Adware ISTbar, IStsvc.exe please help me remove this adware

[Guest]

Hi,

I just found out that i have this adware installed on my pc and tried to
remove it from my pc but not luck. Please help me!
I even try erasing the registry keys, and no help, maybe im not erasing all
the registry keys.
Also found on my system configuration: this adware C:\Program
files\Kazaa-Pal\Kazaa-Pal.exe and dont know how to delete this adware either,
try looking online but not help at all.
dont know if this is a adware: C:\Windows\wfwdal.exe
or: %systemroot%\system32\drumpep 0 -k
or: C:\WINDOWS\system32\ov23mbga.exe

this are on my start up system configuration.
please help me to delete all this adware from my computer

 

[Carey Frisch [MVP]]

Unexplained computer behavior may be caused by deceptive software
http://support.microsoft.com/?­id=827315

Download Ad-aware SE and scan your PC for the presence of sp­yware:
http://www.download.com/3000-2144-10045910.html?part=69274&subj=dlpage&tag=button

Symantec Security Check
http://security.symantec.com/s­scv6/default.asp?langid=ie&ven­id=sym

Microsoft Windows AntiSpyware
http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en

3 Simple Steps to Help Ensure the Protection of Your PC
http://www.microsoft.com/athom­e/security/protect/default.msp­x

Utilize the following maintenance programs, at least monthly,
to maintain the optimum performance of Windows XP:

Description of the Disk Cleanup Tool in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;310312&Product=winxp

How to Perform Disk Error Checking in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;315265&Product=winxp

HOW TO: Analyze and Defragment a Disk in Windows XP
http://support.microsoft.com/default.aspx?scid=kb;en-us;305781&Product=winxp

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx

-------------------------------------------------------------------------------------------

:

| Hi,
|
| I just found out that i have this adware installed on my pc and tried to
| remove it from my pc but not luck. Please help me!
| I even try erasing the registry keys, and no help, maybe im not erasing all
| the registry keys.
| Also found on my system configuration: this adware C:\Program
| files\Kazaa-Pal\Kazaa-Pal.exe and dont know how to delete this adware either,
| try looking online but not help at all.
| dont know if this is a adware: C:\Windows\wfwdal.exe
| or: %systemroot%\system32\drumpep 0 -k
| or: C:\WINDOWS\system32\ov23mbga.exe
|
| this are on my start up system configuration.
| please help me to delete all this adware from my computer

 

[David H. Lipman]

From: "Zeca" <[email protected]>

| Hi,
|
| I just found out that i have this adware installed on my pc and tried to
| remove it from my pc but not luck. Please help me!
| I even try erasing the registry keys, and no help, maybe im not erasing all
| the registry keys.
| Also found on my system configuration: this adware C:\Program
| files\Kazaa-Pal\Kazaa-Pal.exe and dont know how to delete this adware either,
| try looking online but not help at all.
| dont know if this is a adware: C:\Windows\wfwdal.exe
| or: %systemroot%\system32\drumpep 0 -k
| or: C:\WINDOWS\system32\ov23mbga.exe
|
| this are on my start up system configuration.
| please help me to delete all this adware from my computer


Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files

Dump the contents of the Mozilla FireFox Cache
Tools --> Options --> Privacy --> Cache --> Clear

1) Download TrendMicro Sysclean by one of the following 2 methods

Trend Sysclean Method 1
---------------------------------------
Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\sysclean")

Download SYSCLEAN.COM and place it in that directory.
Download the signature files (pattern files) by obtaining the ZIP file.
For example; lpt592.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

Trend Sysclean Method 2
---------------------------------------
Download the utility SYSCLEAN_FE at the following URL --
http://www.ik-cs.com/got-a-virus.htm
SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
Direct URL --
http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe


2) Download and install Ad-aware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Download BHODemon
http://www.definitivesolutions.com/bhodemon.htm

3) Update Adaware and BHODemon with the latest definitions then exit each software.
4) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
5) Reboot your PC into Safe Mode and shutdown as many applications as possible
6) Using the Trend Sysclean and Ad-aware SE utilities, perform a Full Scan of your
platform and clean/delete any infectors found
7) Restart your PC and perform a "final" Full Scan of your platform using both Trend
Sysclean and Ad-aware SE
8) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
9) Reboot your PC.
10) Execute BHODemon and disable/remove unknown BHO's
11) Create a new Restore point

* * * Please report back your results * * *

 

[Rock]

Hi,

I just found out that i have this adware installed on my pc and tried to
remove it from my pc but not luck. Please help me!
I even try erasing the registry keys, and no help, maybe im not erasing all
the registry keys.
Also found on my system configuration: this adware C:\Program
files\Kazaa-Pal\Kazaa-Pal.exe and dont know how to delete this adware either,
try looking online but not help at all.
dont know if this is a adware: C:\Windows\wfwdal.exe
or: %systemroot%\system32\drumpep 0 -k
or: C:\WINDOWS\system32\ov23mbga.exe

this are on my start up system configuration.
please help me to delete all this adware from my computer

Symantec has a clean up tool for Istbar:
http://securityresponse.symantec.com/avcenter/venc/data/adware.istbar.html

Also see some of these links for more information:
http://www.google.com/search?hl=en&lr=&q=istbar&btnG=Search

Here are some tips for general removal of malware:

Run these programs to check for spyware/malware. After installing
update them, then boot into safe mode and run them. You should update
and run them weekly.

Cwshredder
http://www.intermute.com/spysubtract/cwshredder_download.html

Ad-aware SE
http://www.lavasoftusa.com

Spybot Search and Destroy
http://www.safer-networking.org

Bazooka Adware and Spyware Scanner
http://download.com.com/3000-2144-10247783.html

Pest Patrol Free Pest Scanner
http://store.ca.com/dr/v2/ec_main.e...tchingYou&client=ComputerAssociates&sid=35715

If you’re still having problems after running these then run HijackThis
and post the log to one of the specialty forums, _NOT_ this one.

HijackThis
http://www.majorgeeks.com/download.php?det=3155

Forums to Interpret HijackThis Logs:

http://www.spywareinfo.com/forums/
http://forum.aumha.org/viewforum.php?f=30
http://forums.tomcoyote.org/
http://www.wilderssecurity.com/

After your system is clean use these programs to help keep it clean:

Spywareblaster
www.javacoolsoftware.com/sbdownload.html

Spywareguard
http://www.javacoolsoftware.com/sgdownload.html

IE-SPYAD
http://www.staff.uiuc.edu/~ehowes/resource.htm

Microsoft® Windows AntiSpyware (Beta)
http://www.microsoft.com/athome/security/spyware/default.mspx
http://www.microsoft.com/downloads/...A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

For viruses, start with Trend Micro’s Sysclean and McAfee’s Stinger.
Download them and the Sysclean signature file. Turn off system restore,
boot into safe mode and run them. Boot back into normal mode and run a
full AV scan with your normal AV program. Then turn system restore back
on.

Trend Micro Sysclean
http://www.trendmicro.com/download/dcs.asp

Trend Micro Signature File
http://www.trendmicro.com/download/pattern.asp

McAfee AVert Stinger Virus Removal Tool
http://vil.nai.com/vil/stinger/

You should also regularly run at least two of these online scans in
addition to your regular up to date AV program:

Online and Downloadable Virus Scanning:

Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Bit Defender Online Virus Scan:
http://www.bitdefender.com/scan/license.php

Symantec Online Virus and Security Scan:
http://security.symantec.com/ssc/home.asp

TrendMicro:
http://housecall.trendmicro.com/housecall/start_corp.asp

McAfee Online Virus Scan:
http://www.mcafee.com/myapps/mfs/default.asp

RAV AntiVirus - Scan Online
http://www.ravantivirus.com/scan/

F-Secure:
http://support.f-secure.com/enu/home/ols.shtml

[Note: Stinger looks only for a limited number of specific viruses.
It’s not intended for full strength virus scanning and removal, but it
can help eliminate enough threats to allow you to install and scan with
a full featured AV program.]

Make sure you have a firewall active at all times. If nothing else use
the one built into XP, but there are a variety of free third party ones
that do a better job from Sygate, Zone Alarm or Kerio.

Sygate Personal Firewall
http://smb.sygate.com/products/spf_standard.htm

Zone Alarm
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=staticcomp_za

Kerio Personal Firewall
http://www.kerio.com/kpf_download.html

 

[Guest]

Thanks for your help!
followed step by step, even used other software after!
(mcafee antivirus, found a few malware; spyboot and xoftspy )
and got the same adware on my system, even after rebooting from safe mode to
normal mode spyboot ask me to run another scan and found istsvc.exe again.

what else can i do?

=(

 

[David H. Lipman]

From: "Zeca" <[email protected]>

| Thanks for your help!
| followed step by step, even used other software after!
| (mcafee antivirus, found a few malware; spyboot and xoftspy )
| and got the same adware on my system, even after rebooting from safe mode to
| normal mode spyboot ask me to run another scan and found istsvc.exe again.
|
| what else can i do?
|
| =(
|

Do NOT use XoftSpy ! It is a rogue anti spyware ! It is NOT recomended by professionals.

Did you use BHODemon ?

I want you to also try CounterSpy.

 

[Guest]

Thanks for your help!!

I havent used BHODemon, yet but i gonna try it now!
i used conterspy found a few adware, was great! but still a few minutes ago
i runned another scan and didnt find anything. I still get pop up. and dont
know what to do...i runned so many software again adware.
At least i think that i removed for sure the ISTbar, dont see it in my
startup anymore(msconfig) kazaa pal is gone too using Absolute uninstaller
1.41.

This is where the ads are coming from when i go to my history:
ads.cc214142.com
ads.dealhelper.com

i thouhgt that i dont have any more adware or spyware on my computer, how
can i still get pop up, after running so many virus scan(mcafee) and all the
antyspyware software, Sysclean, adware, stinger, cwshredder, spybot,
microsoft antispyware, counterspy.

=(

thanks to all for your help!