Furl
Spatula Says
I had Winreanimator headache yesteray too. I have no idea how I got infected… But here is how I cleaned it…
First of all I didn’t use any of the download softwares advertised on the web. They looked suspicious… It might just be me. (but I didn’t see any post from anybody indicating that any of them worked. There were nice web sites and etc. but no posts. I might be wrong but…)
Neverthe less you can clean it without those programs in about 1 minute.
Lets start.
1) First “Pause” the Winreanimator
This is the file that downloads Winreanimator and installs The bad bad bad file….
2) Disconnect from the internet
3) Go to C:\Program files and locate “winreanimator” folder. We will delete this folder. You can’t delete it now bc the program is running.
4) Open the task bar (Ctrl Alt Del) go to Applications tab and stop the process tree of Winreanimator.
5) Before the Winreanimator kicks in again go to the winreanimator folder and delete it.
6) At this point it shouldn’t start again unless you click on the warning or Red X shaped icon in the task bar. Actually don’t even put your cursor on the icon. This activates the installation sequence.
7) Search your computer for Braviax.exe. It pops under C: & C:\Windows
9) If you delete it another ghost file just installs another one every time you start your computer. So we will delete the contents of it.
10) open a blank notepad application
11) drag the Bravix.exe into Notepad. This will show you what is in the file… It will be jumbled up characters and stuff. Just delete everything and type in some garbage in to it for the kicks.
12) Do the same thing to the other Bravix.exe file.
13) THE END
If you want to take the risk you can also go to the windows registery to clean out any mention of Winreanimator. If you don’t know what windows registery is I wouldn’t recommend it though. you can hurt your computer. To open up the registery just type “regedit” in the run window in start menu.
Hope this helps.
FYI: This process stops/cleans Winanimator but the presence of Winreanimator indicates that vundo trojan is in your computer as well. You should get your computer scanned w/ a spyware software to clean it out.
Feb 24th, 2008 at 3:03 pm
mymy Says
then what should I do with the red x icon??
please reply
Feb 24th, 2008 at 11:31 pm
tom Says
Spatula, you are amazing!!
Feb 25th, 2008 at 1:35 am
steve Says
thank you soooo very much for the help. greatly appreciated, thanks too you too spatula.
Feb 27th, 2008 at 6:18 pm
Shanna Says
Thanks for the advice but it wouldnt let me change the Braviax.exe. file. It asks me if I want to save it and then It wont allow me to save it. So I close it and then it goes back to the original.
Mar 4th, 2008 at 9:01 pm
Josh Says
Hey im having the same problem Shanna is. I cant seem to save it and stop this maddness.
Mar 7th, 2008 at 3:10 am
Sher Says
how do you pause winreanimator?
Mar 9th, 2008 at 12:55 pm
jules14 Says
not sure
Mar 10th, 2008 at 6:25 pm
zafer123 Says
IF YOU CANNOT DELETE THE 2nd braviax,exe file
try this:
The basic strategy is to use RENAMEing and CUT and PASTE
to get around the file delete restrictions
1) Using notepad create a blank “dummy” braviax.exe file and save it as braviax.exe in some folder other than where the undeletable braviax is
2) Now, using a right mouse click and PROPERTIES make this dummy file “Read Only” or else it will get replaced by the Winreanimator again
3) Go to the folder containing the undeleteable braviax.exe file
4) Instead of deleting it, Cut and Paste it into some other folder or rename it to some junk name (this is what gets around the delete restriction). Note: you will not be able to delete the renamed or cut/pasted file
5) Now cut and paste the dummy Braviax.exe file into the folder containing the undeletable but renamed braviax file
5) Restart (note you need to do everything else posted in the prior msgs)
good luck
zafer123
Mar 10th, 2008 at 7:52 pm
Jim Says
I tried what both Zafer123 and Spatula said to try to remove WinReanimator, but it won’t allow me to delete the file/program at all. It is highjacking and redirecting me to all kinds of websites!! It also wiped out my “Norton Anti-Virus in about 5 seconds (great system!!). Isn’t Norton supposed to stop this kind of stuff or at least let you know about it? Norton is absolutely useless!! Any help?
Mar 11th, 2008 at 11:50 am
Sai Says
Spatula……..u really rok………..thanx
Mar 12th, 2008 at 11:18 am
wtf Says
i did what Spatula said, and what zafer123 said, but i’m still having problems with pop-ups and shit.. what else can i do?
Mar 13th, 2008 at 6:58 pm
stubbler Says
* Download and install a reputable spyware detection and removal program such as Spyware Doctor which is available free as part of the Google Pack. Spyware Doctor did not detect or remove the braviax/cru629 infection, but is useful in detecting and removing the crap that it downloads.
* Disconnect your computer from the Internet. If the crapware can’t find the Internet, it can’t download any more crap.
* Restart your computer from the installation CD in Recovery Console mode. With my PC, I had to hit F12 during the boot process and tell it to boot from the CD ROM. When the “Welcome to Windows Installation” window came up, I pressed R to enter the Recovery Console. (These instructions are specifically for XP.)
* Navigate to the Windows directory. (If you are at the C:\> prompt you would type cd windows and hit enter. If you need to back up to get to the C:\> prompt, type cd .. and hit enter until you get there.)
Once you are at the C:\WINDOWS> prompt
type C:\WINDOWS>del braviax.exe and hit enter.
When your computer returns to the prompt,
type C:\WINDOWS>del cru629.dat and hit enter.
* Navigate to the System32 directory by typing C:\WINDOWS>cd system32 and hitting enter.
Once you are at the C:\>WINDOWS\SYSTEM32> prompt type C:\>WINDOWS\SYSTEM32>del braviax.exe and hit enter.
Then type C:\>WINDOWS\SYSTEM32>del cru629.dat and hit enter.
* Navigate to the C:\WINDOWS\SYSTEM32\DLLCACHE> directory. ( type C:\>WINDOWS\SYSTEM32>cd DLLCACHE )
Type C:\WINDOWS\SYSTEM32\DLLCACHE> del beep.sys and hit enter.
* Navigate to the C:\WINDOWS\SYSTEM32\DRIVERS> directory.
Type C:\WINDOWS\SYSTEM32\DRIVERS>del beep.sys and hit enter.
* Type exit and hit enter to exit the Recovery Console and reboot the computer. You will want to reboot in safe mode. To do this on my PC one must begin madly pressing F8 until a boot menu comes up. Once you have booted to safe mode, open regedit (Click on the “Run” option on the Start menu, type regedit into the text box and hit enter). Once the Registry Editor is open, select My Computer. Then click on the Edit menu item and select Find. In the find dialog box type in braviax . When the search finds a value or key containing the word braviax, delete it. Keep searching until all instances have been found and deleted. Repeat this process for cru629. When all instances have been found and deleted, close the Registry editor. Your computer should now be clean of this crap. You may run Spyware Doctor, your anti-virus, and Windows Defender (which should now be runnable). Spyware detectors may find crap that braviax downloaded.
you can then copy the beep.sys files from a clean xp system and paste into the C:\WINDOWS\SYSTEM32\DLLCACHE and C:\WINDOWS\SYSTEM32\DRIVERS
congrats ypur system should now be clean
Mar 15th, 2008 at 8:16 am
Don Says
WinReanimator is supposed to be an antispyware program but it actually is a disguised sypware program designed to introduce popup menus, redirect your browser to unwanted websites, and collect data from your computer.
It is difficult to remove because it places a file named braviax.exe into your system. This file opens a port to your modem and every few seconds it refreshes all of its files from the mother website. If you delete the files from the “srchasst” directory they will shortly reappear through the internet link. The file: braviax.exe is loaded by a registry entry whenever you start your computer. To disable WinReanimator, it is necessary
to disable the functions of braviax.exe To do this, one can deliberately corrupt this file and then make it READ ONLY. The malware will start to load but no longer run on system startup. And it cannot replace the corrupted
version of braviax.exe by writing over it. These changes are accomplished in SAFE MODE from a COMMAND LINE PROMPT using a program called attrib.exe located
in C:\windows\system32\ directory. The changes cannot be made from within the normal windows operating system because you will be denied access to the files.
The malware website can change the names of its downloaded files. If this should happen and braviax.exe is not found on your computer, download a freeware program called: CurrPorts v1.33.
By running this program one can itentify the name of any file that is opening a covert port to your modem. By observing the networking screen of the windows TASK MANAGER program, one can watch as repetitive refreshing
of the malware files is taking place as you try to delete them.
Should the file on your machine be braviax.exe, the steps to disable WinReanimator are:
1. Shut down your computer and disconnect your modem, to prevent the refreshing of files.
2. restart your computer.
3. when you hear a beep, press F8
4. select: run in SAFE MODE from a COMMAND PROMPT.
5. change to directory: C:\Windows\System32
6. Type: Dir braviax.exe
7. If this file exists, do not delete it. Type:
Notepad braviax.exe
8. cut out most of the contents of the file to corrupt it, save, and exit notepad.
9. To change the attribute of the file: braviax.exe to READ ONLY.
type: attrib R braviax.exe
10. type: Dir cru629.dat
11. If this file exists, do not delete it. Type: Notepad cru629.dat
12. cut out most of the contents of the file to corrupt it, save, and exit notepad.
13. To change the attribute of the file: cru629.dat to READ ONLY.
type: attrib R cru629.dat
14. If it exists, change to the directory: C:Windows\srchasst and delete all of the contents one by one, leaving the directory empty.
15. restart your computer with normal entry into windows.
16. type: START, RUN, REGEDIT. Find and delete all references to WinReanimator.
17. If you restart your computer now and do a virus scan the report should be a clean computer.
Mar 15th, 2008 at 10:13 am
John G Says
Spatula’s directions above are excellent except he mispells Braviax.exe a few times. You are searching for “Braviax.exe” NOT “Bravix.exe”. They are only in the locations he said. ALso, there are files in c:\Windows\Prefetch that can and should be deleted, anything that starts with Braviax and/or winanimator. I found both there and deleted both and now my computer is free from that crap!
Mar 17th, 2008 at 1:05 pm
ihatebraviax.exe Says
spyhunter will report it found reanimator when u free scan it but if u purchase the software it is vulnerable
Mar 25th, 2008 at 11:26 am
ogman Says
braviax.exe I did a Ctl Alt Del and went to processes, then ended the process named braviax.exe. This allowed me to delete braviax.exe
Hope this helps. (By the way Spatula! Excellent instructions!!! I was actually able to go to Start > Programs > Winreanimater > uninstall. This took the folder out, however, the red X was still there. After killing the process, I was able to remove braviax.exe. Then rebooted and all was GREAT! Thanks!!!! (I would have never known the process name without your excellent instructions!)
Mar 28th, 2008 at 1:23 pm
matt Says
nothing is working..
i have corrupted the file and saved it..
but ever time i reboot its there..
Mar 29th, 2008 at 7:12 pm
angma Says
i had the same problem..i went to start >all programs>winreanimator>uninstall,then it will say this is a system application what program do u want to use to open with i chose internet explorer and the hit ok and the red x was gone off my task bar ,but i cannot get it off my all programs menu.hope this helps a little.if any one can get it off program list please let me know..thank you have a good day.
Apr 3rd, 2008 at 7:32 am
mpio Says
Spatula, zafer123
people… you are amazing
tanks very much!!!!
Apr 18th, 2008 at 2:09 am
Dale Says
I used your removal instructions and want to tank you very much, great success. One prob i encounteded when I replaced the info in the second Bravix.exe file found in a backup folder. I saved it as 1bravix.exe and all seems to work. I still have the pop-up warning redX which I assume can be removed with detection utility.
Thanks and many hard times for the little b^&*( that create these bogus spywares.
Thanks to pep’s with talent to nix these guys.
Jun 4th, 2008 at 9:15 pm
Timoteo Says
What about legal action against these cretins? Where is Winreanimator physically located? what can be done to f them up? Please somebody attack them.
Jun 19th, 2008 at 12:03 pm