Just to be safe

Hey folks,

Ran an AVAST boot scan 2 nights ago and turned up the following bug: win32-Somoto-J [PUP]. It was located at Users\Jeremy\AppData\Local\Temp\bitool.dll

AVAST suggested it was successfully deleted.

I then ran Malwarebytes yesterday and then again overnight. Turned up a couple of bugs the first time, but the second time suggested they were removed successfully. Nevertheless, I know malware can be insidious and stick around. I’ve attached the two malwarebytes logs along with OTL and Extra per the sticky thread.

I’d appreciate any help making sure that I got my machine cleaned up.

Thanks in advance,
Jeremy

win32-Somoto-J [PUP]
PUP = not virus / Possible Unwanted Program ....crap that usually comes bundled with freeware downloads

http://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/Somoto%20BetterInstaller/detailed-analysis.aspx

Users\Jeremy\AppData\Local\[b]Temp[/b]\bitool.dll
clear all temp folders with TFC cleaner http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

malware experts will be online later and check your logs for leftovers :wink:

Hi,

Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:

emptyalltemp;
autoclean;
emptyclsid;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

Hi there,

I ran the temp cleaner, then also downloaded zoek.exe. avast dinged it as a virus, so I disabled avast and it worked fine. The log is attached. Let me know if there are other steps I need to take.

I also plan to run another avast bootscan when I turn in for the evening for good measure. Happy to do anything else as well.

Is having problems now?

No problems with functioning. In fact, it never was. I just got spooked when I detected a few bugs on the machine and wanted to get some help here to make sure I was clear.

I’m running a boot scan now. Started it last night, but it detected the zoek.exe as a virus and got hung up. Told it to ignore that file and continue scanning this morning. Hopefully, it’ll be done after work. If the boot scan comes back clean do you think I’m in the clear?

Thanks,
Jeremy

zoek.exe not malware, false alarm.

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

greeting.

Hey there,

Ran delfix. Log attached. Any other recommended steps?

Thanks for your help.

Jeremy

I recommended to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

Ive installed MCshield. Do I need to actively start a scan or does it do so automatically? Moreover, are there specific settings you recommend? Do I need to run a scan and then submit a log or do you think I’m good to go?

Other than using MCshield, do you have any other recommendations to ensure my PC is good to go?

There is no need to piling up programs for the protection of.
Your system is now safe.

Ive installed MCshield. Do I need to actively start a scan or does it do so automatically?
MCShield is install and forget. ;)

i think evry question there is to ask about MCShield is asked in this topic and answered by those who tested/created it. http://forum.avast.com/index.php?topic=104046.0

Thanks for all the help!