Jump to content

ScorpionSaver won't completely go away

aparente001

By aparente001
in Resolved Malware Removal Logs

 Share

Recommended Posts

aparente001

aparente001

Posted
Posted

ScorpionSaver cannot be uninstalled either from the standard Windows 7 uninstaller nor with Ccleaner.  I am running Windows 7 Home Premium.  I read https://forums.malwa...howtopic=137526 carefully.  I have run adwcleaner and malwarebytes.  Also erunt and systemlook.  I will attach my systemlook results.  Can you give me the next step, please?

 

(Evidently I posted my original question in the wrong place.  I received an email which helped me find the correct section of the forum.)

 

Two suggestions for making the forum easier to use:

 

1. "Follow this topic" should be checked by default.

 

2. Simple instructions at the top of the forum should point to the right place to post a request for help.

 

Thank you!

SystemLook.txt

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello aparente and welcome to Malwarebytes forum.

 

Would you please attach the MBAM Scan log, so that I can review.  I need to see what it found and has done.

Then we will proceed.

 

Please do not do any self-medication, whilst I am helping you here.  Be sure you tell where and (if) you see the Scorpion Saver pest.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted (edited)

This topic & directions  are for  member   aparente001only.       If you are a casual viewer, do NOT try this on your system!

If you have a similar problem, do NOT post here;  start your own topic

 

The Scorpion Saver is a real pesky recent infection and can be very persistent.
Please follow my guidance and do this, as a first step.

I'll need more information to locate the source of the issue.

Turn off your antivirus at this time.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
http://www.bleepingcomputer.com/forums/index.php?showtopic=114351

Close all the opened windows of any program you started. meaning, clear the deck. The principle is to lighten the load of running programs at the time.

Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark. < = =

look down the screen to Action for potentially unwanted programs PUP &

Clicking the down arrow ***
select "Show in results list and check for removal" from the drop down (arrow) selections. < = = =

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a FULL Scan. *** <<< ****

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. < = = =

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, ATTACH the MBAM scan log into a new reply for my review.
IF this is Windows XP, the log would be under this folder
C:\Documents and Settings(Your Profile Name)\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs

IF this is Windows Vista or Win7 or Win8:
C:\Users<USERNAME>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

I need the most current one that starts with the name mbam-log-2013 ( with the latest time & Date stamp)

Please only ATTACH the log files I ask for.

When all done, Re-Enable your antivirus program.

This pest is persistent as I said. It is seeming to change from time to time in its components.
This will take a few more sessions, but have faith and infinite patience.

I also need to know from you the How / When / Where you do see the "Scorpion Saver".
and if in a browser, you have to tell me which one !!

[ # 2 ]
Download and SAVE Shortcut Cleaner to your Desktop from http://www.bleepingcomputer.com/download/shortcut-cleaner/dl/172/
On Windows 7 / 8 / Vista, do a Right-click on it and select Run as Administrator.
On Windows XP, double-click to start.

When all done, Copy & Paste the contents of "sc-cleaner.txt"into a reply.

[ # 3 ]
Download Random's System Information Tool (RSIT)
from http://images.malwareremoval.com/random/RSITx64.exe
and save it to your desktop.

Start on RSITx64.exe

* If this is Windows Vista or Windows 7 or 8 or 8.1, Do a RIGHT-Click on RSITx64.exe  and select Run as Administrator and allow to run.

Accept the disclaimer:
Click "Continue" at the disclaimer screen.
Once it has finished, two logs will open. Please attach the logs in your next reply:
both "log.txt" (<<will be maximized) and "info.txt" (<<will be minimized)

Please only ATTACH the log files I ask for.

Do always just reply to -this- ticket ( where indicated ). And do not create new tickets.
If you should have a question, as we go along, please stop and ask me first.

Do not do any freewheeling websurfing for the duration of this case. Do not any any online transactions.

Regards,

Maurice Naggar
Product Support

Malwarebytes Corporation
Crushes malware. Restores confidence.

Edited by Maurice Naggar
Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

I -will- assist you in removing any trace in the Installed programs list.   Just that entry there is not harmful.

The fist main thing is to squash the actual executables !

 

Save the attached file Delete-scorpion.zip to the Desktop.

Unzip ( extracting the content ) to the Desktop.

 

Then you will see a Delete-scorpion.reg on there  ( the desktop ).

Do a Right-click on it and select MERGE   and allow it to proceed.

 

You should get a confirmation at the end.

 

Proceed forward then to get for me the RSIT reports.

 

 

Delete-scorpion.zip

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

OK, all well and good.   But .... do not go away just yet ---- do yourself a big favor.     Get for me those logs so that I can review and make sure there are no "other" remains laying about.

 

If you did not know before --- Scorpion saver puts many  hooks into your system.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

This report set ....

 

Download Random's System Information Tool (RSIT)
from http://images.malwareremoval.com/random/RSITx64.exe
and save it to your desktop.

Start on RSITx64.exe

* If this is Windows Vista or Windows 7 or 8 or 8.1, Do a RIGHT-Click on RSITx64.exe  and select Run as Administrator and allow to run.

Accept the disclaimer:
Click "Continue" at the disclaimer screen.
Once it has finished, two logs will open. Please attach the logs in your next reply:
both "log.txt" (<<will be maximized) and "info.txt" (<<will be minimized)

Please only ATTACH the log files I ask for.

Do always just reply to -this- ticket ( where indicated ). And do not create new tickets.
If you should have a question, as we go along, please stop and ask me first.

Do not do any freewheeling websurfing for the duration of this case. Do not any any online transactions.

Regards,

Maurice Naggar
Product Support

Malwarebytes Corporation
Crushes malware. Restores confidence.

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Hello,

 

Your system is clear of Scorpion Saver.  You are good to go after the following cleanups.

 

First, close any open work documents & any open work apps.
Download & Save OTC to your desktop and then run it
http://oldtimer.geekstogo.com/OTC.exe

Click "Yes" to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

 

Delete these if still present:

RSITx64.exe

Delete-scorpion.reg

Delete-scorpion.zip

sc-cleaner.exe

systemlook.txt

systemlook.exe

 

 

Suggestions that you should follow:
Get and put in place our beta Anti-Exploit
http://www.malwarebytes.org/products/antiexploit/

Safer practices & malware prevention
Have a hardware router between the incoming internet-modem and your computer.

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html

 Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.

Check in at http://windowsupdate.microsoft.com]Windows Update and install any Important Updates offered.

Make certain that Automatic Updates is enabled.
How to configure and use Automatic Updates in Windows
http://support.microsoft.com/kb/306525

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed. Furthermore, If the license agreement or installation screens state that they are going to install a toolbar or other unwanted adware, it is advised that you cancel the install and not use the free software.

Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (PSI) on a monthly basis.
See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
http://www.bleepingcomputer.com/tutorials/tutorial174.html
 
 
Download, install, and keep updated Spyware Blaster (free): http://www.brightfort.com/spywareblaster.html
(all Protections should be enabled at all times)
Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
http://www.bleepingcomputer.com/tutorials/use-spywareblaster-to-protect-your-computer/

I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
That would help to keep your browser away from known spyware/malware sites.
Get notified when the MVPS HOSTS file is updated
http://winhelp2002.mvps.org/updates.htm



 Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
Having a total image backup of your system stored on DVD/CD is highly important.
Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if a disaster hits.
 
Consider using Web of Trust    WOT add-on for your browser(s)
http://www.mywot.com/en/download
http://www.mywot.com/en/faq/add-on

Take extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}
Don't plug in an unknown flash/thumb drive into your PC.
IF you must do so, hold down the SHIFT-key when you insert the drive.
Scan any file with your Antivirus prior to opening or using.
 

 

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.