Botemezu.exe?

system · February 7, 2010, 11:17pm

My machine had been down for a few days because my CPU fan had died and I had to order a new one. I got everything in and working again, and had been using my machine for a few days now with no issues. But today I went to plug my headphones in, and like usual my Realtek thing comes up to ask me what I plugged in, but I also get an alert from Avast saying that I have something called Botemezu.exe located in my System32 folder, I was kind of hesitant but I sent it to Chest. From what I’ve read it’s got something to do with IE. But it’s also making Chrome pop up with Windows to “Best Online Shop For AntiVirus” and other crap, that luckily seems to be getting blanked out by AdBlock. I’m not sure how to get rid of this, I’m going to try running Adaware, then Spybot Search and Destroy and see what else is found…

Pondus · February 7, 2010, 11:38pm

Check you computer for malware

Malwarebytes http://filehippo.com/download_malwarebytes_anti_malware/
UPDATE and run quick scan, click on “REMOVE SELECTED” to quarantine any infections found and restart

SUPERAntiSpyware http://filehippo.com/download_superantispyware/
Are cookies really spyware and are they dangerous?
http://www.superantispyware.com/supportfaqdisplay.html?faq=26

Boot time Avast Antivirus Scanning
http://www.digitalred.com/avast-boot-time.php

come back and post scan logs here if anything is found

DavidR · February 7, 2010, 11:45pm

I don’t believe it has anything to do with IE as there are zero hits for Botemezu.exe and only one for Botemezu.dll, which is highly suspicious for a file in the system32 folder or associated with IE. So are you sure this is the correct file name ?

So I would allow avast to send it to the chest.

If you haven’t already got this software suggested by Pondus (freeware), download, install, update and run it and report the findings (it should product a log file).

Don’t worry about reported tracking cookies in SAS they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.

system · February 8, 2010, 7:36am

Well I sent Botemezu.exe to the chest, it didn’t seem to be connected to anything important so later after reboot (and unplugging/replugging my headphones) I deleted it. When I did the Spybot SnD scan, it turned up the follwing : ClickBank, DoubleClick, MediaPlex, Rightmedia, and “Virtumond.sdn,” everything could be deleted except for the last thing. After that I tried Adaware and it found something called Win32.Worm.Gaobot - this also seemed to not be removable, but Adaware said it’d try upon next reboot. I rebooted, and ran Spybot again, and Virtumonde.sdn was still there. I looked up workarounds and one said to try doing the scan in SafeMode so I did another SnD in Safemode, it -said- it deleted Virtumonde but when I booted back into regular Windows there it was again, as were the annoying pop ups (even when going to this forum, guess it just does it everytime you go to a page).

I downloaded the Malwarebytes software (another person I talked to on Yahoo Messenger mentioned it) when I installed there was an error saying it couldn’t locate mbam.exe, when I went to the folder I installed to, the exe was nowhere to be found. Friend said to go on another machine not infected, install the MalwareBytes and update its stuff and then burn it to a CDR and run that on my machine. It worked and I performed a full scan, found 16 items. Most related to “Vundo” something or other, and one thing that was keeping the Security Center icon from loading in the tray. I let it do its “delete upon reboot” thing and did another scan just to make sure it really removed everything, 0 results so I guess it did.

Don’t quite know exactly how the stuff that got on my comp did, as I have AdBlock on both Firefox and now Chrome too after they added extensions. Equally wierd was the fact that that Botemezu thing didn’t trigger Avast until I plugged my headphones in. But anywho, thanks for directing me to Malwarebytes. It seems to do a much better job than SnD and Adaware.

system · February 8, 2010, 8:39am

ohshi vundo nooooooo

Good thing you managed to deal with it, Malwarebytes has saved around a dozen computers that I’ve worked with from Vundo. Nice to know everything’s OK now.

DavidR · February 8, 2010, 3:37pm

AdBlock Plus on firefox isn’t a security add-on, far from it.

So I would suggest NoScript and RequestPolicy add-ons for firefox. Whilst these can be a bit of a pain in the rear when first installed as they block by default and you have to accept what sites to allow. However, it doesn’t take long to build up the database for those sites you regularly visit.

You have to exercise care in what sites you allow and temporarily allowing for sites you don’t know well and don’t visit regularly it is better to only temporarily allow, if they need to have scripts run for their functionality.

system · February 15, 2010, 4:22am

Thanks, I will try to find the extensions you reffer to, and hopefully there are identical extensions for Chrome. I had been temporarily using Chrome as it seemed like an interesting browser, and they had just released a new version that could use extensions. Firefox hogs resources and sometimes will jump to a crazy ammount of cpu usage, Chrome uses less, but I also want to make sure it’s totally safe before I use it again. I read elsewhere that Avast doesn’t scan traffic from Chrome, and that I have to manually set the LAN settings in Options to use Avasts’ proxy so it will scan content.

DavidR · February 15, 2010, 2:33pm

Chrome is way behind as far as add-ons are concerned, NoScript is supposed to be in development for it but nothing yet.

Wrong, avast will scan HTTP port 80 traffic in the same way as other supported browsers. Since avast5 offers the option of installing Google Chrome when you install avast5 (and avast5 is included in the google apps package), I would hope that it supports it ;D

system · February 16, 2010, 4:03am

Ahhhh, must have been an older post that I read that at (about needing to change the LAN / Proxy settings in Avast to force it to scan Chrome). I’m still using version 4.7 of Avast that a friend gave me, and have just been updating the virus database, not the program. Kinda afraid to update to a new version, as the last time I did it messed things up. I think something got corrupted during the updating process (I’m on Clearwire, which is pathetically slow and cuts out at random) How resource heavy is Avast5, and more importantly is there a free version and what are the features? (possibly a stupid question).

DavidR · February 16, 2010, 4:23am

On my system 5.0 is lighter on resources than 4.8 was.

Yes there is a free version.

system · February 16, 2010, 4:30am

Avast Free Features cited here, http://www.avast.com/free-antivirus-download

system · February 16, 2010, 9:52am

try to scan your pc to keep it cleaned using: http://malwarebytes.org

Good Luck and GOD Bless…

Botemezu.exe?

Announcements