Results 1 to 6 of 6

Thread: Win32.Softomate

Hybrid View

  1. #1
    ecclonenine Guest

    Default Win32.Softomate

    Greetings,I am running ZAP version 6.5.722.000 with current spyware DAT version 01.200608.330Three days agoafter ZAP Anti-Spyware performed its update, it requested that I reboot. I did.After my system came back online,the ZAP Anti-Spyware performed a scan. It reported that Ihad the "Win32.Softmate" Trojan and that its risk was high.I can not find any information on Zonelabs website pertaining to this annomaly. I have runSpyware Doctor, Symantec AV, TrendMicro's AV, and Kapersky'sscanners (at different times) inSafeMode on this machine andeach reportsa clean machine with nothing found.When I try looking it up on some of the AV forums I come up empty.A Zonelabs tech stated in a followup email that I have a trojan.When I attempt to quarantine it and/or delete it,then re-run the scan, it returns.Also, it appears that it, or something elseisdaily de-activating my Norton Anti-Virus.On another note, the same scan also reports I have the Win32.Yok trojan. I read variousthreads and am assuming from the reports listed that Win32.Yok is a False-Positive.Thank you for your assistance.TomWindows XP SP2ZoneAlarm Pro V 6.5.722.000--------------------------------------

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Pro
    Software Version:6.5

  2. #2
    oxford Guest

    Default Re: Win32.Softomate

    Hello,


    ZA detects the Win32.Softomate and assuming whenever i am connected to the internet this trojan comes back after deletion.

    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Discardable\PostSetup\Component Categories\{00021492-0000-0000-C000-000000000046}.

    i downloaded a font program from here: http://slil.ru/22521899

    which was linked from here: http://www.hagioteam.be/2006/08/25/700-cool-fonts/

    i'm not sure if loading this page "http://slil.ru/22521899"
    caused the problem or if downloading the prog caused it either.

    What is perplexing is that TrojanHunter doesn't pick up the trojan but ZoneAlarm DOES.

    Note: My download speed drops to 8kps then 2kps and sometimes eventually disconnects.


    I've already ran these scans Panda online scan, TrendMicro online scan, Ewido full scan, AVG full scan, Spybot s&d
    Lavasoft se, Trojan hunter, Spyware blaster F-secure

    Bst regrds,

    Message Edited by oxford on 09-03-2006 08:47 AM

  3. #3
    oxford Guest

    Default Re: Win32.Softomate

    I need an update on your situation!!!. Have you removed the Win32.Softomate yet? . I sadly have not, it keeps recreating itself as a key in the registry.

    what i have found is,......

    this.. -\_/-\_/-\_/-\_/-

    HKEY_USERS\S-1-5-21-2258042937-489720601-3762058672-1006\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Discardable\PostSetup\Component Categories\{00021492-0000-0000-C000-000000000046}

    creates...


    ..this (the trojan reg key) -\_/-\_/-\_/-\_/-

    HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Discardable\PostSetup\Component Categories\{00021492-0000-0000-C000-000000000046}


    that may or may not be true but i know they are somehow linked..


    rob
    :/


    note: whenever this trojan is active it slows my dsl to a crawl,... when i delete the trojans registry key... my connection repairs itself and is back to normal

  4. #4
    ai_tak Guest

    Default Re: Win32.Softomate

    Those keys are mirrors of each other, they are other ways of getting to the same place. S-1-5-21-2258042937-489720601-3762058672-1006 is the uuid that represents your username and is equal to HKEY_CURRENT_USER.Also, this may be another one of many false positives that zonealarm's poor antispyware/antivirus is riddled with.

  5. #5
    oxford Guest

    Default Re: Win32.Softomate

    Ai_Tak,

    is there a registry value {ie. disable/stop/kill/delay?} that i could implement/create so that the

    "supposed false-positive trojan registry key(s)"

    gets deleted everytime they reappear?

    rob

  6. #6
    ai_tak Guest

    Default Re: Win32.Softomate

    I don't think so, if it is a false positive windows is recreating it. You could always use regmon (http://www.sysinternals.com/Utilities/Regmon.html) with appropriate filters to check whatprocess is creating the key.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •