|
|
|
|
  |
  Group: Members
Posts: 287 Joined: 23-February 05 Member No.: 3,945  |
Post
#1
 May 19 2005, 01:14 AM
OK, my computer has recently become infected like crazy, I got a small littl adware program, it opened popups randomly, and slowely my PC has been crammed with over 150 programs that Norton's can't remove... I hav tried using a program called Bullet-Proof-Soft Spyware adware remover, but it generates errors trying to remove them, also Yahoo's Anti-Spyware software can't remove them either, well actually got rid of a few... These three are the most difficult to remove it seems... QUOTE Trojan.Downloader.Win32.Istbar.ce ISTbar.XXXToolbar IBIS Toolbar The progrma that opened all of the pop-up was suposedly disable by Norton's still appears to be running if I check, can anyone help? 
 
|
|
Group: Members
Posts: 117 Joined: 3-May 05 From: A Canadian South of the 49th Parallel Member No.: 6,544 |
Post
#2
May 19 2005, 02:41 AM
Have you tried A.V.E.R.T Stinger? It is by a McAfee team and it is free.. It is mainly geared at removing Trojans, so maybe it will help you? Also, you could try NoAdware, but it isn't free, although it is worth the $30 for it..
|
|
Group: Members
Posts: 1,161 Joined: 9-May 05 From: Brisbane, QLD Member No.: 6,818 |
Post
#3
May 19 2005, 03:00 AM
The simplest/quickest thing to do might just be to use System Restore to set your PC to a state before it became infected.
|
|
Group: Members
Posts: 109 Joined: 18-May 05 Member No.: 7,198 |
Post
#4
May 19 2005, 03:49 AM
QUOTE(GM-University @ May 19 2005, 09:14 AM) OK, my computer has recently become infected like crazy, I got a small littl adware program, it opened popups randomly, and slowely my PC has been crammed with over 150 programs that Norton's can't remove... I hav tried using a program called Bullet-Proof-Soft Spyware adware remover, but it generates errors trying to remove them, also Yahoo's Anti-Spyware software can't remove them either, well actually got rid of a few... These three are the most difficult to remove it seems... The progrma that opened all of the pop-up was suposedly disable by Norton's still appears to be running if I check, can anyone help? [right][snapback]142756[/snapback][/right] I have the same problems as yours, but only download trojan, I think you need to install Norton Anti-Virsu Corporate Edition v9. Norton detect this and remove the virus, but the problem download trojan are keep coming back eventhough norton trap it. What I did is I re-install the whole system just to keep it out. So if your temper is running out re-install the whole system to keep the virus out of your sight as I did in my computer :- )
|
|
Group: Members
Posts: 1,203 Joined: 25-March 05 Member No.: 4,883 |
Post
#5
May 19 2005, 05:42 AM
QUOTE Overview Alias Spyware/ISTbar [Panda], TrojanDownloader.Win32.Istbar.eo, See Also ISTbar · Category Hijacker : Any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Search Hijacker: Any software that resets your browser's settings to point to other sites when you perform a search. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Search results when such a hijacker is running will sometimes differ from non-hijacked results. Toolbar: A group of buttons which perform common tasks. A toolbar for Internet Explorer is nomally located below the menu bar at the top of the form. Toolbars may be created by Browser Helper Objects. Reasons For Retention Changes browser settings other than homepage, without user permission. Origins Group Integrated Search Technologies Others By This Group DLSearchBar· ISTbar· ISTbar.AUpdate· ISTbar.CSearch· ISTbar.MCInstL· ISTbar.MSCache· ISTbar.Slotch· Slotch.com· slotchbar· ToolbarCash.com· TrojanDownloader.Win32.IstBar.aj· TrojanDownloader.Win32.IstBar.ap· TrojanDownloader.Win32.IstBar.bm· TrojanDownloader.Win32.IstBar.bp· TrojanDownloader.Win32.Istbar.bu· TrojanDownloader.Win32.Istbar.dh· TrojanDownloader.Win32.Istbar.dr· TrojanDownloader.Win32.IstBar.i· XXXToolBar· XXXToolBar.com· Date of Origin July, 2004 Distribution ISTbar.XXXToolbar: 0.8% Clot Factor ISTbar.XXXToolbar: 16 Countries Affected In the past three months, we have received reports of ISTbar.XXXToolbar in: United States, Australia, Austria, Belgium, Brazil, Bulgaria, Canada, Chile, Czech Republic, Denmark, Egypt, France, Germany, Greece, Hong Kong, Hungary, Iceland, Israel, Italy, Japan, Lithuania, Mexico, Netherlands, New Zealand, Norway, Poland, Portugal, Russian Federation, South Korea, Spain, Sweden, Switzerland, Taiwan, Thailand, Turkey, United Kingdom, United States, Venezuela, Growth ISTbar.XXXToolbar: Insufficient data to report growth Storage Required ISTbar.XXXToolbar: at least 125KB Browser Performance Likely to slow performance of Internet Explorer. Detection and Removal Manual Removal Follow these steps to remove ISTbar.XXXToolbar from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake. Unregister DLLs: Unregister these DLLs with Regsvr32, then reboot: QUOTE programfilesdir+\istbar\istbar.dll Clean Registry: Remove these registry items (if present) with RegEdit: QUOTE HKEY_CLASSES_ROOT\clsid\{386a771c-e96a-421f-8ba7-32f1b706892f} HKEY_CLASSES_ROOT\clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486} HKEY_CLASSES_ROOT\clsid\{8cba1b49-8144-4721-a7b1-64c578c9eed7} HKEY_CLASSES_ROOT\interface\{0985c112-2562-46f2-8da6-92648ba4630f} HKEY_CLASSES_ROOT\interface\{339d8aff-0b42-4260-ad82-78ce605a9543} HKEY_CLASSES_ROOT\interface\{7b9a715e-9d87-4c21-bf9e-f914f2fa953f} HKEY_CLASSES_ROOT\interface\{a36a5936-cfd9-4b41-86bd-319a1931887f} HKEY_CLASSES_ROOT\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} HKEY_CLASSES_ROOT\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} HKEY_CLASSES_ROOT\pugi.pugiobj istbar HKEY_CLASSES_ROOT\pugi.pugiobj.1 istbar HKEY_CLASSES_ROOT\pugi.pugiobj.1\clsid {5f1abcdb-a875-46c1-8345-b72a4567e486} HKEY_CLASSES_ROOT\pugi.pugiobj\clsid {5f1abcdb-a875-46c1-8345-b72a4567e486} HKEY_CLASSES_ROOT\pugi.pugiobj\curver pugi.pugiobj.1 HKEY_CLASSES_ROOT\typelib\{6d3f5de4-e980-4407-a10f-9ac771abaae6}\1.0 pugi 1.0 type library HKEY_CLASSES_ROOT\typelib\{6d3f5de4-e980-4407-a10f-9ac771abaae6}\1.0\0\win32 c:\program files\istbar\istbar.dll HKEY_CLASSES_ROOT\typelib\{6d3f5de4-e980-4407-a10f-9ac771abaae6}\1.0\flags 0 HKEY_CLASSES_ROOT\typelib\{6d3f5de4-e980-4407-a10f-9ac771abaae6}\1.0\helpdir c:\program files\istbar HKEY_CURRENT_USER\software\ist\config HKEY_LOCAL_MACHINE\software\classes\clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486} HKEY_LOCAL_MACHINE\software\classes\interface\{0985c112-2562-46f2-8da6-92648ba4630f} HKEY_LOCAL_MACHINE\software\classes\interface\{7b9a715e-9d87-4c21-bf9e-f914f2fa953f} HKEY_LOCAL_MACHINE\software\classes\interface\{aa4939c3-deca-4a48-a454-97cd587c0ef5} HKEY_LOCAL_MACHINE\software\classes\interface\{eee4a2e5-9f56-432f-a6ed-f6f625b551e0} HKEY_LOCAL_MACHINE\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429} HKEY_LOCAL_MACHINE\software\classes\typelib\{d0288a41-9855-4a9b-8316-babe243648da} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{386a771c-e96a-421f-8ba7-32f1b706892f} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{7c559105-9ecf-42b8-b3f7-832e75edd959}\contains\files\c:\windows\downloaded program files\istactivex.dll HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{5f1abcdb-a875-46c1-8345-b72a4567e486} Remove Files: Remove these files (if present) with Windows Explorer: QUOTE favorites+\adult sites\amateur\milf.lnk favorites+\adult sites\amateur\young amateurs.lnk favorites+\adult sites\anal\ass breakers.lnk favorites+\adult sites\asian\asian nudes.lnk favorites+\adult sites\asian\asian teen tarts.lnk favorites+\adult sites\bisexual\bi sex tv.lnk favorites+\adult sites\black\ebony cafÚ.lnk favorites+\adult sites\black\ebony teen tart.lnk favorites+\adult sites\black\sweet black.lnk favorites+\adult sites\cartoon\acme porn.lnk favorites+\adult sites\cumshots\jizz catchers.lnk favorites+\adult sites\cumshots\jizz shower.lnk favorites+\adult sites\fetish\fetish abyss.lnk favorites+\adult sites\fetish\whips and women.lnk favorites+\adult sites\gang bang\orgy frenzy.lnk favorites+\adult sites\gay\male next door.lnk favorites+\adult sites\gay\sweet young boys.lnk favorites+\adult sites\gay\ultimate stud.lnk favorites+\adult sites\hardcore\blondes of porns.lnk favorites+\adult sites\hardcore\porn buster.lnk favorites+\adult sites\hardcore\real hardcore.lnk favorites+\adult sites\latin\xxxsalsa.lnk favorites+\adult sites\voyeur\my naughty nanny.lnk fd programfilesdir+\istbar\istbar.dll programfilesdir+\web_rebates\sy1150\html\f_popo1150c_rb.htm programfilesdir+\web_rebates\sy1150\html\f_popo1150c_ub.htm programfilesdir+\web_rebates\sy1150\html\f_spec1150c_ub.htm programfilesdir+\web_rebates\sy1150\html\foot1150c_rb.htm programfilesdir+\web_rebates\sy1150\html\foot1150c_ub.htm programfilesdir+\web_rebates\sy1150\html\popo1150c.htm sfexd001 slotchbar.txt Remove Directories: Remove these directories (if present) with Windows Explorer: QUOTE favorites+\adult sites\amateur favorites+\adult sites\anal favorites+\adult sites\asian favorites+\adult sites\bisexual favorites+\adult sites\black favorites+\adult sites\cartoon favorites+\adult sites\cumshots favorites+\adult sites\fetish favorites+\adult sites\gang bang favorites+\adult sites\gay favorites+\adult sites\hardcore favorites+\adult sites\interacial favorites+\adult sites\latin favorites+\adult sites\lesbian favorites+\adult sites\mature favorites+\adult sites\peeing favorites+\adult sites\reality favorites+\adult sites\teen favorites+\adult sites\teen hardcore favorites+\adult sites\tits favorites+\adult sites\transexual favorites+\adult sites\upskirt favorites+\adult sites\video favorites+\adult sites\voyeur favorites+\free adult content\daily movies favorites+\free adult content\daily pictures favorites+\free adult content\free live chat programfilesdir+\istbar Restore Settings: After following the instructions above, you will still need to restore your original settings and prevent this from happening again. http://www3.ca.com/securityadvisor/pest/pe...px?id=453075516
|
|
Group: Members
Posts: 1,203 Joined: 25-March 05 Member No.: 4,883 |
Post
#6
May 19 2005, 05:46 AM
Hey dude... Trojan.Downloader.Win32.Istbar.ce doesn't seem to be recognised.. You may like to check some relevant terms here... http://www3.ca.com/securityadvisor/pest/se...ly=false&type=0
|
|
Group: Members
Posts: 1,203 Joined: 25-March 05 Member No.: 4,883 |
Post
#7
May 19 2005, 05:49 AM
Hey dude ... I found it... It's alias name for Trojan.Downloader.Win32.Istbar.ce is actually TrojanDownloader.Win32.Istbar.bo QUOTE Overview Alias Spyware/ISTbar [Panda], Win32/TrojanDownloader.IstBar.CE trojan [Eset], Category Downloader : A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site. Trojan: Any program with a hidden intent. Trojans are one of the leading causes of breaking into machines. If you pull down a program from a chat room, new group, or even from unsolicited e-mail, then the program is likely trojaned with some subversive purpose. The word Trojan can be used as a verb: To trojan a program is to add subversive functionality to an existing program. For example, a trojaned login program might be programmed to accept a certain password for any user's account that the hacker can use to log back into the system at any time. Rootkits often contain a suite of such trojaned programs. Origins Date of Origin May, 2004 Distribution TrojanDownloader.Win32.Istbar.bo: < 0.00005% Clot Factor TrojanDownloader.Win32.Istbar.bo: 1 Countries Affected In the past three months, we have received reports of TrojanDownloader.Win32.Istbar.bo in: United States, Netherlands, United States, Storage Required TrojanDownloader.Win32.Istbar.bo: at least 13KB Detection and Removal Manual Removal Follow these steps to remove TrojanDownloader.Win32.Istbar.bo from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake. Stop Running Processes: Kill these running processes with Task Manager: QUOTE a834d85b5062f849e461b71c20bf78f8.exe Remove Files: Remove these files (if present) with Windows Explorer: QUOTE a834d85b5062f849e461b71c20bf78f8.exe http://www3.ca.com/securityadvisor/pest/pe...px?id=453083553 Ha.. finally with all the long searches... These should help... 
|
|
Group: [HOSTED]
Posts: 1,142 Joined: 19-May 05 From: Mexico Member No.: 7,234 myCENT:NEGATIVE[-36.23] |
Post
#8
 May 19 2005, 07:35 AM
Ive used a lot of spyware remover programs, but Ive noticed that none of them get rid of the whole spywarez. So what you have to do, or at least the steps Ive come up with are the following (based on my experience, Ive also had the Istbar so I think it will be similar) : -1.- Set a Restore Point (just in case) 0.- Disconnect from internet, these programs tend to download and duplicate themselves. 1.- I run a full system scan with a spyware remover program. 2.- I run it again just in case, in most cases it will find more malicious software. 3.- Restart the computer In safe mode. (this is done by pressing f8 when windows starts to load. 4.- Run the spyware remover program again. 5.- Go to c:/documents and settings/(your session name)/local settings/temporary internet files. Select all the files in this folder and delete them 6.- do the same with c:/documents and settings/(your session name)/local settings/temp 7.- Go to your program files folder in c:/ and check all the folders for mysterious programs that have to do with the spyware you have such as Istbar (I think thats what the folder was called, the advantage of being in safe mode is that you can delete). You can also check in control panel in ad or remove programs and most of the time you will see them there but they wont uninstall. 8.- Now click on start, then on run, then type in regedit. Click on HK_LocalMachine , then on software, microsoft, windows, current version, run. There you will find a list of programs that run when windows is loading. You will most probably find the istbar and some other programs there. What I would recommend you do is to click on start and then search and search for each program thats on run in regedit. That way you can find out where its located to see if it is not a microsoft program you can right click on it, then properties then go to summary, version etc.. to see if it is not a malicious or suspicious program. You can check all the programs here in regedit and see which ones you want at the start of windows, the less programs you have on startup the faster the startup will be, why would you want the quicktime, the ipod services etc. to load at startup instead of when you are actually going to use it? 9.- After you have your startup how you want it, now its time to search for other keys in regedit. Go to edit>find in Regedit and type in anything that has to do with the programs that are affecting your computer such as istbar etc. and while you are at it, delete all items that Inspiron has found and the dll from regsvr32 10.- After this reboot your pc, and do another scan. Go online and check if it worked. I really hope this helps, at least to learn a little bit about the spyware and where it is found and what it affects. This defenitely takes more time than formatting your pc, atleast the first time I think, unless you have a lot of data to backup. When this happened to me, Norton Antivirus got messed up (it wouldnt work anymore), I couldnt run exe files or lnk, and I had a lot of files to backup so I didnt really think of formating, so I did a little research and got rid of the spyware and I also learned a lot from that experience. Now as soon as I get a spyware y go offline and take care of it in less than 15 minutes. Though I havent ever had a trojan before.. I think. Well good luck.
|
|
Group: Members
Posts: 14 Joined: 19-May 05 Member No.: 7,246 |
Post
#9
May 19 2005, 01:33 PM
wow a wonderfull way to remove adware. till now used System mechanic which is kind of ok i think or use PC-CILLIN 2005+
|
|
Group: Members
Posts: 48 Joined: 14-April 05 Member No.: 5,673 |
Post
#10
May 19 2005, 03:15 PM
What version of Norton do you have?? It might also help if you have Norton System Works, it comes with a lot of helpfull utilities that can remove big problems from your pc.
|
|
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
6 | Aero147 | 5,885 | 29th September 2009 - 07:37 AM Last post by: akira550 |
|||
 |
16 | phpphp | 659 | 1st November 2009 - 02:05 AM Last post by: Ho-oh'sRealm |
|||
|
1 | solankyno1 | 3,693 | 5th October 2004 - 08:08 PM Last post by: Saint_Michael |
|||
|
12 | logophobia | 10,997 | 28th December 2007 - 03:44 PM Last post by: mahirharoon |
|||
|
5 | Zubair1 | 3,618 | 16th November 2004 - 12:01 AM Last post by: spawn_syxx9 |
|||
|
 |
1,067 | MSTR | 114,511 | 29th September 2009 - 07:30 AM Last post by: akira550 |
||
|
4 | kvarnerexpress | 3,995 | 23rd December 2004 - 02:06 AM Last post by: RGPHNX |
|||
|
3 | HeLLSaTaN | 5,157 | 28th September 2009 - 01:30 AM Last post by: phpphp |
|||
|
0 | faceofdie | 3,937 | 31st December 2004 - 10:09 AM Last post by: faceofdie |
|||
|
 |
20 | spawn_syxx9 | 11,559 | 1st November 2009 - 11:18 PM Last post by: Soviet Rathe |
||
|
12 | dropout21 | 7,873 | 6th February 2005 - 02:49 AM Last post by: dropout21 |
|||
|
3 | xboxrulz | 3,492 | 20th February 2005 - 03:05 PM Last post by: Dontvoteforbush |
|||
|
11 | Final)arkJon | 5,069 | 8th July 2009 - 04:47 PM Last post by: iG-christopher magtibay |
|||
|
0 | GuySpook | 2,692 | 21st February 2005 - 03:07 PM Last post by: GuySpook |
|||
|
14 | Raptrex | 6,556 | 3rd March 2005 - 07:11 PM Last post by: serverph |
|||
|
Open Discussion | Time is now: 8th November 2009 - 12:31 PM |
Web Hosting Powered by ComputingHost.com.
