Taquito.exe - What is it?

[McoreD]

Hi All,

Have you guys heard of this file?

No AntiVirus software I know detects this.

All I know about it:

Creates a RESTORE folder in the root folder

Creates a sub folder which will look like a Recycle Bin

Inside the folder S-1-5-21-1482476501-1644491937-682003330-1013 there is Taquito.exe

Creates an autorun.inf with the following:

[autorun]
open=RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
shell\open\default=1

A google results gave no results. 18 hours ago there is one result:

http://www.google.com.au/search?q=Taquito....lient=firefox-a

Thanks,

McoreD

[Yusuf M. Veteran]

Nope, never heard of it. I can't find anything about it on the net either. It must be some kind of worm if it does what you mentioned.

[+Thom Vee Subscriber²]

Hi All,

Have you guys heard of this file?

No AntiVirus software I know detects this.

All I know about it:

Creates a RESTORE folder in the root folder

Creates a sub folder which will look like a Recycle Bin

Inside the folder S-1-5-21-1482476501-1644491937-682003330-1013 there is Taquito.exe

Creates an autorun.inf with the following:

[autorun]
open=RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
shell\open\default=1

A google results gave no results. 18 hours ago there is one result:

http://www.google.com.au/search?q=Taquito....lient=firefox-a

Thanks,

McoreD

I tried a search for this string "S-1-5-21-1482476501-1644491937-682003330-1013" and google came up with this. Trendmicro has a reference to WORM_IRCBOT.AQ, so this might be a variant of it.

[fatboyuk]

If you still have the file, try uploading it to http://www.virustotal.com/ - that checks it with a load of AV products.

[McoreD]

Thanks - I still have the file.

Only the following AVs detected it:

AntiVir - - HEUR/Crypted

Authentium - - W32/Heuristic-210!Eldorado

CAT-QuickHeal - - (Suspicious) - DNAScan

eSafe - - Suspicious File

F-Prot - - W32/Heuristic-210!Eldorado

NOD32 - - Win32/AutoRun.ABZ

Norman - - W32/Malware.EBZP

Panda - - Suspicious file

Prevx1 - - Worm

SecureWeb-Gateway - - Heuristic.Crypted

Sunbelt - - VIPRE.Suspicious

TrendMicro - - PAK_Generic.001

I was using Symantec EndPoint Protection (AntiVirus 11) and it couldn't detect it.

May be time to replace AV. I thought SEP was one of the best AVs out there.

[primexx]

Thanks - I still have the file.

Only the following AVs detected it:

AntiVir - - HEUR/Crypted

Authentium - - W32/Heuristic-210!Eldorado

CAT-QuickHeal - - (Suspicious) - DNAScan

eSafe - - Suspicious File

F-Prot - - W32/Heuristic-210!Eldorado

NOD32 - - Win32/AutoRun.ABZ

Norman - - W32/Malware.EBZP

Panda - - Suspicious file

Prevx1 - - Worm

SecureWeb-Gateway - - Heuristic.Crypted

Sunbelt - - VIPRE.Suspicious

TrendMicro - - PAK_Generic.001

I was using Symantec EndPoint Protection (AntiVirus 11) and it couldn't detect it.

May be time to replace AV. I thought SEP was one of the best AVs out there.

NOD32 or KAV are the best.

If it spreads by itself it's certainly malicious, and you want to get rid of it, regardless of what it actually is.

[anonymous_user]

Do NOT replace your AV because of one file. Maybe next week youll find another file that Symantec detects but your new AV doesnt.

Remember that no AV is perfect.

[Argote]

Do NOT replace your AV because of one file. Maybe next week youll find another file that Symantec detects but your new AV doesnt.

Remember that no AV is perfect.

He does have a point.

[Kami-]

What is it?

Well... quite simply, a worm.

[Malskazz]

What is it?

Well... quite simply, a worm.

[Snakehn]

Taquito? now viruses are coming from mexico or something LOL?

[deep1234]

I have never seen a virus that works on vista up until now. :blink:

[_BeanZ_]

Taquito? now viruses are coming from mexico or something LOL?

I've seen burrito.exe before - maybe someone's working there way through the menu.

[Kami-]

I have never seen a virus that works on vista up until now. :blink:

Virii will work but only if you let them, this is no acception... if you let it work it will, if you use UAC and take preventative steps this won't be an issue.

[fatboyuk]

I have never seen a virus that works on vista up until now. :blink:

I have never seen anything work on vista, full stop ;)

[freeza]

i wonder what it does to your system other than folder creation...

[Ci7]

I have never seen a virus that works on vista up until now. :blink:

the have hard time getting in with all security built-in

viruses need compatibility update to work in vista of which MS refuse to offer ;)

uac at work ...

[McoreD]

i wonder what it does to your system other than folder creation...

It didn't do anything to my system folders because I am running Vista as a Limited User. It would have been successful in XP with Administrator rights but I used to run XP as Limited User too (but it was more troublesome than in Vista). :)

[gollux]

Thankfully most malware authors are still programming for Windows 95. As long as this is the case, Limited User Accounts do a pretty good job of preventing system infection. I'm still running Windows XP (Have always run LUA) and still am amazed at how many programs still require being run as administrator. True, that's what that right click "Run As..." menu item is for, but for shame! If you aren't installing, there's no reason. Needing Power User or below means your programmers still are in the Windows 3.0 world.

[anonymous_user]

^ Actually I think most malware writers stopped targetting Win9x. They want to go after the majority of users (XP/Vista) dont they?

[kjordan2001]

I've seen burrito.exe before - maybe someone's working there way through the menu.

Let me know when they get to tequila.exe, then it'll have a true worm ;)

[darren89]

Do NOT replace your AV because of one file. Maybe next week youll find another file that Symantec detects but your new AV doesnt.

Remember that no AV is perfect.

+1

yeah..agree with that.

[Kronir]

Taquito? now viruses are coming from mexico or something LOL?

Its an illegal immigrant looking for better employment opportunities! :p

Seriously, whatever it is, it sounds bad; I say deep-six it pronto. ;)

[ninjamunky]

You should try Hijack This. It scans your processes and then you can submit the log to their site and it gives you a breakdown of trusted, questionable, and known intruders. That'd probably get tagged in the log scan.

[Kami-]

You should try Hijack This. It scans your processes and then you can submit the log to their site and it gives you a breakdown of trusted, questionable, and known intruders. That'd probably get tagged in the log scan.

Right... we already know this is a malicious file...

[microchip092]

Hi there,

I know how to stop Taquito.EXE from functioning, without endangering you restore files.

The details are on my website, Virus Alert!, and the program you need is linked to. The URL is:

http://virusalert.weebly.com/t.html

Hope this helps. Worked for me.

Taquito.EXE is a worm, by the way.

:spam: