Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C

Viruses and worms
1

Hello everyone,

So today as I started up my PC I was immediately told that Avast had found an adware program and I proceeded to put it in the chest and began a start-up scan. It is, frankly, still going, but in all found files there seems to be a pattern; they’re related to one of these three:
Win32: Somoto-J (PUP)
Win32: Somoto F-(PUP)
Win32: SearchProtect-C (Adw)

I know nothing about viruses and how to remove them (just looking at the virus log makes me panic), so I’m desperately in need of help with this. What should I do when the scan is finished? Should I keep the infected files in the chest or delete them? Should I copy my photos, music and documents just in case? Will I be able to get rid of the virus/viruses at all?

2

PUP=Potentially unwanted program (NO VIRUS)

Follow this guide if you want a check: http://forum.avast.com/index.php?topic=53253.0

3

So should I use all the scanners in that thread, or are any of them more important; in that case which ones should I begin with?

4

Needed are ADWCleaner, Malwarebytes, OTL and aswMBR.

Use the attachments and other options option under the answer box to attach them.

When done malware removers will help you. When one arrives follow his instructions.

5

Okay, thank you! My scan is at 64 % and it’s getting really late, should I press esc to abort the scan and turn my PC off, or will it pause correctly if I put it to sleep? I want to avoid starting it up on its own so I probably shouldn’t leave it overnight.

6

I would let it finish.

After that you can turn off your PC. Dont forget to save the log file.

7
Win32: Somoto-J (PUP) Win32: Somoto F-(PUP) Win32: SearchProtect-C (Adw)
these are crapware, and AdwCleaner / Malwarebytes should clear these

still, attach all logs as requested so the removalexpert can check for leftovers…

8

So after getting home from school, I proceeded to do another boot scan (nothing was found this time, I have ~25 files in my virus chest though since yesterday).

Then I used the four different scanning programs; I’ll attach the logs below. :slight_smile:

9

The rest of the scanning logs.

10

Sorry to bump this thread with a double post, but what exactly do I do now? I think I might have succeeded in removing the files (I’ve emptied the chest as well), so can I uninstall the software?

11

Hi,
Let’s just preform some additional checking…

Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…

[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.

[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…

[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:


emptyclsid;
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA};c
installedprogs;
uninstall-list;
C:\Windows\SysWow64\*.tmp;f
C:\Windows\*.tmp;f
filesrcm;
startupall;
firefoxlook;
chromelook;
autoclean;

[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)

[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log

12

Here it is! :slight_smile:

13

Zoek has done the rest of the job. How’s your computer running now?

14

It’s running fine without problems, thanks a lot! :smiley:

One last question: Inside my AdwCleaner folder, there’s a quarantine folder which contains some vir files related to Search Protect. What do I do with these?

15

Let’s remove all used tools.

Re-run AdwCleaner and hit Uninstall button. Then we shall use DelFix for cleaning all used tools, there files and folders…

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

I recommended to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

16

Hi! :slight_smile: Sorry to bother you again, but I proceeded to use delfix and it removed everything except for one folder: zoek_backup
There are three vir files in there, do I need to do something about that?

17

Hm…DelFix should been updated to remove zoek_backup.
Well…please feel free to remove it by yourself. :wink:

18

Done! :smiley:

Also, thanks a million for helping me out with this! I really, really appreciate it ;D

19

:wink:

20

Hello, I’ve been ‘’ Infected ‘’ with the same files. I do not see anything going wrong or slow on my computer, but I’ve detected it doing a Quick Avast Scan. Got all three mentionned here. (SearchProtect-C … SOMOTO-J PUP . etc.) Ran the scans mentionned on the page. Will post two of my Logs into this one. I’ve got one more program to run.