<-- Back to original post

How did Bravesentry get on my PC? I don’t know for sure but I suspect it may have been a result of visiting a website that contained malicious code that took advantage of an un-patched Windows XP machine. Here how the problem seemed to start (click image to enlarge):

McAfee Personal Firewall alerted me to an unusual file (named “t.inx”) trying to access the Internet. I set a rule to block all access for this unknown program. Later that day, I received another such message, this time about a program called “kernels8.exe” which was also trying to gain Internet access (click to enlarge).

Concerned, I used McAfee Antivirus to perform a complete scan of the system. The results of the complete scan found no viruses or suspicious software. Assuming that the system was already compromised, I suspected that my antivirus may have also been compromised in some way.

After the scan I restarted the PC and was welcomed with a new wallpaper suggesting that my computer has become infected with spyware and that I need to take action. In the system tray, a new icon (a red circle with a white X) continuously flashed the following message (click to enlarge):

Curious, I clicked on the message and was greeted with Bravesentry 2.0 - the software that I guess was supposed to save me from the dreaded spyware. How nice! Additionally, the software began to scan my hard drive, which I promptly paused.

I went to www.pandasoftware.com and used their free online scanning service to verify the results returned by McAfee. After a full system scan Panda reported that it found 192 suspicious files. Of course being a free service, it didn’t provide any more details that that. Still, it confirms that my copy of McAfee was probably already compromised.

As I started poking around my PC to find out what may have changed, what files were added, what services were running and if my system logs recorded any incidents, the Bravesentry program started to remind me to take action as the following message would pop up from time to time (click to enlarge):

A Bravesentry menu item was also added to the Start Programs list. In the folder, there is an “uninstall” program, however attempting to run the uninstall routine failed because Bravesentry is still running. Windows Add/Remove programs was also unable to stop Bravesentry.

Trying to exit Bravesentry (now running in the foreground as well as an icon in the system tray) only resulted in this dialog box which gave you more opportunities to buy their software but no way to exit.

Clicking on the buy button launches your web browser and loads their home page where you get the chance to purchase their software. So considerate:

I tried to go to the Task Manager (using CTR+ALT+Del) but received a message that “Task Manager was disabled by the Administrator.” They thought of everything didn’t they?

I did find one way to stop Bravesentry from starting when you boot your PC and that was by going to Start > Run > msconfig to reach the MS Configuration Utility. If you go to the Startup tab, you can uncheck Bravesentry from your automatic startup routine. Rebooting again, I was able to start my computer without Bravesentry automatically starting and was able to run the Uninstall routine which actually seemed to make it stop running. Of course I don’t exactly believe that my PC is back to normal but at least the program was overtly stopped.

That’s about all I was able to dig up on Bravesentry. Of course, there is still the underlying problem with how it got in and what else is it doing. If I am to believe the report coming from Pandasoftware.com my computer is already deeply compromised. My best recourse at this point is probably a full rebuild. If anyone has additional information about this situation, I’d love to hear about it.