Results 1 to 9 of 9

Thread: Somoto

  1. #1
    2 Star Lounger
    Join Date
    Feb 2010
    Location
    Coon Rapids, Mn
    Posts
    128
    Thanks
    12
    Thanked 1 Time in 1 Post

    Somoto

    Each time I run MalwareBytes lately it finds what it calls an infection but I don't know where it comes from or why it keeps coming back. MBAM removes it easily but I'd like to figure out how it gets here in the first place. Comodo and MSE don't notice it. It is called: Pup.BundleInstaller.Somoto. Anyone know what it is or where it comes from? Thanks!

  2. #2
    Gold Lounger Roderunner's Avatar
    Join Date
    Dec 2009
    Location
    Scotland.
    Posts
    3,426
    Thanks
    16
    Thanked 212 Times in 180 Posts
    The next time it appears, send it to https://www.virustotal.com/
    George's PC Specs. / Laptop. Desktop.

  3. #3
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    2,853
    Thanks
    89
    Thanked 348 Times in 313 Posts
    Somoto is a toolbar, so you may want to check your browser add-ons: http://www.somotoinc.com/

    Bruce

  4. #4
    2 Star Lounger
    Join Date
    Feb 2010
    Location
    Coon Rapids, Mn
    Posts
    128
    Thanks
    12
    Thanked 1 Time in 1 Post
    Quote Originally Posted by BruceR View Post
    Somoto is a toolbar, so you may want to check your browser add-ons: http://www.somotoinc.com/

    Bruce
    Well, I've never been to that site before. And WOT says it isn't safe. I went anyway, didn't do more than look at, but I'd have no need for anything like that. And have certainly never voluntarily accepted a toolbar - one site on a link I clicked doing an Ixquick search -says the PUP part is MBAM's Potentially Unwanted Program. It was in temp directories, which I flush regularly. Still just want to know how it got there because I don't accept tool bars, not even the ubiquitous google one Adobe hawks.

  5. #5
    4 Star Lounger
    Join Date
    Dec 2009
    Location
    Hillsborough (San Francisco Bay area), California, USA
    Posts
    587
    Thanks
    5
    Thanked 59 Times in 58 Posts
    hpHosts evaluation of the site: (untrustworthy)

    http://hosts-file.net/?s=somotoinc.com

    Zig

  6. #6
    2 Star Lounger
    Join Date
    Feb 2010
    Location
    Coon Rapids, Mn
    Posts
    128
    Thanks
    12
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Zig View Post
    hpHosts evaluation of the site: (untrustworthy)

    http://hosts-file.net/?s=somotoinc.com

    Zig
    Well, that concurs with Web of Trust. One of the links I followed led me to Cnet and it referred to a program used to download YouTube video's. I don't have such a program but I did at one time a long while back. I do use YouTube though, how could anyone not, half the things one is sent these days are links to videos there. And another thing is the hosts site you referred me to mentions Google, 5 times. I'm wondering if this might be something to do with them, the do no evil guys. Except I can't think of a reason they'd link to that Somoto site or that it might be embedded within the google task bar - which I also do not have installed. I use Chrome from time to time, I have a throwaway gmail address and do visit YouTube. Might be this thing isn't malicious if MSE and Comodo aren't flagging it, but I trust MalwareBytes too. A conundrum...

    Found a bit more in another Forum, another person had more trouble getting rid of it than I did. Then again maybe not since it does seem to keep returning.

    **This Software company name, "CoolMedia", operates software of "CoolRecordEdit.com", which contains the software engine made from Conduit.com. Do research via Google. I did and found this website >> http://softwaretopic.informer.com/con...

    At the bottom of the page it has a title that says "Additional titles, containing conduit engine cool edit" In that list is CoolMediaLLC, which is the company name at the bottom of CoolMedia website. **

    What I had was the Free Sound Recorder toolbar that is from Conduit.com. It was a packaged toolbar with a freeware program. I always choose "no" to toolbar install requests, but this *&^% program installed it anyway.

    A Standard uninstall of the toolbar program does not remove its trojan software, it just does not show the toolbar. It hijacked my personal browser settings and would revert back to its settings each time I change the settings or even reset it to default.

    I had it in FireFox. Using the "about:config" in the URL address box to access the configuration files and resetting each one that was affected did not work, conduit trojan files just replaced the files settings.

    I had to go into my system registry to remove conduit entries one by one. Then I had to find the conduit files in the FireFox profile folder and deleted them, including the folders. This caused a minor corruption of FireFox, but could not be avoided. Conduit replaced crucial FireFox operating files with their own and once removed, corrupted FireFox operation.

    I had to completely remove FireFox and all personal settings etc to clean it out. Then I had to do a complete (includes all settings) uninstall & reinstall FireFox twice to get the browser to be completely fixed.

    Then lastly I had to scan with an AntiVirus software, I used Comodo. This included a scan from Malwarebytes Anti-malware software to ensure this lichenous software from Conduit was removed. What I found by Malwarebytes was a name changer program called "Pop.BundleInstaller.Somoto". This is Malicious software.

    Do not believe what any Conduit.com rep says. They are as bogus as the software.
    Last edited by genej313; 2012-04-16 at 16:01. Reason: more information

  7. #7
    New Lounger
    Join Date
    Jan 2010
    Location
    Woodbine, GA
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Malwarebytes identifies PotentialyUnwantedProgram PUP.BundleInstaller.Somoto..
    My instance came from ExtractNow download from MajorGeeks.com..
    After Malwarebytes full scan, select and remove PUP.BundleInstaller.Somoto and reboot to finish removal..
    After reboot, run regedit, search for BetterInstaller, delete all BetterInstaller finds..
    Reboot into safe mode and rerun Malwarebytes to ensure it is gone..
    I've been using ExtractNow for years, MajorGeeks has been favorite source for years. I unchecked boxes for Somoto toolbar, Somoto search and whatever the third box was before installing, at finish button there was a brief display about betterinstaller so I'm guessing that is when infection occurred. Will copy this to MajorGeeks and ExtractNow home, for what it's worth, free or not, I prefer to choose what I install.

  8. #8
    New Lounger
    Join Date
    Jul 2012
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I actually picked it up by Burn4Free from Downloads.com - There was no toolbar though and I noticed my Taskbar icons and open apps icons would disappear - I could either end explorer.exe and restart or close all the apps on my screens and they would re-appear - Ran Malware and removed the BundleInstaller and did another scan with Forefront and no more issues -

  9. #9
    2 Star Lounger
    Join Date
    Feb 2010
    Location
    Coon Rapids, Mn
    Posts
    128
    Thanks
    12
    Thanked 1 Time in 1 Post
    Thanks for your help guys. I, too, finally got rid of it and it hasn't reappeared. :^)gene

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •