Win32:Somoto-J [PUP]

[jprieto]

Hi,

After a BSoD I decided to perform an AV scan on my computer, and it found that a file called bitool.dll (C:\Users\(...)\AppData\Local\Temp) was infected. I put it on quarantine and performed analysis with MBAM, OTL and  aswMBR. (You can find the logs attached in this post).

Is it safe to erase the infected file?

Thanks for your help.

P.S. I cannot attach the OTL log because it has a size of 575 kb. Should I split in two parts?

[Secondmineboy]

You can split the OTL Log.

Please wait for an malware expert, he will help you to remove this PUP.

[Pondus]

Since it was located in a temp folder ... yes

And it was not infected

Win32:Somoto-J [PUP]   

PUP = not virus / Possible Unwanted Program
Google somoto and you find out what it is     

[jprieto]

First part of the OTL log attached.

I googled it, but one of the first results was very scary!  From one of the first results:

the Win32: Somoto-J (PUP) virus can take advantage of system bugs and open a backdoor for remote hackers. No doubts that your computer and privacy will be under high-risk due to the presence of Win32: Somoto-J (PUP) virus.

[jprieto]

And here is the second part of the log.

[Pondus]

http://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/Somoto%20BetterInstaller/detailed-analysis.aspx

PUP.Optional.Somoto is a generic detection given by a security company Malwarebytes Anti-Malware to identify adware or unwanted program that adds various security risks on the computer. PUP.Optional.Somoto was made to control the home page and settings of affected browser. PUP.Optional.Somoto detection normally applies to threat that alters home page settings, loads toolbar, installs FLV Player, and set unknown search engine. The purpose is simply to promote the program, which in return will gain profit for adware authors.

Harmful hijacker that was tagged as PUP.Optional.Somoto is capable of changing the home page without giving you any way to reverse whatever has done. Even removing and reinstalling the affected browser may not help resolve the issue because PUP.Optional.Somoto is somehow using a locking mechanism to prevent further changes. It may require thorough virus scanning of the Windows system.

To avoid the harm cause by PUP.Optional.Somoto, it is important that you know where it originates. Free program or shareware is the number one source of this potentially unwanted program. PUP.Optional.Somoto is bundled with free programs that were configured to install adware once you execute it. Links from social media sites and spam emails may likewise drop PUP.Optional.Somoto into the system.

[essexboy]

Nothing else really ..

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
[2013/12/03 11:51:50 | 000,000,000 | ---D | M] -- C:\Users\Juan\AppData\Roaming\3909

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[jprieto]

Done. Here's the report.

[essexboy]

Looks clean any further problems ?

[jprieto]

No, thank you for helping me