istbar

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

istbar is in
HKEY_USERS\S-1-5-21-1638909667-3051677093-2028905068-1007
\Software\Microsoft\Search Assistant\ACMru
 
Hey good news!!!!!!!! I also had the ista bar problen, BUT
I have found a solution to this problem after spending
about 20 hours trying to delete all of the crap from this
adware. I found the istabar removal tool from Symantic
the information that I found is all here I hope it helps
it did me.

Note: Removing this adware component from the system will
likely cause the program that installed it to not function
as intended. The uninstaller generally identifies the
programs that will not work after uninstallation.

Removal using the Adware.Istbar Removal Tool.
Symantec Security Response has developed a removal tool
for Adware.Istbar. Use this removal tool first, as it is
the easiest way to remove this threat.

The tool can be found here:
http://securityresponse.symantec.com/avcenter/FxIstbar.exe

The current version of the tool is version 1.0.7. It will
have a digital signature timestamp of 23 November 2004
04:45:25 AM PST

Notes:

The date and time displayed will be adjusted to your time
zone, if your computer is not set to the Pacific time
zone.
The removal tool may terminate Internet Explorer and
Windows Explorer. It is recommended that users save their
work and log out of these programs before running the
removal tool.
The removal tool will not delete some harmless Temporary
Internet files, which Adware.Istbar created, in
C:\Documents and Setings\Administrator\Local
Settings\Temporary Internet Files. These can be manually
deleted using the following steps:
Start Internet Explorer.
Click Tools > Internet Options.
In the Temporary Internet Files section, then click the
Delete Files button.
Check Delete all offline content, and then click OK.
The Removal tool will not reset any changes made to
settings in Internet Explorer. To restore default
settings in Internet Explorer it is necessary to perform
the following actions:
a. Click Start > Settings > Control Panel
b. Select Internet Options
c. Select the Programs tab
d. Click Reset Web Settings
e. Click OK
f. Exit Control Panel


Manual Removal Instructions
Update the virus definitions.
Restart in Safe mode.
Run a full system scan and delete all the files detected
as Adware.Istbar.
Delete the value that was added to the registry.
Restore default settings in Internet Explorer

For specific details on each of these steps, read the
following instructions.

1. Updating the virus definitions
Symantec Security Response fully tests all the virus
definitions for quality assurance before they are posted
to our servers. There are two ways to obtain the most
recent virus definitions:
Running LiveUpdate, which is the easiest way to obtain
virus definitions: These virus definitions are posted to
the LiveUpdate servers once each week (usually on
Wednesdays), unless there is a major virus outbreak. To
determine whether definitions for this threat are
available by LiveUpdate, refer to the Virus Definitions
(LiveUpdate).
Downloading the definitions using the Intelligent Updater:
The Intelligent Updater virus definitions are
posted on U.S. business days (Monday through Friday). You
should download the definitions from the Symantec Security
Response Web site and manually install them. To determine
whether definitions for this threat are available by the
Intelligent Updater, refer to the Virus Definitions
(Intelligent Updater).

The Intelligent Updater virus definitions are available:
Read "How to update virus definition files using the
Intelligent Updater" for detailed instructions.


2. Restarting the computer in Safe mode
Shut down the computer and turn off the power. Wait for at
least 30 seconds, and then restart the computer in Safe
mode or VGA mode. For instructions, read the
document, "How to start the computer in Safe Mode."


3. Scanning for and deleting the infected files Start
Norton AntiVirus and make sure that it is
configured to scan all the files. For more information,
read the document, "How to configure Norton AntiVirus to
scan all files."
Run a full system scan.
If any files are detected as infected with Adware.Istbar,
click Delete.


4. Deleting the value from the registry
Important: Symantec strongly recommends that you back up
the registry before making any changes to it. Incorrect
changes to the registry can result in permanent data loss
or corrupted files. Modify the specified keys only. Read
the document, "How to make a backup of the Windows
registry," for instructions.

Click Start > Run.
Type regedit > OK.


Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio
n\Run


In the right pane, delete the value:

"IST Service" = "C:\Program Files\ISTsvc\ISTsvc.exe"
"[5 random ASCII characters]" = "[path to adware]"


Navigate to and delete the key:

HKEY_LOCAL_MACHINE\Software\ISTsvc
HKEY_CURRENT_USER\Software\IST


Exit the Registry Editor.

5. To restore default settings in Internet Explorer

a. Click Start > Settings > Control Panel
b. Select Internet Options
c. Select the Programs tab
d. Click Reset Web Settings
e. Click OK
f. Exit Control Panel
 
Back
Top