A fellow blogger by the name of Netsato dropped a comment on my blog about BraveSentry. Curious, I checked out his blog and there’s a detailed writeup about an illegal BraveSentry force-install that probably occurred through the use of the infamous WMF exploit. Apparently his system was not updated with the latest MS security patches, but it was on a test system where nothing important was stored.
Bravesentry is a malicious anti-spyware software that entered my computer via Trojan horse applications manifested in the files “t.inx” and/or “kernels8.exe”. My theory is that i.inx was passed to my computer by visiting a rouge website designed to exploit a pre service pack 2 Windows XP computer. Once inside, my software firewall detected t.inx was requesting access to the Internet which I promptly attempted to block. Apparently to no avail, “kernels8.exe” somehow slipped in to the computer which I also tried to block via my software firewall. After running a full virus scan (which found nothing), I rebooted the computer to be greeted by Bravesentry upon start up notifying me that my computer is infected by spyware and that it will proceed to scan my computer. Needless to say, Bravesentry was uninvited, and also not easy to uninstall. Rather than trying to “fix” this computer, I decided to document the problem as best as I could, and to simply wipe out the hard drive and rebuild the computer.
Link here.
Alex Eckelberry