"Scorpion Saver" Adpeak Proxy Attack
This section provides an example of Norton anti-virus alert reporting a 'Fake App Attack: Adware Installer Download 3' attack initiated by malware 'Tube Dimmer'.
While I was trying to remove malware "Tube Dimmer", my Norton anti-virus tool caught the malware
trying to communicate back to their server. Here is what happened:
1. Ran Windows Task Manager and terminated the "updater.exe (C:\ProgramData\Updater\updater.exe" process.
2. Few seconds later, a Norton anti-virus tool alert displayed.
Severity: High; Activity: An intrusion attempt by d.tubedimmerapp.com
was detected. Status: Blocked.
IPS Alert Name: Fake App Attack: Adware Installer Download 3
Attacking Computer: d.tubedimmerapp.com (188.8.131.52, 80)
Attacker URL: d.tubedimmerapp.com/updater/setup2.exe
Network traffic from d.tubedimmerapp.com/updater/setup2.exe matches
the signature of a known attach. The attack was resulted from
\PROGRAM FILES\SCORPIONSAVER SERVICES\ADPEAKPROXY.EXE...
The picture below shows the Norton security alert the "Tube Dimmer - Adpeak Proxy" attack on a Windows 7 system:
Last update: 2013.
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Security Protection
Windows 8 System Recovery
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 System Recovery
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
McAfee Virus and Malware Protection Tools
Spybot - Spyware Blocker, Detection and Removal
Keeping Firefox Secure
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
HijackThis - Browser Hijacker Diagnosis Tool
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
►"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
What Is Malware "Tube Dimmer"?
"Search Deals by Injekt" Ads on Google Pages
"Scorpion Saver" Floating Ad on Web Pages
►"Scorpion Saver" Adpeak Proxy Attack
Google Ads Hijacked by "Scorpion Saver" Ads
Yahoo! Ads Displaced in Yahoo! Email
"RocketTab Ads" Box on Google Pages
Diagnosis Results of Malware "Tube Dimmer"
ChromeHelper.exe, FirefoxHelper.exe, and IeHelper.exe
Removing Malware "Tube Dimmer"
Malware Manual Removal Experience
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
PWS (Password Stealer) Trojan Infection Removal
MS08-001 Vulnerability on Windows Systems
Antivirus System PRO
PDF Printing Version