WinPatrol Program Information

Multiple Programs – SOFTWARE.EXE and SOFTWARE.LOG

Most commonly, we found that a file called software.exe installed with the Troj/Crabton-B virus. This virus creates a sub-folder called "software" in your Windows\System or System32 folder.

This Trojan will set itself up to run on system startup and will then access the Internet to download configuration files. It then follows the instructions in those files. Most often this means that it downloads and installs other malicious files. It can lower the security settings in your browser and it tries to terminate antivirus software, firewall programs and Windows files.

We'd recommend removing this file using WinPatrol. First, go to your Active Tasks tab and kill the file there. Next, go to your Startup Programs and remove the file there. If you're running WinPatrol 8.x or later, right click the file then select "Delete file on reboot". We'd also recommend a full system scan with an up to date antivirus program.

Additional background information on this Trojan can be found at http://www.sophos.com/virusinfo/analyses/trojcrabtonb.html.

If you run WinPatrol 10.x or later, and see a file called software.log in your Hidden files, this is perfectly normal and safe. In fact, you'll find a number of log files including: default.log, sam.log, security.log, software.log, software.rrr.log, software.rb1.log, system.log, tempkey.log, and userdiff.log. These files are part of your Windows Registry and are often referred to as registry hive files.

A registry hive is a group of keys, subkeys, and values in the registry that has a set of supporting files containing backups of its data. The supporting files for all hives except HKEY_CURRENT_USER are in the Systemroot\System32\Config folder on Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003; the supporting files for HKEY_CURRENT_USER are in the Systemroot\Profiles\Username folder. The file name extensions of the files in these folders, and, sometimes, a lack of an extension, indicate the type of data they contain. More information can be found at http://support.microsoft.com/default.aspx?scid=kb;EN-US;256986.

These files are both safe and required. They are opened and written to each time Windows boots. If you try to use the [View Using Notepad] button under Hidden files, you'll get a warning that the files are in use. That's

Virus

Remove