antispyware tool and ISTbar

[Richard Bonomo]

Hello!

I recently spent the best part of two days trying to cleanup a
mess caused by one of my users inadvertently picking up various
pieces of malware recently, primarily via "infected" web sites.

I found that the computer had the ISTbar trojan, and managed to clean
up most of it manually.

After clearing up a few things manually, I downloaded the Microsoft
anti-spyware software, and ran it. It found several items which it then
(allegedly?) removed.

I find, though, that even though the anti-spyware program reports that
it has removed ISTbar, the registry entry (software/ISTbar) remained,
and still remains as far as I know.

I had also tried to remove it manually before and afterwards using
regedit and regedt32.

The manual attempts failed with a "no privilege" error, even after I
(supposedly) altered the permissions on the entry to allow me
(Administrator) to delete the entry.

1. Anti-Spyware should report the failure to remove
this entry (or anything else it cannot remove)

2. Does anyone have any idea how I can clear this entry?

Thank you.

Richard Bonomo
user name: bonomo
host/domain: sal.wiscXXX.edu (drop the X's)

 

[Andre Da Costa [Extended64]]

You need some extra help with the clean up part:
http://www.ccleaner.com
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm

 

[AndyManchesta]

Hi Richard

Ive just tried this and I have no problems removing the
IST folders from the registry, Maybe worth double
checking its being done from the Admin account, I didnt
use MS Antispy to remove the entries as I just deleted
every one found so cannot comment on if they still exist
after clean up but this was the main IST entries after
installing:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
ion\Run]

"SurfAccuracy"="C:\\Program Files\\SurfAccuracy\\SAcc.exe"

"Internet Optimizer"="\"C:\\Program Files\\Internet
Optimizer\\optimize.exe\""

"IST Service"="C:\\Program Files\\ISTsvc\\istsvc.exe"

"Power Scan"="C:\\Program Files\\Power
Scan\\powerscan.exe"

"switp"="C:\\WINDOWS\\switpa.exe"


[HKEY_CURRENT_USER\Software\IST]
[HKEY_CURRENT_USER\Software\PowerScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\ISTbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\SideFind]
[HKEY_LOCAL_MACHINE\SOFTWARE\PowerScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
ion\Uninstall\ISTbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
ion\Uninstall\ISTsvc]

Hopefully someone else can help with the denial of
permissions

Andy

 

[Richard Bonomo]

-----Original Message-----
You need some extra help with the clean up part:
http://www.ccleaner.com

Have you used this yourself? Are you convinced that
it is "safe?"

Richard Bonomo
user name: bonomo
host/domain: sal.wiscXXX.edu (drop the X's)