Rogue software details: BraveSentry

BraveSentry is a rogue security application. In order to remove it, find out what files and registry entries to look for below.

Known system changes:

Files
c:\Desktop\bravesentry.lnk
c:\Windir\desktop.html
c:\Desktop\BraveSentry
c:\Desktop\BraveSentry.lnk

Folders
c:\StartupPrograms\bravesentry
c:\ProgramFiles\bravesentry
c:\CommonPrograms\brave-sentry
c:\StartMenu\Programs\Brave-Sentry
c:\StartMenu\Program\Brave-Sentry
c:\StartMenu\Programos\Brave-Sentry
c:\UserProfile\Start Menu\Programs\StopingSpy
c:\UserProfile\StopingSpy

Registry entries
Key: HKEY_CURRENT_USER\software\bravesentry
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\run
Value: BraveSentry
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\run
Value: brave-sentry
Key: HKEY_CURRENT_USER\software\brave-sentry
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\
currentversion\uninstall\bravesentry
Key: HKEY_LOCAL_MACHINE\software\virusblasters
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\
currentversion\uninstall\brave-sentry
Key: HKEY_CURRENT_USER\software\brave-sentry
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\
currentversion\uninstall\brave-sentry
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\run
Value: brave-sentry
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\policies\activedesktop
Value: noaddingcomponents
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\policies\activedesktop
Value: nochangingwallpaper
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\policies\activedesktop
Value: nocomponents
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\policies\activedesktop
Value: nodeletingcomponents
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\policies\activedesktop
Value: noeditingcomponents
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\policies\activedesktop
Value: nohtmlwallpaper
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\policies\explorer
Value: classicshell
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\policies\explorer
Value: forceactivedesktopon
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\policies\explorer
Value: noactivedesktop
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\run
Value: windows update loader
Key: HKEY_CURRENT_USER\software\bravesentry
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\
currentversion\uninstall\bravesentry
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\run
Value: bravesentry
Key: HKEY_CURRENT_USER\software\stopingspy
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\
currentversion\uninstall\stopingspy
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\run
Value: stopingspy
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\policies\activedesktop
Key: HKEY_CURRENT_USER\software\microsoft\windows\
currentversion\policies\system
Value: wallpaper
Key: HKEY_CURRENT_USER\control panel\desktop
Value: pattern
Key: HKEY_LOCAL_MACHINE\software\microsoft\
internet explorer\desktop\general
Value: wallpaperfiletime
Key: HKEY_LOCAL_MACHINE\software\microsoft\
internet explorer\desktop\general
Value: wallpaperlocalfiletime

Source: Lavasoft Malware Lab’s Rogue Gallery.




Share this