Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

scorpion saver still appears


  • Please log in to reply
3 replies to this topic

#1 kimricaron2626

kimricaron2626

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 08 December 2013 - 08:11 PM

Hi, I am new to this website and not very computer savy to posting on forums, so please forgive me if I make a mistake. 
 
My questions is this:
 
I have performed the scorpion saver removal per this website's instructions (I thought with success, Malware found about 35 entries, for which I removed them all while in safe mode & rebooted), but it is still appearing under programs listed within the control panel, is this correct?  Why didn't it take it out of this listing?  Is there anything else I need to do?
 
Next question, should I turn on Windows defender?
 
Thank you for your help.
krt

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:53 PM

Posted 09 December 2013 - 04:13 AM

Hello kimricaron -
It is important to note that Scorpion Saver is not a computer infection that is installed through exploits or infections, but rather it is bundled along with free software that you download off the Internet.

 

Before we can do anything we must first end the processes that belong to Scorpion Saver so that it does not interfere with the cleaning procedure. To do this, please download Rkill (courtesy of BleepingComputer.com) to your desktop.
You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
How To Temporarily Disable Your Anti-virus
Now use this version of rKill listed below =>

iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* NOTE : Do not reboot until instructed.
* If the tool does not run, please let me know.
Only if normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log. Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
 

Next -

You downloaded Malwarebytes earlier so please Update it and run a Full Scan.

Please post the log from that scan back here -

 

Next -

Please download AdwCleaner by Xplode and save to your Desktop.
* NOTE : Please close or save all work, as the computer will be Rebooted
* Double-click on AdwCleaner.exe to run the tool.
* Vista/Windows 7/8 users right-click and select Run As Administrator.
* Click on the Scan button. (only once)
* AdwCleaner will begin...be patient as the scan may take some time to complete.
* After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
NOW : Click on the Clean button. (only once)
* Press OK when asked to close all programs and follow the onscreen prompts.
* Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
* After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
* Copy and paste the contents of that logfile in your next reply.
* A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

Last -

Please download Temp File Cleaner by Old Timer
* Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
* Double-click on the TFC icon.
* Vista / Windows 7 & 8 users Right click on the icon and select Run as Administrator
* When the program opens, click on the Start button. 
* TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
* When done, press OK and reboot your computer to finish the cleanup.

 

Thank You -



#3 kimricaron2626

kimricaron2626
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 09 December 2013 - 02:31 PM

I have followed your instructions step by step without any problems and included the 2 files requested below.  I checked in my control panel and it is still listed there, does this mean that I still have it? Do I need to get it out of the control panel or am I good since I completed your instructions?

 

I tried to uninstall it and received "installation source for product not available.  Verify source exists and that you can access it."  I did not go looking for the source to complete the uninstallation.

 

Thank you for your assistance and help with these matters.

Kim

 

rKill.txt log

Rkill 2.6.3 by Lawrence Abrams (Grinler)

 

Program started at: 12/09/2013 11:18:10 AM in x86 mode.
Windows Version: Windows 7 Starter Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * SensrSvc [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 12/09/2013 11:21:34 AM
Execution time: 0 hours(s), 3 minute(s), and 24 seconds(s)

 

AdwCleaner file:

# AdwCleaner v3.014 - Report created 09/12/2013 at 13:50:33
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : duane - KIM
# Running from : C:\Users\duane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0G0VEHQM\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\openit
Folder Deleted : C:\Users\duane\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\duane\AppData\Roaming\iWin
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\Users\duane\AppData\Roaming\Mozilla\Firefox\Profiles\dxdibbom.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\duane\AppData\Roaming\Mozilla\Firefox\Profiles\dxdibbom.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\duane\AppData\Roaming\Mozilla\Firefox\Profiles\dxdibbom.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");

*************************

AdwCleaner[R0].txt - [4889 octets] - [09/12/2013 13:46:54]
AdwCleaner[S0].txt - [4932 octets] - [09/12/2013 13:50:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4992 octets] ##########

 

I then ran the TCF program and rebooted computer but no file to copy paste here as per instructions.



#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:53 PM

Posted 09 December 2013 - 04:10 PM

Hi -

Please run this M/soft program first, now follow the directions in the bottom.
http://support.microsoft.com/Mats/Program_Install_and_Uninstall/

 

Now can you open Control Panel > Programs and Features, then try to Right click > Delete the entry.

 

Thanks -

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users