Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ScorpionSaver on Windows 8


  • Please log in to reply
8 replies to this topic

#1 beqs

beqs

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 04 December 2013 - 01:05 PM

Hi,

 

I can see you help many people with this problem and how tedious it is, so I appreciate your time and patience and would love to be helped.

 

My computer runs Windows 8 (64-bit). It got infected with Adpeak's ScorpionSaver last week while downloading Adobe Reader (is nothing sacred any more?) and Norton didn't catch it.

 

I noticed it was trying to install weird things about two or three clicks into pressing "I Agree" blindly (my fault) but immediately stopped when it felt they were one or two clicks too many and pressed "Cancel" the rest of the way (several clicks' worth, I may add).

 

Right away I removed it from my programs, along with the offending Adobe Reader but it was too late. It's been self-reinstalling ever since. 

 

I keep removing the extensions from Chrome and removing it from my programs whenever I notice it again but I need a permanent solution.

 

Please help me, Obi Wan Kenobi (from what I read, that would be you, Gringo). You're my only hope.

 

Beq



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:12 AM

Posted 05 December 2013 - 11:46 AM


Hi, I moved you to AM I Infected for now as this area requires a DDS log.

This usually works..

Also look in Control Panel for any Scorpin to remove.

ADW Cleaner

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
    <-insert any special instructions here for what to uncheck OR remove this line if there are none->
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • .
    .
    .

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • .
    .
    .
    .
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Brian81

Brian81

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 05 December 2013 - 12:13 PM

Another program I would suggest downloading is malwarebytes. Very simple install and just run the full scan to see what it catches.

 

Some AV vendors may detect this but not remove because it may not be considered true malware. It likely has a legitimate use for some.


Edited by Brian81, 05 December 2013 - 12:35 PM.


#4 beqs

beqs
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 05 December 2013 - 03:38 PM

Hi, Global Moderator.  Sorry about posting in the wrong forum, I had run a search and found most of the ScorpionSaver problems on that one.

 

Ok so I ran AdwCleaner and this is the log:

 

# AdwCleaner v3.014 - Report created 05/12/2013 at 14:31:54
# Updated 01/12/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Rebeca - BEQS
# Running from : C:\Users\Rebeca\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : Level Quality Watcher
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Level Quality Watcher
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\Rebeca\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1352 octets] - [05/12/2013 14:30:04]
AdwCleaner[S0].txt - [1059 octets] - [05/12/2013 14:31:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1119 octets] ##########
 

 

 

I continued with Junkware Removal Tool and this is the log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Rebeca on Thu 12/05/2013 at 14:43:25.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/05/2013 at 14:47:40.06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
And now this is ESET's log:
 
C:\temp\InstallServices64.msi Win64/Adware.Adpeak.A application deleted - quarantined
 

Edited by beqs, 05 December 2013 - 05:04 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:12 AM

Posted 05 December 2013 - 08:41 PM

Good. Not a problem.. In that forum if you do not post the required logs for your topic will get passed on.

When you install updates and other things you need to watch for other things they try to install such as you found.

This is right off Adobe's page
You need to Un check the box
 

Optional offer:

Yes, install Google Chrome as my default browser and Google Toolbar for Internet Explorer.

Google Toolbar and Google Chrome

Learn more | Install Options

 

 

I also select the manual install  and no the Recommended so I can uncheck any extras there too.

 

So do you have any left.


Edited by boopme, 05 December 2013 - 09:24 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 beqs

beqs
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 05 December 2013 - 09:11 PM

Yeah, I'm usually super careful but that night had been a long day and I was tired. I noticed I was clicking on way too many unread Terms of Service "I accept"s on the third request and panicked when I read what it was I was "agreeing" to.

 

So far it hasn't come back, but it takes a day or so before Chrome crashes mid-use as Adpeak reinstalls itself. Let me get back to you on this tomorrow. 

 

The only thing I've noticed different after all these program cleanups is my computer is running non-stop (fan on, heating up, etc). According to Norton it's strictly vcsystremtray.exe taking up 50% of my CPU, but they deem it a normal process for VAIOs and harmless. Apparently it kicks in after the registry has been tampered with, which I know we did in order to fish out the ScorpionSaver reinstalling bit, so I'm hoping it goes away once I put her to bed tonight. We'll see.

 

I'll come back tomorrow with an update on whether all's clear or I still have a problem, but whichever the outcome, thank you so much for helping me!



#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:12 AM

Posted 05 December 2013 - 09:35 PM

Ok. let us know.
 
To be safe submit vcsystremtray.exe for a second opinion. To get a second opinion, submit it to one of the following online services that analyzes suspicious files:In the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.

Edited by boopme, 05 December 2013 - 09:35 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 beqs

beqs
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 AM

Posted 06 December 2013 - 02:28 PM

Well, today my computer has been running smoothly (no sign of CPU strain by vcsystremtray.exe) and so far, no signs of ScorpionSaver either. Hurrah!!

 

I've saved this site in my favorites because you gave me wonderful advice, very good tools, and solved my problem completely. I'll be recommending you to everyone I know. You guys rock!

 

I hope whoever designs malware get an itch where they can never scratch.



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:12 AM

Posted 06 December 2013 - 07:55 PM

Thank you, it is my pleasure and we appreciate your visit.

Kep your windows and applications updated!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users