Results 1 to 6 of 6

Thread: Win32.Softomate

Hybrid View

  1. #1
    ecclonenine Guest

    Default Win32.Softomate

    Greetings,I am running ZAP version 6.5.722.000 with current spyware DAT version 01.200608.330Three days agoafter ZAP Anti-Spyware performed its update, it requested that I reboot. I did.After my system came back online,the ZAP Anti-Spyware performed a scan. It reported that Ihad the "Win32.Softmate" Trojan and that its risk was high.I can not find any information on Zonelabs website pertaining to this annomaly. I have runSpyware Doctor, Symantec AV, TrendMicro's AV, and Kapersky'sscanners (at different times) inSafeMode on this machine andeach reportsa clean machine with nothing found.When I try looking it up on some of the AV forums I come up empty.A Zonelabs tech stated in a followup email that I have a trojan.When I attempt to quarantine it and/or delete it,then re-run the scan, it returns.Also, it appears that it, or something elseisdaily de-activating my Norton Anti-Virus.On another note, the same scan also reports I have the Win32.Yok trojan. I read variousthreads and am assuming from the reports listed that Win32.Yok is a False-Positive.Thank you for your assistance.TomWindows XP SP2ZoneAlarm Pro V 6.5.722.000--------------------------------------

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Pro
    Software Version:6.5

  2. #2
    oxford Guest

    Default Re: Win32.Softomate


    ZA detects the Win32.Softomate and assuming whenever i am connected to the internet this trojan comes back after deletion.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Discardable\PostSetup\Component Categories\{00021492-0000-0000-C000-000000000046}.

    i downloaded a font program from here:

    which was linked from here:

    i'm not sure if loading this page ""
    caused the problem or if downloading the prog caused it either.

    What is perplexing is that TrojanHunter doesn't pick up the trojan but ZoneAlarm DOES.

    Note: My download speed drops to 8kps then 2kps and sometimes eventually disconnects.

    I've already ran these scans Panda online scan, TrendMicro online scan, Ewido full scan, AVG full scan, Spybot s&d
    Lavasoft se, Trojan hunter, Spyware blaster F-secure

    Bst regrds,

    Message Edited by oxford on 09-03-2006 08:47 AM

  3. #3
    oxford Guest

    Default Re: Win32.Softomate

    I need an update on your situation!!!. Have you removed the Win32.Softomate yet? . I sadly have not, it keeps recreating itself as a key in the registry.

    what i have found is,......

    this.. -\_/-\_/-\_/-\_/-

    HKEY_USERS\S-1-5-21-2258042937-489720601-3762058672-1006\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Discardable\PostSetup\Component Categories\{00021492-0000-0000-C000-000000000046}


    ..this (the trojan reg key) -\_/-\_/-\_/-\_/-

    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Discardable\PostSetup\Component Categories\{00021492-0000-0000-C000-000000000046}

    that may or may not be true but i know they are somehow linked..


    note: whenever this trojan is active it slows my dsl to a crawl,... when i delete the trojans registry key... my connection repairs itself and is back to normal

  4. #4
    ai_tak Guest

    Default Re: Win32.Softomate

    Those keys are mirrors of each other, they are other ways of getting to the same place. S-1-5-21-2258042937-489720601-3762058672-1006 is the uuid that represents your username and is equal to HKEY_CURRENT_USER.Also, this may be another one of many false positives that zonealarm's poor antispyware/antivirus is riddled with.

  5. #5
    oxford Guest

    Default Re: Win32.Softomate


    is there a registry value {ie. disable/stop/kill/delay?} that i could implement/create so that the

    "supposed false-positive trojan registry key(s)"

    gets deleted everytime they reappear?


  6. #6
    ai_tak Guest

    Default Re: Win32.Softomate

    I don't think so, if it is a false positive windows is recreating it. You could always use regmon ( with appropriate filters to check whatprocess is creating the key.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts