ISTbar regkey

NeutroFox · #1 12-19-2004, 08:05 PM

I had an ISTsvc.exe installed on my computer. Thankfully Ad-aware was able to remove the components of it I followed several sites that explained how to get rid of it and it did. NO MORE ISTsvc! (w00t) However,

ISTbar is still left on my comp. It is located only uner Regkey adn value when ad-aware scans it. I can deleat it but it would only reappear 5 minutes later. Help please!

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1788223648-682003330-1000\software\ist

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1788223648-682003330-1000\software\ist
Value : Recover

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>
6:45:32 PM Scan stopped by user

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:07.312
Objects scanned:27552
Objects identified:2
Objects ignored:0
New critical objects:2

Play_The_0dds · #2 12-19-2004, 10:31 PM

removal instructions and a removal tool can be found on the link below...happy hollidays

http://sarc.com/avcenter/venc/data/adware.istbar.html

jewellb · #3 01-05-2005, 10:46 AM

I have the "exact" same problem with the ISTBAR except I 'm running WinXP Professional. Have tried Ad-Aware, SpyBot, Norton Antivirus 2005 (including the Norton site suggested by “play the odds”), w/o success. Ad-Aware detects and deletes them, but they almost immediately return. Have manually deleted the registry entry but it returns on reboot. Have tried numerous manual removal instructions with no success.

Just dunno

jewellb · #4 01-05-2005, 04:52 PM

Good News: I was finally able to permanentely eliminate all pieces of ISTBAR, inlcuding the two registry entries referred to above.

Bad News: I'm not 100% certiain just how I did it as I performed a number of actions including the download of several additional free SPYWARE software packages.

The following may be the "fix". Download and run "Bazooka Scanner". This software identified 3 spyware entries, inlcuding ISTBAR. At least one of the two remaining entries was somehow related to ISTBAR. I followed the manual removal instructions for all three entries. Ran AdAware again, deleted the typical ISTBAR entries (again) and now it seems to be gone for good.

Give it a try and let us know!

loni2142 · #5 01-06-2005, 01:29 PM

I have been trying to remove this file! I have tried to download Bazooka Scanner & apparently it doesn't download. I can't even delete the folder from the Programs File folder. It says I don't have access to remove it. Somebody, please help me!

jewellb · #6 01-08-2005, 08:05 AM

You could boot in safe mode and manually delete the file but it will most likely reload on your next reboot.

Suggest you try using Microsoft’s new antispyware software (beta version) or wait for the final product release. It seems to me to be a very good anti spyware software package, especially considering it’s free, and may very well take care of that ISTBAR crapola. It will probably identify and remove lot of other spyware on your pc as well.

Good Luck!

loni2142 · #7 01-09-2005, 06:31 PM

Hi! Thanks for the info. I did download/install the Microsoft Antispyware. Ran it once. Found that and more, as you said!

I ran it again & found nothing. However, my antivirus program (AVG) detected that file but under C:/System...

I think it something about restore??

Do you know how I can completely remove this "crapola" as you call it?!

jewellb · #8 01-09-2005, 08:47 PM

The antispy software should be able to identify and delete the sypway/scumware crapola from your restoration files too. Assuming you haven’t done so already, try running a “full system scan” with the antispy software instead of the quick scan

loni2142 · #9 01-09-2005, 09:02 PM

Thanks for the quick reply. Actually, I have been running full system scans every time.

This is what the virus warning message says,

"Virus Trojan horse downloader.istbar.5.AJ is found in file C:\System Volume Information\restore{94B4087E...}\RP110\A0008737.ex e"

This warning message comes up provided by my antivirus program AVG from GRISOFT. What is also strange is that when I actually run the AV program, it comes back clean.

NeutroFox · #10 01-10-2005, 07:08 PM

I fixed my istbar problem a few weeks back. What i did was found the program, Hijackthis.exe. You can download it somewhere off the internet, just google it. Well anyway, when you got it, restart the computer in safe mode, and use the program to find the istbar file. Deleate it. Afterward I restarted again in the normal boot, and scanned my comp and it never reappeared. I've been about 3 weeks free of all that IST crap. Hope this works

loni2142 · #11 01-10-2005, 07:16 PM

Thanks for the suggestion! I will try that route & let you know!

loni2142 · #12 01-11-2005, 01:26 PM

Well, I ran HijackThis & I didn't see anything in the log about Istsvc.exe or anything about Ist period. Does this mean it's completely gone? If so, why do I still get that warning message from my antivirus program? Warning says (Resident shield from AVG) to run AVG (antivirus program) to remove that file. What do I do next?