|
ISTbar removal
| Spyware ISTbar Information |
Name: ISTbar
Category: Hijacker
Date: 2005-06-23
Dangerous: Yes
|
ISTbar is hijacker of homepages & searches, which uses IE toolbar to perform its malicious task. This hijacker also has characteristics of spyware and adware behavior.
ISTbar description by publisher:
Integrated Search Technologies is a leading Internet marketing solutions provider, specializing in effectively targeting valuable customers at the moment they´re most interested in a particular product or service. IST targets the customers via several different delivery methods such as highly effective toolbars xxxtoolbar.com & plug ins available for Internet Explorer. IST has developed products aim at the surfer such as an addictive toolbar for Internet Explorer giving access to rich content, & a highly effective affiliate application aimed at the webmasters or anybody that´s willing to cash-in on their traffic by distributing IST products.
Products aimed at the surfer: Toolbar.
Products for the webmaster: Toolbarcash
This Hijacker is also known as:
DownloadPlus
SearchBarCash-Hijacker
>> Delete ISTbar automatically - Download Spyware Doctor
| ISTbar Removal Instructions |
|
Kill the following processes
a834d85b5062f849e461b71c20bf78f8.exe, bb.exe, bundleinstall.exe, cxtpls_loader_ff.exe, dust.exe, games.exe, iinstall.exe, ist.exe, istinstall_154074.exe, istsvc[1].exe, l9lecc.exe, mcinstl.exe, penmzp.exe, ist_install.exe, istdnld.exe, naughty_setup.exe, naughtyplayer.exe, optimize.exe, istsvc.exe, mediaaccess.exe, mediaacck.exe, radio.exe, scan.exe, srcle32.exe, ssdbkup.exe, 70tovmto.exe, espam.exe, fon14100.exe, fyd.exe, msbb.exe, mscache.exe, penoghih.exe, ap9h4qmo.exe, aupdate.exe, aupdate_uninstall.exe, bln02nqv.exe, dbm42.exe, dgrdntld.exe, gamma.exe, kmisxk.exe, loudc.exe, mqtqtz32.exe, msyutils.exe, nah.exe, trkgif.exe, unregister.exe, tinybar.exe, unstsa3.exe, trojandownloader.win32.istbar.aj.exe, trojandownloader.win32.istbar.aj[2].exe, trojandownloader.win32.istbar.bm.exe, trojandownloader.win32.istbar.bp.exe, trojandownloader.win32.istbar.bu.exe, trojandownloader.win32.istbar.bx.exe, trojandownloader.win32.istbar.cl.exe, trojandownloader.win32.istbar.i.exe, trojandownloader.win32.istbar.u.exe, uveu42at.exe, ymhfvu.exe
|
|
Unregister the following DLLs and reboot
csearch.dll, intrigue.dll, istbar_mainstream[1].dll, lhqibp.dll, mcinstl.dll, msbe.dll, trojandownloader.win32.istbar.ap.dll, trojandownloader.win32.istbar.dh_(40).dll, trojandownloader.win32.istbar.p.dll, vic32.dll, ysbactivex.dll.
flashplayer.dll, gzlib.dll in c:\spedia\
mediaaccc.dll in Program Files\media access\
mscache.dll, nem218.dll in Windows\
acsproxy.dll, fwntoolbar.dll, imgconv.dll, istbar.dll, srchbar.dll in Windows\system32\
istbar.dll in Windows\system\
istbar.dll in Windows\temp\
|
|
Delete these registry entries
HKEY_CLASSES_ROOT\appid\loaderx.exe
HKEY_CLASSES_ROOT\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}
HKEY_CLASSES_ROOT\clsid\{69555be2-9a78-11d2-ba91-00600827878d}
HKEY_CLASSES_ROOT\clsid\{6fd5192-a97c-4b48-a5d7-2420cfdcfdf2}
HKEY_CLASSES_ROOT\clsid\{7c559105-9ecf-42b8-b3f7-832e75edd959}
HKEY_CLASSES_ROOT\clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}
HKEY_CLASSES_ROOT\clsid\{ef86873f-04c2-4a95-a373-5703c08efc7b}
HKEY_CLASSES_ROOT\clsid\{faa356e4-d317-42a6-ab41-a3021c6e7d52}
HKEY_CLASSES_ROOT\interface\{0e704ba4-c517-4be7-a1cd-c3ffda1e1ffe}
HKEY_CLASSES_ROOT\istactivex.installer
HKEY_CLASSES_ROOT\istactivex.installer.2
HKEY_CLASSES_ROOT\istactivex.installer\curver istactivex.installer.2\url search optimization
HKEY_CLASSES_ROOT\istbar.barobj
HKEY_CLASSES_ROOT\istx.installer
HKEY_CLASSES_ROOT\mediaaccess.installer
HKEY_CLASSES_ROOT\mediaaccx.installer\clsid\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}
HKEY_CLASSES_ROOT\mediaaccx.installer\mediaaccx.installer
HKEY_CLASSES_ROOT\pugi.pugiobj
HKEY_CLASSES_ROOT\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}
HKEY_CLASSES_ROOT\typelib\{6fd5192-a97c-4b48-a5d7-2420cfdcfdf2}
HKEY_CLASSES_ROOT\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d1b}
HKEY_CLASSES_ROOT\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d1c}
HKEY_CLASSES_ROOT\typelib\{8d038f3d-7a31-42fa-8233-edf3ddd9fc25}
HKEY_CLASSES_ROOT\typelib\{d0288a41-9855-4a9b-8316-babe243648da}
HKEY_CLASSES_ROOT\typelib\{e9a5b71c-093b-4f34-af07-34fca89ba0df}
HKEY_CLASSES_ROOT\ysbactivex.installer
HKEY_CURRENT_USER\software\1stbar
HKEY_CURRENT_USER\software\iesearchbar
HKEY_CURRENT_USER\software\ist
HKEY_CURRENT_USER\software\ist_exe_start
HKEY_CURRENT_USER\software\istbar
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping\10e42047-deb9-4535-a118-b3f6ec39b807
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser\{5d60ff48-95be-4956-b4c6-6bb168a70310}
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser\{5f1abcdb-a875-46c1-8345-b72a4567e486}
HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser\faa356e4-d317-42a6-ab41-a3021c6e7d52
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\ms aupdate
HKEY_LOCAL_MACHINE\hardware\resourcemap\pnp manager\pnpmanager\device\resource008659.raw
HKEY_LOCAL_MACHINE\hardware\resourcemap\pnp manager\pnpmanager\device\resource008659.translated
HKEY_LOCAL_MACHINE\software\classes\clsid\{12398dd6-40aa-4c40-a4ec-a42cfc0de797}
HKEY_LOCAL_MACHINE\software\classes\clsid\{98a8315e-667a-11d5-87a3-bb213c32b44b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{aa8c93e1-7e5f-497e-b67c-cc8fe2a40d3b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f3e7ff6d-dca1-11d4-95df-00c0dfe9982c}
HKEY_LOCAL_MACHINE\software\classes\imgconv.clsimgconv
HKEY_LOCAL_MACHINE\software\classes\interface\{2ddd90d6-f153-4ea7-a324-4b2d83d1027e}
HKEY_LOCAL_MACHINE\software\classes\interface\{79bf9dcd-c52d-4da8-b15e-ac2a88e96b0a}
HKEY_LOCAL_MACHINE\software\classes\interface\{98a8315d-667a-11d5-87a3-bb213c32b44b}
HKEY_LOCAL_MACHINE\software\classes\interface\{98a8315f-667a-11d5-87a3-bb213c32b44b}
HKEY_LOCAL_MACHINE\software\classes\interface\{996b33c1-8e19-4f4f-ab6c-52a2c523b7d3}
HKEY_LOCAL_MACHINE\software\classes\interface\{9ce15eb5-6b39-4656-9e1f-2d219ee42e0e}
HKEY_LOCAL_MACHINE\software\classes\interface\{d128e6c8-6ae7-4ecd-939e-e2e6ca7d035d}
HKEY_LOCAL_MACHINE\software\classes\istactivex.installer
HKEY_LOCAL_MACHINE\software\classes\istactivex.installer.2
HKEY_LOCAL_MACHINE\software\classes\istactivex.installer\clsid
HKEY_LOCAL_MACHINE\software\classes\istactivex.installer\curver
HKEY_LOCAL_MACHINE\software\classes\typelib\{17ed04b9-6c71-11d4-87a3-daa6b6b40e8f}
HKEY_LOCAL_MACHINE\software\classes\typelib\{308a04d3-084d-43aa-a3e6-0d12bcca3ce6}
HKEY_LOCAL_MACHINE\software\classes\typelib\{7c9e9a74-1922-409e-ab46-e48784336c3a}
HKEY_LOCAL_MACHINE\software\classes\typelib\{f3e7ff6b-dca1-11d4-95df-00c0dfe9982c}
HKEY_LOCAL_MACHINE\software\istbar
HKEY_LOCAL_MACHINE\software\istsvc
HKEY_LOCAL_MACHINE\software\lycos\sidesearch\locale
HKEY_LOCAL_MACHINE\software\lycos\sidesearch\partner
HKEY_LOCAL_MACHINE\software\lycos\sidesearch\silentwelcome
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{12398dd6-40aa-4c40-a4ec-a42cfc0de797}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{12398dd6-40aa-4c40-a4ec-a42cfc0de797}\installer
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{12398dd6-40aa-4c40-a4ec-a42cfc0de797}\systemcomponent
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{000007c6-17df-4438-92a4-de5537471ba3}\bandclsid
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{000007c6-17df-4438-92a4-de5537471ba3}\buttontext
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{000007c6-17df-4438-92a4-de5537471ba3}\clsid
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{000007c6-17df-4438-92a4-de5537471ba3}\default visible
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{000007c6-17df-4438-92a4-de5537471ba3}\hoticon
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{000007c6-17df-4438-92a4-de5537471ba3}\icon
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{0a8ce102-fa03-4612-9bee-7fe5452f4cb1}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shstyle
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\mediaswitch
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll\{7c559105-9ecf-42b8-b3f7-832e75edd959}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll\.owner
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll\{12398dd6-40aa-4c40-a4ec-a42cfc0de797}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/pcpowerscan.exe\.owner
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/pcpowerscan.exe\{dc187740-46a9-11d5-a815-00b0d0428c0c}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\ist service
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\ms updates
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\windows\downloaded program files\istactivex.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved\{0a8ce102-fa03-4612-9bee-7fe5452f4cb1}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\iesearchbariesearchbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istbar\_{cfbfae00-17a6-11d0-99cb-00c04fd64497}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istbaristbar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\istsvc
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\lycos sidesearch\displayicon
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\lycos sidesearch\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\lycos sidesearch\helplink
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\lycos sidesearch\nomodify
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\lycos sidesearch\norepair
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\lycos sidesearch\uninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\lycos sidesearch\urlinfoabout
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search bar\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\search bar\uninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wsem update\displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\wsem update\uninstallstring
HKEY_LOCAL_MACHINE\typelib\{69550be2-9a78-11d2-ba91-00600827878d}
|
|
Remove the following files
a834d85b5062f849e461b71c20bf78f8.exe, amature.mpg, bb.exe, bundleinstall.exe, chat.dat, checks.040617-1442.log, csearch.dll, default.skn, dust.exe, ezines.dat, games.exe, home.dat, hot_tarts_au.lnk, iinstall.exe, install.log, intrigue.dll, ist.exe, ist.inf, istactivex.inf, istbar.txt, istbar_mainstream[1].dll, istinstall_154074.exe, istsvc[1].exe, kyf.dat, l9lecc.exe, lhqibp.dll, mcinstl.dll, mcinstl.exe, mcinstl.inf, msbe.dll, olelib.tlb, paysites.dat, penmzp.exe, pics.dat, scan.exe, srchbar.dll.manifest, srcle32.exe, ssdbkup.exe, trojandownloader.win32.istbar.aj.exe, trojandownloader.win32.istbar.aj[2].exe, trojandownloader.win32.istbar.ap.dll, trojandownloader.win32.istbar.bm.exe, trojandownloader.win32.istbar.bp.exe, trojandownloader.win32.istbar.bu.exe, trojandownloader.win32.istbar.bx.exe, trojandownloader.win32.istbar.cl.exe, trojandownloader.win32.istbar.dh_(40).dll, trojandownloader.win32.istbar.i.exe, trojandownloader.win32.istbar.p.dll, trojandownloader.win32.istbar.u.exe, uveu42at.exe, vic32.dll, videos.dat, virtue.lnk, webupdate.txt, x.chm.lnk, x.zip.dir.lnk, xml_istbar.php, ymhfvu.exe, ysbactivex.dll.
flashplayer.dll, fpfntdat.bin, gzlib.dll in c:\spedia\
cxtpls_loader_ff.exe in c:\temp\
free travel voucher.url in Desktop\
free amature movie.lnk in Documents and Settings\UserName\desktop\
istdnld.exe, ist_install.exe in Documents and Settings\UserName\local settings\temp\
in the vip.lnk in Favorites\adult sites\reality\
in the vip.lnk in Favorites\free adult content\daily pictures\
betting.lnk, casino palace.lnk, casino.lnk, games.lnk, horoscope.lnk in Favorites\fun & games\
air tickets.lnk in Favorites\going places\
ads.html, config.ini, naughtyplayer.exe, naughty_setup.exe in Program Files\free amature movie\
optimize.exe in Program Files\internet optimizer\
istsvc.exe in Program Files\istsvc\
mediaaccc.dll, mediaaccess.exe, mediaacck.exe in Program Files\media access\
radio.exe in Program Files\toolbar\
70tovmto.exe, alchem.ini, espam.exe, fon14100.exe, fyd.exe, msbb.exe, mscache.dll, mscache.exe, nem218.dll, penoghih.exe, tinybar.exe, unstsa3.exe in Windows\
70tovmto.ini, a95kfrhe.ini, acsproxy.dll, acsproxy.lib, aenhl3qr.html, ap9h4qmo.exe, ap9h4qmo.ini, aupdate.exe, aupdate_uninstall.exe, bln02nqv.exe, bln02nqv.ini, bw6mds51.ocx, dbm42.exe, dgrdntld.exe, fpuos7h2.html, fwntoolbar.dll, gah95on6.ini, gamma.exe, imgconv.dll, istbar.dll, kmisxk.exe, longtimer.ocx, loudc.exe, mciwndx.ocx, mqtqtz32.exe, msyutils.exe, nah.exe, srchbar.dll, trkgif.exe, unregister.exe in Windows\system32\
istbar.dll in Windows\system\
istbar.dll in Windows\temp\
|
|
Remove the following directories
Program Files\common files\totem shared
Program Files\free amature movie
Program Files\istsvc
Program Files\search bar
|
Bookmark ISTbar page
| Visitor Comments on ISTbar |
2005-07-08 12:09:05, Guest:
that spyware doctor listed above helped me to get rid of this.. manually removing it would have taken hours :)
|
| Previous Spyware: Remove IStartHere |
Next Spyware: Remove ISTbar.AUpdate |
|