Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
"Scorpion Saver" Floating Ad on Web Pages
This section provides an example of 'Scorpion Saver' floating ads on Web pages with 'Ad Info' linked displayed below the add. 'Scorpion Saver' floating ads are related malware 'Tube Dimmer'.
The reason why I associate floating ads on the bottom right corner of web pages to malware "Tube Dimmer" is based on my first-hand experience on an infected Windows 7 system.
1. On the infected Windows 7 system, I visited the home page of my website with Firefox.
2. I saw a floating ad displayed on the bottom right corner of the page:
3. I moved the mouse over the "Ad Info" link below the ad and saw the link URL pointing to malware site scorpionsaver.com.
4. I searched Internet on "scorpionsaver.com" and saw several articles mentioning "Scorpion Saver" and "Tube Dimmer" together.
5. Later, I also noticed a Norton anti-virus alert showing AdpeakProxy.exe from "Scorpion Saver" trying to download additional malware component from tubedimmerapp.com server. See the next section for more details.
By the way, "Scorpion Saver" may also infect Windows system without "Tube Dimmer". One web site provides the full list of "Scorpion Saver" files:
C:\Program Files\ScorpionSaver Services\ C:\Program Files\ScorpionSaver Services\AdpeakProxy.dll C:\Program Files\ScorpionSaver Services\AdpeakProxy.exe C:\Program Files\ScorpionSaver Services\AdpeakProxy64.dll C:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.exe C:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP.ini C:\Program Files\ScorpionSaver Services\AdpeakRegisterLSP64.exe C:\Program Files\ScorpionSaver Services\InstallDLL.dll C:\Program Files\ScorpionSaver Services\InstallDLL64.dll C:\Program Files\ScorpionSaver Services\Installbat.dll C:\Program Files\ScorpionSaver Services\Installbat64.dll C:\Program Files\ScorpionSaver Services\Microsoft.Deployment.WindowsInstaller.dll C:\Program Files\ScorpionSaver Services\Microsoft.Deployment.WindowsInstaller.xml C:\Program Files\ScorpionSaver Services\PCProxyDLL.dll C:\Windows\Installer\{6E810AB6-F34E-49A3-A93F-9E503660F718}\ C:\Windows\Installer\{6E810AB6-F34E-49A3-A93F-9E503660F718}\icon64.ico C:\Windows\SysWOW64\AdpeakProxy.dll C:\Windows\SysWOW64\AdpeakProxy.ini C:\Windows\SysWOW64\AdpeakProxyOff.ini C:\Windows\System32\AdpeakProxy.ini C:\Windows\System32\AdpeakProxy64.dll C:\Windows\System32\AdpeakProxyOff.ini C:\Windows\Temp\AdpeakProxy.log C:\Windows\Temp\AdpeakProxyr.log
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Security Protection
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
McAfee Virus and Malware Protection Tools
Spybot - Spyware Blocker, Detection and Removal
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
HijackThis - Browser Hijacker Diagnosis Tool
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
►"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
What Is Malware "Tube Dimmer"?
"Search Deals by Injekt" Ads on Google Pages
►"Scorpion Saver" Floating Ad on Web Pages
"Scorpion Saver" Adpeak Proxy Attack
Google Ads Hijacked by "Scorpion Saver" Ads
Yahoo! Ads Displaced in Yahoo! Email
"RocketTab Ads" Box on Google Pages
Diagnosis Results of Malware "Tube Dimmer"
ChromeHelper.exe, FirefoxHelper.exe, and IeHelper.exe
Removing Malware "Tube Dimmer"
Malware Manual Removal Experience
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
PWS (Password Stealer) Trojan Infection Removal