SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  ISTSVC.EXE

Name ISTSVC.EXE

Description

ISTbar is an IE toolbar with some variants:

1. ISTbar/AUpdate installs a TinyBar variant to implement its toolbar, and will be detected by the script at this site as TinyBar/B. The hijacker is aimed at my-internet.info and blazefind.com; distribution is managed by searchbarcash.com, its controlling server. Updates are loaded by an 'AUpdate' process.

2. ISTbar/MSCache also uses TinyBar, along with a Browser Helper Object called mscache.dll used to load updates. The controlling server is www2.skoobidoo.com.
ISTbar/MSCache was widely distributed to victims clicking on links to the 'OutWar' online game.

3. ISTbar/XXXToolbar is an update based around porn. It uses its own toolbar based on the Pugi toolbar. The hijacker is aimed at its controlling server xxxtoolbar.com, and slotch.com; distribution is controlled by toolbarcash.com. Opens pop-ups as directed by its controlling server.

All versions also install other third-party software which includes advertising.
ISTbar also installs other parasites: AUpdate and XXXToolbar install porn pop-up producer RapidBlaster/lp; the AUpdate variant is also known to install DownloadPlus; the MSCache variant installs nCase and the Wink/EasyDates dialler.

Automatic removal:
Use antivirus (also check How To Remove section)Startup Optimizer to remove it.

Manual removal:

AUpdate variant
Find the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
Delete the 'AutoUpdater' entry pointing to aupdate.exe.
Find the key HKEY_CLASSES_ROOT\CLSID, and delete the subkey '{69550BE2-9A78-11D2-BA91-00600827878D}'.
Delete the subkey of the same name from HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars,
and the entry of the same name from HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar.
Restart the computer and delete the files 'aupdate.exe', 'aupdate.conf', 'aupdate.trk' and (if it is there) 'aupdate_uninstall.exe' from the System folder.

MSCache variant
In the DOS command prompt window enter the following commands:
cd "%WinDir%\System"
regsvr32 /u ../mscache.dll
Then find the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
Delete the 'MS Updates' entry pointing to mscache.exe.
Find the key HKEY_CLASSES_ROOT\CLSID, and delete the subkey '{69550BE2-9A78-11D2-BA91-00600827878D}'.
Delete the subkey of the same name from HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars,
and the entry of the same name from HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar.
Restart the computer and delete the files 'mscache.exe', and 'mscache.dll' from the Windows folder.

XXXToolbar variant
Find the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
Delete the 'IST Service' entry, if it is there.
Open a DOS command prompt window and enter the following commands:
cd "%WinDir%\System"
regsvr32 /u "\Program Files\ISTbar\istbar.dll"
Restart the computer and delete the 'ISTbar' folder inside Program Files, and the 'istsvc.exe' file inside the Windows folder.
You can also delete the registry keys HKEY_CURRENT_USER\Software\ISTbar and HKEY_CLASSES_ROOT\Pugi.PugiObj .


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

Social pictures

Прочные швед&

Последние стр

Lusty men photo blog

buying generic Septilin;ordering Septilin;Septilin overnight saturday delivery NO PRESCRIPTION

Порно фото галереи, более 500 тысяч фотограф&#

My new website

Matured site

Pictures from community networks

Renewed spot

Social pictures

Pictures from community networks

Experimental Job

Sexual pictures

Pictures from collective networks

Public pictures

Mature placement

Free full-grown galleries

Новости туриз

Renewed site

Купить свидет

Протестируй н

Смотрите порно фото и секс фото крупным пl

ИСТОРИЯ ПРАЗД

Pictures from social networks

блочный трена

Private Vip Donor Access

Futebol Ao Vivo HD

My unfamiliar website

Big Black Grls!Old Fat MILF !# 8770565




SoftwareTipsandTricks, All Rights Reserved.