The Emsi Software malware research team has discoverd a new outbreak of the SoftSoldier adware. a-squared Anti-Malware detects this malware as Adware.Win32.SoftSoldier.

SoftSoldier is a rogue scanner program, it show fake security center, show misleading scan results and fake security alerts. The author of SoftSoldier also made TheDefend, GuardPcs, IGuardPc, SiteAdware, AntiTroy, AntiKeep, AntiAdd, RESpyWare, REAnti, KeepCop, SecureKeeper, LinkSafeness, AntiAid, SystemFighter, SystemVeteran, BlockProtector, BlockKeeper, BlockScanner, BlockWatcher, SoftStronghold, ShieldSafeness, SoftVeteran, SoftCop, TrustFighter, TrustSoldier, SafeFighter, SecureVeteran, etc, so it has same user interface, same characteristics, just different name. To more convince users, SoftSoldier will also create numerous junk files with random names on your computer that will be detected as malware when the program scans your computer, but will not allow you to remove them until you purchase it.

Create new files:

• %ProgramFiles%\SoftSoldier Software\SoftSoldier\uninstall.exe
• %ProgramFiles%\SoftSoldier Software\SoftSoldier\SoftSoldier.exe
• %AllUsersProfile%\Desktop\SoftSoldier.lnk
• %AllUsersProfile%\Start Menu\Programs\SoftSoldier\2 Homepage.lnk
• %AllUsersProfile%\Start Menu\Programs\SoftSoldier\3 Uninstall.lnk
• %AllUsersProfile%\Start Menu\Programs\SoftSoldier\1 SoftSoldier.lnk
• %UserProfile%\Local Settings\Temp\mnn8.tmp.exe
• %UserProfile%\Local Settings\Temp\00006617
• %UserProfile%\Local Settings\Temp\nszB.tmp\nsProcess.dll
• %SystemRoot%\system32\mnn8.tmp.exe

Create new registry entries:

• HKEY_LOCAL_MACHINE\software\SoftSoldier
• HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Uninstall\SoftSoldier
• HKEY_CURRENT_USER\software\SoftSoldier
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “mnn8.tmp.exe”
• HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, “SoftSoldier”

Malware screenshots:

This downloader try to contacts softsoldier.com, to download the latest update of this rogue:

SoftSoldier will look like these:

How to remove the infection of Adware.Win32.SoftSoldier?

To delete this malware infection, please download and install a-squared Anti-Malware. Run a full scan on all drives and move all detected items to the quarantine.

Tags: Rogue, SoftSoldier

This entry was posted on Friday, October 23rd, 2009 at 04:06 and is filed under Malware Alerts, Removal Help. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.