Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help get rid of Scorpion Saver!!


  • Please log in to reply
4 replies to this topic

#1 RighteousNixon

RighteousNixon

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 19 November 2013 - 10:33 PM

I need help!! I am normally a Mac user, and have been for the last 20+ years, but my Macbook Pro broke down a few weeks back so I have had to go to using my wife's windows laptop until I get my new Mac delivered. Anyways, I was doing some shopping at Amazon.com and I noticed these windows popping up comparing different prices or whatnot. At first I though they were some new feature from Amazon or maybe some new feature from Chrome. Eventually, I figured out it was 3rd party software that somehow got downloaded on the computer. I immediately found the Scorpion Saver folder, but no matter what I did, it wouldn't allow me to delete it. That's when I finally got on Google and figured out it was some sort of Malware. Anyways, I have absolutely ZERO experience when it comes to PC's. The last time I used a PC was back when you had to manually change the autoexec.bat and config.sys folders, lol. In other words, I need help and given that I just had to spend almost 3 grand on a new Macbook Pro, I would prefer to do this myself instead of having to pay a couple hundred dollars to have some professional service do it. 

 

Any help would be GREATLY appreciated!!!



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 31,775 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:19 PM

Posted 20 November 2013 - 09:55 AM

In many cases these issues are the result of unwanted toolbars, add-ons/plug-ins, screensavers and browser extensions which come bundled with other free third-party software (often without the knowledge or consent of the user). These can often be the source of various issues and problems to include Adware, pop-up ads browser hijacking which may change your home page and search engine, and user profile corruption.

Toolbars and add-ons install themselves in various areas of your operating system to include your browser and Windows Registry. Since some of their componets and behavior are determined to be harmful, anti-virus and anti-malware tools may detect and remove them as Potentially Unwanted Programs (PUPs).

Most bundled programs and many toolbars and Add-ons can be removed via Add/Remove Programs or the Programs and Features in Control Panel, so always check there first. Alternatively, you can use a third-party utility like Revo Uninstaller Free or Portable and follow these instructions for using it. Revo will do a more thorough job of searching for and removing related registry entries, files and folders. Revo will also show the installation date...in most cases, all this junkware is installed about the same time.

Remove anything else (newly installed programs) you do not recognize.

Note: Not all programs show up in Add/Remove Programs or Programs and Features. Some will have their own uninstaller by vendor design which can be found in the program's folder. Look for an uninstall icon (shortcut) from within its program group or open Window's Explorer, manually navigate to the program's folder itself, and look for an uninstaller file (i.e. uninstall.exe).

If the program is not listed in Add/Remove or Programs and Features, and there is no uninstaller in the program's folder, the next place to check is your browser extensions and add-ons/plug-ins.



There are also more suggestion in these articles:


Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 31,775 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:19 PM

Posted 20 November 2013 - 09:55 AM

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill by Grinler.
AdwCleaner by Xplode.
Junkware Removal Tool by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts....

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.

  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#4 RighteousNixon

RighteousNixon
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 20 November 2013 - 12:15 PM

Thanks for the info! I guess I should update this post before I go ahead and do anything else. Being as impatient a person as I am, I went ahead and tried a technique I found on this website. It was posted by Bleeping Gringo and involved creating a text file on my desktop that contained this:

 

ClearJavaCache::

Folder::
c:\program files (x86)\ScorpionSaver

 

 

I then dragged that file onto Combofix, which I downloaded from this site, and the computer went through a 15-20 minute process, which ended with a rebooting of my computer and creating some sort of log. 

 

I immediately checked to see if the ScorpionSaver files were still in my directory and to my dismay, they were. They are under my main drive in the program files folder. The folder is called ScorpionSaver Services and the folder contains 13 items, which are as follows:

 

AdpeakProxy.dll (application extension)

AdpeakProxy (application)

AdpeakProxy64.dll (application extension)

AdpeakRegisterLSP (application)

AdpeakRegisterLSP (configuration settings)

AdpeakRegisterLSP64 (application)

Installbat.dll (application extension)

Installbat64.dll (application extension)

InstallDLL.dll (application extension)

InstallDLL64.dll (application extension)

Microsoft.Deployment.WindowsInstaller.dll (application extension)

Microsoft.Deployment.WindowsInstaller (XML document)

PCProxyDLL.dll (application extension)

 

I tried deleting them again (wouldn't let me delete them when I tried initially) and this time it allowed me to delete all of them except these 2 files. 

 

AdpeakProxy (application)

PCProxyDLL.dll (application extension)

 

I did this last night and have been using the internet for at least 4-5 hours and I haven't seen any of those pop up windows that I was seeing before. So part of me is thinking that the problem is solved, but part of me is still worried as these 2 files still wont let me delete them and they are within the ScorpionSaver folder. 

 

Anyways, I am not sure if the steps I took change what you explained to me in your posts so please let me know what I should do next. I apologize for not waiting until I heard back from someone, but Bleeping Gringo seemed very knowledgeable on the subject and I am a very impatient person when it comes to these kinds of things, lol. I would really appreciate if you could look this over and help me figure out what to do next. I just want to make sure everything is ok. 

 

I did notice one thing. I am not sure if its important or not but it might explain why the Scorpionsaver files were still on my computer after using Bleeping Gringo's technique. I noticed in the ClearJavaCache text file that I created that it had the directory "program files (x86)". I then noticed that I have 2 program files directories on my computer. One is just plain program files and one is program files (x86). The ScorpionSaver files are actually located in my regular program files folder and not in my program files (x86) file. So common sense is telling me maybe I should have changed the directory in the text file to just program files instead of program files (x86). Does that make any sense??


Edited by RighteousNixon, 20 November 2013 - 12:25 PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 31,775 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:19 PM

Posted 20 November 2013 - 01:16 PM

Since you ran Combofix, its log should be thoroughly reviewed by trained experts before proceeding further. ComboFix should have saved that log to the root directory, usually C:\ComboFix.txt.

Reviewing that log would be helpful in resolving your issue but ComboFix logs are not permitted in this forum so we cannot continue here.

Please follow the instructions in the Preparation Guide For Requesting Help starting at Step 6.
When you have done that, start a new topic and post the required logs to include your ComboFix log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts.

After doing this, please reply back in this thread with a link to the new topic so we can closed this one.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users