SoftCop, TrustSoldier and SoftSoldier
SoftCop, TrustSoldier and SoftSoldier will disguise as a program that “Help protect your PC.” SoftCop virus registers as rogue antivirus security software because security experts believe that it is spreading on the Internet has relevance with a Trojan. This Trojan is also capable of getting SoftCop inside a computer.
At first, it redirect users Internet browser to a scam website where the installation file is waiting for a download command. This site will also produce fake alert messages to convince their visitor to download and install SoftCop. Once inside the system, this program will drop random files as part of its “play” into deceiving users. Detecting these files as a threat when the scan is launch brings more frightening tactics on victims. Next to detection is the most important part, and that is removing the virus. SoftCop only option given is to remove the virus by paying for the license first. Clicking on “Remove” button will redirect users to a payment process website where credit card will undergo excessive charges and debits.
Removing SoftCop, TrustSoldier and SoftSoldier manually from an infected PC is not the proper approach for ordinary computer users. It requires technical knowledge to remove infected system files and deleting of added values in the Windows registry. We have provided a simple and easy to use SoftCop removal tool on this page. Just follow it carefully.
Screen Shot Images:
Technical Details and Additional Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Characteristics (Analysis)
SoftCop, TrustSoldier and SoftSoldier adds the following registry entries to run automatically each Windows start.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “ree5.tmp.exe”
It implements random naming for system files to conceal its presence from antivirus application.
105tr5j9z34.dll, 10f2backdoor1z95.ocx, 10dc5parse1845.cpl
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "ree5.tmp.exe" HKCU\Software\Microsoft\Windows\CurrentVersion\Run "SoftCop" HKCU\Software\SoftCop HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftCop HKLM\SOFTWARE\SoftCopAssociated Files and Folders:
C:\Documents and Settings\All Users\Desktop\SoftCop.lnk C:\Documents and Settings\All Users\Start Menu\Programs\SoftCop C:\Documents and Settings\All Users\Start Menu\Programs\SoftCop\1 SoftCop.lnk C:\Documents and Settings\All Users\Start Menu\Programs\SoftCop\2 Homepage.lnk C:\Documents and Settings\All Users\Start Menu\Programs\SoftCop\3 Uninstall.lnk C:\Program Files\SoftCop Software C:\Program Files\SoftCop Software\SoftCop C:\Program Files\SoftCop Software\SoftCop\SoftCop.exe C:\Program Files\SoftCop Software\SoftCop\uninstall.exe C:\WINDOWS\30157tr4t2m.dll C:\WINDOWS\20w3backdoor1z95.ocx C:\WINDOWS\43df6parse6214.cpl C:\WINDOWS\system32\ree5.tmp.exe C:\WINDOWS\system32\3017hjduwye33e21.exe C:\WINDOWS\system32\42167d67a512.exe C:\WINDOWS\system32\14s78dft6314.cpl
How to Remove SoftCop, TrustSoldier and SoftSoldier
1. Kill any running process that belongs to SoftCop.
- Press Ctrl+Alt+Del on your keyboard.
- When Windows Task Manager appears, look for the following files and click End Task.
SoftCop.exe, (random.).exe
2. Delete all registry entries that belong to this malware.
- Press [Windows Key]+R on your keyboard.
- In the 'Open' dialog box, type regedit. This will open registry editor.
- Find and delete the following:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "ree5.tmp.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run "SoftCop"
- Close registry editor. Changes made will be save automatically.
3. Scan the computer with antivirus program.
- Connect to Internet and open your antivirus software. Please Update to obtain the latest database and necessary files.
- Restart the computer in Safe Mode.
- Just before Windows logo begins to load press F8 on your keyboard.
- On Windows Advanced Boot Options, select Safe Mode and press Enter.
4. Delete all files dropped by SoftCop.
- While still in Safe Mode, search and delete malicious files. Please refer to 'Associated Files and Folders.'
autumn
Oct 19, 2009 @ 20:27:40
I followed this to the letter. But after restarting my pc, and when I used MalwareBytes to scan my pc again, it didn’t detect Softcop anymore. But Softcop still keeps on popping up! HELP!!!
richard
Oct 22, 2009 @ 16:11:44
To remove the softcop worm, you do not need to purchase any software. Click start and go into menu. Click programmes, accessories, system tools and then click on system restore. This ‘restores’ you system to how it was prior to the softcop infiltration. Windows will ask you to chose a date to restore the computer to and I would suggest you input a day or two before you became aware of the worm. When completing a system restore, you do not lose any files, folders etc, but you will need to double check that your anti virus and window updates are up to date. Also check in Microsoft Security Centre that your filewall is set to ON. The restore process can take a couple of hours but it will get rid of the softcop worm. I had it, now its gone.
Ann-Marie
Oct 23, 2009 @ 02:27:57
THANK YOU SO MUCH, RICHARD !!! I had been looking for 3 hrs tonight on the internet to find a way to get rid of Soft Cop ; I just did what you said, and it worked in 5 mins !! Thanks so much.