UPS Virus removal - braviax.exe and burito.exe

[laurentio]

Quote:

Originally Posted by Maceter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:40 AM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal--
End of file - 6630 bytes

It's a mess in there. You have multiple infections. Vundo is there too.

Step1.
Download Smitfraud Fix from HERE (download it on C:\)

Step2.
Start, run, type msconfig, press enter.
Go to start-up, click on disable all then ok.
do not restart yet.

Step3.
Add-Remove
uninstall/remove Real VNC.
uninstall/remove Norton. (use this tool)
uninstall/remove PC Tools AntiVirus
uninstall/remove Java
uninstall/remove McAfee
uninstall/remove F-Prot
uninstall/remove TR

Step4.
restart the PC.

Step5.
restart the PC once again and access Safe Mode this time (F8key)

Step6.
In Safe Mode, go to Smitfraud Fix (C drive remeber?) and run it.

Boot back into windows when finished, run RT, restart, Install F-Prot and do a final scan.
Please don't forget to get back to us with a Hijackthis log after all.

regards,

[laurentio]

Quote:

Originally Posted by jrink

EDIT --- I was able to get trojan remover to work, but with the 7/23 (not 7/25) updates as I couldn't "update" since everything (including internet) was broken on the PC. However, running trojan remover with the 7/23 definitions (which is what was installed by default) and renaming it to .cmd from an .exe allowed it to run and remove the ups virus. After a reboot, a LOT more things are working (including .exe files). I'm still going to run F-prot just to be sure.

well done.

[laurentio]

Quote:

Originally Posted by Kristine

There's a new one out - Trojan.Zbot-1715
***end email

thank you Kristine. Will keep an eye on this one too.
xx

[jrink]

I'm really trying to get f-prot going, but the trial key is never emailed to me. How long does it take for them to email you a trial key? I'm not confortable giving the laptop back to the end-user until I know it's showing "ok" from both f-prot and trojan remover.

[laurentio]

Quote:

Originally Posted by jrink

I'm really trying to get f-prot going, but the trial key is never emailed to me. How long does it take for them to email you a trial key? I'm not confortable giving the laptop back to the end-user until I know it's showing "ok" from both f-prot and trojan remover.

try this one:
AE5QJE-362Z9T-Z6X4XT-6BJCT9-U4GM2C-ABLS

Just to make sure the system is clean I would personally install and scan the system with this program too. (download here)

[Colin]

This one got me on an early morning email check as well. I had limited results with F-Prot and TR. Mine had become quite messy as well and I was getting ready to do something drastic but I tried Malwarebytes in a last ditch effort and, to my great suprise, it worked perfectly. It will take much longer than the others suggested but as far as I can tell it's all gone. Here's the link if anyone else to give it a try.
Download here
Thanks for the excellent forum.
Good luck all.

[Maceter]

Thanks. I'm on my way down there now. I'd like to clarify that when you say:

>> Boot back into windows when finished, run RT

do you mean their out of date Symantec, or did you mean "TR", or something else that I missed entirely?

[laurentio]

Quote:

Originally Posted by Maceter

Thanks. I'm on my way down there now. I'd like to clarify that when you say:

>> Boot back into windows when finished, run TR

do you mean their out of date Symantec, or did you mean "TR", or something else that I missed entirely?

Step6.
In Safe Mode, go to Smitfraud Fix (C drive remeber?) and run it.

Boot back into windows when finished with Smitfraud fix scan, once back to windows run TR (trojan remover) once again, follow the instruction, restart when requested, Install F-Prot and do a final scan.
Please don't forget to get back to us with a Hijackthis log after all.

[laurentio]

Quote:

Originally Posted by Colin

This one got me on an early morning email check as well. I had limited results with F-Prot and TR. Mine had become quite messy as well and I was getting ready to do something drastic but I tried Malwarebytes in a last ditch effort and, to my great suprise, it worked perfectly. It will take much longer than the others suggested but as far as I can tell it's all gone. Here's the link if anyone else to give it a try.
Download here
Thanks for the excellent forum.
Good luck all.

Hi Colin,
Thank you for your post. It really depends on which UPS version you have on your computer.
Thank you for the link unfortunatelly I have "finished" all UPS viruses I had on my PC's. Could anyone try this new program and let us know if it works againsr UPS virus please?

[AdamK]

Quote:

Originally Posted by laurentio

Have just found an easier and quicker way to remove UPS virus, burito.exe, braviax.exe and not only.

1. Download F-Prot Antivirus
from here
Install and update and restart when requested.

3. Download TR
from here
Install, update then follow the scanning instructions.

It might take 30 min or maybe more but trust me, it works. I have just cleaned 4 computers.

I was up until 2am trying to clean my wifes laptop. This one digs in deep! It's up and running creating 'buritos' even in safe mode!

F-prot didn't <seem> to do much (that I could tell), but TR did the trick! The buritos were still there, but since the process was no longer running, they were easily deleted.

There wasn't much useful info on the net last night, but this thread was a nice surprise this morning. Nice job!

Adam Koczarski
IT Director
Magnusson Klemencic Associates