- Symantec Adware.Istbar/Trojan.ISTsvc Removal Tool has been downloaded 3,418 times so far.
- All files are on their original form. No installers or bundles are allowed.
- Thank you for choosing TechSpot as your download destination.
Now downloading...
Symantec Adware.Istbar/Trojan.ISTsvc Removal Tool 1.1.0
Removes toolbar and hijacks from Adware.SideFind and Trojan.ISTsvc. Learn what's new on this latest version. Click here if the download does not begin automatically.
Behavior
Adware.Istbar is an adware component, which does one or more of the following:
* Installs an Internet Explorer toolbar
* Acts as a Home page and search hijacker
This risk is often distributed with Adware.SideFind and Trojan.ISTsvc.
Symptoms
Your Symantec program detects Adware.Istbar
Transmission
This security risk can be downloaded from a Web page using an ActiveX installer.
technical details
File names:
IstBar_DH.dll
istbar.dll
istbarcm.dll
istdownload.exe
cmctl.dll
istbarcm.dll
ysbactivex.dll
Note: Detections dated March 3rd, 2005 or earlier may detect this adware as Adware.Istbar!Dl.
When Adware.Istbar is installed, it does the following:
1. May create some of the following folders and files :
* %ProgramFiles%\ISTbar\cmctl.dll
* %ProgramFiles%\ISTbar\istbarcm.dll
* %ProgramFiles%\ISTbar\imagemap_normal.bmp
* %ProgramFiles%\ISTbar\imagemap_over.bmp
* %ProgramFiles%\ISTbar\version.txt
* %ProgramFiles%\ISTbar\xml_istbar.xml
* %UserProfile%\Favorites\Fun & Games, drops numerous link files in this folder
* %UserProfile%\Favorites\Going Places, drops numerous link files in this folder
* %UserProfile%\Favorites\Living, drops numerous link files in this folder
* %UserProfile%\Favorites\Shop, drops numerous link files in this folder
* %UserProfile%\Favorites\Technology, drops numerous link files in this folder
Notes:
* %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
* %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).
2. Creates some of the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\ISTbar
HKEY_CURRENT_USER\Software\ISTbar
HKEY_CLASSES_ROOT\ISTbar.BarObj
HKEY_CLASSES_ROOT\Pugi.PugiObj.1
HKEY_CLASSES_ROOT\Pugi.PugiObj
HKEY_CLASSES_ROOT\TestContentMatchControl1.ContentMatchTag
HKEY_CLASSES_ROOT\TestContentMatchControl1.ContentMatchTag.1
HKEY_CLASSES_ROOT\CLSID\{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}
HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}
HKEY_CLASSES_ROOT\CLSID\{5F1ABCDB-A875-46c1-8345-B72A4567E486}
HKEY_CLASSES_ROOT\CLSID\{771A1334-6B08-4a6b-AEDC-CF994BA2CEBE}
HKEY_CLASSES_ROOT\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A}
HKEY_CLASSES_ROOT\CLSID\{FAA356E4-D317-42A6-AB41-A3021C6E7D52}
HKEY_CLASSES_ROOT\Interface\{0E704BA4-C517-4BE7-A1CD-C3FFDA1E1FFE}
HKEY_CLASSES_ROOT\Interface\{7B178417-3CDA-444F-94FF-312C0A3A78A8}
HKEY_CLASSES_ROOT\Interface\{7B9A715E-9D87-4C21-BF9E-F914F2FA953F}
HKEY_CLASSES_ROOT\Interface\{90CE74CC-788A-4A00-B38D-CBCA08CC9E8F}
HKEY_CLASSES_ROOT\Interface\{9388907F-82F5-434D-A941-BB802C6DD7C1}
HKEY_CLASSES_ROOT\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F}
HKEY_CLASSES_ROOT\Interface\{BF06DA8E-2BEB-4816-9BBD-F7625246E245}
HKEY_CLASSES_ROOT\Interface\{DC065FA6-08F9-4C50-99DC-275D16CFC5BD}
HKEY_CLASSES_ROOT\Typelib\{68BF4626-D66B-4383-A6AF-62E57E9B6CD4}
HKEY_CLASSES_ROOT\Typelib\{6D3F5DE4-E980-4407-A10F-9AC771ABAAE6}
HKEY_CLASSES_ROOT\TypeLib\{89A10D64-83BF-41A4-86A3-7AAF1F8F3D1B}
HKEY_CLASSES_ROOT\TypeLib\{8C752C5E-3C10-4076-AF0A-FFC69FA20D1B}
HKEY_CLASSES_ROOT\TypeLib\{CC257918-F435-4A33-8231-2B8195990CCA}
HKEY_CLASSES_ROOT\TypeLib\{DB447818-96B4-40DF-8A55-720DA496F514}
HKEY_CLASSES_ROOT\TypeLib\{E9A5B71C-093B-4F34-AF07-34FCA89BA0DF}
HKEY_CLASSES_ROOT\Component Categories
\{00021494-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Uninstall\ISTbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Uninstall\ISTbarISTbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer
\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Internet Settings\ZoneMap\Domains\contentmatch.net
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
\{0985C112-2562-46F2-8DA6-92648BA4630F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YSBactivex.Installer
3. Adds the values:
"Bandrest" = "Never"
"Search Bar" = "[WEB SITE ON THE COULDNOTFIND.COM DOMAIN]"
"Search Page" = [WEB SITE ON THE COULDNOTFIND.COM DOMAIN]"
"Search Page_bak" = [WEB SITE ON THE COULDNOTFIND.COM DOMAIN]"
"Start Page" = [WEB SITE ON THE COULDNOTFIND.COM DOMAIN]"
"Start Page_bak" = "file:/ //C:/WINNT/Web/Start.htm"
"Use Search Assistant" = "no"
to the registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
to redirect the start page and search pages.
4. Adds the value:
"Bandrest" = "Never"
to the registry subkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
5. Adds the values:
"{FAA356E4-D317-42A6-AB41-A3021C6E7D52}" = ""
"{5F1ABCDB-A875-46C1-8345-B72A4567E486}" = ""
to the registry subkeys:
HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
6. Adds the following toolbar to all Internet Explorer windows:
7. Displays links in the toolbar area relating to words typed anywhere in an Internet Explorer window. Read more.
Adware.Istbar is an adware component, which does one or more of the following:
* Installs an Internet Explorer toolbar
* Acts as a Home page and search hijacker
This risk is often distributed with Adware.SideFind and Trojan.ISTsvc.
Symptoms
Your Symantec program detects Adware.Istbar
Transmission
This security risk can be downloaded from a Web page using an ActiveX installer.
technical details
File names:
IstBar_DH.dll
istbar.dll
istbarcm.dll
istdownload.exe
cmctl.dll
istbarcm.dll
ysbactivex.dll
Note: Detections dated March 3rd, 2005 or earlier may detect this adware as Adware.Istbar!Dl.
When Adware.Istbar is installed, it does the following:
1. May create some of the following folders and files :
* %ProgramFiles%\ISTbar\cmctl.dll
* %ProgramFiles%\ISTbar\istbarcm.dll
* %ProgramFiles%\ISTbar\imagemap_normal.bmp
* %ProgramFiles%\ISTbar\imagemap_over.bmp
* %ProgramFiles%\ISTbar\version.txt
* %ProgramFiles%\ISTbar\xml_istbar.xml
* %UserProfile%\Favorites\Fun & Games, drops numerous link files in this folder
* %UserProfile%\Favorites\Going Places, drops numerous link files in this folder
* %UserProfile%\Favorites\Living, drops numerous link files in this folder
* %UserProfile%\Favorites\Shop, drops numerous link files in this folder
* %UserProfile%\Favorites\Technology, drops numerous link files in this folder
Notes:
* %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
* %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).
2. Creates some of the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\ISTbar
HKEY_CURRENT_USER\Software\ISTbar
HKEY_CLASSES_ROOT\ISTbar.BarObj
HKEY_CLASSES_ROOT\Pugi.PugiObj.1
HKEY_CLASSES_ROOT\Pugi.PugiObj
HKEY_CLASSES_ROOT\TestContentMatchControl1.ContentMatchTag
HKEY_CLASSES_ROOT\TestContentMatchControl1.ContentMatchTag.1
HKEY_CLASSES_ROOT\CLSID\{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}
HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}
HKEY_CLASSES_ROOT\CLSID\{5F1ABCDB-A875-46c1-8345-B72A4567E486}
HKEY_CLASSES_ROOT\CLSID\{771A1334-6B08-4a6b-AEDC-CF994BA2CEBE}
HKEY_CLASSES_ROOT\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A}
HKEY_CLASSES_ROOT\CLSID\{FAA356E4-D317-42A6-AB41-A3021C6E7D52}
HKEY_CLASSES_ROOT\Interface\{0E704BA4-C517-4BE7-A1CD-C3FFDA1E1FFE}
HKEY_CLASSES_ROOT\Interface\{7B178417-3CDA-444F-94FF-312C0A3A78A8}
HKEY_CLASSES_ROOT\Interface\{7B9A715E-9D87-4C21-BF9E-F914F2FA953F}
HKEY_CLASSES_ROOT\Interface\{90CE74CC-788A-4A00-B38D-CBCA08CC9E8F}
HKEY_CLASSES_ROOT\Interface\{9388907F-82F5-434D-A941-BB802C6DD7C1}
HKEY_CLASSES_ROOT\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F}
HKEY_CLASSES_ROOT\Interface\{BF06DA8E-2BEB-4816-9BBD-F7625246E245}
HKEY_CLASSES_ROOT\Interface\{DC065FA6-08F9-4C50-99DC-275D16CFC5BD}
HKEY_CLASSES_ROOT\Typelib\{68BF4626-D66B-4383-A6AF-62E57E9B6CD4}
HKEY_CLASSES_ROOT\Typelib\{6D3F5DE4-E980-4407-A10F-9AC771ABAAE6}
HKEY_CLASSES_ROOT\TypeLib\{89A10D64-83BF-41A4-86A3-7AAF1F8F3D1B}
HKEY_CLASSES_ROOT\TypeLib\{8C752C5E-3C10-4076-AF0A-FFC69FA20D1B}
HKEY_CLASSES_ROOT\TypeLib\{CC257918-F435-4A33-8231-2B8195990CCA}
HKEY_CLASSES_ROOT\TypeLib\{DB447818-96B4-40DF-8A55-720DA496F514}
HKEY_CLASSES_ROOT\TypeLib\{E9A5B71C-093B-4F34-AF07-34FCA89BA0DF}
HKEY_CLASSES_ROOT\Component Categories
\{00021494-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Uninstall\ISTbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Uninstall\ISTbarISTbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer
\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Internet Settings\ZoneMap\Domains\contentmatch.net
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
\{0985C112-2562-46F2-8DA6-92648BA4630F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YSBactivex.Installer
3. Adds the values:
"Bandrest" = "Never"
"Search Bar" = "[WEB SITE ON THE COULDNOTFIND.COM DOMAIN]"
"Search Page" = [WEB SITE ON THE COULDNOTFIND.COM DOMAIN]"
"Search Page_bak" = [WEB SITE ON THE COULDNOTFIND.COM DOMAIN]"
"Start Page" = [WEB SITE ON THE COULDNOTFIND.COM DOMAIN]"
"Start Page_bak" = "file:/ //C:/WINNT/Web/Start.htm"
"Use Search Assistant" = "no"
to the registry subkey:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
to redirect the start page and search pages.
4. Adds the value:
"Bandrest" = "Never"
to the registry subkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
5. Adds the values:
"{FAA356E4-D317-42A6-AB41-A3021C6E7D52}" = ""
"{5F1ABCDB-A875-46C1-8345-B72A4567E486}" = ""
to the registry subkeys:
HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
6. Adds the following toolbar to all Internet Explorer windows:
7. Displays links in the toolbar area relating to words typed anywhere in an Internet Explorer window. Read more.