SpywareStormer where from?

Discussion in 'Computer Support' started by NoBody@this.home.net.invalid, Oct 6, 2004.

  1. Guest

    I have been getting a pop under screen from Spyware Stormer.
    Plain white screen asking if my system is slowing down and do
    I want to run a check. There is a yes and no dialog box if I say
    no it takes me to the homepage don't know what happens if
    I say yes. Found I could prevent being sent to the home page
    if I clicked the X in upper right corner. Google says it is a
    scam (yes) but how am I getting this? I have ZAPro with popup
    block on and Google toolbar. Don't know if it is Java or ActiveX
    or what.
    Using WinXP SP1 fully updated, Ad-Aware,Spybot. Seems to
    come up when I go to CDFreaks Web site but not sure as it is
    a pop under screen and I don't see it until I close down IE

    TIA
    , Oct 6, 2004
    #1
    1. Advertising

  2. samuel Guest

    lid wrote in
    news:eek::

    > I have been getting a pop under screen from Spyware Stormer.
    > Plain white screen asking if my system is slowing down and do
    > I want to run a check. There is a yes and no dialog box if I say
    > no it takes me to the homepage don't know what happens if
    > I say yes. Found I could prevent being sent to the home page
    > if I clicked the X in upper right corner. Google says it is a
    > scam (yes) but how am I getting this? I have ZAPro with popup
    > block on and Google toolbar. Don't know if it is Java or ActiveX
    > or what.
    > Using WinXP SP1 fully updated, Ad-Aware,Spybot. Seems to
    > come up when I go to CDFreaks Web site but not sure as it is
    > a pop under screen and I don't see it until I close down IE
    >
    > TIA


    it's mentioned here
    scroll scroll down for fixes information
    http://www.spywarewarrior.com/rogue_anti-spyware.htm

    alt.comp.anti-virus
    alt.privacy.spyware

    http://aumha.org/a/parasite.htm
    samuel, Oct 6, 2004
    #2
    1. Advertising

  3. °Mike° Guest

    Download, update and use ALL of the following -- even
    if you already have them installed, UPDATE THEM NOW.
    Malware changes by the day, even by the hour, so you MUST
    have the latest version of removal tools:

    Spybot Search & Destroy
    http://www.safer-networking.org/en/index.html
    http://spybot.safer-networking.de/en/index.html
    http://spybot.eon.net.au/
    SpyBot S&D guide
    http://www.chem.wisc.edu/~network/spybot/

    Ad-Aware SE
    http://www.lavasoftusa.com/
    http://www.lavasoft.nu/
    http://www.lavasoft.de/
    Ad-Aware VX2 cleaner plug-in
    http://www.lavasoftusa.com/software/plugins/vx2cleaner.shtml
    http://www.lavasoft.nu/software/plugins/vx2cleaner.shtml
    http://www.lavasoft.de/software/plugins/vx2cleaner.shtml
    IMPORTANT NOTICE:
    http://www.mvps.org/winhelp2002/hosts.htm#Attention

    Spyware Blaster
    http://www.javacoolsoftware.com/spywareblaster.html
    http://www.net-integration.net/tools/spywareblaster.html

    CWShredder (CoolWebSearch remover)
    http://www.spywareinfo.com/~merijn/cwschronicles.html
    http://www.spywareinfo.com/~merijn/files/cwshredder.zip
    http://doxdesk.com/parasite/CoolWebSearch.html

    **********************************************

    If, and ONLY if, you have no luck using ALL of the above,
    install HijackThis and post the contents of your log here.

    HijackThis
    http://mjc1.com/mirror/hjt/
    http://www.spywareinfo.com/~merijn/files/hijackthis.zip
    http://209.133.47.12/~merijn/files/HijackThis.exe
    http://aumha.org/downloads/hijackthis.zip
    http://aumha.org/downloads/hijackthis.exe


    On Wed, 06 Oct 2004 09:09:22 GMT, in
    <>
    lid scrawled:

    >I have been getting a pop under screen from Spyware Stormer.
    >Plain white screen asking if my system is slowing down and do
    >I want to run a check. There is a yes and no dialog box if I say
    >no it takes me to the homepage don't know what happens if
    >I say yes. Found I could prevent being sent to the home page
    >if I clicked the X in upper right corner. Google says it is a
    >scam (yes) but how am I getting this? I have ZAPro with popup
    >block on and Google toolbar. Don't know if it is Java or ActiveX
    >or what.
    >Using WinXP SP1 fully updated, Ad-Aware,Spybot. Seems to
    >come up when I go to CDFreaks Web site but not sure as it is
    >a pop under screen and I don't see it until I close down IE
    >
    >TIA


    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Oct 6, 2004
    #3
  4. Guest

    Re: SpywareStormer where from Hijack Log attached?

    On Wed, 06 Oct 2004 19:08:17 +0100, °Mike° <> wrote:

    >Download, update and use ALL of the following -- even
    >if you already have them installed, UPDATE THEM NOW.
    >Malware changes by the day, even by the hour, so you MUST
    >have the latest version of removal tools:
    >
    >Spybot Search & Destroy

    Done daily
    >
    >Ad-Aware SE

    Done daily
    >Ad-Aware VX2 cleaner plug-in

    Says only applies to Ad-Aware 6 am using SE
    >http://www.lavasoftusa.com/software/plugins/vx2cleaner.shtml
    >http://www.lavasoft.nu/software/plugins/vx2cleaner.shtml
    >http://www.lavasoft.de/software/plugins/vx2cleaner.shtml
    >IMPORTANT NOTICE:

    Will look
    >http://www.mvps.org/winhelp2002/hosts.htm#Attention
    >
    >Spyware Blaster

    Done daily

    >
    >CWShredder (CoolWebSearch remover)

    Done
    >http://www.spywareinfo.com/~merijn/cwschronicles.html
    >http://www.spywareinfo.com/~merijn/files/cwshredder.zip
    >http://doxdesk.com/parasite/CoolWebSearch.html
    >
    >**********************************************
    >
    >If, and ONLY if, you have no luck using ALL of the above,
    >install HijackThis and post the contents of your log here.
    >
    >HijackThis


    NOTE: All the spyware checks are clean and always have been

    Logfile of HijackThis v1.98.2
    Scan saved at 8:58:12 AM, on 10/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Grisoft\AVG6\avgserv.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Drive Image 7.0\Agent\PQV2iSvc.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    D:\Grisoft\AVG6\avgcc32.exe
    D:\ZoneAlarm\zlclient.exe
    D:\K9\K9.exe
    D:\HDDTemp\DTemp.exe
    D:\Agent\agent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    F:\Updates\HiJack\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
    D:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    D:\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
    C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
    c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AVG_CC] D:\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "D:\ZoneAlarm\zlclient.exe"
    O4 - Startup: Launch K9.lnk = D:\K9\K9.exe
    O4 - Startup: Shortcut to DTemp.lnk = D:\HDDTemp\DTemp.exe
    O8 - Extra context menu item: &Google Search - res://c:\program
    files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program
    files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
    files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program
    files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program
    files\google\GoogleToolbar2.dll/cmtrans.html
    O16 - DPF: ppctlcab - http://69.44.122.156/scanner/ppctlcab.cab
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight
    Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF}
    (PatchInstaller.Installer) -
    file://K:\content\include\XPPatchInstaller.CAB
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1093519622765
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{37786A0C-8AFF-4D92-9BF3-6704FA3A7AFF}:
    NameServer = 203.49.70.92 139.134.2.190
    O17 -
    HKLM\System\CS1\Services\Tcpip\..\{37786A0C-8AFF-4D92-9BF3-6704FA3A7AFF}:
    NameServer = 203.49.70.92 139.134.2.190


    >
    >On Wed, 06 Oct 2004 09:09:22 GMT, in
    > <>
    > lid scrawled:
    >
    >>I have been getting a pop under screen from Spyware Stormer.
    >>Plain white screen asking if my system is slowing down and do
    >>I want to run a check. There is a yes and no dialog box if I say
    >>no it takes me to the homepage don't know what happens if
    >>I say yes. Found I could prevent being sent to the home page
    >>if I clicked the X in upper right corner. Google says it is a
    >>scam (yes) but how am I getting this? I have ZAPro with popup
    >>block on and Google toolbar. Don't know if it is Java or ActiveX
    >>or what.
    >>Using WinXP SP1 fully updated, Ad-Aware,Spybot. Seems to
    >>come up when I go to CDFreaks Web site but not sure as it is
    >>a pop under screen and I don't see it until I close down IE
    >>
    >>TIA
    , Oct 7, 2004
    #4
  5. Retiredff Guest

    Retiredff, Oct 7, 2004
    #5
  6. °Mike° Guest

    Re: SpywareStormer where from Hijack Log attached?

    On Wed, 06 Oct 2004 23:05:56 GMT, in
    <>
    lid scrawled:

    <snip>

    >Says only applies to Ad-Aware 6 am using SE
    >>http://www.lavasoftusa.com/software/plugins/vx2cleaner.shtml
    >>http://www.lavasoft.nu/software/plugins/vx2cleaner.shtml
    >>http://www.lavasoft.de/software/plugins/vx2cleaner.shtml


    VX2 cleaner works with ALL versions of Ad-Aware.
    I have updated my links:
    http://www.lavasoftusa.com/software/addons/vx2cleaner.shtml
    http://www.lavasoft.nu/software/addons/vx2cleaner.shtml
    http://www.lavasoft.de/software/addons/vx2cleaner.shtml


    <snip>

    >Logfile of HijackThis v1.98.2
    >Scan saved at 8:58:12 AM, on 10/07/2004
    >Platform: Windows XP SP1 (WinNT 5.01.2600)
    >MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    >
    >Running processes:


    <snip>


    >O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF}
    >(PatchInstaller.Installer) -
    >file://K:\content\include\XPPatchInstaller.CAB


    Have HijackThis fix the above.


    >O17 - HKLM\System\CCS\Services\Tcpip\..\{37786A0C-8AFF-4D92-9BF3-6704FA3A7AFF}:
    >NameServer = 203.49.70.92 139.134.2.190


    >O17 - HKLM\System\CS1\Services\Tcpip\..\{37786A0C-8AFF-4D92-9BF3-6704FA3A7AFF}:
    >NameServer = 203.49.70.92 139.134.2.190


    Unless the above IPs are from your network or ISP, have
    HijackThis fix them.

    <snip>

    --
    Basic computer maintenance
    http://uk.geocities.com/personel44/maintenance.html
    °Mike°, Oct 7, 2004
    #6
  7. Guest

    , Oct 8, 2004
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page