Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[Help] ScorpainSaver


  • Please log in to reply
5 replies to this topic

#1 Marmar918

Marmar918

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 22 November 2013 - 12:17 AM

I would like assistance on some bad-looking thing called 'ScorpainSaver'.

Avast had detected it 'new and uncommon', and I agree with it. I don't remember downloading such a program. So, I need help with the removal. I used a program called CCleaner to uninstall it, surely it was gone. Two days later, Avast came up with the same message about ScorpainSaver, so it probrably is still lurking my system. ScorpianSaver hasn't caused trouble itself, but I don't feel comfortable knowing something harmful is out there. My system opperates Windows 7. Can anyone give me assistance on to how to get rid of it, once and for all? Thanks, anything is appreciated. I'm new to this website by the way, so if I seem slow, please excuse me. :>

 

                                                                                                                                 -Marmar


Edited by Marmar918, 22 November 2013 - 12:18 AM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:42 PM

Posted 22 November 2013 - 02:22 AM

Hello Mar mar and Welcome -

“Scorpion Saver” is an adware program that displays coupons, advertisements and sponsored links via a pop-up box on Ebay, Walmart, Amazon, Facebook and other websites that you are visiting.
Scorpion Saver is typically added when you install another free software (video recording/streaming, download-managers or PDF creators) that had bundled into their installation this adware program. When you install these free programs, they will also install Scorpion Saver as well. Some of the programs that are known to bundle Scorpion Saver include 1ClickDownload, Superfish, Yontoo and FBPhotoZoom.
First thing to do is check Programs and Features for any signs of the program that you can remove.

 

Next -

Please download and run RKill by Grinler. A black DOS box will briefly flash and then disappear.
This is normal and indicates the tool ran successfully.
If a log is produced, save it, or post it back here -

Important: Do not reboot your computer until you complete the next step.

 

Please download AdwCleaner by Xplode and save to your Desktop.
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
* Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

* NOTE - Now your computer will re auto-rebooted to clean up the remains of programs

* After rebooting, a logfile report (AdwCleaner[S1].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Next -

Shut down your protection software now to avoid potential conflicts.
* How To Temporarily Disable Your Anti-virus
* Please download Junkware Removal Tool to your desktop.
* Run the tool by double-clicking it.
* If you are using Windows Vista, 7, or 8, right click JRT.exe and select "Run as Administrator".
* The tool will open and start scanning your system.
* Please be patient as this can take a while to complete depending on your system's specifications.
* On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
* Post the contents of JRT.txt into your next message.

 

Next -

Download Malwarebytes' Anti-Malware Free (aka MBAM)

NOTE - Do not accept the Free Trial Version at this stage ..........
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an Update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to reboot the computer, if required, after you post the log.

 

See how we go after this -

 

Thank You -



#3 Marmar918

Marmar918
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 22 November 2013 - 04:33 PM

Hello. I've followed step by step, and, here are the txt files.

 

RKill:

 

 

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/22/2013 02:37:27 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\Ammar\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (PID: 5092) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\Ammar\Desktop\rkill\rkill-11-22-2013-02-37-33.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 

 

 

 


 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 11/22/2013 02:39:44 PM
Execution time: 0 hours(s), 2 minute(s), and 17 seconds(s)
 

 

 

 

AdwCleaner:

 

 

# AdwCleaner v3.012 - Report created 22/11/2013 at 14:44:04
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ammar - SIDDIQI-PC
# Running from : C:\Users\Ammar\Desktop\AdwCleaner(2).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Ammar\AppData\Roaming\Mozilla\Firefox\Profiles\5qnj35ei.default-1367770875041\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Ammar\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [7770 octets] - [21/11/2013 23:00:38]
AdwCleaner[R1].txt - [1023 octets] - [22/11/2013 14:41:39]
AdwCleaner[S0].txt - [7617 octets] - [21/11/2013 23:03:04]
AdwCleaner[S1].txt - [946 octets] - [22/11/2013 14:44:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1005 octets] ##########
 

 

 

 

JRT:

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Ammar on Fri 11/22/2013 at 15:17:51.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Ammar\AppData\Roaming\mozilla\firefox\profiles\5qnj35ei.default-1367770875041\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/22/2013 at 15:25:20.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

MBam logs:

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.22.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ammar :: SIDDIQI-PC [administrator]

11/22/2013 3:04:21 PM
mbam-log-2013-11-22 (15-04-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208139
Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\ScorpionSaver (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\$Recycle.Bin\S-1-5-21-1095007737-2892868110-2684855007-1001\$R74D8SK.exe (PUP.Optional.Firseria) -> Quarantined and deleted successfully.
C:\Users\Ammar\Downloads\Sphax PureBDcraft 64x MC17.exe (PUP.Optional.Firseria) -> Quarantined and deleted successfully.
C:\Windows\Installer\86ab47f.msi (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.

(end)
 

~~~~

Thanks for your time



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:42 PM

Posted 22 November 2013 - 05:06 PM

Hi,

You have removed 2 potential sources of the problem =>

MusicManager\MusicManager.exe (PID: 5092) [UP-HEUR]

HKCU\SOFTWARE\ScorpionSaver (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully

 

I left the Data Sheet (or parts of it) in my first reply so that you may see if there were any related programs that you had downloaded in the last few weeks -

 

How much is the problem still annoying you ?

 

Thank You -



#5 Marmar918

Marmar918
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:42 AM

Posted 22 November 2013 - 08:10 PM

As far as I've noticed, noting relevant to ScorpionSaver has occurred. About Music Manager, I didn't know I had it installed, so I deleted it.

 

Thanks for all the help, and I'll keep you updated if anything happens. :)



#6 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:42 PM

Posted 22 November 2013 - 08:42 PM

No problems -

I will keep this on my Watch List for a couple of days still.

If it pops up again we can look at other options for you -

 

Thank You -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users