Trojan.Brisv.A
Trojan.Brisv.A is a threat that can be downloaded from file-sharing networks hiding itself on multi-media file. Files infected with Trojan.Brisv.A may trigger Windows Media Player to connect to contracted web sites and download additional virus. Infected file remarkably increased its size by 1,138 bytes after the Trojan append its own code.
Alias: W32/GetCodec-A
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista
How to Remove Trojan.Brisv.A:
FIRST AID TO STOP Trojan.Brisv.A:
This threat is powerful enough to alter the registry and infect legitimate Windows files. Windows’ built-in tool called System Restore can reinstate clean system files by restoring the configuration to an earlier date. This method is possible only if a restore point was created before you got infected with Trojan.Brisv.A. Proceed and restore Windows to previous configuration.
Trojan.Brisv.A REMOVAL TOOL:
1. Download the FixBrisvA.exe
2. Save it to a desired location.
3. After download completes, disconnect the computer from Internet.
4. Computers who are running under operating system Windows ME and Windows XP must disable System Restore.
5. Reboot Windows in Safe Mode.
- After turning on the power, press F8 on the keyboard.
- Select Safe Mode from the menu.
6. Go to FixBrisvA.exe download location on your hard drive.
7. Double click FixBrisvA.exe to run the tool.
8. Let the tool thoroughly scan the computer and perform another scan after rebooting Windows in normal mode.
MANUAL REMOVAL OF Trojan.Brisv.A:
1. Update installed anti-virus application to have the latest definition file.
2. Reboot Windows in Safe Mode
- After turning on the power, press F8 on the keyboard.
- Select Safe Mode from the menu.
3. Thoroughly scan the system and clean/delete all infected file(s). Please see below.
4. Delete/Modify any values added to the registry if present. Refer to associated Windows Registry Entries.
- Click on Start. Search or Run regedit.exe to begin registry editor.
Note: You may refer to links on sidebar for a complete tutorial on Safe Mode and Registry Editor.
5. Exit registry editor and restart Windows.
ADDITIONAL TOOLS AND PROGRAMS:
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove virus and unfamiliar threats without using the traditional AV signatures. Download the tool and start scanning with Norton Power Eraser.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- Trojan.Brisv.A will convert .mp2 and .mp3 files to Windows WMA format.
- It searches and infects media files with following extensions: .wmv, .wma, .mp3, .mp2 and .asf.
- Execution of infected files will open Windows Media Player and hook up to malicious web sites.
Associated Windows Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\PIMSRV
precisesecurity
Jul 20, 2008 @ 08:17:29
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Reboot Windows in Safe Mode. [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
Navigate to and delete the following registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\PIMSRV
Navigate to and restore the following registry entries to their previous values, if required:
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Preferences\”URLAndExitCommandsEnabled” = “0″
HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Extensions\.mp3\”Permissions” = “21″
6. Exit registry editor and restart Windows.
7. In order to make sure that threat is completely eliminated, carry out a full scan of your system using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.
ienai
Jul 26, 2008 @ 03:14:06
Thanks very much.
Gautam Chauhan
Jul 26, 2008 @ 13:52:27
I am using Norton Internet Security. I have tried all things mentioned above, doesn’t work at all. I have also tried Symantec Trojan.Brisv.A removal tool. This also doesn’t work.
Ketul SHah
Aug 08, 2008 @ 11:27:11
Hey, I am also facing Same problem and I have also tried Symantec Brisv.a removal tool and I am also getting same problem. So did you find any other alternative for it? if you get any other help then let me know.
Thanks
Ketul shah
George
Aug 15, 2008 @ 14:43:40
I’m just re-encoding more than two thousand MP3s infected by Brisv.A, it’s a horror… This threat appends a header at the beginning of each media file found on the attached drives and makes them unplayable for most of the media player applications in Windows (Winamp plays the infected files discursively, while Windows Media Player does not play them at all). It seems, that infected media files can be cured by re-encoding them using GStreamer. The MPEG decoder, that comes with GStreamer seems to be very nice as it can play the corrupted files properly. After re-encoding, I can play the files on Windows with any media player application.
It would be nice to find a utility which just deletes the infected parts of the files, but I haven’t found such a utility, yet.
The virus itself may not be dangerous, but if it destroys all of your music files (as in my case), then you probably wish the programmer, who wrote this, a long and painful journey to hell…
George
Aug 18, 2008 @ 08:46:23
I’m working on a small utility, which can heal MP3 files infected by Brisv.A. I need to examine infected files thoroughly, because Brisv.A seems to do something more than just prepending a header.
What Brisv.A Killer already can do:
- Decide if the input file is a valid MP3 music file
- Check if the file is infected by searching a bit pattern on the first 10 KB block of the file
- Locate the first MPEG frame
- Copy everything starting from the first frame
Playing the healed files is possible, but they play like if they’d be seek all the time while playing. Probably Brisv.A adds something to each or some frames, changes frame headers, or something so. I need to examine files a bit more to determine what this Trojan does in fact.
Ketul Shah
Aug 21, 2008 @ 13:37:44
Dear NKM & George,
Thanks for posting for this Trojan. This Trojan has entered in more than 4000 files on my PC. And I have tried all antivirus like Symantec, Kaspersky who claims to remove it but all are useless. So finally I am not getting any solution of it. So if you find any solution or alternate then let me know too. I will be most thankful to you. If anybody needs that infected file for examination I can provide the same.
Thanks
Ketul Shah
INDIA
George
Aug 22, 2008 @ 08:16:50
My utility has been completed, it is able now to disinfect MP3 files, which have been infected by Brisv.A.
I made a simple GUI for it, so it should not be a problem, to use it for inexperienced users.
Use the link below to download:
www. martoncomp.hu/dl/brisvakiller-0.1-gui.zip
The source is available at:
www. martoncomp.hu/dl/brisvakiller-0.1-gui-src.zip
There’s a readme in the archive, don’t forget to read it before using the tool.
It is licensed under GPLv2, so you are free to use, copy or modify it. I hope, this tool will help some people out there.
Ketul Shah
Aug 22, 2008 @ 15:50:59
Dear George,
I am really very much thankful to you for giving so much of personal attention to my matter. I have downloaded the utility created by you and tried to disinfect infected files. But unfortunately, This utility is not at all detecting any infection of Brisv.a in those files and giving message that “No infection found”. So now what to do ? May I have your email id so I can send you that infected file and then you can understand the infection properly and may create utility to clear this infection.
Waiting for your reply,
Ketul Shah
theketul@yahoo.com
INDIA
George
Aug 22, 2008 @ 18:04:14
Dear Ketul,
I wrote an email to you this morning, check your mailbox to get my address (I don’t want to publicize it because of spams, I hope you understand).
The utility I made is searching for a bit pattern on the first 10 KB block of every MP3 music file it finds in the specified directory. This bit pattern can be different for each variant of Brisv (and certainly it is). Your files may have been infected by another threat, or another variant of Brisv.
The bit pattern Brisv.A Killer looks for is a URL. This URL can be different for each variant of Brisv, so that could be the reason, why Brisv.A Killer doesn’t recognize the infected parts in your files.
It would be nice, if you could send an infected file to me by email (please put it into a zip file before attaching), so I could examine it and improve my utility.
Thank you for downloading my software, it was fun to make it!
Best regards
George
Ketul Shah
Aug 23, 2008 @ 05:10:36
Dear George,
Thanks for quick reply , as you mentioned that you have send an email to me but I haven’t received any email yet. So please send it again or you can also buzz instant message on my yahoo id “theketul” for giving your email id.
Thanks
Ketul Shah
INDIA
Ketul Shah
Aug 23, 2008 @ 05:42:47
Dear George,
You can also send your email id to me at theketul@in.com
Ketul Shah
George
Aug 23, 2008 @ 07:47:38
Ketul, I sent another message to your postbox at in.com. I hope, you will get it this time.
George
George
Aug 23, 2008 @ 07:51:39
In case my email doesn’t reach your mailbox: my address is mail.gery [at] gmail [dot] com.
George
shiju
Aug 28, 2008 @ 00:21:56
Dear guys,
I have also the same problem. Around my 500 files are infected the same virus. Please help me to solve it.
Shiju
sameer
Aug 29, 2008 @ 16:00:32
Thanks a lot George, this really helped, I managed to fix almost 150 files.
Great tool!
George
Aug 31, 2008 @ 17:06:59
Dear Shiju,
first of all, run a full virus scan on your system to remove Brisv.A. This is essential, because Brisv.A will infect the healed files right after they get created, if you don’t do so. Once your system is clean, you can safely run my tool to disinfect your music files.
Rubert
Sep 02, 2008 @ 20:06:24
Thanks a lot George. You are a life saver. But I have to delete 45 wma format songs alone. but you have saved me a week work. I appreciate it.
Se Chiang
Sep 05, 2008 @ 09:24:47
Hi George, I already download your link from your post.
Use the link below to download:
www. martoncomp.hu/dl/brisvakiller-0.1-gui.zip
But I can’t use it because it is error, it’s wrote The application failed to initialize properly (0xc00000135).click on ok to terminate the application.
What’s wrong with that George, can you send me the antivirus to my email sechiang@yahoo.com?
Thanks
Adam
Sep 09, 2008 @ 14:34:28
What annoys me is that this is the second time my MP3 collection has been hosed.
The first time, I started working on a GStreamer repair process (like what George on Aug15 suggested – which is how I found this page actually, I wanted to write a repair utility).
What really annoys me as that Symantec have not properly prevented the attack vector from executing. This issue is months old now, and receives little to no attention from Symantec.
If it weren’t for Warcraft, I’d be on BSD and Linux on *every* system in my now.
George
Sep 10, 2008 @ 08:14:31
Se Chiang, please install Microsoft .NET Framework 2.0, it’s required to run Brisv.A Killer.
Se Chiang
Sep 12, 2008 @ 01:16:19
George, I really don’t know much about IT, can you please guide me form zero on how to remove Brisv.A, maybe you can send me an email. Thanks George. Because I don’t understand how to use Microsoft .net framework.
Se Chiang
Sep 12, 2008 @ 06:53:10
Hi George, today I ask my company IT to do follow your guidance because I already said I don’t know much about IT, but this afternoon, my IT said that the program can not be operate because has error in exe file, so George can u email me the program to my email, because I already download the program twice, but still error. Thanks George.
JorgeArgentino
Sep 21, 2008 @ 21:49:31
THANK YOU George!!! Your application FUNCTS and now I’m recovering all my Daisuke Ishiwatary, Heins Zimmer and Martin O’Donnel mp3 files I found 2 observations to make, only to keep the other guys warned.
I am not expecting George make another version to fix this I’m not even telling this irrelevant things are someway related to bugs…
First you may have to copy your Folder and files very close to the “C::” because I found that files very far from the root directory may not be healed but others may… so you would not receive a note for those only if all files are far. result: some files healed and other don’t. Solution: all files you want to heal may be copied first nearest to the root! and 2nd its just something to prevent complainants… You USERS of this spectacular utility shall check first your “mp3 info’s” (sometimes very important to someone) before deleting the infected files, cause the healed loses some info that the mp3 leads. THE QUALITY STAYS 100% THE SAME!!!!!!! THANKS GEORGE YOU made my entire MONTH!!!
George
Sep 22, 2008 @ 14:30:08
My utility cannot copy the ID3 tags from the infected files, that’s why artist/title/album.. information don’t get copied to the healed files.
The easiest solution is to use an online music database service, like CDDB, to fill the ID3 tags for the healed files.
The bug, you mentioned seems a bit strange to me, I didn’t experience any problems with long paths. Infection detection is based on the file signature of the ASF file format, so clean files, or files infected by some other threat may not be healed by Brisv.A Killer.
Daniel (dt192)
Oct 13, 2008 @ 16:57:06
I thought the virus just took the MP3 and put it in an ASF container, which included the embedded link, so I have just been using the stream dumper in ‘MediaCoder’ to take the MP3 back out of the container without any re-encoding and this has been working fine, the problem I’ve been having is dumping WMA streams as when they are dumped they are not in a playable form, any ideas?
Michael
Oct 18, 2008 @ 04:05:30
I know you said that your utility can not copy over the ID3 tags, but is there any way you might put out an update that does, or describe how to edit the open source version to make it do so. If you could that would be most helpful because about 5GB of my music is infected and it would take a LONG time to put that all back in. (I tried it on a couple songs and it worked beautifully, just no ID3 tags…)
THANKS SO MUCH!
George
Oct 20, 2008 @ 11:24:01
I made some additions to the code some weeks ago. The new version is available at the following link:
martoncomp.hu/dl/brisvakiller-0.2-gui.zip
This version automatically copies ID3 information, when available.
AnotherGeorge
Nov 06, 2008 @ 10:08:10
George,
You are a life saver! my updated Norton security did not pick this infection up somehow and it infected all my *.mp3 files. I only picked this infection up after using ESET NOD32 which could only quarantine the infected files.
Another George
AnotherGeorge
Nov 06, 2008 @ 10:10:37
Oh yeah Norton Symantec Bris.A remover tool does not work.
George
Nov 06, 2008 @ 23:07:29
AnotherGeorge,
I’m happy to hear that you could successfully disinfect your files! Thank you for using Brisv.A Killer!
By the way, the code would need some more development to support ID3 version 2 tags (which are a lot more popular in MP3 files nowadays). Could someone give me a helping hand? ID3v2 specification looks quite complicated and I’m not sure how should it be implemented. The good thing is that most MP3 files contain both versions of tag information, so the lack of ID3v2 support should not be a major shortcoming.
motseothata
Nov 09, 2008 @ 09:26:30
I have already removed the virus using Symantec’s fixbrisva tool. But the files were already damaged and they are not fixed. They can only play on wm player, but with a warning. I there anything I can do to restore them?
George
Nov 12, 2008 @ 19:53:11
motseothata,
try to re-encode your files with ffmpeg. Check the following link to download the source code:
ffmpeg.mplayerhq.hu/download.html
You can extract the binaries from the Brisv.A Killer package, as well, if you don’t like compiling.
Use the file “ffmpeg”, if you use Linux or “ffmpeg.exe” if you are on Windows.
kleineheye
Nov 15, 2008 @ 08:27:22
Hi George,
I’ve recently found this site. Great! Thank for your time helping so many people. I’m encountering some additional problems:
- no scanner recognizes my infected mp3s
- but they’re! It’s clearly visible when I’m opening the files in hex-view (e.g. trojan-downloading URL isvbr.net ….)
- your tools works without errors, but extracts only a short period of time (around 1 minute), between 200 and 1200 kb. The short piece isn’t working as well. Though it can be played but the strange noise stays.
I would love to donate, if I would have a tool that fixes my library. Most of it is corrupt and I need it ’cause I’m a professional musician.
Kind regards from Germany, kh
kleineheye
Nov 20, 2008 @ 08:22:05
Hi George,
I have some addition:
Your tool works fine! But: if the file was changed after the infection (e.g. change in ID3-Tags) it cannot be disinfected. In this case I encounter the problems describes in my previous posting. Before changing ID3-Tags the infected filed can be played in WMP. But after a change they won’t work anymore.
Do you see a solution for that?
Kind regards, kh
George
Nov 20, 2008 @ 21:59:15
Hi kleineheye,
I have a presumption, that changing ID3 tags actually rewrites the file header and cleans up the ASF byte pattern at the beginning of the file. This renders the file clean – at least for my utility. Brisv.A Killer uses file headers to decide whethere a file is infected or not. If no valid ASF header is found in the first 10K block of the file, then the file gets ignored.
In your case, you still have infected files, but they seem to be clean to Brisv.A Killer. I’m going to drop a checkbox into the UI, which can be used to disable infection check and re-encode each file immediately. You’ll find a link to the new version, as soon as it is ready. It will take about 2-3 days, I will try to do my best!
kleineheye
Nov 21, 2008 @ 18:26:10
Hi George,
Sounds great! Is there anything I can do to support you? May some of my infected mp3s help analyzing? Please email me and I’ll do anything possible. I keep on waiting.
Kind regards, kh
Brycen
Dec 10, 2008 @ 00:59:19
Symantec does not care. They tried to blame their software error on me. I demanded a refund on the cost of their junkie product and purchased another scanner but the virus has damaged my ability to update a virus scanner. That part I can not undo no matter what I do to repair it.
The most upsetting part of this whole experience is that when I called Symantec to complain about my malfunctioning virus scanner the phone was forwarded to a call center in a country known to create and release said viruses. I was told I would have to pay an extra fee and I would have to allow these foreigners on foreign soil access to banking info and my computer to remove the virus. The FBI on the other hand says to never give those call centers your info because they are safe from American law.
MeliCR
Dec 11, 2008 @ 00:17:28
Well the thing is, I have a hole bunch of songs healed, but whenever I play them or copy them to itunes only the song’s name is showed, and I lose all the album, artist, etc info…
In windows explorer, winamp, or wmp I can see the artists and everything. Why is this not happening in itunes?
Devon
Dec 19, 2008 @ 03:06:17
I tried using your removal tool, it said not responding. I was using Frostwire and I stopped a song less than half way thru the download. Unfortunately it’s got this stinking virus. I am unsure what I Can do. I am freaking out that this can do major damage to my machine. I have removed Frostwire from my PC but I can still open folders from Frostwire and that incomplete song is still there. I can’t delete it and I really need help, George Can you Help me??
George
Dec 24, 2008 @ 08:19:09
Hi Devon,
steps you could take to delete that file:
1, Start your system in safe mode and try to delete the file from there.
2, If you still can’t delete the file, use a live CD (Hiren’s boot cd, Ubuntu install CD…) to boot your system and retry deleting the file
3, If nothing helps, run chkdsk from the Recovery console (it can be run using the Windows install CD)
Corrupted files can’t be fixed with my tool, it’s only able to heal infected files.
Bill
Feb 03, 2009 @ 02:31:59
Ok so I to have this Trojan and Symantec-Norton tells me I have to remove manually which I tried to do but the location HKEY_CURRENT_USER\software\Microsoft\pimsrv does mot exist.
Also I am using Vista so I keep getting Administrator password needed when I try to run their supposed fix. Why do I need a password and who set it.
Kim
Feb 03, 2009 @ 05:06:20
I got this virus from frostwire as well. I am so dumb when it comes to a computer, I’m lucky I can turn it on.I too am running Vista and getting the same message as the above person. If anyone, who has the patience to explain this to me, I would be truly grateful. I know this is said to effect media files, but since I found this Trojan, my computer wont load a messenger. And, it is taking FOREVER to shut down and reboot. Is this part of the virus?
Thanks,
Kim
Lisa
Feb 04, 2009 @ 00:17:42
Hi,
to run the Norton removal you have to right click on the tool and click run as administrator, Norton wanted to rip me off and charge £70 to do this!!
But, I still have the blasted virus there, Norton says its been removed then it comes back again!
Can I completely delete all my Frostwire and Limewire applications and then delete all songs?
will it be gone then?
Lisa
lalixlili
Feb 04, 2009 @ 02:39:41
I’ve uploaded CCleaner and it has removed Trojan Bris Av. When you finish to install it, you click on the shortcut. Then, you click on OPTIONS so that you can select the file (in which the virus is in) and you clean it up. And it will be erased, it takes a few seconds. I hope I’ve helped.
Skyler
Feb 04, 2009 @ 08:53:17
I also just got the trojan.brisv.a and i found using malwarebytes does get rid of it.. it found 1405 infected files and folders and now my computer is clean… to bad i thought norton was protecting me. i went to malwarebot.bytescan.org… hope this helps anyone
kath lukacs
Feb 04, 2009 @ 16:46:28
I also got a Trojan.Brisv.A virus and I have Norton so how the hell did it get in. I ran the removal tool which said it had been removed but on rescanning with Norton the Trojan was still there, so upon instruction I removed Norton and scanned with AVG, no Trojan found. Reinstalled Norton scanned with that no Trojan found scanned it with super antispyware, no Trojan found. Scanned again twice with Norton no Trojan found, scanned with spy bot nor Trojan found. So what the hell happened to it. What I would really like to know as Norton are of no help what so ever is that will this Trojan have got into my email files, as I don’t want to email people and send this Trojan out. I do have Norton on and it scans all incoming and outgoing mail, but feel insecure as it let the Trojan in the first place. Someone please help this is driving me mad.
Many thanks,
Kath
Yessenia
Feb 04, 2009 @ 18:09:07
I got the Trojan.Brisv.A infect my computer. My main concern is if this virus poses any other security threats besides corrupting the music files. I really don’t store personal information in my computer, but I think I may have gone to my bank web sites after I got this virus. I already changed all passwords, but is there anything else I should worry about?
Also, I tried the removal tool, but it just says Trojan not found, and when I re-scan, it says I’m infected. What can I do???!!
Is there any other removal tool I can use? I don’t feel safe even turning on my computer anymore. I also have the Norton antivirus installed, but this didn’t seem to help stop the virus and it cannot delete the Trojan.
Nicole
Feb 05, 2009 @ 10:56:24
It also just showed up on my computer yesterday (feb 4th). I think I will try the CCleaner but will check back again if nothing happened.
People
Feb 05, 2009 @ 22:12:55
Use The Removal Tool On Safe Mode, it works.
elaine
Feb 06, 2009 @ 06:03:34
Hi, the auto-protect results of Symantec keeps on popping up on my screen stating that there is a Trojan.brisV virus in my laptop. I removed the infected file after I found out that it was infected. When I scanned my files with other antivirus like threatfire, it kept on saying that there is no virus in my laptop, but I’m really pissed off with the alert of Symantec. Removing it is also not possible. What will I do to fix it? Thanks a lot~.~
David
Feb 06, 2009 @ 08:05:33
My computer has been infected with the same Trojan virus, and I can’t seem to get rid of it or quarantine it. I use Norton 360 and it finds it, tells me to download this removal tool but the removal tool says I don’t have the Trojan on my computer, but yet when I run the virus scan, it still pops up! What am I going to do?
derey01 @ Yahoo.com
sandy
Feb 06, 2009 @ 08:18:05
Hi, same thing happening with me. I’m so frustrated. I keep removing it with Norton tool and I have Norton 360 but it keeps reappearing. Please help.
naughtysandy27 @ yahoo.co.uk
kath lukacs
Feb 06, 2009 @ 15:12:22
Hi Anny,
I got the same virus, ran removal tool which told me no virus, scanned again with Norton told me still had the virus, removed Norton and scanned with various other things e.g. AVG, Spybot and Super antivirus, reinstalled Norton scanned with that and found no virus. I deleted the 4 music files it had infected and scanned with Norton again yesterday and it is still showing up with no virus, so something I did must have removed it. I have tech support with PC World, and I rang them this morning as I too am scared of sending mail etc, and they told me that this won’t attach itself to mail as it comes through music downloads, and also if the virus had still been there Norton would have picked it up and also Norton scans emails going in and going out. I sent an email from my computer and back to it just to check the scanning of it, and it scanned ok, and there was no virus. Hope this has been of some help.
Kath
Ken
Feb 06, 2009 @ 18:07:47
Sandy, the Symantec utility you download does not work on this Trojan. The virus alert also tells you what to do if the utility does not work. Try the following, which I got from the Symantec notice. It worked for me. I am using Vista
First find the infected file. If Symantec keeps telling you it’s on the computer, hit ‘details’ on the antivirus notice and it will locate your file. That’s true even if the utility says it cannot find the file. If you have been swapping music files on a P2P network, it’s one of your recent MP3 downloads in all likelihood.
When it says sign on as administrator, that’s you usual sign on if you are the only user of the PC. Then go to your start button at the lower left of your screen, click it and go to control panel, using classic view. Then click on user account control, and unclick the box on the UAC. Hit OK, restart your computer.
Then go to the start menu, hit all programs, accessories, run. Type in msconfig. (without a period.) Then OK, then on the menu, click on ‘boot’ then click on the ‘safe boot’ box. Then restart.
That restarts the computer in safe mode. Then you go to start menu and find the infected file using explorer. Delete it.
Then restart again, (you’ll be in safe mode) then start menu to all programs to accessories to run msconfig again, and uncheck the safe mode boot.
Then restart and you’re home free.
At least that sequence worked for me.
alan rugby
Feb 08, 2009 @ 00:40:04
Took me all day to sort it out. For something so easy, boot up in safe mode. Find file with virus and delete it. Empty recycle bin. Has to be done in safe mode.
Cindy
Feb 08, 2009 @ 03:38:43
I used the trojan.Brisv.A removal tool from Symantec in SAFE MODE and it worked fine. I also ran a second virus scan after restart and only a tracking cookie was found. I did try it the regular way and it said the virus wasn’t there but the instructions clearly say if it fails use SAFE MODE. It took roughly 1 hour to thoroughly scan and locate the virus.
I also got a log file that showed me exactly what files were infected- two music files placed in Itunes by a friend when they charged their Ipod. I have already told everyone of my friends that my computer is no longer a charging station. Itunes has been permanently deleted along with any libraries that it saved in the process.
Before you bash it try it again in SAFE MODE then if it doesn’t work come back and bash it.
Steve
Feb 08, 2009 @ 05:54:56
If you are having problems with the removal tool, run the scan, then examine the detail of the Trojan. It will list the infected files. Boot into safe mode and delete the files from within safe mode. The virus will be gone. Run a final scan to be sure. I must say that Symantec screwed the pooch on this one. Their removal tool sucked. My only saving grace was examining the detail of the Trojan found and I just deleted the file. I know you may not want to hear this, but I would not try to save the infected files. Just get them deleted.
Julia
Feb 08, 2009 @ 11:21:38
On the frustration with Norton, that they let the Trojan in the first place, then they detect it for you, then wants $100 to fix it. I’ve read the whole string here, copied sections that are pertinent, heading off to fix my computer now. Thanks to all who have sorted this out ahead of me, can’t thank you enough!
Jack
Feb 08, 2009 @ 14:09:15
Alan, your method worked great (Alan Rugby post dated Feb. 8, 2009). The Brisv.A Trojan is no longer on my computer. Symantec was not as clear as your instruction. Thank you for posting.
Jack
Feb 08, 2009 @ 14:11:28
Ooops, sorry it was post by Ken dated Feb. 6, 2009 that gave instructions on removing Brisv.A
Remy
Feb 08, 2009 @ 19:50:01
I have used the CCleaner that someone meant earlier on this forum.
In this program you can click on the folder that is infected and let it delete that special folder.
It worked on my computer and now it’s gone!
So people, download the CCleaner and let it delete your map with the infected files.
Gaurav
Feb 08, 2009 @ 21:54:35
Thanks a lot for the post Ken dated Feb. 6th 2009. The Symantec tool failed to work for me too. I had to boot up in Safe mode and delete the infected files. And then remove them from the recycle bin..
Doc
Feb 08, 2009 @ 22:43:32
Norton charged me $99 also to remove it. Their agent did not remove the virus during our session so I called back to schedule another session. I scheduled a call back time and they never called at the time they said they would. At this point I did my own research and figured out how to remove it myself. I don’t remember the exact sequence of steps I used but the solution is outlined here. It basically involved noting what the infected files are, where they are and removing them in safe mode. Also, empty the recycle bin. And now Norton has changed their removal info on their site.
I requested a refund for the agent session and they did refund me. It’s worth trying if you’ve been charged and they haven’t removed the virus.
Ruddin
Feb 09, 2009 @ 17:30:25
Just tried to find details of infected file 2 are music files but two others are classified as a ‘Restricted Item’ Permission required.
Norton also state ‘Not Safe to Remove’. What other options do I have?
Timian
Feb 09, 2009 @ 21:11:33
If you want the Trojan removed, just start your computer in safe mode, and run the Symantec removal tool, and it will be gone.
mary
Feb 10, 2009 @ 05:59:30
George I am not very computer literal but can you help me fix this. My email is baby_ladie89 @ hotmail.com
Alex
Feb 10, 2009 @ 06:45:50
Wondering if someone can help me out here. I just got this same problem, and I read all the posts about it just now. That tool by George did not work, and I’m going crazy about it.
What can I do if the virus is on my External Hard drive? I tried to rename the file, and it allowed me to do that, but when I try to delete, its doesn’t!
I’m running Windows Vista 32bit, and Norton picks it up as a threat, but only gives me the option to review it, and I followed those steps with the Removal tool, and nothing!
Please help.
a_correa4@yahoo.com
shannon
Feb 10, 2009 @ 10:41:19
Ccleaner worked a treat for me!
matt
Feb 11, 2009 @ 03:00:23
I am having the same problem with this damn thing. screw Norton they are just trying to make a dollar. truth be known I will bet they did this since times are hard with the economy trying to get money. If anyone can help me remove this I will be so happy, slipknoteclipse [at] AOL [dot] com that is my email. Please help me, I beg.
Anicm
Feb 11, 2009 @ 05:42:08
I got the virus off of my computer by removing the infected files in Safe Mode and then the ones that said restricted/permission needed. I just removed them using Norton in regular mode. Good luck!
Jan Fazio
Feb 11, 2009 @ 08:09:40
I have a Trojan Brisv.A! virus. I have taken multiple steps to remove it with no progress. Nothing can detect it (beside Norton and it says “needs manual removal” which linked me to the tools that don’t work.) I used ATF, and a number of other cleaners including, AVP Tool. The AVP could not find it I was wondering if you would like me to email you the file that the virus is in. However I won’t if you don’t say so because I would not want to email any one with this virus. Note, it has not seemed to cause major problems for me, yet I don’t know if it is because I use iTunes instead of Windows Media Player.
Gary
Feb 11, 2009 @ 21:09:43
Here’s what worked for me on 2/9/09: Downloaded the removal tool from Symantec, restarted computer in safe mode and ran the removal tool. Restarted the computer in normal mode and ran a complete system virus scan which indicated no signs of the virus. Subsequently complete system virus scans every night since then have indicated no furthere signs of the virus.
Prior to 2/9/09 the removal tool didn’t work but I think Symantec has revised the removal tool once they realized the removal tool wasn’t working. Good luck!
Jan Fazio
Feb 11, 2009 @ 23:54:31
I rebooted computer in safemode, deleted the file and folder. Next I emptied the recycle bin and it was gone. Didn’t find any thing else after running multiple scan with different tools. Could this really have worked?
Danny
Feb 12, 2009 @ 02:44:40
I had this same Virus, and I agree with many on his particular thread –
Restart computer in SAFE MODE, locate infected file(s) – and try to manually delete in recycle bin.
Then restart Windows normally – run comprehensive scan – NO VIRUS SHOULD BE FOUND.
If this does not work – Try using the Fix.Brisv.Removal Tool (in normal & safe mode)
If still no luck – reply to this thread, and I’ll get back to you.
Danny
Feb 12, 2009 @ 02:48:24
P.S. Is it just me, or does everyone who had this virus have trouble viewing videos on Youtube?
It states that I don’t have the correct Adobe Flash Player installed – when I already do!
And, or my javascript has been turned off – which it hasn’t!
Anyone who had the virus and have now got rid of it, could you be kind enough to let me know if you have the same problem with Youtube.
Many Thanks
Ruddin
Feb 12, 2009 @ 18:06:38
I managed to get rid of he virus in Safe mode following Danny’s tip. However for some reason I now can no longer access any websites even though the system says I am logged on and have ‘connection’. I have run a windows diagnosic scan for the connection failure and the message appears to imply that some sort if firewall is preventing access to the web. I’m on the verge of calling Internet Heroes!
Jan Fazio
Feb 12, 2009 @ 22:40:29
Thanks for the reply Danny it worked just fine. I cant believe it. I did not have any trouble watching videos. My Internet did run slower though.
To ruddin: You probably are behind some firewall find it and turn it off.
Jan Fazio
Feb 13, 2009 @ 00:04:41
To ruddin, I apologize for the last post I was unclear. What I meant was there are many different ways to configure a firewall and you need to find the port or whatever is blocking your access. It is not safe to turn your firewall off. Just set it in default settings, it is a lot more effective than nothing.
millie
Feb 13, 2009 @ 01:30:03
It worked!
I booted in safe mode then ran the Fix.Brisv.Removal Tool from Norton and it removed the virus without a problem.
Thanks!
Ben
Feb 13, 2009 @ 23:12:05
Symantec tool? They’re probably the ones who are propagating this virus. I have (and until now) was paying for a Norton subscription, and they want to charge me $100.00 to remove the Trojan.
Heidi
Feb 14, 2009 @ 02:12:16
I’ve got the same problem, so is this fault with Norton? I’ve run the Symantec removal tool an it tells me there’s no virus. Then I restart, and Norton tells me it found a virus. What happened?
zoran
Feb 14, 2009 @ 10:33:01
Heidi, I have the same problem like you I don’t know what I have to do? I want to know if I use system recovery, will my computer problem be solve or not?
Remy
Feb 14, 2009 @ 18:10:08
I said before, if you’re not so computer technically inclined, you can download the CCleaner.
It will remove your infected files if you select the map that it must remove. That’s how easy it is!
Lois
Feb 15, 2009 @ 01:54:40
I just removed this virus from my computer. You need to read carefully when removing this virus. Mine, I would have to manually remove the virus and it showed me the infected file. Needless to say removing the song that was attached didn’t work so I had to delete my entire iTunes library and software but that is a small price to pay considering what it could have cost me to have the PC repaired. So make sure Norton’s removal tool for this virus isn’t telling you to manually removed it before going any furthere.
Kevin
Feb 15, 2009 @ 01:59:06
It takes forever to download George’s removal tool. I’m living in the US and apparently my location only allows me to download at 50 BYTES per second!
Kevin
Feb 15, 2009 @ 02:04:22
If anyone could upload George’s removal tool somewhere or send it as an attachment to my email, I would greatly appreciate it!
Mynoona
Feb 15, 2009 @ 21:28:13
I tried a few times using the FixBrisvA.exe tool to remove Trojan.Brisv.A from my computer. I disconnected from the Internet and ran the tool but it kept telling me that Trojan.Brisv.A was not found.
Then after reading some of the posts just now, I decided to try running my laptop in Safe Mode. To do this, I Restarted my computer and when it rebooted I repeatedly pressed the F8 key and when the options came up on the screen, I selected SAFE MODE. From the desktop, I ran the FixBrisvA.exe tool again, this time I was told the virus had been removed. I’ve now restarted my computer and live in hope! Worth a try!
zoran
Feb 15, 2009 @ 22:57:05
Dear Mynoona,
Which system do you use Vista or XP?
And what are the different between those systems?
Matthew
Feb 15, 2009 @ 23:41:35
This works people.
Download the FixBrisv of Symantec and save to your desktop. Restart your PC under safe mode using F8. That’s the bit they don’t tell you to do. Run your scan and there you go, virus gone. Your problem is now solved.
Mat
Kevin
Feb 16, 2009 @ 01:04:47
Not so much Mat. My case is different from everyone else’s because I had the infected file, but I used System Restore to get rid of it. Now I’m suffering from very high lag, and cannot find any trace of the Trojan, and none of these programs can find it because the file isn’t really here.
Mynoona
Feb 16, 2009 @ 08:18:48
Hi Zoran
I’m not very good at the technical differences but I think the major changes in security is that it’s supposed to be improved to stop hackers getting into your hard drive and to prevent spyware getting onto your system. The Windows Defender tool seems to be already present instead of having to download and parental control features.
Having said that I run all of this and Norton regularly.
Janelle
Feb 18, 2009 @ 00:57:03
I’m not very good at technical things, I have removed the music file to recycle bin, then emptied it. Norton says trojan.brisv.a! is gone I am not sure, I have restarted in safe mode and ran the tool again then back to normal mode and scanned again, I am not sure if it is gone or not. How can I be sure.
shane
Feb 19, 2009 @ 13:58:25
Hey. I just want to know. Does trojan.brisv.a destroys or infect music files ONLY?
shane
Feb 19, 2009 @ 14:04:54
George. hello. I’m Shane. In my case,there are only two files infected in my laptop. What should i do? Can you help me?
Brad
Mar 23, 2009 @ 19:25:30
Hi George…
I tried to download your brisv.killer, but i think your site is down or something. Could you PLEASE email me your latest version! I had a copy of it but it got deleted by mistake!
Thanks a lot
Brad
Paul
Apr 06, 2009 @ 19:34:14
Thanks to all who suggested running the Symantec removal tool in safe mode. I had already run it several times without success in normal mode and was getting quite annoyed (sometimes Norton really does suck!). I am semi-literate technically so I know I was doing everything correctly. Finding the solution here helped me to keep my sanity. Again, many thanks! (It would be nice if Norton would tell folks to boot in safe mode to run their tool.)
Barbara
Apr 07, 2009 @ 12:38:40
Reading all of the details from all of you i am so lost. I deleted the 2 files that were infected with the virus – I ran Norton who only detected the stupid files 4 months after they have been nicely sitting on my PC. Got scared and deleted the files (also from the recycle bin). Then i did all the things you guys were referring to and Norton is stating no Trojan is left on my PC, but my PC seems to be having problems, including i am getting a hard drive smart error message. can this virus be causing system issues? What if I do a complete reinstall of my PC – reinstall everything, would that work? If this would work, how do i then clean up all my music which is on an external hard disk? Any help would be appreciated as i also don’t want to fund the Norton fund any more as their help is useless.
Elaine
Jun 22, 2009 @ 09:11:04
I have this Trojan, it prevents my Internet browsers from connected to any websites at all and initially I thought I had an Internet provider problem. Norton has removed it twice and my laptop appeared to be fixed and working well then again it wont display any pages.
Any ideas?