GM-University 0 Report post Posted May 19, 2005 OK, my computer has recently become infected like crazy, I got a small littl adware program, it opened popups randomly, and slowely my PC has been crammed with over 150 programs that Norton's can't remove...I hav tried using a program called Bullet-Proof-Soft Spyware adware remover, but it generates errors trying to remove them, also Yahoo's Anti-Spyware software can't remove them either, well actually got rid of a few... These three are the most difficult to remove it seems... Trojan.Downloader.Win32.Istbar.ceISTbar.XXXToolbarIBIS ToolbarThe progrma that opened all of the pop-up was suposedly disable by Norton's still appears to be running if I check, can anyone help? Share this post Link to post Share on other sites
SystemWisdom 0 Report post Posted May 19, 2005 Have you tried A.V.E.R.T Stinger? It is by a McAfee team and it is free.. It is mainly geared at removing Trojans, so maybe it will help you?Also, you could try NoAdware, but it isn't free, although it is worth the $30 for it.. Share this post Link to post Share on other sites
Tyssen 0 Report post Posted May 19, 2005 The simplest/quickest thing to do might just be to use System Restore to set your PC to a state before it became infected. Share this post Link to post Share on other sites
ARNEL 0 Report post Posted May 19, 2005 OK, my computer has recently become infected like crazy, I got a small littl adware program, it opened popups randomly, and slowely my PC has been crammed with over 150 programs that Norton's can't remove... I hav tried using a program called Bullet-Proof-Soft Spyware adware remover, but it generates errors trying to remove them, also Yahoo's Anti-Spyware software can't remove them either, well actually got rid of a few... These three are the most difficult to remove it seems... Â The progrma that opened all of the pop-up was suposedly disable by Norton's still appears to be running if I check, can anyone help? 142756[/snapback] I have the same problems as yours, but only download trojan, I think you need to install Norton Anti-Virsu Corporate Edition v9. Norton detect this and remove the virus, but the problem download trojan are keep coming back eventhough norton trap it. What I did is I re-install the whole system just to keep it out. So if your temper is running out re-install the whole system to keep the virus out of your sight as I did in my computer :- ) Share this post Link to post Share on other sites
Inspiron 0 Report post Posted May 19, 2005 OverviewAlias Spyware/ISTbar [Panda], TrojanDownloader.Win32.Istbar.eo, See Also ISTbar ¡ Category Hijacker : Any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Search Hijacker: Any software that resets your browser's settings to point to other sites when you perform a search. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Search results when such a hijacker is running will sometimes differ from non-hijacked results.Toolbar: A group of buttons which perform common tasks. A toolbar for Internet Explorer is nomally located below the menu bar at the top of the form. Toolbars may be created by Browser Helper Objects.Reasons For Retention Changes browser settings other than homepage, without user permission.  Origins Group Integrated Search Technologies Others By This Group DLSearchBar¡ ISTbar¡ ISTbar.AUpdate¡ ISTbar.CSearch¡ ISTbar.MCInstL¡ ISTbar.MSCache¡ ISTbar.Slotch¡ Slotch.com¡ slotchbar¡ ToolbarCash.com¡ TrojanDownloader.Win32.IstBar.aj¡ TrojanDownloader.Win32.IstBar.ap¡ TrojanDownloader.Win32.IstBar.bm¡ TrojanDownloader.Win32.IstBar.bp¡ TrojanDownloader.Win32.Istbar.bu¡ TrojanDownloader.Win32.Istbar.dh¡ TrojanDownloader.Win32.Istbar.dr¡ TrojanDownloader.Win32.IstBar.i¡ XXXToolBar¡ XXXToolBar.com¡ Date of Origin July, 2004  Distribution ISTbar.XXXToolbar: 0.8%Clot Factor ISTbar.XXXToolbar: 16Countries Affected In the past three months, we have received reports of ISTbar.XXXToolbar in:United States, Australia, Austria, Belgium, Brazil, Bulgaria, Canada, Chile, Czech Republic, Denmark, Egypt, France, Germany, Greece, Hong Kong, Hungary, Iceland, Israel, Italy, Japan, Lithuania, Mexico, Netherlands, New Zealand, Norway, Poland, Portugal, Russian Federation, South Korea, Spain, Sweden, Switzerland, Taiwan, Thailand, Turkey, United Kingdom, United States, Venezuela, Growth ISTbar.XXXToolbar: Insufficient data to report growth Storage Required ISTbar.XXXToolbar: at least 125KBBrowser Performance Likely to slow performance of Internet Explorer. Detection and RemovalManual Removal Follow these steps to remove ISTbar.XXXToolbar from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake. Unregister DLLs: Unregister these DLLs with Regsvr32, then reboot:programfilesdir+\istbar\istbar.dll Clean Registry:Remove these registry items (if present) with RegEdit:HKEY_CLASSES_ROOT\clsid\{386a771c-e96a-421f-8ba7-32f1b706892f}HKEY_CLASSES_ROOT\clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486}HKEY_CLASSES_ROOT\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7}HKEY_CLASSES_ROOT\interface\{0985c112-2562-46f2-8da6-92648ba4630f}HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543}HKEY_CLASSES_ROOT\interface\{7b9a715e-9d87-4c21-bf9e-f914f2fa953f}HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f}HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}HKEY_CLASSES_ROOT\pugi.pugiobj istbarHKEY_CLASSES_ROOT\pugi.pugiobj.1 istbarHKEY_CLASSES_ROOT\pugi.pugiobj.1\clsid {5f1abcdb-a875-46c1-8345-b72a4567e486}HKEY_CLASSES_ROOT\pugi.pugiobj\clsid {5f1abcdb-a875-46c1-8345-b72a4567e486}HKEY_CLASSES_ROOT\pugi.pugiobj\curver pugi.pugiobj.1HKEY_CLASSES_ROOT\typelib\{6d3f5de4-e980-4407-a10f-9ac771abaae6}\1.0 pugi 1.0 type libraryHKEY_CLASSES_ROOT\typelib\{6d3f5de4-e980-4407-a10f-9ac771abaae6}\1.0\0\win32 c:\program files\istbar\istbar.dllHKEY_CLASSES_ROOT\typelib\{6d3f5de4-e980-4407-a10f-9ac771abaae6}\1.0\flags 0HKEY_CLASSES_ROOT\typelib\{6d3f5de4-e980-4407-a10f-9ac771abaae6}\1.0\helpdir c:\program files\istbarHKEY_CURRENT_USER\software\ist\configHKEY_LOCAL_MACHINE\software\classes\clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486}HKEY_LOCAL_MACHINE\software\classes\interface\{0985c112-2562-46f2-8da6-92648ba4630f}HKEY_LOCAL_MACHINE\software\classes\interface\{7b9a715e-9d87-4c21-bf9e-f914f2fa953f}HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5}HKEY_LOCAL_MACHINE\software\classes\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0}HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da}HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{386a771c-e96a-421f-8ba7-32f1b706892f} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7c559105-9ecf-42b8-b3f7-832e75edd959}\contains\files\c:\windows\downloaded program files\istactivex.dllHKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{5f1abcdb-a875-46c1-8345-b72a4567e486} Remove Files:Remove these files (if present) with Windows Explorer:favorites+\adult sites\amateur\milf.lnkfavorites+\adult sites\amateur\young amateurs.lnkfavorites+\adult sites\anal\*bottom* breakers.lnkfavorites+\adult sites\asian\asian nudes.lnkfavorites+\adult sites\asian\asian teen tarts.lnkfavorites+\adult sites\bisexual\bi sex tv.lnkfavorites+\adult sites\black\ebony cafĂ.lnkfavorites+\adult sites\black\ebony teen tart.lnkfavorites+\adult sites\black\sweet black.lnkfavorites+\adult sites\cartoon\acme porn.lnkfavorites+\adult sites\cumshots\jizz catchers.lnkfavorites+\adult sites\cumshots\jizz shower.lnkfavorites+\adult sites\fetish\fetish abyss.lnkfavorites+\adult sites\fetish\whips and women.lnkfavorites+\adult sites\gang bang\orgy frenzy.lnkfavorites+\adult sites\gay\male next door.lnkfavorites+\adult sites\gay\sweet young boys.lnkfavorites+\adult sites\gay\ultimate stud.lnkfavorites+\adult sites\hardcore\blondes of porns.lnkfavorites+\adult sites\hardcore\porn buster.lnkfavorites+\adult sites\hardcore\real hardcore.lnkfavorites+\adult sites\latin\xxxsalsa.lnkfavorites+\adult sites\voyeur\my naughty nanny.lnkfdprogramfilesdir+\istbar\istbar.dllprogramfilesdir+\web_rebates\sy1150\html\f_popo1150c_rb.htmprogramfilesdir+\web_rebates\sy1150\html\f_popo1150c_ub.htmprogramfilesdir+\web_rebates\sy1150\html\f_spec1150c_ub.htmprogramfilesdir+\web_rebates\sy1150\html\foot1150c_rb.htmprogramfilesdir+\web_rebates\sy1150\html\foot1150c_ub.htmprogramfilesdir+\web_rebates\sy1150\html\popo1150c.htmsfexd001slotchbar.txt Remove Directories:Remove these directories (if present) with Windows Explorer:favorites+\adult sites\amateurfavorites+\adult sites\analfavorites+\adult sites\asianfavorites+\adult sites\bisexualfavorites+\adult sites\blackfavorites+\adult sites\cartoonfavorites+\adult sites\cumshotsfavorites+\adult sites\fetishfavorites+\adult sites\gang bangfavorites+\adult sites\gayfavorites+\adult sites\hardcorefavorites+\adult sites\interacialfavorites+\adult sites\latinfavorites+\adult sites\lesbianfavorites+\adult sites\maturefavorites+\adult sites\peeingfavorites+\adult sites\realityfavorites+\adult sites\teenfavorites+\adult sites\teen hardcorefavorites+\adult sites\*BLEEP*favorites+\adult sites\transexualfavorites+\adult sites\upskirtfavorites+\adult sites\videofavorites+\adult sites\voyeurfavorites+\free adult content\daily moviesfavorites+\free adult content\daily picturesfavorites+\free adult content\free live chatprogramfilesdir+\istbar Restore Settings:After following the instructions above, you will still need to restore your original settings and prevent this from happening again.http://forums.xisto.com/no_longer_exists/ Share this post Link to post Share on other sites
Inspiron 0 Report post Posted May 19, 2005 Hey dude...Trojan.Downloader.Win32.Istbar.ce doesn't seem to be recognised..You may like to check some relevant terms here...http://forums.xisto.com/no_longer_exists/ Share this post Link to post Share on other sites
Inspiron 0 Report post Posted May 19, 2005 Hey dude ... I found it...It's alias name for Trojan.Downloader.Win32.Istbar.ce is actually TrojanDownloader.Win32.Istbar.bo OverviewAlias Spyware/ISTbar [Panda], Win32/TrojanDownloader.IstBar.CE trojan [Eset], Category Downloader : A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site. Trojan: Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs. Origins Date of Origin May, 2004  Distribution TrojanDownloader.Win32.Istbar.bo: < 0.00005%Clot Factor TrojanDownloader.Win32.Istbar.bo: 1Countries Affected In the past three months, we have received reports of TrojanDownloader.Win32.Istbar.bo in:United States, Netherlands, United States,  Storage Required TrojanDownloader.Win32.Istbar.bo: at least 13KB Detection and RemovalManual Removal Follow these steps to remove TrojanDownloader.Win32.Istbar.bo from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.  Stop Running Processes: Kill these running processes with Task Manager: a834d85b5062f849e461b71c20bf78f8.exe Remove Files:Remove these files (if present) with Windows Explorer:a834d85b5062f849e461b71c20bf78f8.exe http://forums.xisto.com/no_longer_exists/Ha.. finally with all the long searches...These should help... Share this post Link to post Share on other sites
FLaKes 0 Report post Posted May 19, 2005 Ive used a lot of spyware remover programs, but Ive noticed that none of them get rid of the whole spywarez. So what you have to do, or at least the steps Ive come up with are the following (based on my experience, Ive also had the Istbar so I think it will be similar) : -1.- Set a Restore Point (just in case)0.- Disconnect from internet, these programs tend to download and duplicate themselves.1.- I run a full system scan with a spyware remover program.2.- I run it again just in case, in most cases it will find more malicious software.3.- Restart the computer In safe mode. (this is done by pressing f8 when windows starts to load.4.- Run the spyware remover program again.5.- Go to c:/documents and settings/(your session name)/local settings/temporary internet files. Select all the files in this folder and delete them6.- do the same with c:/documents and settings/(your session name)/local settings/temp 7.- Go to your program files folder in c:/ and check all the folders for mysterious programs that have to do with the spyware you have such as Istbar (I think thats what the folder was called, the advantage of being in safe mode is that you can delete). You can also check in control panel in ad or remove programs and most of the time you will see them there but they wont uninstall.8.- Now click on start, then on run, then type in regedit. Click on HK_LocalMachine , then on software, microsoft, windows, current version, run. There you will find a list of programs that run when windows is loading. You will most probably find the istbar and some other programs there. What I would recommend you do is to click on start and then search and search for each program thats on run in regedit. That way you can find out where its located to see if it is not a microsoft program you can right click on it, then properties then go to summary, version etc.. to see if it is not a malicious or suspicious program. You can check all the programs here in regedit and see which ones you want at the start of windows, the less programs you have on startup the faster the startup will be, why would you want the quicktime, the ipod services etc. to load at startup instead of when you are actually going to use it?9.- After you have your startup how you want it, now its time to search for other keys in regedit. Go to edit>find in Regedit and type in anything that has to do with the programs that are affecting your computer such as istbar etc. and while you are at it, delete all items that Inspiron has found and the dll from regsvr3210.- After this reboot your pc, and do another scan. Go online and check if it worked.I really hope this helps, at least to learn a little bit about the spyware and where it is found and what it affects. This defenitely takes more time than formatting your pc, atleast the first time I think, unless you have a lot of data to backup. When this happened to me, Norton Antivirus got messed up (it wouldnt work anymore), I couldnt run exe files or lnk, and I had a lot of files to backup so I didnt really think of formating, so I did a little research and got rid of the spyware and I also learned a lot from that experience. Now as soon as I get a spyware y go offline and take care of it in less than 15 minutes. Though I havent ever had a trojan before.. I think. Well good luck. Share this post Link to post Share on other sites
coolkarthik007 0 Report post Posted May 19, 2005 wow a wonderfull way to remove adware. till now used System mechanic which is kind of ok i think or use PC-CILLIN 2005+ Share this post Link to post Share on other sites
R0boT39 0 Report post Posted May 19, 2005 What version of Norton do you have??It might also help if you have Norton System Works, it comes with a lot of helpfull utilities that can remove big problems from your pc. Share this post Link to post Share on other sites
FLaKes 0 Report post Posted May 20, 2005 Hey, I found this article on Cnet where they rate and compare antispyware removal programs. The best thing is that you can download them for free from Cnet Download.com. I wont go on and give you the reviews, you have to go check them out, here is the link:Cnet antispyware reviewHope this helps, and if it does some reputation would be Great.Good Luck.! Share this post Link to post Share on other sites
solankyno1 0 Report post Posted May 20, 2005 There is a free program named Bazooka Adware and Spyware Scanner http://www.kephyr.com/spywarescanner/index.html it does not remove the spyware but it scans them on your computer and than it tells how to manually remove them. By my experience so far I would like to say that manual removal is more effective than any of the Adware/Spyware remover in the market be. I have tried a lot of these programs but in the end Bazooka did the best work. I am not saying that it is 100% effective but it will help you to remove most of the spyware/adware on your system. So I would suggest you or anybody who is suffering fro this problem. And in the future after removal of these spyware/adwares use Firefox for better security. And keep one thing in the mind for adware/spyware Prevention is better than Cure. Share this post Link to post Share on other sites
ana 0 Report post Posted June 4, 2005 In addition to spybot and ad-aware use HiJackThis!I find that combination of the three works the best. it takes a bit of care and patience with hijackThis but I think its the most effective. you can find a lot of HiJackThis tutorials on the web.downlaod & initial instructions& how to analyze the logthis one has some good info & links too Share this post Link to post Share on other sites
unicornrose 0 Report post Posted June 7, 2006 I wanted to take a moment to put my own two cents or so in. I have found that the Lavasoft Ad-Aware home edition which is free is a very good program for finding malicious spyware. Its a good idea to use more than one. Do do a virus scan and then do a adware scan. Do becareful of what programs you use too. Some of the advertised free adware/spyware removers are actually cleaverly disquised adware/spyware generators. Its also a good idea when you realize that you are having adware or spyware problems to look in your start menu for new programs. Sometmes you can find them in your add and remove program menu as well. Some of the none big name search engines will install their special toolbars on your computer which will also put adware on your computer. Some of the free gaming sites that are offshoots will put malicious software on your computer too. You have to watch those popups they will kick your buttt. Do note that if the above advice from our fellow forum mates does not work then do a search with the names of the viruses and spyware. Sometimes you will find some good forums for that sort of thing. Take into consideration that some of the viruses and spyware have it in their programming to keep changing their names. So you may think you have caught the thing and it may come back. I spent a week trying to clean up my brother's computer once and well we tried everything under the sun before we had to give up and completely format the drive and start from scratch. Its a royal pain in the butt to have to do a format and reinstall but if nothing else works that is your only option. Now if you have not done a format and reinstall I highly encourage you to look it up on the net and either print or write out the step by step instructions. Otherwise you are going to be completely lost. Also all computer users should backup their work. I know we get out of that habit but when things like this happen you are reminded why its so important. Most of all don't feel to discouraged you are not alone. It happens to the best of us. Share this post Link to post Share on other sites
kdr_98 0 Report post Posted June 7, 2006 Another programm is hitman pro, but afterwards some things doesn't work anymore.Like games with MSN messenger, to repair this you have to remove hitman pro from your computer.You can download it from : https://www.hitmanpro.com/en-us.aspxThe site is written in dutch but since a few version the programs are setup in English.It's easy to run and it cleanup a lot of spyware.It runs several programs after eachother and it configures the programs also.Works good. Share this post Link to post Share on other sites
