Member Avatar for mjsilveira

Okay, aside from the snide topic, I'm sitting here working on a computer that has been shown some SmitFraud, SpyAxe, and Vundo love, and I noticed a startup item in msconfig called buritos.exe. Imagine my curiosity. Turns out, googling buritos.exe turns up NOTHING. I know, I'm shocked and amazed, but I still don't know what program this belongs to. Here's it's location in the registry, maybe somebody else here knows what the heck it is.

SOFTWARE\Microsoft\Windows\CurrentVersion\Run\buritos.exe

I also found it in the following locations on the hard drive:

c:\windows\buritos.exe
c:\windows\prefetch\BURITOS.EXE-0A9C7834.PF
c:\windows\system32\buritos.exe

Hope it's not something new and exciting for me to have to fix.

Thanks.

  • 4 Contributors
  • 9 Replies
  • 228 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by mjsilveira
Member Avatar for PhilliePhan

maybe somebody else here knows what the heck it is.
Hope it's not something new and exciting for me to have to fix.

That's a funny one :D

I suggest you upload it for analysis at one or both of the below links:

http://www.virustotal.com/

http://virusscan.jotti.org/

Post the results - I'm sure we'd all like to see what, if anything, the scans find.


Cheers :)
PP

Member Avatar for mjsilveira

Guess I'll be deleting these files... here are the results from the first website you gave me:

buritos.exe
-------------
AhnLab-V3 2008.7.23.0 2008.07.22 -
AntiVir 7.8.1.11 2008.07.22 -
Authentium 5.1.0.4 2008.07.22 -
Avast 4.8.1195.0 2008.07.22 Win32:Renos-KE
AVG 8.0.0.130 2008.07.22 Downloader.FraudLoad.C
BitDefender 7.2 2008.07.23 -
CAT-QuickHeal 9.50 2008.07.22 -
ClamAV 0.93.1 2008.07.23 -
DrWeb 4.44.0.09170 2008.07.22 -
eSafe 7.0.17.0 2008.07.22 Suspicious File
eTrust-Vet 31.6.5975 2008.07.22 -
Ewido 4.0 2008.07.22 -
F-Prot 4.4.4.56 2008.07.22 -
F-Secure 7.60.13501.0 2008.07.22 Suspicious:W32/Malware!Gemini
Fortinet 3.14.0.0 2008.07.23 -
GData 2.0.7306.1023 2008.07.22 Win32:Renos-KE
Ikarus T3.1.1.34.0 2008.07.23 Virus.Win32.Renos.KE
Kaspersky 7.0.0.125 2008.07.23 -
McAfee 5344 2008.07.22 -
Microsoft 1.3704 2008.07.23 TrojanDownloader:Win32/Renos
NOD32v2 3289 2008.07.22 -
Norman 5.80.02 2008.07.22 -
Panda 9.0.0.4 2008.07.23 -
PCTools 4.4.2.0 2008.07.22 -
Prevx1 V2 2008.07.23 Fraudulent Security Program
Rising 20.54.12.00 2008.07.22 -
Sophos 4.31.0 2008.07.23 -
Sunbelt 3.1.1536.1 2008.07.18 -
Symantec 10 2008.07.23 -
TheHacker 6.2.96.385 2008.07.20 -
TrendMicro 8.700.0.1004 2008.07.22 -
VBA32 3.12.8.1 2008.07.22 suspected of Win32.Trojan.Downloader (http://...)
VirusBuster 4.5.11.0 2008.07.22 -
Webwasher-Gateway 6.6.2 2008.07.22 Win32.Malware.gen (suspicious)

BURITOS.EXE-0A9C7834.pf yielded no results.

Member Avatar for PhilliePhan

I'm sitting here working on a computer that has been shown some SmitFraud, SpyAxe, and Vundo love . . .

I think it was a pretty safe assumption that it belonged to the previous malware.

You might be well advised to run the MBA-M and ESET scans in the linky below. I suggest the DSS as well to make sure you got everything......

Read me before posting a request for assistance

Cheers :)
PP

Member Avatar for sur4dude

Well, the computer doesn't like burritos! LOL. I ran into this and you should delete all traces of it from the c:\

Also look for Karina.dat and delete all traces of that.

Member Avatar for Dan Blocker

So how do you fix it ???

Member Avatar for mjsilveira

buritos.exe wasn't detected by any of my anti-spy or anti-virus programs, and I ran at least six. As you can see from my above post, there aren't a whole lot of programs that recognize it as a malicious file. The only reason I noticed it was because I regularly streamline my startups, and I've never seen that one before. The files deleted without incident, and redundant scans came back clean, so I'm not too worried about it. I recommend the following tools for the removal of particularly nasty malware.

SmitfraudFix - for SmitFraud related issues.
Roguefix - Good to run along side SmitfraudFix when it appears.
SUPERantispyware
Panda Anti-Virus - An excellent anti-virus program for one time sweeps, but it eats too much memory to run all the time.
SpySweeper
Spyware Doctor
Norton Scan & Clean - I'm not sure if this is actually available to anyone else, but it's a tool I ended up with at one point that comes in handy regularly.

Of course, the best tool to help you out of a bad situation is Google! Never be afraid to google a problem that you're having. 9/10 times somebody else has been in the same situation. Hope that helps :D.

Member Avatar for sur4dude

Yup, do a google for buritos.exe. It should lead you to a p.o.s. called braviax. There's a bunch of stuff to delete.

Basically boot to safe mode, and delete the bad files. A few that i recall: beep.sys, braviax, buritos.exe, karina.dat Delete those files. They could be in multiple locations too. Look in c:\windows
c:\windows\system32
c:\windows\system32\drivers
c:\windows\prefetch or c:\windows\system32\prefetch (i forget which one it is)

Yes, beep.sys is part of windows, but the file is compromised by braviax.

Look for and download/run combofix.exe in safe mode, spybot search & destroy. Or your favorite av and/or spyware hunting tools. It worked for me. Your mileage may vary.

Hope this helps. Aloha!!

Member Avatar for PhilliePhan

So how do you fix it ???

This malware has been around in various incarnations for a while now.

Anybody wanting help in this Forum should follow the steps in the linky below and then start their own thread. We're just going to ask you to do that anyway ;)

Read me before posting a request for assistance


Best Luck :)
PP

Member Avatar for mjsilveira

malware = satan lol ;)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.