Author Topic: win32: SOMOTO-J [PUP]  (Read 8051 times)

Offline ardso

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
win32: SOMOTO-J [PUP]
« on: August 21, 2013, 12:18:31 PM »
hELLO, my pc got infected with WIN32: SOMOTO-J [PUP] i got it in virus chest, windows run very slow, could some one guide me how to deal with this problem. :(:(:(:(

Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21781
  • Gender: Male
    • Personal Message (Offline)
Re: win32: SOMOTO-J [PUP]
« Reply #1 on: August 21, 2013, 12:30:19 PM »
what was the name and full location of the file detected...

PUP = not a virus / Possible Unwanted Program .... a program that can be good or bad if abused

usually this is crap that comes bundlet with other downloads, like toolbars/adware
but also legit factory installed programs are classed as PUP bc of what they can do, so you need to know what it is before you take any action


googling a bit this seems to be some adware crap that comes with a download
https://www.virustotal.com/nb/file/47ed16bcf8ad37d53965c3fab1ecb7ed886a6167e497033e623791a682fba0c9/analysis/
http://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/Somoto%20BetterInstaller/detailed-analysis.aspx

Quote
Somoto BetterInstaller is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.



« Last Edit: August 21, 2013, 12:38:35 PM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline Pondus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 21781
  • Gender: Male
    • Personal Message (Offline)
Re: win32: SOMOTO-J [PUP]
« Reply #2 on: August 21, 2013, 12:37:04 PM »
if you have this, you may have more crap since your computer is slow....

follow instructions here and run AdwCleaner  and Malwarebytes   http://forum.avast.com/index.php?topic=53253.0

post logs here...
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline soardo

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: win32: SOMOTO-J [PUP]
« Reply #3 on: August 21, 2013, 02:46:52 PM »
Hi it's me again my pass stop working for email and forum, so i created new account

Offline soardo

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: win32: SOMOTO-J [PUP]
« Reply #4 on: August 21, 2013, 02:48:12 PM »
and the rest of logs, whats next ?

Offline soardo

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: win32: SOMOTO-J [PUP]
« Reply #5 on: August 21, 2013, 04:28:52 PM »
aswMBR log

Offline argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1344
  • Gender: Male
    • Personal Message (Offline)
Re: win32: SOMOTO-J [PUP]
« Reply #6 on: August 21, 2013, 04:32:43 PM »

Please download zoek.exe and save it to your desktop.

  • Close any open browsers.
  •   Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.



  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...


  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]

filesrcm;
startupall;
skipfix-iedefaults;
firefoxlook;
chromelook;

  • Click on button
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log

    Note: It will also create a log in the C:\ directory named "zoek-results.log"



Offline soardo

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: win32: SOMOTO-J [PUP]
« Reply #7 on: August 21, 2013, 07:40:23 PM »
I download zoek.exe  first comodo block it  but as you ask i turn off all security programs, than when i try to launch it its say i got no permision to run this file so i check whats going on and i found zoek running i task mannager

Problem signature:
   Problem Event Name: BlueScreen
   OS Version: 6.1.7601.2.1.0.256.1
   Locale ID: 1045

Additional information about the problem:
   BCCode: 109
   BCP1: A3A039D8974FF801
   BCP2: B3B7465EE9CE331B
   BCP3: FFFFF880009F0540
   BCP4: 0000000000000002
   OS Version: 6_1_7601
   Service Pack: 1_0
   Product: 256_1

Files that help describe the problem:
   C: \ Windows \ Minidump \ 082113-23712-01.dmp
   C: \ Users \ ard \ AppData \ Local \ Temp \ WER-388848-0.sysdata.xml

Read our online privacy statement:
   http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0415

If privacy statement online is not available, please read our privacy statement offline:
   C: \ Windows \ system32 \ en-US \ erofflps.txt


Offline argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1344
  • Gender: Male
    • Personal Message (Offline)
Re: win32: SOMOTO-J [PUP]
« Reply #8 on: August 21, 2013, 07:54:23 PM »
Is it just Comodo firewall or antivirus?

Offline argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1344
  • Gender: Male
    • Personal Message (Offline)
Re: win32: SOMOTO-J [PUP]
« Reply #9 on: August 22, 2013, 10:25:44 AM »
This way we will check what cause BSOD.


Download WhoCrashed from here:
http://www.resplendence.com/download/whocrashedSetup.exe

This program will try to verify the analysis, which is the cause of driver error.
Note: This program requires installation.



Double-click to start the installation, and click Next .
  • Check I accept the agreement and then the Next .
    The program install to that location, and under that name by the program you offer.
  • Click Next and in the next window, click Next
  • Check Create a Desktop Icon and then click Next and then Install .



    After you've installed WhoCrashed program, run it.

    Note: If you get message that it look like this:



    Click Download the requested file from the Microsoft site now and wait for the process to
    download additional files and installation is complete.





    >> When the program starts, click Analyze .
    When scanning is done,click OK .

  • Right-click on the area of the page with the report and select Select All, .
  • Right-click on the area of the page with the report and select copy
  • Open a new Notepad and select past to copy the contents of the logo in the notepad.
Now you can close the program.

Please attach here notepad with that logreport.

Offline soardo

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: win32: SOMOTO-J [PUP]
« Reply #10 on: August 25, 2013, 09:52:17 AM »
I got Comodo Internet Security Premium and Avast :P I will remove avast once i resolve this problem. Like i said i got in avast virus chest few files and im not sure if is safe to delete it.

Offline soardo

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: win32: SOMOTO-J [PUP]
« Reply #11 on: August 25, 2013, 09:56:21 AM »

--------------------------------------------------------------------------------
Welcome to WhoCrashed (HOME EDITION) v 4.02
--------------------------------------------------------------------------------

This program checks for drivers which have been crashing your computer. If your computer has displayed a blue screen of death, suddenly rebooted or shut down then this program will help you find the root cause and possibly a solution.

Whenever a computer suddenly reboots without displaying any notice or blue screen of death, the first thing that is often thought about is a hardware failure. In reality, on Windows most crashes are caused by malfunctioning device drivers and kernel modules. In case of a kernel error, many computers do not show a blue screen unless they are configured for this. Instead these systems suddenly reboot without any notice.

This program will analyze your crash dumps with the single click of a button. It will tell you what drivers are likely to be responsible for crashing your computer. It will report a conclusion which offers suggestions on how to proceed in any situation while the analysis report will display internet links which will help you further troubleshoot any detected problems.

To obtain technical support visit www.resplendence.com/support

Click here to check if you have the latest version or if an update is available.

Just click the Analyze button for a comprehensible report ...



--------------------------------------------------------------------------------
Home Edition Notice
--------------------------------------------------------------------------------

This version of WhoCrashed is free for use at home only. If you would like to use this software at work or in a commercial environment you should get the professional edition of WhoCrashed which also allows analysis of crashdumps on remote drives and computers on the network and offers a range of additional features.

Click here for more information on the professional edition.
Click here to buy the the professional edition of WhoCrashed.


--------------------------------------------------------------------------------
System Information (local)
--------------------------------------------------------------------------------

computer name: ARD-S0
windows version: Windows 7 Service Pack 1, 6.1, build: 7601
windows dir: C:\Windows
CPU: AuthenticAMD AMD Athlon(tm) X2 Dual-Core QL-64 AMD586, level: 17
2 logical processors, active mask: 3
RAM: 2951135232 total
VM: 2147352576, free: 1914568704




--------------------------------------------------------------------------------
Crash Dump Analysis
--------------------------------------------------------------------------------

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

No valid crash dumps have been found on your computer

--------------------------------------------------------------------------------
Conclusion
--------------------------------------------------------------------------------

Crash dumps are enabled but no valid crash dumps have been found. It may be that there are problems which prevent crash dumps from being written out. Check out the following article for possible causes: If crash dumps are not written out.

In case your computer does experience sudden reboots it is likely these are caused by malfunctioning hardware, power failure or a thermal issue. To troubleshoot a thermal issue, check the temperature using your BIOS setup program, check for dust in CPU and motherboard fans and if your computer is portable make sure it's located on a hard surface. Otherwise it's suggested you contact the support department of the manufacturer of your system or test your system with a memory test utility for further investigation.

Check out the following articles for more information: Troubleshooting sudden resets and shut downs.

Read the topic general suggestions for troubleshooting system crashes for more information.

Note that it's not always possible to state with certainty whether a reported driver is actually responsible for crashing your system or that the root cause is in another module. Nonetheless it's suggested you look for updates for the products that these drivers belong to and regularly visit Windows update or enable automatic updates for Windows. In case a piece of malfunctioning hardware is causing trouble, a search with Google on the bug check errors together with the model name and brand of your computer may help you investigate this further.

Offline argus

  • Anti Malware Fighter _ ASAP_
  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 1344
  • Gender: Male
    • Personal Message (Offline)
Re: win32: SOMOTO-J [PUP]
« Reply #12 on: August 25, 2013, 10:08:48 AM »
 I will remove avast once i resolve this problem. Like i said i got in avast virus chest few files and im not sure if is safe to delete it.
Quote


The system can be only one antivirus
Deleting Avast, deleted and virus.


WhoCrashed not display the BSOD.




 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now