Author Topic: Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C  (Read 35551 times)

0 Members and 1 Guest are viewing this topic.

Offline xephini

  • Newbie
  • *
  • Posts: 10
Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C
« on: November 03, 2013, 10:15:10 PM »
Hello everyone,

So today as I started up my PC I was immediately told that Avast had found an adware program and I proceeded to put it in the chest and began a start-up scan. It is, frankly, still going, but in all found files there seems to be a pattern; they're related to one of these three:
Win32: Somoto-J (PUP)
Win32: Somoto F-(PUP)
Win32: SearchProtect-C (Adw)

I know nothing about viruses and how to remove them (just looking at the virus log makes me panic), so I'm desperately in need of help with this. What should I do when the scan is finished? Should I keep the infected files in the chest or delete them? Should I copy my photos, music and documents just in case? Will I be able to get rid of the virus/viruses at all?



Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3638
Re: Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C
« Reply #1 on: November 03, 2013, 10:17:53 PM »
PUP=Potentially unwanted program (NO VIRUS)

Follow this guide if you want a check: http://forum.avast.com/index.php?topic=53253.0
SAMSUNG Galaxy S7 Edge, Android 8.0, Sophos Mobile Security

Offline xephini

  • Newbie
  • *
  • Posts: 10
Re: Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C
« Reply #2 on: November 03, 2013, 10:26:37 PM »
So should I use all the scanners in that thread, or are any of them more important; in that case which ones should I begin with?

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3638
Re: Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C
« Reply #3 on: November 03, 2013, 10:32:22 PM »
Needed are ADWCleaner, Malwarebytes, OTL and aswMBR.

Use the attachments and other options option under the answer box to attach them.

When done malware removers will help you. When one arrives follow his instructions.
SAMSUNG Galaxy S7 Edge, Android 8.0, Sophos Mobile Security

Offline xephini

  • Newbie
  • *
  • Posts: 10
Re: Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C
« Reply #4 on: November 03, 2013, 10:38:22 PM »
Okay, thank you! My scan is at 64 % and it's getting really late, should I press esc to abort the scan and turn my PC off, or will it pause correctly if I put it to sleep? I want to avoid starting it up on its own so I probably shouldn't leave it overnight.

Offline Secondmineboy

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3638
Re: Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C
« Reply #5 on: November 03, 2013, 10:51:49 PM »
I would let it finish.

After that you can turn off your PC. Dont forget to save the log file.
SAMSUNG Galaxy S7 Edge, Android 8.0, Sophos Mobile Security

Offline Pondus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 35246
Re: Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C
« Reply #6 on: November 03, 2013, 11:26:59 PM »
Quote
Win32: Somoto-J (PUP)
Win32: Somoto F-(PUP)
Win32: SearchProtect-C (Adw)
these are crapware, and AdwCleaner / Malwarebytes should clear these

still, attach all logs as requested so the removalexpert can check for leftovers...

Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline xephini

  • Newbie
  • *
  • Posts: 10
Re: Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C
« Reply #7 on: November 04, 2013, 08:17:56 PM »
So after getting home from school, I proceeded to do another boot scan (nothing was found this time, I have ~25 files in my virus chest though since yesterday).

Then I used the four different scanning programs; I'll attach the logs below. :)
« Last Edit: November 04, 2013, 09:16:55 PM by xephini »

Offline xephini

  • Newbie
  • *
  • Posts: 10
Re: Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C
« Reply #8 on: November 04, 2013, 08:18:44 PM »
The rest of the scanning logs.

Offline xephini

  • Newbie
  • *
  • Posts: 10
Re: Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C
« Reply #9 on: November 10, 2013, 10:51:01 AM »
Sorry to bump this thread with a double post, but what exactly do I do now? I think I might have succeeded in removing the files (I've emptied the chest as well), so can I uninstall the software?

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4227
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C
« Reply #10 on: November 10, 2013, 11:50:26 AM »
Hi,
Let's just preform some additional checking...


Please download zoek.zip or zoek.rar by smeenk () from here or here and save it to your Desktop.
Unpack the archive...
  • Close any open browsers
  • Temporarily disable your AntiVirus program. (If necessary)
    If you are unsure how to do this please read this or this Instruction.

  • Double click on zoek.exe to run the tool .
    Please wait while the tool does not start...

  • Copy the text present inside the code box below and paste it into the large window in the zoek tool:
Code: [Select]
emptyclsid;
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA};c
installedprogs;
uninstall-list;
C:\Windows\SysWow64\*.tmp;f
C:\Windows\*.tmp;f
filesrcm;
startupall;
firefoxlook;
chromelook;
autoclean;

  • Click on button.
    Please wait until a logreport will open (this can be after reboot)

  • Save notepad to your Desktop and attach here zoek-results.log
    Note: It will also create a log in the C:\ directory named "zoek-results.log"

Offline xephini

  • Newbie
  • *
  • Posts: 10
Re: Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C
« Reply #11 on: November 10, 2013, 02:57:31 PM »
Here it is!  :)

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4227
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C
« Reply #12 on: November 10, 2013, 03:55:57 PM »
Zoek has done the rest of the job. How's your computer running now?

Offline xephini

  • Newbie
  • *
  • Posts: 10
Re: Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C
« Reply #13 on: November 10, 2013, 11:54:39 PM »
It's running fine without problems, thanks a lot! :D

One last question: Inside my AdwCleaner folder, there's a quarantine folder which contains some vir files related to Search Protect. What do I do with these?

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4227
    • Ambulanta MyCity Forum - ASAP Member
Re: Win32 Somoto-J PUP, Somoto-F PUP and SearchProtect-C
« Reply #14 on: November 11, 2013, 01:30:38 AM »
Let's remove all used tools.

Re-run AdwCleaner and hit Uninstall button. Then we shall use DelFix for cleaning all used tools, there files and folders...


Please download DelFix by "Xplode" to your Desktop.

Run the tool and check the following boxes below;
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt


> I don't need DelFix log report.




I recommended to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity -  Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.