Solved

Spyware Stormer continues to give pop ups, I need to know how to get rid of it. I have tried Adaware, Macafee, and Spybot.

Posted on 2004-08-20
11
48,966 Views
Last Modified: 2008-03-17
Spyware Stormer continues to give pop ups, I need to know how to get rid of it. I have tried Adaware, Macafee, and Spybot. I still receive constant advertisements wanting me too purchase their product. Please tell me how to stop spyware stormer popups.
0
Comment
Question by:gmar777
11 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 500 total points
ID: 11855810
Hello gmar777 =)

Download HijackThis v1.98.2, run it, Save the LOG file and Post it here:
http://tools.radiosplace.com/HijackThis.exe
0
 

Author Comment

by:gmar777
ID: 11856056
Logfile of HijackThis v1.98.2
Scan saved at 2:11:25 PM, on 8/20/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\altiris\AClient.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\altiris\AClntUsr.EXE
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\gmartin\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mvusd.k12.ca.us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cec-isa.mvusd.k12.ca.us:1414
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = outlook.mvusd.k12.ca.us;iwww.mvusd.k12.ca.us;vlhs-lib.mvusd.k12.ca.us/wx/s.dll;mvusd4gl.mvusd.k12.ca.us;blackboard.mvusd.k12.ca.us;www.mvusd.k12.ca.us;helpdesk.mvusd.k12.ca.us;vvhs.mvusd.k12.ca.us;vvhs;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [AClntUsr] c:\altiris\AClntUsr.EXE
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.mvusd.k12.ca.us
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1092763979001
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mvusd.k12.ca.us
O17 - HKLM\Software\..\Telephony: DomainName = mvusd.k12.ca.us
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mvusd.k12.ca.us
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mvusd.k12.ca.us

0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11856107
lol..... ur LOG is clean,,,,, nothing BAD :)
is ur messenger service running,,, if YES then disable it >> http://www.itc.virginia.edu/desktop/docs/messagepopup/
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
ID: 11856153
Also just try downloading this Popup Blocker >> http://www.synergeticsoft.com/docs/pop_up_blocker/
Direct Download link >> http://www.synergeticsoft.com/files/PB.exe

and Add those Spyware Stromer popups in its block list,,,, and next time they will be blocked by this tool :)
0
 
LVL 6

Expert Comment

by:acmp
ID: 11864927
All the info I can find on Google says the 'Spyware Stormer' is as bad as the spyware it is susposed to remove.

If you have installed this software I'd recommend removing it. Though I can't see any evidance of it in your log file.

acmp<><
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Expert Comment

by:EllisonG
ID: 11929798
0
 

Expert Comment

by:rcolkett
ID: 12058754
You should purchase a program called X-Cleaner, from www.xblock.com.  I have been using it for the past year, and it works great.
0
 

Expert Comment

by:clepkens_koen
ID: 12062794
CWshreder is OK, but try to stop the incomming.
The CWshreder has got some real good info on how the spyware comes in....
It has something to do with the XP version and the service pack installed or not.
Install service pack 1, then run the CWshreder
0
 

Expert Comment

by:a1serv
ID: 12087929
I am using Spy Sweeper and STOPzilla.  They work very well for my home PC.

Here are URL for these products:
http://www.webroot.com/land/spysweeperb.php?rc=1061&ac=disc
http://www.stopzilla.com/download/download_select.asp?AID=10004&S=4&type=DOWNLOAD&topic=&source=&AAID=&dre=

Good luck!
0
 

Expert Comment

by:danhrmr
ID: 12093795
I just had this problem!

Bring up Spyware Stormer.
Click on 'Advanced'.
Make sure Auto-Load Spyware Stormer with Windows' and 'ProActive Spyware Protection'
is unclicked.
Close window and restart.
Problem solved!!!

   Dan R.

0
 

Expert Comment

by:titan203
ID: 14403843
This problem is bring by some free spyware. they will include worm and hijack your PC when u online.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many HijackThis tutorials on the web already, so this article is about tips that help utilize HijackThis' full potential as a diagnostic tool. Download HijackThis from a TrendMicro link or from known reliable sources only. http://free.…
PREFACE The purpose of this guide is to provide information to successfully add specific IIS 7.0 role services for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technol…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now