Scorpion Saver: The Nightmare Continues?

[Danimal1969]

My last thread on this is here: https://forums.malwarebytes.org/index.php?showtopic=137320

 

 

Hey Guys. I was sure we had this one licked. My computer was fine for 3 or 4 days. I ran mbam and system look numerous times and had no signs of Scorpion Saver or Adpeak. Then tonight, I was surfing a forum I'm always on and my Norton popped up. I did as it instructed and restarted and it said 1 virus was removed, but didn't tell me what it was.

 

I ran Mbam again and wanted to cry. Got this log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.06.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Dan :: HP-G72-DAN [administrator]

Protection: Disabled

12/5/2013 10:14:43 PM
mbam-log-2013-12-05 (22-14-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 26173
Time elapsed: 4 minute(s), 13 second(s) [aborted]

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\temp\InstallServices64.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.

(end)

 

 

 

Adwcleaner got this:

 

# AdwCleaner v3.013 - Report created 05/12/2013 at 22:55:09
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dan - HP-G72-DAN
# Running from : C:\Users\Dan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\eslc864v.default-1385756225182\prefs.js ]

*************************

AdwCleaner[R0].txt - [7336 octets] - [27/11/2013 19:10:20]
AdwCleaner[R1].txt - [887 octets] - [28/11/2013 20:08:52]
AdwCleaner[R2].txt - [1005 octets] - [29/11/2013 10:42:13]
AdwCleaner[R3].txt - [1126 octets] - [29/11/2013 15:04:43]
AdwCleaner[R4].txt - [1260 octets] - [29/11/2013 15:34:40]
AdwCleaner[R5].txt - [1380 octets] - [29/11/2013 19:34:03]
AdwCleaner[R6].txt - [1501 octets] - [30/11/2013 12:17:34]
AdwCleaner[R7].txt - [1561 octets] - [05/12/2013 22:54:18]
AdwCleaner[s0].txt - [7332 octets] - [27/11/2013 20:10:47]
AdwCleaner[s1].txt - [947 octets] - [28/11/2013 20:10:24]
AdwCleaner[s2].txt - [1066 octets] - [29/11/2013 10:43:13]
AdwCleaner[s3].txt - [1091 octets] - [29/11/2013 15:18:33]
AdwCleaner[s4].txt - [1322 octets] - [29/11/2013 15:50:31]
AdwCleaner[s5].txt - [1442 octets] - [29/11/2013 19:34:58]
AdwCleaner[s6].txt - [1482 octets] - [05/12/2013 22:55:09]

########## EOF - C:\AdwCleaner\AdwCleaner[s6].txt - [1542 octets] ##########

 

 

 

System Look got this:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 23:04 on 05/12/2013 by Dan
Administrator - Elevation successful

========== filefind ==========

Searching for "*Scorpion*"
C:\Users\Dan\Music\iTunes\iTunes Media\Music\Lucy Kaplansky\Flesh And Bone\01 Scorpion.m4a --a---- 3774307 bytes [18:04 15/01/2011] [00:51 13/10/2007] 0BA6F8BB0C335F410CBCF262298DBA9B

Searching for "*adpeak*"
No files found.

========== folderfind ==========

Searching for "*Scorpion*"
C:\Users\Dan\Music\iTunes\iTunes Media\Music\Scorpions d------ [02:39 12/01/2011]
C:\Users\Dan\Music\New Music from Scott\Music\Scorpions d------ [18:32 09/01/2011]

Searching for "*adpeak*"
No folders found.

========== regfind ==========

Searching for "*Scorpion*"
No data found.

Searching for "*adpeak*"
No data found.

Searching for "Scorpion"
No data found.

Searching for "adpeak"
No data found.

-= EOF =-

 

 

 

I checked my "uninstall" menu in windows and while Scorpion Saver was not there, I noticed about 20 programs showed as just installed. All programs I've had for at least several months. Kinda weird. Any thoughts as to why that is? Anything else I should be looking at? I hope this hasn't returned...

 

 

 

 

 

 

[kevinf80]

I assume these entries are ok, do  you recognize them/

 

C:\Users\Dan\Music\iTunes\iTunes Media\Music\Scorpions d------ [02:39 12/01/2011]
C:\Users\Dan\Music\New Music from Scott\Music\Scorpions d------ [18:32 09/01/2011]

 

Regarding Norton, surely there will be a log to look at. Its a very long time since I used NIS but do remember this:

 

Open the Norton program on your computer.  look for the "Reports" link in the left pane of the Norton window directly underneath the Norton Antivirus logo. Click on it, is a log there?

 

Run a full scan with Malwarebytes and post that log...

[Danimal1969]

^Kevin,

 

^{Sorry for the delay. I got bit by a nasty stomach flu and have been out of commission for a couple days.}

 

^{Yes, the music files are all legit.}

 

^{I went into my Norton and found the info. The most recent thing it found was called "Trojen.Hachilem". I did a little research and that one doesn't appear related to Scorpion Saver. Another recent infection that it seemed to find right about the time SS first hit was called " Suspicious.cloud.9".}

 

^{I ran a MBAM full scan last night. No threats found. Kind of weird. Here is the log.}

 

 

^{Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org}

^{Database version: v2013.12.07.06}

^{Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Dan :: HP-G72-DAN [administrator]}

^{Protection: Disabled}

^{12/7/2013 1:25:25 PM
mbam-log-2013-12-07 (13-25-25).txt}

^{Scan type: Full scan (C:\|D:\|E:\|F:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 978847
Time elapsed: 15 hour(s), 19 minute(s), 37 second(s)}

^{Memory Processes Detected: 0
(No malicious items detected)}

^{Memory Modules Detected: 0
(No malicious items detected)}

^{Registry Keys Detected: 0
(No malicious items detected)}

^{Registry Values Detected: 0
(No malicious items detected)}

^{Registry Data Items Detected: 0
(No malicious items detected)}

^{Folders Detected: 0
(No malicious items detected)}

^{Files Detected: 0
(No malicious items detected)}

^(end)

 

 

Any idea what would cause so many of my programs to be shown as just being installed? Stuff I haven't used in months or even years?

 

Thanks,

Dan

[kevinf80]

Hiya Dan,

 

Not really sure why the install dates have changed, can only assume is down to the alterations we make within the registry. What is your OS status now, any remaining issues or concerns?

 

Kevin

[Danimal1969]

Kevin,

 

 

Thanks for hanging in there with me. Been sick and haven't had much of a chance to mess with my computer. When I have used it, I am getting this hachilem trojen/virus thing every couple days, but Norton seems to grab it each time.

 

No signs of Scorpion Saver since the first post in this thread. I guess I'm good for now. If It goes a few more days without issue we should close this thread.

 

Dan

[kevinf80]

Hello again Dan,

 

Very strange that Norton is hitting on the same virus every couple of days or so, maybe worthwhile running a couple of deeper scans....

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log...

 

Next,

 

Run an online AV scan to ensure there are no remnants of any infection left on your system that we may have missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7/8 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 

• Turn off the real time scanner of any existing antivirus program while performing the online scan
  
• click on the Run ESET Online Scanner button
  
• Tick the box next to YES, I accept the Terms of Use.
  Click Start
  
• When asked, allow the add/on to be installed
  Click Start
  
• Make sure that the option Remove found threats is unticked
  
• Click on Advanced Settings, ensure the options
  
• Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  Click Scan
  
• wait for the virus definitions to be downloaded
  
• Wait for the scan to finish
  

 

When the scan is complete

 

• If no threats were found
  
• put a checkmark in "Uninstall application on close"
  
• close program
  
• report to me that nothing was found
  

 

If threats were found

 

• click on "list of threats found"
  
• click on "export to text file" and save it as ESET SCAN and save to the desktop
  
• Click on back
  
• put a checkmark in "Uninstall application on close"
  
• click on finish
  

 

close program

 

copy and paste the report in next reply

 

Let me see those two logs.....

 

Kevin....

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!