Sign in to follow this  
Zeno Marx

Trojan:Win32/Sonoko.A!ms

Recommended Posts

This alert keeps popping up on windows defender repeatedly after being removed and re-appears after every League of Legends in-game launch.

Category: Trojan
Details:This program is dangerous and executes commands from an attacker.

Affected items:
file: C:\Users\********\AppData\Local\Overwolf\BrowserCache\Cache\f_000463
 

Malwarebytes Premium: Returned no suspicious or effected files

# AdwCleaner 7.0.2.1 - Logfile created on Wed Dec 13 21:42:57 2017
# Updated on 2017/29/08 by Malwarebytes
# Database: 12-13-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.FreeMakeConverter, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 | ProductUpdater


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1163 B] - [2017/9/25 5:30:15]
C:/AdwCleaner/AdwCleaner[C1].txt - [1291 B] - [2017/11/17 6:3:38]
C:/AdwCleaner/AdwCleaner[S0].txt - [992 B] - [2017/9/25 5:29:44]
C:/AdwCleaner/AdwCleaner[S1].txt - [1221 B] - [2017/11/17 6:1:33]
C:/AdwCleaner/AdwCleaner[S2].txt - [1314 B] - [2017/12/11 10:38:30]


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt ##########

Edited by Zeno Marx
scan results

Share this post


Link to post
Share on other sites

Hey @Zeno Marx,

Thank you for reaching out to us!

We are currently looking into this case, it's extremely important for us to find out the source for this issue and come up with a solution ASAP.

Is there a way that you can find the file directory where the anti-virus found this Trojan and send it to me?

I will get back to you once I have more info or if there are more details we need from you in order to keep investigating, thank you very much for reporting to us! 

Share this post


Link to post
Share on other sites

Hey again!

We found this issue to be related to Chrome, and since Overwolf is running by using Chrome browsers it also got affected.

You can read more about it here: https://social.technet.microsoft.com/Forums/en-US/7e4e3d11-e43b-4a5e-a94f-5315397ffd19/false-positive-trojan-sonokoams-in-chrome-user-data-cache-files?forum=FCSNext

Share this post


Link to post
Share on other sites

Thank you for the response, I knew it was a false positive, it was just rather annoying to deal with the tedious pop ups from defender. I am installing an update from Microsoft and see if this will fix the issue. Thanks again.

 Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.259.308.0) No notifications after install, thus far.

Edited by Zeno Marx
Update

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this