Posted on 12/14/2004 6:22:01 PM PST by Ernest_at_the_Beach
I'm on earthlink (love it BTW) but I'm not finding a reference for this.
_________________________________________
Spyware: ISTbar
NUISANCE LEVEL |
ISTbar is an MSIE toolbar, homepage and search hijacker provided by Integrated Search Technologies/CDT Inc. It installs several spyware agents mainly by ActiveX drive-by download (yes you read it correctly) on affiliate sites and delivers mostly porn ads. More details here. Files installed are: mscache.exe, aupdate.exe, aupdate_uninstall.exe, istsvc.exe, mscache.dll and istbar.dll. Removal: Uninstall ISTBar from "Add/Remove Programs" in the Windows Control Panel. Look for MS AUpdate, MS Updates, XXXToolbar, ISTsvc or ISTBar. If no such entry exists or if the uninstall fails, contact the vendor for support, use a spyware cleaner, or uninstall ISTBar manually. AUpdate Open the Registry and find the key HKCU\Software\Microsoft\Windows\CurrentVersion\Run. Delete the 'AutoUpdater' entry on the right (points to aupdate.exe). Find the key HKCR\CLSID, and delete the subkey '{69550BE2-9A78-11D2-BA91-00600827878D}'. Delete the subkey of the same name from HKLM\Software\Microsoft\Internet Explorer\Explorer Bars, and the entry of the same name from HKLME\Software\Microsoft\Internet Explorer\Toolbar. Restart the computer and delete the files 'aupdate.exe', 'aupdate.conf', 'aupdate.trk' and 'aupdate_uninstall.exe' from your System folder. (\System32 on Windows NT/2000/XP or just \System on Windows 95/98/ME). Restore your normal search settings (Internet Options > Programs > Reset Web Settings). MSCache Open a DOS command prompt window and enter: cd "%WinDir%\System" Open the Registry and find the key HKCU\Software\Microsoft\Windows\CurrentVersion\Run. Delete the 'MS Updates' entry on the right (points to mscache.exe). Find the key HKCR\CLSID, and delete the subkey '{69550BE2-9A78-11D2-BA91-00600827878D}'. Delete the subkey of the same name from HKLM\Software\Microsoft\Internet Explorer\Explorer Bars, and the entry of the same name from HKLM\Software\Microsoft\Internet Explorer\Toolbar. Restart the computer and delete the files 'mscache.exe', and 'mscache.dll' from the Windows (Windows 95/98/ME) or WinNT (Windows NT/2000/XP) folder. Restore your normal search settings (Internet Options > Programs > Reset Web Settings). XXXToolbar Open the Registry and find the key HKCU\Software\Microsoft\Windows\CurrentVersion\Run. Delete the 'IST Service' entry (if there). Open a DOS command prompt window and enter: cd "%WinDir%\System" Restart the computer and delete the 'ISTbar' folder from the c:\Program Files folder, and the 'istsvc.exe' file from the Windows (Windows 95/98/ME) or WinNT (Windows NT/2000/XP) folder. You can also delete the registry keys HKCU\Software\ISTbar and HKCR\Pugi.PugiObj. Cleaning If you are cleaning your system manually, using some of the tips mentioned above, you do this at your own risk. Editing the Registry without some basic knowledge may result in your computer not starting up anymore. And reinstalling Windows may be the only way back. |
[] [TOP]
I find if my daughter leaves on her AIM, her computer just gets loads of spyware stuff on it.
OK.....well, see post #5.....
So are you using Spyware Blocker?
Any comments about it...Like does it work?
Damn.....that has to be painful....
I'm spending a big chunk of my time cleaning Trojans and HiJackers off my client's PCs. It's getting really bad especially for IE users. The stuff that replicates itself and hides in the registry is unbelievable. If you miss something, it'll just come right back.
JWinNC
Why can't there be a way to prevent any program from sending anything out?
Example. You are getting information from a site you have chosen. You are connected through your ISP. You know who those two are.
Why can't I limit uploads to just those two sites until I choose otherwise, and no others?
I assume there must be a good reason.
CW Shredder is a nice little program that will help remove Cool Web Search. But you also have to comb through the Registry to get rid of it completely.
I hate to think how much of my computer's memory is taken up by Norton AntiVirus, ZoneAlarm, Spyware Blaster, Spyware Guard, SpamPal, Ad Muncher, and all the other programs I use to prevent infections. It wouldn't surprise me that it's about 75% protection and 25% programs that I'm running. And that's not to speak of all the complications that have been introduced into Windows itself in order to block these various malicious attacks. SP2 has definitely slowed my computers a bit.
ping
Do you know about ActiveX?
That seems to be a favored entry path....and sockets?
Theoretically immune? Probably not.
Does Linux actually get infected by Spyware? No, not in my many-year experience.
CWShredder didn't do the trick for my polluted PC and my techie fiance working on it; we did the process three times with no luck. A Format C solved the problem nicely, though, and freed up a chunk of space.
It hasn't been a very big target for the malware writers......yet.
Don't know what the top 10 are, but you catch 9 of them from Drudge.
As a cable internet installer that's probably a little more effort than I'm going to go to. Ussually I do the cleanup on customers computers in the course of my work, but I generally restrict myself to downloading and running, AdAware, Spybot and Firefox and then explaining to the customer a little about spyware and security in general. Strictly speaking, hardware and software problems are not our concern, but ussually we'll try to fix things if we can.
__________________________________________
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.