Rogue SOFTCOP dated 20/10/2009

[orcsauvage]

Mon computer is infected by the rogue (fake antivirus) softcop and I cant remove it with your program avast free, because it doesnt detect it.
Please find below some explanations:

http://comprolive.com/remove/rogue/antispyware/softcop
http://www.im-infected.com/rogue/softcop-online-protection.html
http://www.myantispyware.com/2009/10/17/how-to-remove-softcop-uninstall-instructions/



The new rogue SOFTCOP causes 3 main problems.

1) It creates a fake windows security center alert  when the computer is starting, saying that we must click on the softcop link (www.soft-cop.com) in order to be protected, because our antivirus is disabled.

2) It creates fake windows alerts in the desk, saying that the computer is infected by a worm, a trojan, or a spyware, with a fake number of port, and a fake password, and it also gives the false link.

3) When we are surfing on the net, the internet explorer page is redirected to a fake page, which says that the web page is note safe, and it gives us 2 choices: we can continue to the safe link (on green), which brings us to the soft cop website. Otherwise, we can clik on the red link ("continue without protection"), which redirects us to the normal website that we have choosen.
 


Can you urgently make the update in order to delete softcop?

Can you give me advices in order to delete softcop from my computer ?

Many thanks,

[FreewheelinFrank]

Hi orcsauvage,

Please try the usual free adware/spyware scanners.

SUPERAntiSpyware Free
Malwarebytes' Anti-Malware

Don't forget to update before scanning.

[orcsauvage]

Hi orcsauvage,

Please try the usual free adware/spyware scanners.

SUPERAntiSpyware Free
Malwarebytes' Anti-Malware

Don't forget to update before scanning.

Hi,

thanks for your answer,

I have scan my computer with:
a2 quare free
pandasoftware online scanner
mc afee antivirus
malware byte
antivir
avast free

and they find nothing but the rogue Softcop always exist. i think that this rogue is too new so the antivirus dont have yet the patch against it... because if youtype "softcop" on google, you will have a lot of informations very recent (17-18 october 2009)

[CharleyO]

***

Welcome to the forums, orcsauvage.   

You are using more than one av program which is not recommended because they will cause conflicts and lessen your computer's security instead of making it better. You have listed McAfee, antivir, and avast. Two if these must be uninstalled using Add/remove Programs first and then use the specific uninstaller program for each of the 2 you decide to remove.


***

[orcsauvage]

***

Welcome to the forums, orcsauvage.   

You are using more than one av program which is not recommended because they will cause conflicts and lessen your computer's security instead of making it better. You have listed McAfee, antivir, and avast. Two if these must be uninstalled using Add/remove Programs first and then use the specific uninstaller program for each of the 2 you decide to remove.


***

Hi,

I think that there is no conflict, because I only install one antivirus each time, then I remove (uninstallation) and I reboot my computer  and  install another...

So mac afee was in my computer, the shield detects nothing, and then I uninstall mc afee...

Then I install antivir and it also finds nothing

Then I remove antivir, and add avast, which detects nothing too...

Thats why this rogue SOFT COP is very harmful, It does not contain dangerous file so the antivirus doesnt detect it... But it always create fake windows security alerts, and your web page is always redirected to the soft-cop website!

[mikaelrask]

Hey!

scan with hijackthis and post the result here.

http://free.antivirus.com/hijackthis/

[.: L' arc :.]

Hijack This (HJT)

• Download Trend Micro Hijack This here.
  
• Install HJT in C:\Program Files\Trend Micro\HijackThis. The location is already displayed by default. Click Install.
  
• HJT Window will appear. Click Do a system scan and save a logfile.
  
• HJT will start processing. A notepad file will pop-up once the scan is completed.
• Click on the Notepad windows then click Edit > Select All.
  
• After selection is completed, click Edit > Copy.
  
• Get back to the forums and find the topic you started.
• Click Reply and Paste all the contents of the log.
  
• Click Post and wait for a HJT analysis.

NOTE: Do not have HJT fix anything yet.

[nmb]

Here is the guide to remove softcop : http://www.bleepingcomputer.com/virus-removal/remove-softcop

post back.

nmb

[orcsauvage]

Here is the guide to remove softcop : http://www.bleepingcomputer.com/virus-removal/remove-softcop

post back.

nmb

hi,

I have already scan my computer with malware bytes, which detects nothing...

But I will post soon the text of the scan of my computer (hijackthis reporting) this week end (I am not in front of my home computer these days)

[nmb]

There is a tool for removing these rogues. but for now, it doesn't detect and remove softcop. i'll post the link when it detects. you can continue with hijackthis.

my forum friends, who posted earlier, will come back and advise you the things to be done.

nmb

[nmb]

DIY - delete these files, if you can.:

c:\Documents and Settings\All Users\Desktop\SoftCop.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SoftCop
c:\Documents and Settings\All Users\Start Menu\Programs\SoftCop\1 SoftCop.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SoftCop\2 Homepage.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SoftCop\3 Uninstall.lnk
c:\Program Files\SoftCop Software
c:\Program Files\SoftCop Software\SoftCop
c:\Program Files\SoftCop Software\SoftCop\SoftCop.exe
c:\Program Files\SoftCop Software\SoftCop\uninstall.exe
c:\WINDOWS\10345tr5j9z.dll
c:\WINDOWS\10b9backdoor1z95.ocx
c:\WINDOWS\10ez9parse1845.cpl
C:\WINDOWS\system32\ree5.tmp.exe
c:\WINDOWS\system32\1020zspambo55e39.exe
c:\WINDOWS\system32\10834w95z101.exe
c:\WINDOWS\system32\10z14tro9195.cpl

and from the registry :

HKEY_CURRENT_USER\Software\SoftCop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftCop
HKEY_LOCAL_MACHINE\SOFTWARE\SoftCop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ree5.tmp.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SoftCop"

Be careful while dealing with registry and files.

I'm not responsible for any loss.

[via bc]

nmb

[Yanto.Chiang]

***

Welcome to the forums, orcsauvage.   

You are using more than one av program which is not recommended because they will cause conflicts and lessen your computer's security instead of making it better. You have listed McAfee, antivir, and avast. Two if these must be uninstalled using Add/remove Programs first and then use the specific uninstaller program for each of the 2 you decide to remove.


***


Hi Bro,

Are your sure that each uninstall existing AV has been cleaned?

Actually you could scan using Virus Total or Virusscan Jotti

Or you can submit your file to virus at avast dot com and then avast virus team will back to you.

Regards,
Yanto Chiang

[orcsauvage]

DIY - delete these files, if you can.:

c:\Documents and Settings\All Users\Desktop\SoftCop.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SoftCop
c:\Documents and Settings\All Users\Start Menu\Programs\SoftCop\1 SoftCop.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SoftCop\2 Homepage.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\SoftCop\3 Uninstall.lnk
c:\Program Files\SoftCop Software
c:\Program Files\SoftCop Software\SoftCop
c:\Program Files\SoftCop Software\SoftCop\SoftCop.exe
c:\Program Files\SoftCop Software\SoftCop\uninstall.exe
c:\WINDOWS\10345tr5j9z.dll
c:\WINDOWS\10b9backdoor1z95.ocx
c:\WINDOWS\10ez9parse1845.cpl
C:\WINDOWS\system32\ree5.tmp.exe
c:\WINDOWS\system32\1020zspambo55e39.exe
c:\WINDOWS\system32\10834w95z101.exe
c:\WINDOWS\system32\10z14tro9195.cpl

and from the registry :

HKEY_CURRENT_USER\Software\SoftCop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftCop
HKEY_LOCAL_MACHINE\SOFTWARE\SoftCop
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ree5.tmp.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "SoftCop"

Be careful while dealing with registry and files.

I'm not responsible for any loss.

[via bc]

nmb

But the problem is that my computer is infected by softcop and I dont see the program softcop in C:\Program Files\SoftCop Software\SoftCop\
 , and the process softcop.exe in memory;


And if I search in my computer the "softcop" file, I found nothing. I only know that the malware is softcop because when my computer starts, I have a fake windows alert security, whichs ask me to use softcop to protect my computer. And when I go to internet, my page is redirected to soft-cop.com

So I think that I have a variant of the rogue softcop. This rogue is very new, thats why if you type "softcop" on google, you will find  a lot  of results dated 17-18 october 2009.

[nmb]

can you post the screenshot of it then?

nmb

[orcsauvage]

can you post the screenshot of it then?

nmb

I will post a report this week end, this link is very interesting, I will try to scan my computer with a2 square free:

http://support.emsisoft.com/topic/358-softcop-adware-removal-instructions/