Monday, February 24, 2014

Remove Win32: Somoto-J (PUP) and Stop Popup Issue

 

 

 

 

Win32: Somoto-J (PUP) Affection Signals


The most distinct signals of having PUP virus is the non-stop pop-up ads. Such object can be considered to be a supporter of ads. Besides, update_checker.exe is deemed to be another obvious signal for Win32: Somoto-J;s affection as it is found to be companied with the PUP. There are other signals, but they are not detected until Somoto-J has been put in place:
  1. Win32: Somoto-J triggers pop-ups and other annoyances on the browser.
  2. Windows runs so slow and Internet seems to have intermittent connection after Win32: Somoto-J has been flagged.
  3. The affected browser, most of the time, doesn’t show anything aside from a blank page.



Knowledge Supplement: Global PC Support Center would rather say that Win32: Somoto-J (PUP) is not a virus in a responsible manner as virus replicates its copies to attack boot section of drivers, data files, programs, while Win32: Somoto-J doesn’t. It belongs to Potentially Unwanted Program (PUP). The term was created to classify a group that is pushed by commercial operators for sales promotion with suspicious features, such as:
  1. Stick to a target machine without being removed with conventional methods.
  2. Intercept traffic without permission.
  3. Bring in additional items like Win32: Somoto-J (PUP), Win32: Somoto F-(PUP), and Win32: SearchProtect-C (Adw).
  4. Modify system configuration without authorization to form vulnerability.

Win32: Somoto-J (PUP) Harms


Apart from the apparent harms as depicted in the first section, one should also pay attention to the lurking harms introduced by Win32: Somoto-J (PUP). Due to the random modification in the inner configuration, Win32: Somoto-J (PUP) gives rise to vulnerability which will be easily and readily exploited by any infection concealed in the Internet. Besides, with more suspicious web applications brought in by the PUP, the vulnerability becomes clearer and easier to be caught.

What’s worse, the advertising sites supported by Win32: Somoto-J (PUP) are mostly loosely programmed; in other words, they don’t support most of the reading standards, requiring plenty of CPU time for display; if one opens up multiple advertising sites supported by Win32: Somoto-J, browser may crash and multiple dllhost.exe may be found to run in the Task Manager and highly consume internal storage.

Win32: Somoto-J (PUP) needs to be removed right away to stop these foreseeable troubles and safeguard computer health. Win32: Somoto-J (PUP), as its name suggests, attacks Windows only. Thus VilmaTech senior technician offers the below removal thread for Windows users. Should you come across difficulty in carrying on the steps, you are welcome to live chat for instant help.

live chat to remove Win32: Somoto-J (PUP)


Win32: Somoto-J (PUP) Removal Steps – Remove Win32: Somoto-J Permanently


A
Reset browser settings to remove Win32: Somoto-J.

Internet Explorer - click on Tools menu > select Internet Options > hit Advanced tab > press Restore Defaults button > OK button.


Mozilla Firefox - Firefox button > Help > Troubleshooting information > press‘Reset Firefox’ button.

Google Chrome - click‘Customize and Control Google Chrome’ menu > ‘Options’> hit ‘Under the Hood’ tab > ‘Reset to Defaults’ button.

Opera - navigate to "C:\Users\user_name\AppData\Roaming\Opera\Opera\" > remove Operapref.ini file.



B
Access Database to remove items generated by Win32: Somoto-J.
  1. press and hold Win key and R key at once to bring up a text box.
  2. type "regedit" and hit Enter key to continue.
  3. when Database window pops up, navigate to the following entries and remove anything related to Win32: Somoto-J (PUP).
HKLM\Software\Web Assistant
HKLM\SOFTWARE\Mozilla\Firefox\Extensions {random numbers}
HKLM\SOFTWARE\Google\Chrome\Extensions\random letters
HKLM\SOFTWARE\Classes\AppID\{random numbers}
HKLM\SOFTWARE\Classes\CLSID\{random numbers}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{random numbers}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{random numbers}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{random numbers}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{random numbers}_is1

There’s no way to remove Win32: Somoto-J permanently since additional items can be introduced in the target machine, complicating the situation. Besides, if one doesn’t follow up good PC practice and use carelessness when surfing online, there’s a big chance to get Win32: Somoto-J again. However, one could at least guarantee a complete removal of Win32: Somoto-J (PUP) to retrieve a clean machine. The above steps are offered by Global PC Support Center to remove Win32: Somoto-J (PUP) only. Should you run into additional items all of a sudden and don’t know how to handle, it is advisable to use recommended online PC security service here by starting a live chat window.

ask vilmatech to remove Win32: Somoto-J (PUP)
 
Reference: http://blog.vilmatech.com/remove-win32-somoto-j-pup-virus-pups-manual-removal-help/



Other Articles You Might Be Interested In 


2 comments:

Chin said...

My PC is infected by this. I scanned it with Avast a month ago and it detected two win32 somoto j pup (biclient.exe) on my Chrome. I was able to removed the said program, but I was surprised that my PC got infected by it again, exactly on the same date of the month. And there were like, 58 infected files on Chrome again. There were numbers, 28 of them, that looks like they were pile up within a month. I've been scanning regularly and they never appear, only on the same date that it got infected last month. How can I remove this PUP from my PC. It's only a low severity, but still, I'm worried that it would cause greater harm in the future. Please help. I'm no techie expert.

Anthony Cook said...

this is weird and never happened before. I would rather believe that what you got had mutated. Some code has been injected into its iframe field. what can be sure is that Win32: Somoto-J had not been completely removed, which made it possible to call it back. Try to follow the above instruction again and add this step at the end:

show hidden files and folders to remove the below listed items:
C:\Program Files\[the item triggered by win32 somoto j including the PUP]
C:\Users\AppData\Local\[the item triggered by win32 somoto j including the PUP]
C:\Users\AppData\LocalLow\[the item triggered by win32 somoto j including the PUP]
C:\Program Files\SavingsApp\SavingsApp.dll or biclient.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\SavingsApp\[the problem browser]\SavingsApp.crx


the below listed items should be removed if they were created on the date when Win32: Somoto-J was flagged.
D:\autorun.inf
C:\Program Files\Internet Explorer\iexplore.com
C:\WINDOWS\iexplore.com
C:\Windows\system32\command.com


if you still are harassed by the PUP, you may need to report this and send the logs to VilmaTech technicians for analysis. the contact way has been given in the article.