Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Suspicious TCP/UDP connections on Currports

27 Jan 2014   #41
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Didn't find squat about this. Is it still in the same place?

If it is, kill it.

The fact that it hung leads to to believe there is something down under the covers. I'll pull up instructions for another tool.

Sorry 'bout Sophos. Based on your experience, it's out of my toolbox.

Bill
-


My System SpecsSystem Spec
.
27 Jan 2014   #42
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Sophos messed up our scan and clean process, I almost forgot about JRT.

Go back to post# 34 and run JRT first.

Then do TDSSKiller below the fold



Download: TDSSKiller (select the .exe version)

Launch TDSSKiller
When the TDSSKiller console opens
Change Parameters

Under Additional Options, place a check in the box next to:
Detect TDLFS File System
Click OK

Then press Start Scan

If TDSSKiller finds a suspicious object let the scanner take the deafult action: Skip.
click Continue

If TDSSKiller finds malicious objects, those are displayed in the Scan results.
Make certain that the default action Cure is selected
If Cure is not available, select Skip. DO NOT select Delete.

then click Continue > Reboot Now
>> A reboot is required to complete the removal of malicious objects.

The scan log is created on C:\ and has a name format of:
C:\TDSSKiller.X.X.X_15.10.2013_15.31.43_log.txt

Please attach (use the paperclip icon on the post menu bar) the scan log to your next post.
My System SpecsSystem Spec
27 Jan 2014   #43
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Since Sophos was supposed to tkae care of somoto but hung, you'll have to do some manual labor



It's not too much though
  • Check Control Panel -> Programs and Features for the somoto toolbar
    >> uninstall it if found
    As a matter of fact, uninstall any toolbars you don't use.
    You could remove all toolbars in the list and reinstall any later if you decide you want them - that's up to you
  • In every browser on your system, check for somoto in
    • home / start page -> replace somoto with "open a blank page" or the site you want opened first
    • search providers -> change the default to your favorite search engine and remove somoto from the list of providers
    • Firefox (FF) only: in addition to the home page and search providers
    • check and repair opened new tabs
    • in the FF address bar type
    • about:config
    • click "I'll be careful, I promise"
      If somoto is in these entries, change them, otherwise no action is required
    • search for browser.newtab.url -> right click on the result and select modify
      replace somoto with www.google.com
      click OK
    • search for browser.search.defaultenginename -> right click on the result and select modify
      replace somoto with www.google.com
      click OK
    • remove somoto from the search provider list
      in the FF search box, click on Google,
      then select Manage Search Engines
      slect somoto and hit Remove
      Click OK
  • Export your registry and search the export fo Somoto
  • post any keys / values found in the search
I'll edit this post to clean it up, just wanted to get it "down on paper"
My System SpecsSystem Spec
.

27 Jan 2014   #44
oddblob

WINdows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Slartybart View Post
If it is, kill it.

The fact that it hung leads to to believe there is something down under the covers. I'll pull up instructions for another tool.
-
I've stopped that scan, I'll go an start with JRT now and then move on to TDSS, next post will be both logs
My System SpecsSystem Spec
27 Jan 2014   #45
oddblob

WINdows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Slartybart View Post
Since Sophos was supposed to tkae care of somoto but hung, you'll have to do some manual labor



It's not too much though
  • Check Control Panel -> Programs and Features for the somoto toolbar
    >> uninstall it if found
    As a matter of fact, uninstall any toolbars you don't use.
    You could remove all toolbars in the list and reinstall any later if you decide you want them - that's up to you
  • In every browser on your system, check for somoto in
    • home / start page -> replace somoto with "open a blank page" or the site you want opened first
    • search providers -> change the default to your favorite search engine and remove somoto from the list of providers
    • Firefox (FF) only: in addition to the home page and search providers
    • check and repair opened new tabs
    • in the FF address bar type
    • about:config
    • click "I'll be careful, I promise"
      If somoto is in these entries, change them, otherwise no action is required
    • search for browser.newtab.url -> right click on the result and select modify
      replace somoto with www.google.com
      click OK
    • search for browser.search.defaultenginename -> right click on the result and select modify
      replace somoto with www.google.com
      click OK
    • remove somoto from the search provider list
      in the FF search box, click on Google,
      then select Manage Search Engines
      slect somoto and hit Remove
      Click OK
  • Export your registry and search the export fo Somoto
  • post any keys / values found in the search
I'll edit this post to clean it up, just wanted to get it "down on paper"
My browsers show no symptons of Somoto, and there was no Somoto program or any Somoto registry keys when searching in regedit.exe, there is a hctoolbar.exe in the directory listed though, seeing as it's [hc]toolbar, this hc could be related to some features for hypercam, so I'll uninstall that program, but as I say, no symptons of toolbars and that crap show up. I've finished JRT and I am about to run TDSS, will be back soon with both logs!
My System SpecsSystem Spec
27 Jan 2014   #46
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Devian Art mean anything to you? hctoolbar / [hc]toolbar - which directory listing? Pgms & Feats?

I understand you decided to uninstall it. It's a toolbar, probably no harm removing it. If hypercam needs it, there's a good chance that it can be retireved from the net or installation disc.

Good news about your browsers - if somoto got on your system it didn't dig in deep.

Ok, I'll be somewhere around here.

Bill
My System SpecsSystem Spec
27 Jan 2014   #47
oddblob

WINdows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Slartybart View Post
Devian Art mean anything to you? hctoolbar / [hc]toolbar - which directory listing? Pgms & Feats?

I understand you decided to uninstall it. It's a toolbar, probably no harm removing it. If hypercam needs it, there's a good chance that it can be retireved from the net or installation disc.

Good news about your browsers - if somoto got on your system it didn't dig in deep.

Ok, I'll be somewhere around here.

Bill
I know of the website Deviantart, it's a bit buggy for me though, so I rarely use it, why?
Hctoolbar was where Somoto was found in the Program files folder for Hypercam.
My System SpecsSystem Spec
27 Jan 2014   #48
oddblob

WINdows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Slartybart View Post
Then, please download Junkware Removal Tool to your desktop
-
TDSSKiller came back clean, JRT deleted a few things, here is the log:
JRT.zip


My System SpecsSystem Spec
27 Jan 2014   #49
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

That's what I found when I looked foor inof on hctoolbar

ohhhh that's something to consider

DevianArt is a bit buggy, hctoolbar is associated with DeviantArt (at least in my search) and somot stuck it in hybercam.

What a tangled web... anyway I think somoto is taken care of. Did you pick it up at DevianARt - dunno.
My System SpecsSystem Spec
27 Jan 2014   #50
oddblob

WINdows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Slartybart View Post
That's what I found when I looked foor inof on hctoolbar

ohhhh that's something to consider

DevianArt is a bit buggy, hctoolbar is associated with DeviantArt (at least in my search) and somot stuck it in hybercam.

What a tangled web... anyway I think somoto is taken care of. Did you pick it up at DevianARt - dunno.
Deviantart is pretty reputable and well known, and the only things you can download from there are photos, so I doubt it. Anything to worry about in any logs I've posted?
My System SpecsSystem Spec
Reply

 Suspicious TCP/UDP connections on Currports




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Suspicious E-Mail
I got a very suspicious e-mail. It's in my spam, fortunately but I was wondering if anyone knows anything about this phishing attempt?
Chillout Room
Suspicious file
OK. I need help. There is an unknown file on the desktop which wont go. If I delete, it comes back if I refresh the desktop. When I right click on this file, there are only 3 options: Cut, Create Shortcut and Delete. I have scanned my computer with Hitman Pro, MBAM, Windows Defender and...
System Security
Should I get suspicious?
:sarc: I'm getting this every once in a while in Resource Monitor - Network . It happens a little while after I open an IE window. Open the image and you'll understand what I mean. Is this normal???
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:57.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App