CM2 Consulting

Update - March 21, 2008

Thanks to all who have written. Many of whom have provided valuable additional information.

Update - March 18, 2008

Good morning.
E mails continue to come in with additional tips and information about removing this and other species of malware. I will continue to post these with the authors' permission as time permits. I should point out that this site is intended to be informational but not necessarily definitive. That is, what worked to remove one particular infection may not work for everyone. If, however, the information here helps just one other user, it will have been worth it.

Improper editing of the registry may have an adverse affect on the operation of your computer. You've probably heard similar warnings before. I've seen highly experienced programmers reduced to tears by the unintended consequences of their misconceived registry hacks. So be advised and proceed with caution. I have been told that messing with the registry of a Dell computer under warranty will void the warranty. If you're having problems with a Dell under warranty you should probably contact Dell support for assistance.

I've got a couple of interesting e mails that I will be posting later...after I get done earning the rent.

Thanks.

Update - March 11, 2008

The instructions below were originally posted on February 8, 2008. They have been useful to numerous users in ridding their machines of this malware. Recently, however, users have run across variants that resist successful removal using the method described below. These variants seem to use a different file from beep.sys to reinstall braviax.exe.

If you are successful in removing one of thes variants and know the name and location of the file that is doing the reinstalling, I'd appreciate it if you would let me know so I can update this page.

Thanks.

Removal of braviax\cru629 malware

Download and install a reputable spyware detection and removal program such as Spyware Doctor which is available free as part of the Google Pack. Spyware Doctor did not detect or remove the braviax/cru629 infection, but is useful in detecting and removing the crap that it downloads.

Disconnect your computer from the Internet. If the crapware can't find the Internet, it can't download any more crap.

Restart your computer from the installation CD in Recovery Console mode. With my PC, I had to hit F12 during the boot process and tell it to boot from the CD ROM. When the "Welcome to Windows Installation" window came up, I pressed R to enter the Recovery Console. (These instructions are specifically for XP.)

Navigate to the Windows directory. (If you are at the C:\> prompt you would type cd windows and hit enter. If you need to back up to get to the C:\> prompt, type cd .. and hit enter until you get there.) Once you are at the C:\WINDOWS> prompt type del braviax.exe and hit enter. When your computer returns to the prompt, type del cru629.dat and hit enter.

Navigate to the System32 directory by typing cd system32 and hitting enter. Once you are at the C:\>WINDOWS\SYSTEM32> prompt type del braviax.exe and hit enter. Then type del cru629.dat and hit enter.

Navigate to the C:\WINDOWS\SYSTEM32\DLLCACHE> directory. Type del beep.sys at the prompt and hit enter.

Navigate to the C:\WINDOWS\SYSTEM32\DRIVERS> directory. Type del beep.sys at the prompt and hit enter.

Type exit and hit enter to exit the Recovery Console and reboot the computer. You will want to reboot in safe mode. To do this on my PC one must begin madly pressing F8 until a boot menu comes up. Once you have booted to safe mode, open regedit (Click on the "Run" option on the Start menu, type regedit into the text box and hit enter). Once the Registry Editor is open, select My Computer. Then click on the Edit menu item and select Find. In the find dialog box type in braviax (you may omit the .exe part so it will find all references to the nastyware.) When the search finds a value or key containing the word braviax, delete it. Keep searching until all instances have been found and deleted. Repeat this process for cru629. When all instances have been found and deleted, close the Registry editor. Your computer should now be clean of this crap. You may run Spyware Doctor, your anti-virus, and Windows Defender (which should now be runnable). Spyware detectors may find crap that braviax downloaded.

The key to keeping the crapware from reinstalling itself seems to be the removal of beep.sys which normally is a legitimate Windows program. It does not seem to be critical to the operation of the computer. Your machine may not now beep upon start up. If you miss the beep, you could find an uninfected computer with the same operating system as yours and replace the file with a copy from it. That may or may not work. Personally, I'll live without the bleeping beep.

Hope this has been helpful. And, if you ever happen to meet someone who writes or propagates this crap, please cut off their fingers.

3/21/2008
Gorki writes from Amsterdam, The Netherlands:

Hello,

During severals days I had an invasion of Braviax and Adware Z.O., and I could not get rid of them. To make things worse braviax was for ever installing Win Reanimator. I have Spyware Doctor but he was powerless against this calamity.

A friend of mine came to help and found your site with the instructions to remove the braviax threat.

And it worked! We thank you for sharing this knowledge with other people and restoring our PC's.

Greetings,
Gorki
Amsterdam

3/19/2008
Larry writes :

Thank you for your instructions for removing the miserable braviax. I couldn’t get my computer into recovery mode for some password reason but I still succeeded. I used Malwarebyte’s Anti-Malware to remove most of the virus but it wouldn’t remove the basic program in System 32 until reboot and upon reboot the virus reloaded from the bogus beep.sys program. So I used the malware program to remove most of the virus and then I deleted the beep program from System 32\Drivers. When the computer went crazy saying I had deleted a system file, I reloaded the beep file from the original disk which, of course, wasn’t infected. Upon reboot, all was well!! By the way, the infected beep file was 36 KB while the original file from the disk was 4 KB. So I do believe the virus was hiding in there! Thanks so much!

3/19/2008
Pete writes from London, England:

Major thanks for posting up a straight forward process for removal of this little blighter. Finding your approach was like a breath of fresh air. BTW, my OS is W2K and I F8'ed on restart and choose 'SAFE mode with Command Prompt' as my way in to delete the files. And it worked.

Cheers,
Pete (London)

3/18/2008
Joseph writes :

I tried your instructions once and they didn't work. I tried again and found out that there were more Registry entries than I thought the first time I tried to clear the registry. Now my system is completely clear of that nastyware! Thank you, thank you, thank you!!! If anyone else has the same problems I had (continuous loop login/logout or system lockup on login), I suggest that they redo your instructions and make sure they keep using the "Find" command in regedit until it locates ALL traces of Bravaix and cru629. Thanks again for the great advice. I had tried two different software systems that said they could get rid of Braviax and didn't, but your manual method saved my computer.

3/18/2008
DC writes :

Thanks for the braviax\cru629 information on your website. It was helpful. I ran into a variant today and was able to disable it with a little extra effort. The braviax symptoms were obvious, and I set out to remove it and cru629. But, cru629 would re-create itself everytime I renamed, moved or deleted it. So I did some further searching (mainly by the day/time of infection (today)).

The other files: us0105.exe, winivstr.exe and delself.bat installed at that time. I'd also found a few other suspicious files which I deleted, (for good measure). Had to boot to DOS and mount the drive with NTFSDOS Pro to delete cru629.

Sincerely, DC.

Click here to see screen shots of DC's adventure.

3/17/2008
RF writes :

CM:

SDFix - a free desktop utility - easily removes Braviax.I don't know if it is required, but I used msconfig to close Startup files before using same. The utility does everything; you only have to know how to open in Safemode.

See http://savemybutt.com/how-to-use-sdfix.exe.html

Click here to read RF's entire note

Would a class action suit slow these guys down?

3/14/2008
Ian writes from Manchester, England:

Another file that's worth looking out for is mljgfec.dll, usually in \%WinDir%\%System%\ and several entries in the registry.

I suspect that this is what is performing the reloads when the files get deleted but I didn't check fully so I'm only guessing.

Thanks for the beep.sys tip; I found the other two easily but that one got past me.

Kind regards
Ian
Manchester, England

3/13/2008
Oscar writes from Syney, Australia:

I too was stumped with this horrible fake warning message for 2 days. (By the way, a dead give away that this was spyware was the spelling and bad grammar. Eg, it spelt "prevent" as "pervent" in the pop up.) After changing to Trend Micro Internet Security 2008 and with the most up to date engine and patterns (13th Mar 2008), it failed to detect it! I followed some out of date solutions (from 2005) but was unsuccessful. I noticed the Braviax.exe running and found your solution immediately. My only problem is that I had forgotten my admin password but I was able to get to a command prompt using an XP Embedded disk!

Thank you... thank you.... thank you. Very much appreciate your efforts.

Oscar
Sydney Australia

Note on Admin password:

When booting to the recovery console, XP asks for the admin password for the computer. The built in Administrator account on XP has, by default, a blank password. Nine times out of ten people do not bother to give the Administrator account a real password and just hitting the enter key upon being prompted for the password will do the trick. Good security practices would dictate that you give the Administrator account an actual password. If you have done that, as Oscar apparently did, and cannot recall the password, you will have to be clever as Oscar was and find a workaround.

3/13/2008
Tim writes:

What a nasty little bugger this one was. I clicked on a link on a site that used to be safe (will need to notify the owner) and it decided to restart my system. Norton woulnd't let it install anything new, but it wouldn't get rid of it. Tried Spy Sweeper also to no avail and most web sites didn't really describe a straighforward fix. Then finally I found your site. The fix took less than 10 minutes and the system appears to be back in perfect running order. Note that I didn't find the files in every location you had listed, but they were there.

Thanks again!

Tim

3/11/2008
Marko writes from Croatia:

Thank you for the removal instructions..These were the only one that helps me after 3 hours of trying to get rid of "red circle with white x inside"..

Thanks

3/10/2008
Roger writes:

Followed your instructions on removing 'braviax/cru629/beep.sys, can easily live without the beep:) Success! Life is much better now on my puter.
Thanks again,
Roger

3/10/2008
Patricia writes from Austin, Texas:
Hello,

I found your site and instructions on Saturday and have been repeating them over an over but I cannot et rid of this thing that has attached itself to my system. After doing everything when I try to re-start my system normally it loads and then it just logs itself off. The only way I can get it to stay up for a while is to re-load my XP Professional and repair the install. So far since Friday when it happened I have purchased some product called Prevx CSI that was guaranteed to remove the Braviax issue, and CA Anti-virus 8.1 Plus for 6 computers even though I only have the problem on one computer.

I work from home and have been down since Friday at 3:29p.m. I cannot get this to cleanup and really would appreciate your help.

In this case I was unable to be of much use to Patricia. She seems to have contracted a variant that uses a different reinstaller and, although we were able to successfully boot up to "Diaganostic Mode", we were unable to actually resolve the problem.

3/9/2008
Bob writes:

C
Thanks for the advice. It cleared my system completely of Braviax and a piece of rubbish called winnreanimator. Like you I should like to cut off the fingers and any other parts of the jerks who write this stuff.
Thanks
BM

2/22/2008
Nicholas writes:

Thanks so much for writing this up, can't imagine how you figured this out! I've been wrestling with this issue for a day and a half. Kaspersky was disabled and couldn't run, other things kept getting installed, a total mess.

Thanks again!

Nicholas

JStapleton writes:

This may take a while, but it absolutely works. I tried everything for three days, and this took me 20 minutes. I suggest you print out the instructions, pay close attention to what you are doing, and you will be successful.

One note not seen in these very helpful instructions is that you must hit "F3" after your first search to continue to search and find all remnants of Braviax and cru629. Removing only one element will not remove the problem.

2/14/2008
Mark writes from Wisconsin:
Hi,

Thank you very much for posting your article at: http://www.cmilner.com/crapware.php about removing this Malware. This one came in on my computer via a web site and what appeared to be a legitimate Java application, which is signed and confirmed by Thawte.

I spent a few hours digging around and trying different things, no luck until I found your site. Apparently this virus even eludes McAfee and others.

Anyway, thank you very much for your time posting that article to your site, it certainly helped me.

Mark

2/14/2008
Mark provides additional information on possible effects of this malware:

Thanks for responding. One thing that I did notice is that it reset my ICQ account password and email address. I use Trillian, I think it yanked that information from Trillian. So, it probably stole my login credentials from my browsers as well. Have you experienced this at all?

Please be alert to possible password harvesting, keylogging, and backdoor opening malware that may have been downloaded subsequent to the original infection.

2/13/2008
Sami writes:
Dear C,
I just want to thank you for the fix you've posted. The rest of the links on google require complex software, etc, etc to get the issue resolved. I followed your advice and got the issue resolved. The only comment I have is that I have a dual-boot with Linux and I just booted from Linux to delete the files (this won't work with all distros since some of them don't support NTFS) but it might be handy for those without the XP CD.
Sami

You are visitor number 42233.


Bleeping Crapware
Even the most experienced and paranoid of users can occasionally have a lapse. One ill-advised click on a malicious link and you find yourself infected by the fruit of some mean person's twisted mind. Getting these things always seems to be easier than getting rid of them. In the case of this braviax\cru629 infection, it took me hours of research and tinkering to finally get rid of it. This malware was detected by Windows Defender as Win32/Renos. The malware promptly terminated Windows Defender's process and would not let it restart. Some Defender! Symantec detected it as PERFCOO and claimed to remove it, which it did not. The effect of the malware seems to mimic those mentioned above. It installs a little application which puts a red circle with a white X in it in your sytem tray and periodically pops up a balloon telling you that your computer is infected and it's going to download a solution and would you please click here. Well, it downloads something, but not anything that could be called a solution. It downloads more spyware, trojans, malware, crapware, etc. To the right you will find some tips on ridding yourself of this crapware which seems to be more prevalent in Europe than in the U.S. and of which all the major anti-virus programs seem to be blissfully unaware. If you have found this helpful or wish to contribute to this page, please e mail me at crapware at cmilner.com Of course, omit the spaces and change the at to an @	Update - March 21, 2008 Thanks to all who have written. Many of whom have provided valuable additional information. Update - March 18, 2008 Good morning. E mails continue to come in with additional tips and information about removing this and other species of malware. I will continue to post these with the authors' permission as time permits. I should point out that this site is intended to be informational but not necessarily definitive. That is, what worked to remove one particular infection may not work for everyone. If, however, the information here helps just one other user, it will have been worth it. Improper editing of the registry may have an adverse affect on the operation of your computer. You've probably heard similar warnings before. I've seen highly experienced programmers reduced to tears by the unintended consequences of their misconceived registry hacks. So be advised and proceed with caution. I have been told that messing with the registry of a Dell computer under warranty will void the warranty. If you're having problems with a Dell under warranty you should probably contact Dell support for assistance. I've got a couple of interesting e mails that I will be posting later...after I get done earning the rent. Thanks. Update - March 11, 2008 The instructions below were originally posted on February 8, 2008. They have been useful to numerous users in ridding their machines of this malware. Recently, however, users have run across variants that resist successful removal using the method described below. These variants seem to use a different file from beep.sys to reinstall braviax.exe. If you are successful in removing one of thes variants and know the name and location of the file that is doing the reinstalling, I'd appreciate it if you would let me know so I can update this page. Thanks. Removal of braviax\cru629 malware Download and install a reputable spyware detection and removal program such as Spyware Doctor which is available free as part of the Google Pack. Spyware Doctor did not detect or remove the braviax/cru629 infection, but is useful in detecting and removing the crap that it downloads. Disconnect your computer from the Internet. If the crapware can't find the Internet, it can't download any more crap. Restart your computer from the installation CD in Recovery Console mode. With my PC, I had to hit F12 during the boot process and tell it to boot from the CD ROM. When the "Welcome to Windows Installation" window came up, I pressed R to enter the Recovery Console. (These instructions are specifically for XP.) Navigate to the Windows directory. (If you are at the C:\> prompt you would type cd windows and hit enter. If you need to back up to get to the C:\> prompt, type cd .. and hit enter until you get there.) Once you are at the C:\WINDOWS> prompt type del braviax.exe and hit enter. When your computer returns to the prompt, type del cru629.dat and hit enter. Navigate to the System32 directory by typing cd system32 and hitting enter. Once you are at the C:\>WINDOWS\SYSTEM32> prompt type del braviax.exe and hit enter. Then type del cru629.dat and hit enter. Navigate to the C:\WINDOWS\SYSTEM32\DLLCACHE> directory. Type del beep.sys at the prompt and hit enter. Navigate to the C:\WINDOWS\SYSTEM32\DRIVERS> directory. Type del beep.sys at the prompt and hit enter. Type exit and hit enter to exit the Recovery Console and reboot the computer. You will want to reboot in safe mode. To do this on my PC one must begin madly pressing F8 until a boot menu comes up. Once you have booted to safe mode, open regedit (Click on the "Run" option on the Start menu, type regedit into the text box and hit enter). Once the Registry Editor is open, select My Computer. Then click on the Edit menu item and select Find. In the find dialog box type in braviax (you may omit the .exe part so it will find all references to the nastyware.) When the search finds a value or key containing the word braviax, delete it. Keep searching until all instances have been found and deleted. Repeat this process for cru629. When all instances have been found and deleted, close the Registry editor. Your computer should now be clean of this crap. You may run Spyware Doctor, your anti-virus, and Windows Defender (which should now be runnable). Spyware detectors may find crap that braviax downloaded. The key to keeping the crapware from reinstalling itself seems to be the removal of beep.sys which normally is a legitimate Windows program. It does not seem to be critical to the operation of the computer. Your machine may not now beep upon start up. If you miss the beep, you could find an uninfected computer with the same operating system as yours and replace the file with a copy from it. That may or may not work. Personally, I'll live without the bleeping beep. Hope this has been helpful. And, if you ever happen to meet someone who writes or propagates this crap, please cut off their fingers. 3/21/2008 Gorki writes from Amsterdam, The Netherlands: Hello, During severals days I had an invasion of Braviax and Adware Z.O., and I could not get rid of them. To make things worse braviax was for ever installing Win Reanimator. I have Spyware Doctor but he was powerless against this calamity. A friend of mine came to help and found your site with the instructions to remove the braviax threat. And it worked! We thank you for sharing this knowledge with other people and restoring our PC's. Greetings, Gorki Amsterdam 3/19/2008 Larry writes : Thank you for your instructions for removing the miserable braviax. I couldn’t get my computer into recovery mode for some password reason but I still succeeded. I used Malwarebyte’s Anti-Malware to remove most of the virus but it wouldn’t remove the basic program in System 32 until reboot and upon reboot the virus reloaded from the bogus beep.sys program. So I used the malware program to remove most of the virus and then I deleted the beep program from System 32\Drivers. When the computer went crazy saying I had deleted a system file, I reloaded the beep file from the original disk which, of course, wasn’t infected. Upon reboot, all was well!! By the way, the infected beep file was 36 KB while the original file from the disk was 4 KB. So I do believe the virus was hiding in there! Thanks so much! 3/19/2008 Pete writes from London, England: C, Major thanks for posting up a straight forward process for removal of this little blighter. Finding your approach was like a breath of fresh air. BTW, my OS is W2K and I F8'ed on restart and choose 'SAFE mode with Command Prompt' as my way in to delete the files. And it worked. Cheers, Pete (London) 3/18/2008 Joseph writes : I tried your instructions once and they didn't work. I tried again and found out that there were more Registry entries than I thought the first time I tried to clear the registry. Now my system is completely clear of that nastyware! Thank you, thank you, thank you!!! If anyone else has the same problems I had (continuous loop login/logout or system lockup on login), I suggest that they redo your instructions and make sure they keep using the "Find" command in regedit until it locates ALL traces of Bravaix and cru629. Thanks again for the great advice. I had tried two different software systems that said they could get rid of Braviax and didn't, but your manual method saved my computer. 3/18/2008 DC writes : Thanks for the braviax\cru629 information on your website. It was helpful. I ran into a variant today and was able to disable it with a little extra effort. The braviax symptoms were obvious, and I set out to remove it and cru629. But, cru629 would re-create itself everytime I renamed, moved or deleted it. So I did some further searching (mainly by the day/time of infection (today)). The other files: us0105.exe, winivstr.exe and delself.bat installed at that time. I'd also found a few other suspicious files which I deleted, (for good measure). Had to boot to DOS and mount the drive with NTFSDOS Pro to delete cru629. Sincerely, DC. Click here to see screen shots of DC's adventure. 3/17/2008 RF writes : CM: SDFix - a free desktop utility - easily removes Braviax.I don't know if it is required, but I used msconfig to close Startup files before using same. The utility does everything; you only have to know how to open in Safemode. See http://savemybutt.com/how-to-use-sdfix.exe.html Click here to read RF's entire note Would a class action suit slow these guys down? 3/14/2008 Ian writes from Manchester, England: Hi Another file that's worth looking out for is mljgfec.dll, usually in \%WinDir%\%System%\ and several entries in the registry. I suspect that this is what is performing the reloads when the files get deleted but I didn't check fully so I'm only guessing. Thanks for the beep.sys tip; I found the other two easily but that one got past me. Kind regards Ian Manchester, England 3/13/2008 Oscar writes from Syney, Australia: I too was stumped with this horrible fake warning message for 2 days. (By the way, a dead give away that this was spyware was the spelling and bad grammar. Eg, it spelt "prevent" as "pervent" in the pop up.) After changing to Trend Micro Internet Security 2008 and with the most up to date engine and patterns (13th Mar 2008), it failed to detect it! I followed some out of date solutions (from 2005) but was unsuccessful. I noticed the Braviax.exe running and found your solution immediately. My only problem is that I had forgotten my admin password but I was able to get to a command prompt using an XP Embedded disk! Thank you... thank you.... thank you. Very much appreciate your efforts. Oscar Sydney Australia Note on Admin password: When booting to the recovery console, XP asks for the admin password for the computer. The built in Administrator account on XP has, by default, a blank password. Nine times out of ten people do not bother to give the Administrator account a real password and just hitting the enter key upon being prompted for the password will do the trick. Good security practices would dictate that you give the Administrator account an actual password. If you have done that, as Oscar apparently did, and cannot recall the password, you will have to be clever as Oscar was and find a workaround. 3/13/2008 Tim writes: What a nasty little bugger this one was. I clicked on a link on a site that used to be safe (will need to notify the owner) and it decided to restart my system. Norton woulnd't let it install anything new, but it wouldn't get rid of it. Tried Spy Sweeper also to no avail and most web sites didn't really describe a straighforward fix. Then finally I found your site. The fix took less than 10 minutes and the system appears to be back in perfect running order. Note that I didn't find the files in every location you had listed, but they were there. Thanks again! Tim 3/11/2008 Marko writes from Croatia: Thank you for the removal instructions..These were the only one that helps me after 3 hours of trying to get rid of "red circle with white x inside".. Thanks 3/10/2008 Roger writes: Followed your instructions on removing 'braviax/cru629/beep.sys, can easily live without the beep:) Success! Life is much better now on my puter. Thanks again, Roger 3/10/2008 Patricia writes from Austin, Texas: Hello, I found your site and instructions on Saturday and have been repeating them over an over but I cannot et rid of this thing that has attached itself to my system. After doing everything when I try to re-start my system normally it loads and then it just logs itself off. The only way I can get it to stay up for a while is to re-load my XP Professional and repair the install. So far since Friday when it happened I have purchased some product called Prevx CSI that was guaranteed to remove the Braviax issue, and CA Anti-virus 8.1 Plus for 6 computers even though I only have the problem on one computer. I work from home and have been down since Friday at 3:29p.m. I cannot get this to cleanup and really would appreciate your help. In this case I was unable to be of much use to Patricia. She seems to have contracted a variant that uses a different reinstaller and, although we were able to successfully boot up to "Diaganostic Mode", we were unable to actually resolve the problem. 3/9/2008 Bob writes: C Thanks for the advice. It cleared my system completely of Braviax and a piece of rubbish called winnreanimator. Like you I should like to cut off the fingers and any other parts of the jerks who write this stuff. Thanks BM 2/22/2008 Nicholas writes: Thanks so much for writing this up, can't imagine how you figured this out! I've been wrestling with this issue for a day and a half. Kaspersky was disabled and couldn't run, other things kept getting installed, a total mess. Thanks again! Nicholas JStapleton writes: This may take a while, but it absolutely works. I tried everything for three days, and this took me 20 minutes. I suggest you print out the instructions, pay close attention to what you are doing, and you will be successful. One note not seen in these very helpful instructions is that you must hit "F3" after your first search to continue to search and find all remnants of Braviax and cru629. Removing only one element will not remove the problem. 2/14/2008 Mark writes from Wisconsin: Hi, Thank you very much for posting your article at: http://www.cmilner.com/crapware.php about removing this Malware. This one came in on my computer via a web site and what appeared to be a legitimate Java application, which is signed and confirmed by Thawte. I spent a few hours digging around and trying different things, no luck until I found your site. Apparently this virus even eludes McAfee and others. Anyway, thank you very much for your time posting that article to your site, it certainly helped me. Mark 2/14/2008 Mark provides additional information on possible effects of this malware: Thanks for responding. One thing that I did notice is that it reset my ICQ account password and email address. I use Trillian, I think it yanked that information from Trillian. So, it probably stole my login credentials from my browsers as well. Have you experienced this at all? Please be alert to possible password harvesting, keylogging, and backdoor opening malware that may have been downloaded subsequent to the original infection. 2/13/2008 Sami writes: Dear C, I just want to thank you for the fix you've posted. The rest of the links on google require complex software, etc, etc to get the issue resolved. I followed your advice and got the issue resolved. The only comment I have is that I have a dual-boot with Linux and I just booted from Linux to delete the files (this won't work with all distros since some of them don't support NTFS) but it might be handy for those without the XP CD. Sami You are visitor number 42233.

"The devil finds work for idle fingers." Proverb