Don't buy the wrong stuff: TechSpot Tech Gift Shortlist 2017

Symantec Adware.Istbar/Trojan.ISTsvc Removal Tool 1.1.0

Removes toolbar and hijacks from Adware.SideFind and Trojan.ISTsvc.

Download

Quick Facts

Freeware
Windows
164 KB
3,198
More votes needed
Behavior
Adware.Istbar is an adware component, which does one or more of the following:

* Installs an Internet Explorer toolbar
* Acts as a Home page and search hijacker

This risk is often distributed with Adware.SideFind and Trojan.ISTsvc.

Symptoms
Your Symantec program detects Adware.Istbar

Transmission
This security risk can be downloaded from a Web page using an ActiveX installer.

technical details
File names:
IstBar_DH.dll
istbar.dll
istbarcm.dll
istdownload.exe
cmctl.dll
istbarcm.dll
ysbactivex.dll

Note: Detections dated March 3rd, 2005 or earlier may detect this adware as Adware.Istbar!Dl.

When Adware.Istbar is installed, it does the following:

1. May create some of the following folders and files :

* %ProgramFiles%\ISTbar\cmctl.dll
* %ProgramFiles%\ISTbar\istbarcm.dll
* %ProgramFiles%\ISTbar\imagemap_normal.bmp
* %ProgramFiles%\ISTbar\imagemap_over.bmp
* %ProgramFiles%\ISTbar\version.txt
* %ProgramFiles%\ISTbar\xml_istbar.xml
* %UserProfile%\Favorites\Fun & Games, drops numerous link files in this folder
* %UserProfile%\Favorites\Going Places, drops numerous link files in this folder
* %UserProfile%\Favorites\Living, drops numerous link files in this folder
* %UserProfile%\Favorites\Shop, drops numerous link files in this folder
* %UserProfile%\Favorites\Technology, drops numerous link files in this folder

Notes:
* %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
* %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).

2. Creates some of the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\ISTbar
HKEY_CURRENT_USER\Software\ISTbar
HKEY_CLASSES_ROOT\ISTbar.BarObj
HKEY_CLASSES_ROOT\Pugi.PugiObj.1
HKEY_CLASSES_ROOT\Pugi.PugiObj
HKEY_CLASSES_ROOT\TestContentMatchControl1.ContentMatchTag
HKEY_CLASSES_ROOT\TestContentMatchControl1.ContentMatchTag.1
HKEY_CLASSES_ROOT\CLSID\{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}
HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}
HKEY_CLASSES_ROOT\CLSID\{5F1ABCDB-A875-46c1-8345-B72A4567E486}
HKEY_CLASSES_ROOT\CLSID\{771A1334-6B08-4a6b-AEDC-CF994BA2CEBE}
HKEY_CLASSES_ROOT\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A}
HKEY_CLASSES_ROOT\CLSID\{FAA356E4-D317-42A6-AB41-A3021C6E7D52}
HKEY_CLASSES_ROOT\Interface\{0E704BA4-C517-4BE7-A1CD-C3FFDA1E1FFE}
HKEY_CLASSES_ROOT\Interface\{7B178417-3CDA-444F-94FF-312C0A3A78A8}
HKEY_CLASSES_ROOT\Interface\{7B9A715E-9D87-4C21-BF9E-F914F2FA953F}
HKEY_CLASSES_ROOT\Interface\{90CE74CC-788A-4A00-B38D-CBCA08CC9E8F}
HKEY_CLASSES_ROOT\Interface\{9388907F-82F5-434D-A941-BB802C6DD7C1}
HKEY_CLASSES_ROOT\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F}
HKEY_CLASSES_ROOT\Interface\{BF06DA8E-2BEB-4816-9BBD-F7625246E245}
HKEY_CLASSES_ROOT\Interface\{DC065FA6-08F9-4C50-99DC-275D16CFC5BD}
HKEY_CLASSES_ROOT\Typelib\{68BF4626-D66B-4383-A6AF-62E57E9B6CD4}
HKEY_CLASSES_ROOT\Typelib\{6D3F5DE4-E980-4407-A10F-9AC771ABAAE6}
HKEY_CLASSES_ROOT\TypeLib\{89A10D64-83BF-41A4-86A3-7AAF1F8F3D1B}
HKEY_CLASSES_ROOT\TypeLib\{8C752C5E-3C10-4076-AF0A-FFC69FA20D1B}
HKEY_CLASSES_ROOT\TypeLib\{CC257918-F435-4A33-8231-2B8195990CCA}
HKEY_CLASSES_ROOT\TypeLib\{DB447818-96B4-40DF-8A55-720DA496F514}
HKEY_CLASSES_ROOT\TypeLib\{E9A5B71C-093B-4F34-AF07-34FCA89BA0DF}
HKEY_CLASSES_ROOT\Component Categories
\{00021494-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Uninstall\ISTbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Uninstall\ISTbarISTbar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer
\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Internet Settings\ZoneMap\Domains\contentmatch.net
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
\{0985C112-2562-46F2-8DA6-92648BA4630F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YSBactivex.Installer

3. Adds the values:

"Bandrest" = "Never"
"Search Bar" = "[WEB SITE ON THE COULDNOTFIND.COM DOMAIN]"
"Search Page" = [WEB SITE ON THE COULDNOTFIND.COM DOMAIN]"
"Search Page_bak" = [WEB SITE ON THE COULDNOTFIND.COM DOMAIN]"
"Start Page" = [WEB SITE ON THE COULDNOTFIND.COM DOMAIN]"
"Start Page_bak" = "file:/ //C:/WINNT/Web/Start.htm"
"Use Search Assistant" = "no"

to the registry subkey:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

to redirect the start page and search pages.

4. Adds the value:

"Bandrest" = "Never"

to the registry subkey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

5. Adds the values:

"{FAA356E4-D317-42A6-AB41-A3021C6E7D52}" = ""
"{5F1ABCDB-A875-46C1-8345-B72A4567E486}" = ""

to the registry subkeys:

HKEY_LOCAL_MACHINE%\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
6. Adds the following toolbar to all Internet Explorer windows:
7. Displays links in the toolbar area relating to words typed anywhere in an Internet Explorer window.