Jump to content

Scorpion Saver will not Stay Uninstalled

James_A

By James_A
in Resolved Malware Removal Logs

 Share

Recommended Posts

James_A

James_A

Posted
Posted

I have recently been infected with "ScorpionSaver".  Malwarebytes did not find it, McAfee did not find it, uninstalled it with Revo Uninstaller Professional but it keeps coming back.  I have Run CCleaner, Combofix, Junkware removal tool, TDSskiller, Adwcleaner, removed all entries of scorpionsaver and it's company from registry, it stays away for a few hours then comes back.  Please help

 

 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
James_A

James_A

Posted
  • Author
Posted

MrCharlie,

Thank you for your quick response. Right after I left the message last night I downloaded the latest update from Malwarebytes (mine was 3 days old), I ran it all night and it found another component "Quality Level" by adpeak(same company). Malwarebytes removed it and so far I am clean, I will update this forum by tomorrow if I stay clean. It usually returned within a few hours. I want to wait to see if it is really gone.

James

Link to post
Share on other sites
Coreyj

Coreyj

Posted
Posted

Hi.  I've recently been infected with scorpion saver.  I have a theory on how it came to be on my computer...but that's not important.  Anyway...up until a few hours ago I simply used Norton as my security for my computer but, recently downloaded malwarebytes and roguekiller as I seen suggested on this forum.  I ran malwarebytes first and it found most of the unwanted things on my computer and took care of the pop up problems and search engine changes and other annoyances.   BUT...it is still there...scorpion saver by adpeak in my program list.  Please help me.  Thank you.

Link to post
Share on other sites
James_A

James_A

Posted
  • Author
Posted

Well as they said in the movie Independence day "It's back".  Malwarebytes managed to clear it but a few minutes ago my screen started blanking every 5 or 6 seconds.  I looked for the ScorpionSaver folder in the Programs 86 folder and it was not there yet, however I found the "ScorpionSaver Install file" in my temp directory.  I deleted it but I am sure it will return.  So I will be following the steps outlined above.

Link to post
Share on other sites
James_A

James_A

Posted
  • Author
Posted

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

 

Well it's back I have the files you requested and I will try to attach them.

RKreport0_S_10292013_174435.txt

attach.txt

dds.txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Run RogueKiller again and click Scan
When the scan completes > click on the Registry tab
Put a check next to all of these and uncheck the rest: (if found)
 

[V2][ROGUE ST] 4677 : wscript.exe - C:\Users\James\AppData\Local\Temp\launchie.vbs //B -> FOUND


Now click Delete on the right hand column under Options

-------------

I'm not sure where this one is but find it and have RK delete it:
 

¤¤¤ Startup Entries : 1 ¤¤¤
[sparky][sUSP PATH] Uninstall LastPass RunOnce.lnk : C:\Users\sparky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk @C:\Users\sparky\AppData\Roaming\LPUNIN~1.EXE -x -name=LastPass -ffuuid support@lastpass.com [-][7][x] -> FOUND

 


----------------------------------------------------------

Then.....

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

Link to post
Share on other sites
James_A

James_A

Posted
  • Author
Posted

MrCharlie thankyou...

I have done as you requested and had RogueKiller delete the registry entries. I did not find the files you mentioned under the files tab, so I did a search with Windows Explorer and found "Lastpass" and "Lpunin*.exe" I renamed them and moved them to the Recycle bin for deletion after your confirmation. Nothing new should have been under the Sparky profile, since I just keep that on there in case my profile becomes corrupt or infected.

Here is the information you requested from Farbar

FRST.txtAddition.txt

Link to post
Share on other sites
James_A

James_A

Posted
  • Author
Posted

As I stated earlier in the thread, I originally ran a Malwarebytes scan when the system was blanking the screen, it did not find anything. Internet Explorer and Firefox were also continually asking me to update my java. However I knew it was up to date and confirmed it by going directly to the site (I never follow links from Popups) and confirmed I had the most recent Java. I reviewed my installed programs and found "ScorpionSaver", which I had not installed (I am very careful to make sure I never use default installs)I removed it several times using Revo Uninstaller Pro in its most aggressive mode to clean out any registry entries. It still came back. I then updated my "Malwarebytes" definition file which was 3 days old. It found some entries by "Adpeak" I had them removed which I mentioned in one of my earlier posts. I even followed up making sure any registry entries with "ScorpionSaver" or "Adpeak" had been removed. I searched for any instances of "ScorpionSaver" and found none. A few days later my computer screen started blanking out again, I searched again and found "ScorpionSaver.msi" in the C:\Temp directory. I deleted it, cleaned out the registry again and the screen blanking went away. I came back on this forum and started to follow your steps. The initial "RogueKiller" cleaning removed the two items you suggested and it must have worked, because it has not come back. I followed your other steps to make sure I have not missed anything. I have worked with computers a very long time and have dealt with many Trojans, Hijacks, etc. This was the first time that a problem came back after running malwarebytes, combofix, TDSkiller, etc. I had never used the tools you suggested and RogueKiller was impressive. I am keeping my eyes peeled for any return or performance issues.

If it does not come back in a couple of days I will update this post. In the meantime I want to thank you and want to let you know I really appreciate the help and if it is gone I will make a donation.

James

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.