Okay, aside from the snide topic, I'm sitting here working on a computer that has been shown some SmitFraud, SpyAxe, and Vundo love, and I noticed a startup item in msconfig called buritos.exe. Imagine my curiosity. Turns out, googling buritos.exe turns up NOTHING. I know, I'm shocked and amazed, but I still don't know what program this belongs to. Here's it's location in the registry, maybe somebody else here knows what the heck it is.


I also found it in the following locations on the hard drive:


Hope it's not something new and exciting for me to have to fix.


9 Years
Discussion Span
Last Post by mjsilveira

Guess I'll be deleting these files... here are the results from the first website you gave me:

AhnLab-V3 2008.7.23.0 2008.07.22 -
AntiVir 2008.07.22 -
Authentium 2008.07.22 -
Avast 4.8.1195.0 2008.07.22 Win32:Renos-KE
AVG 2008.07.22 Downloader.FraudLoad.C
BitDefender 7.2 2008.07.23 -
CAT-QuickHeal 9.50 2008.07.22 -
ClamAV 0.93.1 2008.07.23 -
DrWeb 2008.07.22 -
eSafe 2008.07.22 Suspicious File
eTrust-Vet 31.6.5975 2008.07.22 -
Ewido 4.0 2008.07.22 -
F-Prot 2008.07.22 -
F-Secure 7.60.13501.0 2008.07.22 Suspicious:W32/Malware!Gemini
Fortinet 2008.07.23 -
GData 2.0.7306.1023 2008.07.22 Win32:Renos-KE
Ikarus T3. 2008.07.23 Virus.Win32.Renos.KE
Kaspersky 2008.07.23 -
McAfee 5344 2008.07.22 -
Microsoft 1.3704 2008.07.23 TrojanDownloader:Win32/Renos
NOD32v2 3289 2008.07.22 -
Norman 5.80.02 2008.07.22 -
Panda 2008.07.23 -
PCTools 2008.07.22 -
Prevx1 V2 2008.07.23 Fraudulent Security Program
Rising 2008.07.22 -
Sophos 4.31.0 2008.07.23 -
Sunbelt 3.1.1536.1 2008.07.18 -
Symantec 10 2008.07.23 -
TheHacker 2008.07.20 -
TrendMicro 8.700.0.1004 2008.07.22 -
VBA32 2008.07.22 suspected of Win32.Trojan.Downloader (http://...)
VirusBuster 2008.07.22 -
Webwasher-Gateway 6.6.2 2008.07.22 Win32.Malware.gen (suspicious)

BURITOS.EXE-0A9C7834.pf yielded no results.


I'm sitting here working on a computer that has been shown some SmitFraud, SpyAxe, and Vundo love . . .

I think it was a pretty safe assumption that it belonged to the previous malware.

You might be well advised to run the MBA-M and ESET scans in the linky below. I suggest the DSS as well to make sure you got everything......

Read me before posting a request for assistance

Cheers :)


Well, the computer doesn't like burritos! LOL. I ran into this and you should delete all traces of it from the c:\

Also look for Karina.dat and delete all traces of that.


buritos.exe wasn't detected by any of my anti-spy or anti-virus programs, and I ran at least six. As you can see from my above post, there aren't a whole lot of programs that recognize it as a malicious file. The only reason I noticed it was because I regularly streamline my startups, and I've never seen that one before. The files deleted without incident, and redundant scans came back clean, so I'm not too worried about it. I recommend the following tools for the removal of particularly nasty malware.

SmitfraudFix - for SmitFraud related issues.
Roguefix - Good to run along side SmitfraudFix when it appears.
Panda Anti-Virus - An excellent anti-virus program for one time sweeps, but it eats too much memory to run all the time.
Spyware Doctor
Norton Scan & Clean - I'm not sure if this is actually available to anyone else, but it's a tool I ended up with at one point that comes in handy regularly.

Of course, the best tool to help you out of a bad situation is Google! Never be afraid to google a problem that you're having. 9/10 times somebody else has been in the same situation. Hope that helps :D.


Yup, do a google for buritos.exe. It should lead you to a p.o.s. called braviax. There's a bunch of stuff to delete.

Basically boot to safe mode, and delete the bad files. A few that i recall: beep.sys, braviax, buritos.exe, karina.dat Delete those files. They could be in multiple locations too. Look in c:\windows
c:\windows\prefetch or c:\windows\system32\prefetch (i forget which one it is)

Yes, beep.sys is part of windows, but the file is compromised by braviax.

Look for and download/run combofix.exe in safe mode, spybot search & destroy. Or your favorite av and/or spyware hunting tools. It worked for me. Your mileage may vary.

Hope this helps. Aloha!!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.