Question : Unable to remove buritos.exe trojan from UPS email

i have a win XP Pro machine that is infected by the buritos.exe trojan (UPS email). I have tried everything possible with no success. I'm unable to run hijackthis or combofix it seems it blocks the process of these files. I also have tried renaming the files. I was able to delete the winivstr.exe and the cru629.dat file but it keeps putting the burito.exe file in the startup. any help is appreciated

Answer : Unable to remove buritos.exe trojan from UPS email

SDFix might help here...it will target the cru629.dat entry and file. I would run it then try combofix again.

Download SDFix (by Andy Machesta) and save it to your Desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Double click on SDFix.exe. It should automatically extract a folder called SDFix to your system drive (usually C:\). Please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Open the SDFix folder and double click on RunThis.bat to start the script.
Type Y and press Enter to begin the script.
It will start cleaning your PC and then prompt you to press any key to Reboot.
Press any key to restart the PC.
Your system will take longer than normal to restart as the fixtool will be removing files.
When the desktop loads the Fixtool will complete the removal and display Finished.
Press any key to end the script and to load your desktop icons.

A text file should automatically open,
Please do not post the log into the comment window. Use "Attach File" under the comment window to post the log.

Please also upload a fresh HijackThis log.
Random Solutions  
 
programming4us programming4us