Hello,
Greatly appreciate your help! Avast found Win32: Somoto-J (PUP) and used the guide on Avast Forum to run scans on my computer:
To removalexpert support: what are next steps you recommend? THANK YOU!
Hello,
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.
Then…
Please download GMER, AntiRootkit tool from the link below and save it to your Desktop:
Gmer download link
Note: file will be random named
Double-clicking to run GMER.
[*]Wait for initial scan to finish - if there is any query, click No;
[*]Click Scan button and wait until the full scan is complete;
[*]Click Save … - save the report to the Desktop (named Gmer );
Attach here Gmer logreports.
Then…
Please download Farbar Recovery Scan Tool by Farbar and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Thanks for your instructions!
Attached the scan logs from AdwCleaner, Gmer and FRST as requested… Anymore steps involved beyond this point?
And also the Addition.txt file from FRST you asked for
You attached two addition.txt files…
Re-run FRST, press scan and attach me that report…
Sorry - here it is…
1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
AppInit_DLLs-x32: c:\progra~2\ss-hel~1\psupport.dll [ ] ()
c:\progra~2\ss-hel~1\psupport.dll
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0A0F0Czy0ByByC0AtBtCyDtN0D0Tzu0CyCtAzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=1157714601&ir=
SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=solimmsd&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0A0F0Czy0ByByC0AtBtCyDtN0D0Tzu0CyCtAzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1B1F1I1L1H1H1B1Q&cr=1157714601&ir=
SearchScopes: HKCU - DefaultScope {965A5FFC-7FEB-4478-8313-E80EB88CA82B} URL = http://nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {965A5FFC-7FEB-4478-8313-E80EB88CA82B} URL = http://nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {9A101DBA-6E89-4494-B6AB-4F8AFE6A6738} URL = http://www.search.ask.com/web?p2=%5EB7N%5EYYYYYY%5EYY%5ENL&gct=&itbv=12.3.0.861&o=APN11293&tpid=CME-V7&apn_uid=943C2DE1-788D-40C5-92F3-2E63A2B86684&apn_ptnrs=%5EB7N&apn_dtid=%5EYYYYYY%5EYY%5ENL&apn_dbr=iexplore.exe_6_10.0.9200.16686&doi=2013-09-22&trgb=IE&q={searchTerms}&psv=barid%253D101156972167774242712948535806384944474%2526cargo%253DCME%252DV7%2526spr%253Da%2526did%253D10719%2526ppd%253D
SearchScopes: HKCU - {B7436110-4454-4E66-9B8D-296CB4379CBA} URL = http://www.mysearchresults.com/search?c=2408&t=14&q={searchTerms}
cmd: netsh winsock reset
FF NewTab: about:blank
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF Homepage: hxxp://www.mysearchresults.com/?c=9998&t=01
FF Keyword.URL: user_pref("keyword.URL", "");
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\bolcom-nl.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\marktplaats-nl.xml
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
C:\Program Files\McAfee
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
C:\Program Files (x86)\Common Files\McAfee
CHR Extension: (SearchNewTab) - C:\Users\PAPAEN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kekajanfpjnngndncgobpkihgcknhabc\1.0
CHR Extension: (Google Search) - C:\Users\PAPAEN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
C:\ProgramData\hash.dat
C:\Users\Amy Joy\AppData\Local\Temp
C:\Users\Benjamin\AppData\Local\Temp
C:\Users\papa en mama\AppData\Local\Temp
C:\Users\Sophie\AppData\Local\Temp
cmd: ipconfig /flushdns
hosts:
Task: {601F7D84-9988-4C66-A1EB-48207C325541} - System32\Tasks\Norton Security Scan for papa en mama => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.1.16\Nss.exe [2013-05-07] (Symantec Corporation)
C:\Program Files (x86)\Norton Security Scan
C:\PROGRA~2\NORTON~2
Task: C:\Windows\Tasks\Norton Security Scan for papa en mama.job => C:\PROGRA~2\NORTON~2\Engine\401~1.16\Nss.exe
2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.
How are the things now, any problems?
Performed the steps you instructed with attached log as result. Doc split in two since it was too large for one doc. No issues anymore, browser is faster than before …
Second part of the log
Great 
We’re done here. Let’s clean the tools:
Please download DelFix by “Xplode” to your Desktop.
Run the tool and check the following boxes below;
[] Remove disinfection tools
[] Create registry backup
[*] Purge System Restore
Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt
I don’t need DelFix log report.
Uninstall outdated Adobe Reader and Java, and install latest versions.
Cheers
Buenas tardes!, yo hice un análisis completo y me notificó que varios archivos estaban infectados con win32:somoto-J [PuP], y luego de todas las opciones elegi. ELIMINAR TODO.
Consulta, ¿es esto suficiente para que el virus desaparezca de mi equipo?
Desde ya, muchísimas gracias por su tiempo y atención!
Saudos, Victoria
Hello Violeta,
Do you understand English?
If so please follow this Guide and attach the logs: http://forum.avast.com/index.php?topic=53253.0
Needed are aswMBR, Malwarebytes,OTL, and ADWCleaner.
Please open a new topic for that and you will get help. 
Hola Victoria. Bienvenida al foro.
Este foro es en ingles tienes que seguir esta guia: http://forum.avast.com/index.php?topic=53253.0
y abrir un nuevo topico aqui: http://forum.avast.com/index.php?board=4.0
Si no sabes ingles el unico sitio en español con personal calificado que conosco es este:
http://www.forospyware.com/foro-de-virus-y-spywares/
Por cierto para cualquier otra cosa en español: http://forum.avast.com/index.php?board=25.0
Hello !
Ive found win 32 somoto-j on my laptop 2 days ago. Avast deleted the files which where infected and deleted them.
Can u please help me with the removal of this PUP. I have installed and runned adwcleaner, gmer and farbar do u need the log files or what should i do ?
Thanks in advance.
Please open your own topic.
Attach requested reports → http://forum.avast.com/index.php?topic=53253.0