Home > Threats > SoftSoldier

What is SoftSoldier

Posted on 15 October 2009 under Rogue Programs

1. What is SoftSoldier?

This is a computer security program fraud, which is trying to impose the consumer by image of real antivirus software. SoftSoldier is a type of spyware, which belongs to WiniGuard Family and is spread by Trojan FakeSmoke. The program is also known as scareware because of the ability to fill screen up with large quantities of alert messages, associated with computer security irregularities.

SoftSoldier, as well as its predecessor, SecureWarrior, is unreliable program due to fraudulent incentive towards internet user, addressed in relation to dishonest money transfer. The program will check computer system regarding security issues, drawing up a report with the virus names, which do not pose any risks and will try to warn user about system security breaches. In order to remove system security weaknesses, SoftSoldier will be offered as virus fix tool, but before the program can perform threat removal process, consumer is required to purchase licensed program version. All of this is fraud and no monetary transfers are recommended.

SoftSoldier is being accompanied by a fake Windows Security Center, which is made exact appearance as the original one, so it is very tricky no to overreach. The fake Center will be advertising rogue program in Firewall, Automatic Updates and Virus Protection sections by recommending user to register SoftSoldier anti-spyware to clean and prevent computer. Security center alert will slide away from the right-bottom corner time to time, warning user that his "computer is being attacked by an internet virus". Windows balloon type "Spyware Alert" will also be giving user the following notice:
Your computer is infected with spyware. It could damage your critical files or expose your private data on the internet. Click here to register your copy of SoftSoldier and remove spyware threats from your PC.

2. SoftSoldier screen shot:


3. How to remove SoftSoldier:

  1. Internet connection might be disabled or Internet browser might be blocked by SoftSoldier, so it won't be possible to download any files to infected computer. In this case please download all files required for SoftSoldier removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
  2. To remove SoftSoldier download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
  3. After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:

  4. After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove SoftSoldier.

  5. Restart the computer to complete SoftSoldier removal procedure.

4. SoftSoldier files:

SoftSoldier.exe, zri25.tmp.exe (rogue installer)

5. Hijackthis entries:

O4 - HKCU\..\Run: [SoftSoldier] C:\Program Files\SoftSoldier Software\SoftSoldier\SoftSoldier.exe -min
O4 - HKCU\..\Run: [zri25.tmp.exe] C:\WINDOWS\system32\zri25.tmp.exe