posted
I'm having issues with spyware/malware whatever it is. Its damned annoying, and I can't get it to go away! Its something called ISTBar. I'm using Ad Aware SE and Spybot. They detect it, tell me I have to reboot to remove the exe. So I do, everything's fine. Then I run Ad Aware again after like 2 minutes (before connecting to the internet or anything) and its back. Help me get rid of this thing!!
-------------------- I haul cardboard and cardboard accessories
Registered: Mar 1999
| IP: Logged
posted
I found Spy Doctor and Pest Patrol helpful in addition to the programs you mentioned.
I used the free scan offered by both. It did not allow for automatic removal using the program, but it listed the location where the adware/malware existed on my computer and I went and deleted the file myself.
-------------------- Great is the guilt of an unnecessary war. ~ohn Adams
Once again the Bush Administration is worse than I had imagined, even though I thought I had already taken account of the fact that the Bush administration is invariably worse than I can imagine. ~Brad DeLong
You're just babbling incoherently. ~C. Montgomery Burns
Registered: Mar 1999
| IP: Logged
Cartman
just made by the Presbyterian Church
Member # 256
posted
*sigh* children...
If dealing with the AUpdate strand:
1) Open the registry and find the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
2) Delete the 'AutoUpdater' entry pointing to 'aupdate.exe'.
3) Find the key HKEY_CLASSES_ROOT\CLSID, and delete the subkey '{69550BE2-9A78-11D2-BA91-00600827878D}'.
4) Delete the subkey of the same name from HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars, and the entry of the same name from HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar.
5) Reboot.
6) Delete the files 'aupdate.exe', 'aupdate.conf', 'aupdate.trk' and 'aupdate_uninstall.exe' from the System folder.
7) Restore your normal search settings and then kill RapidBlaster and DownloadPlus.
If dealing with the MSCache strand:
1) Open a DOS prompt and enter the following commands:
cd "%WinDir%\System" regsvr32 /u ../mscache.dll
2) Open the registry and find the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
3) Delete the 'MS Updates' entry pointing to 'mscache.exe'.
4) Find the key HKEY_CLASSES_ROOT\CLSID, and delete the subkey '{69550BE2-9A78-11D2-BA91-00600827878D}'.
5) Delete the subkey of the same name from HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars, and the entry of the same name from HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar.
6) Reboot.
7) Delete the files 'mscache.exe', and 'mscache.dll' from the Windows folder.
8) Restore your normal search settings and then kill nCase and Wink/EasyDates.
If dealing with the XXXToolbar strand:
1) Open the registry and find the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
2) Delete the 'IST Service' entry.
3) Open a DOS prompt and enter the following commands:
cd "%WinDir%\System" regsvr32 /u "\Program Files\ISTbar\istbar.dll"
4) Reboot.
5) Delete the 'ISTbar' folder inside Program Files, and the 'istsvc.exe' file inside the Windows folder.
6) Delete the registry keys HKEY_CURRENT_USER\Software\ISTbar and HKEY_CLASSES_ROOT\Pugi.PugiObj (.1).
If dealing with all three, reformat and don't touch a computer again until you're fifty.
And for the sake of TEH INTARNET, download Firefox and a few decent extensions, or I will get so medieval on your ass you'll wish you had bought a MAC.
Registered: Nov 1999
| IP: Logged
-------------------- Great is the guilt of an unnecessary war. ~ohn Adams
Once again the Bush Administration is worse than I had imagined, even though I thought I had already taken account of the fact that the Bush administration is invariably worse than I can imagine. ~Brad DeLong
You're just babbling incoherently. ~C. Montgomery Burns
Registered: Mar 1999
| IP: Logged
Thank you so very much for automatically assuming that I use IE. I've used Firefox on this computer exclusively since I built it in September.
Cartman:
I have a folder, Program Files\ISTsvc with a file istsvc.exe in it that keeps popping up. What strain is this? Whenever I attempt to delete the file it says its in use, etc.
Alrighty, I just ran Ad Aware again, it deleted about 24 registry entries for this sucker and now Ad Watch keeps popping up saying that IST Service is trying to change the registry enter in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run. How do I stop it from changing the entry?
-------------------- I haul cardboard and cardboard accessories
Registered: Mar 1999
| IP: Logged
posted
Spybot identifies this thing as ISTbar.Slotch, and it also found DyFuCA.
-------------------- I haul cardboard and cardboard accessories
Registered: Mar 1999
| IP: Logged
Cartman
just made by the Presbyterian Church
Member # 256
posted
"Thank you so very much for automatically assuming that I use IE."
Well, duh. ISTbar doesn't infect any browser other than IE. If you really have used Firefox exclusively since September, then how did it get onto your computer, eh? EH?
"I have a folder, Program Files\ISTsvc with a file istsvc.exe in it that keeps popping up. What strain is this?"
That would be the Toolbar. Just be sure to follow all the steps in the right order, or you'll be running AdAware until the heat death of the universe.
(ISTBar.slotch, BTW, is simply an alias of XXXToolbar. As far as I know, they're identical.)
-------------------- ".mirrorS arE morE fuN thaN televisioN" - TEH PNIK FLAMIGNO
Registered: Nov 1999
| IP: Logged
posted
Certain videos run IE through WMP when attempting to acquire a license. I would assume that's where this fucker came from.
I would follow your steps but there is no istbar.dll file anywhere on my computer. The only entry in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run is for MSN Messenger.
When I reboot and run Ad Aware first thing, there is no ISTsvc/istsvc.exe. After about 5 minutes it regenerates and then I'm back to square one.
-------------------- I haul cardboard and cardboard accessories
Registered: Mar 1999
| IP: Logged
Cartman
just made by the Presbyterian Church
Member # 256
posted
Skip steps 1 through 3, then, and boot into safe mode before doing 5 and 6.
(Try this program, too.)
Registered: Nov 1999
| IP: Logged
posted
From Symantec, eh? That's my AV software... Nice if it to pick it up...
Anyways, I went into safe mode (before I saw your post) and managed to delete ISTsvc\istsvc.exe. That then spawned a file in the Windows directory, gbvwaqgq.exe, which I had to delete through safe mode. Everything seems to be hunky-dory now...
-------------------- I haul cardboard and cardboard accessories
Registered: Mar 1999
| IP: Logged
![[Razz]](tongue.gif)
![[Roll Eyes]](rolleyes.gif)
![[Smile]](smile.gif)
![[Wink]](wink.gif)
Printer-friendly view of this topic
