0

Okay, aside from the snide topic, I'm sitting here working on a computer that has been shown some SmitFraud, SpyAxe, and Vundo love, and I noticed a startup item in msconfig called buritos.exe. Imagine my curiosity. Turns out, googling buritos.exe turns up NOTHING. I know, I'm shocked and amazed, but I still don't know what program this belongs to. Here's it's location in the registry, maybe somebody else here knows what the heck it is.

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\buritos.exe

I also found it in the following locations on the hard drive:

c:\windows\buritos.exe
c:\windows\prefetch\BURITOS.EXE-0A9C7834.PF
c:\windows\system32\buritos.exe

Hope it's not something new and exciting for me to have to fix.

Thanks.

4
Contributors
9
Replies
10
Views
9 Years
Discussion Span
Last Post by mjsilveira
0

Guess I'll be deleting these files... here are the results from the first website you gave me:

buritos.exe
-------------
AhnLab-V3 2008.7.23.0 2008.07.22 -
AntiVir 7.8.1.11 2008.07.22 -
Authentium 5.1.0.4 2008.07.22 -
Avast 4.8.1195.0 2008.07.22 Win32:Renos-KE
AVG 8.0.0.130 2008.07.22 Downloader.FraudLoad.C
BitDefender 7.2 2008.07.23 -
CAT-QuickHeal 9.50 2008.07.22 -
ClamAV 0.93.1 2008.07.23 -
DrWeb 4.44.0.09170 2008.07.22 -
eSafe 7.0.17.0 2008.07.22 Suspicious File
eTrust-Vet 31.6.5975 2008.07.22 -
Ewido 4.0 2008.07.22 -
F-Prot 4.4.4.56 2008.07.22 -
F-Secure 7.60.13501.0 2008.07.22 Suspicious:W32/Malware!Gemini
Fortinet 3.14.0.0 2008.07.23 -
GData 2.0.7306.1023 2008.07.22 Win32:Renos-KE
Ikarus T3.1.1.34.0 2008.07.23 Virus.Win32.Renos.KE
Kaspersky 7.0.0.125 2008.07.23 -
McAfee 5344 2008.07.22 -
Microsoft 1.3704 2008.07.23 TrojanDownloader:Win32/Renos
NOD32v2 3289 2008.07.22 -
Norman 5.80.02 2008.07.22 -
Panda 9.0.0.4 2008.07.23 -
PCTools 4.4.2.0 2008.07.22 -
Prevx1 V2 2008.07.23 Fraudulent Security Program
Rising 20.54.12.00 2008.07.22 -
Sophos 4.31.0 2008.07.23 -
Sunbelt 3.1.1536.1 2008.07.18 -
Symantec 10 2008.07.23 -
TheHacker 6.2.96.385 2008.07.20 -
TrendMicro 8.700.0.1004 2008.07.22 -
VBA32 3.12.8.1 2008.07.22 suspected of Win32.Trojan.Downloader (http://...)
VirusBuster 4.5.11.0 2008.07.22 -
Webwasher-Gateway 6.6.2 2008.07.22 Win32.Malware.gen (suspicious)

BURITOS.EXE-0A9C7834.pf yielded no results.

0

I'm sitting here working on a computer that has been shown some SmitFraud, SpyAxe, and Vundo love . . .

I think it was a pretty safe assumption that it belonged to the previous malware.

You might be well advised to run the MBA-M and ESET scans in the linky below. I suggest the DSS as well to make sure you got everything......

Read me before posting a request for assistance

Cheers :)
PP

0

Well, the computer doesn't like burritos! LOL. I ran into this and you should delete all traces of it from the c:\

Also look for Karina.dat and delete all traces of that.

0

buritos.exe wasn't detected by any of my anti-spy or anti-virus programs, and I ran at least six. As you can see from my above post, there aren't a whole lot of programs that recognize it as a malicious file. The only reason I noticed it was because I regularly streamline my startups, and I've never seen that one before. The files deleted without incident, and redundant scans came back clean, so I'm not too worried about it. I recommend the following tools for the removal of particularly nasty malware.

SmitfraudFix - for SmitFraud related issues.
Roguefix - Good to run along side SmitfraudFix when it appears.
SUPERantispyware
Panda Anti-Virus - An excellent anti-virus program for one time sweeps, but it eats too much memory to run all the time.
SpySweeper
Spyware Doctor
Norton Scan & Clean - I'm not sure if this is actually available to anyone else, but it's a tool I ended up with at one point that comes in handy regularly.

Of course, the best tool to help you out of a bad situation is Google! Never be afraid to google a problem that you're having. 9/10 times somebody else has been in the same situation. Hope that helps :D.

0

Yup, do a google for buritos.exe. It should lead you to a p.o.s. called braviax. There's a bunch of stuff to delete.

Basically boot to safe mode, and delete the bad files. A few that i recall: beep.sys, braviax, buritos.exe, karina.dat Delete those files. They could be in multiple locations too. Look in c:\windows
c:\windows\system32
c:\windows\system32\drivers
c:\windows\prefetch or c:\windows\system32\prefetch (i forget which one it is)

Yes, beep.sys is part of windows, but the file is compromised by braviax.

Look for and download/run combofix.exe in safe mode, spybot search & destroy. Or your favorite av and/or spyware hunting tools. It worked for me. Your mileage may vary.

Hope this helps. Aloha!!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.