Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32.IstBar.gen

Started by tarahardt , Oct 12 2005 10:21 PM

  • Please log in to reply

#1
tarahardt
Posted 12 October 2005 - 10:21 PM

tarahardt

    Member

  • Member
  • PipPip
  • 10 posts
I've tried to do everything. Can someone help?
  • 0

Advertisements

#2
Dedrivudd
Posted 12 October 2005 - 10:37 PM

Dedrivudd

    Member

  • Member
  • PipPip
  • 98 posts
It's atrojan downloader and it migh put this kind of registyvalues

[HKLM\SOFTWARE\DR_S]
[HKCU\SOFTWARE\DR_S]
[HKLM\SOFTWARE\Classes\drs.n\uID]
[HKCU\SOFTWARE\Classes\drs.n\uID]

Every 30 minutes a program from this family will download a file from, for example , http://www.adzhooter.com/DR_S/gSD.html. This file contain addresses which direct the Trojan to other sites where it can download additional malicious programs:

|5|20050406|
ts|http://www.adzhooter.com/DR_S/bp/as_8_new.exe|1|bs_8_new.exe|1.0|1|
adsh|http://www.adzhooter.com/DR_S/bp/afita.exe|2|afita.exe|1.2|1|
sfitb|http://www.adzhooter.com/DR_S/bp/SYSsfita.dll|3|SYSsfita.dll|1.0|2
sfitb||
ezu|http://www.adzhooter.com/DR_S/bp/wzStub.exe|3|wzStub.exe|1.0|1|
sfisb|http://www.adzhooter.com/DR_S/bp/ReplaceSearch.dll|3|ReplaceSearch
sfisb|.dll|1.0|2|

here are the other names of it.
(Kaspersky Lab) is also known as: Trojan.StartPage.61 (Doctor Web), TR/Dldr.IstBar.G.1 (H+BEDV), Trojan.Downloader.Istbar-38 (ClamAV)

I foubnd some directions. so you can try them

Removing Adware Entries from the Registry

Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software
Still in the left panel, right-click the following key and choose Delete:
IST
In the left panel, double-click the following:
HKEY_CURRENT_USER>Software>Microsoft>
Internet Explorer>Main
In the right panel, locate and delete the entry:
BandRest = "Never"
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Internet Explorer>Main
In the right panel, locate and delete the entry:
BandRest = "Never"
In the left panel, double-click the following:
HKEY_USERS>S-1-5-21-1275210071-1303643608-682003330-1117>
Software
Still in the left panel, right-click the following key and choose Delete:
IST
In the left panel, double-click the following:
HKEY_USERS>S-1-5-21-1275210071-1303643608-682003330-1117>
Software>Microsoft>Internet Explorer>Main
In the right panel, locate and delete the entry:
BandRest = "Never"
Close Registry Editor.
  • 0

#3
tarahardt
Posted 13 October 2005 - 11:13 PM

tarahardt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Someone.....
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP