Results 1 to 2 of 2

Thread: BEEP.SYS

  1. #1
    Triple Platinum Member Curio's Avatar
    Join Date
    Nov 2004
    Location
    London
    Posts
    686

    BEEP.SYS

    Just so you know......
    If you get something like Braviax.exe/cru629.dat it reloads via a replacement for beep.sys (c:\windows\system32\drivers\...)- which makes the 'BEEP' noise when you boot and at some program errors. There are apparently other malwares using this method of re-installing themselves too, the standard WinXP one is only about 4Kb while the code-rewriting one is about 24kb but may vary depending on the exact bug - they are always updating them.

    There are variants of Braviax/Cru629.dat so I couldn't say that they all use the BEEP.SYS trick but some definitely do - some of them also use a viral infector and a IRC bot apparently, the little devils. The last one I did was stealthing the files braviax and cru629 which didn't appear in either Task Manager or Explorer - which is nice. They always seem to download other malware too. Annoyingly the thing has been around for several months but the antivirus/antispyware vendors don't seem to be catching it or removing it.
    I'm using Windows 7 - you got a problem with that?

  2. #2
    Junior Member musicman's Avatar
    Join Date
    Dec 2006
    Location
    London, U.K.
    Posts
    18
    Agreed this one has been around for quite a while now. If the usual programs supplied by AV companies, and the like, still don't fix it, there are plenty of tools available free that will either remove it or, at least, ID it so it can be removed manually.


    NOTE > if running Vista you shouldn't be infected by this one but, if you are, make sure that any "fix" tools you choose to run are Vista compatible.


    Malwarebytes > http://www.besttechie.net/tools/mbam-setup.exe

    SDFix > http://forums.majorgeeks.com/showthread.php?p=869653

    Superantispyware > http://www.superantispyware.com/

    Kapersky scanner > http://www.kaspersky.com/virusscanner

    [Also Combofix BUT DO NOT USE THIS unless under the supervision of a trained analyst otherwise it could trash your system. CF is very powerful.]


    MM
    Last edited by musicman; June 25th, 2008 at 07:42 AM.
    “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.” Eugene H. Spafford

    Member ASAP

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •