Istbar help please

J

John Dean

AVG free has identified what it calls Trojan Horse Downloader Istbar.aq
as an "infected, embedded object". It's in my TIF as
ysb_1002838[1].cab but AVG cannot heal or send to the vault
From Googling round, it seems that when Istbar infects a system, it
usually hijacks the IE toolbar in recognisable ways but this has not
happened. So is my system infected yet, or is the Trojan just lying
dormant?
More important, how do I get rid of it?
Thanks
 
D

David H. Lipman

From: "John Dean" <[email protected]>

| AVG free has identified what it calls Trojan Horse Downloader Istbar.aq
| as an "infected, embedded object". It's in my TIF as
| ysb_1002838[1].cab but AVG cannot heal or send to the vault
| From Googling round, it seems that when Istbar infects a system, it
| usually hijacks the IE toolbar in recognisable ways but this has not
| happened. So is my system infected yet, or is the Trojan just lying
| dormant?
| More important, how do I get rid of it?
| Thanks
|

Dump the contents of your IE cache -
Start --> settings --> control panel --> Internet options --> delete files

Then rescan the system.
 
J

John Dean

David said:
From: "John Dean said:
AVG free has identified what it calls Trojan Horse Downloader
Istbar.aq as an "infected, embedded object". It's in my TIF as
ysb_1002838[1].cab but AVG cannot heal or send to the vault
From Googling round, it seems that when Istbar infects a system, it
usually hijacks the IE toolbar in recognisable ways but this has not
happened. So is my system infected yet, or is the Trojan just lying
dormant?
More important, how do I get rid of it?
Thanks
Click to expand...

Dump the contents of your IE cache -
Start --> settings --> control panel --> Internet options --> delete
files

Then rescan the system.
Click to expand...

That did it. Excellent. Thanks.
 
D

David H. Lipman

|
| That did it. Excellent. Thanks.

Excellent !

Thanx for updating the thread.
 
J

John Dean

David said:
Excellent !

Thanx for updating the thread.
Click to expand...

Now the thought crosses my mind - why didn't AVG pick this up on the way
in, since it was able to detect its presence?
 
D

David H. Lipman

From: "John Dean" <[email protected]>


|
| Now the thought crosses my mind - why didn't AVG pick this up on the way
| in, since it was able to detect its presence?

The problem is it an archive file. You have scanning within an archive file enabled and
thus it found this tidbit. However, the AV software can extract the file from the archive
file and scan it but it can't remove the infected file and repack the archive file.
Therefore it is not removed and it would take a manual deletion. The same goes for a Java
script Trojan found to be in a .CLASS file in a Java Jar (ZIP type file).

So it would take a manual deletion of the archive file. Since your .CAB file was in the
Internet Explorer Browser Cache (aka; TIF) it is best to just dump the cache. In my above
example of a .CKLASS file in a Java Jar, one would clear the Java cache.

Now why didn't AVG initially find the .CAB file on the PC when it was downloaded ? It could
be there wasn't a signature then, you didn't have scan within archives enabled then, etc...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

virus: Trojan Horse Downloader .Istbar.3.AE 2
Ckrokad Trojan Question 1
Does \MsMpEng.exe(1360):\memory_07d80000 mean malware? 7
Removal of RisinG / sds2d21.exe / sdsxd.exe 0
For MVP: Trojan-horse associated with C:\WINDOWS\system32\wdmaud.s 1
Trojan Horse PSW.Agent.VQA 6
Trojan Horse help please 23
Trojan Horse Downloader.Generic2.CCY Help Please! 6

Top