ISTbar

Description

ISTbar is an IE toolbar, homepage- and search-hijacker provided by Integrated Search Technologies/CDT Inc.

Variants

ISTbar/AUpdate installs a TinyBar variant to implement its toolbar, and will be detected by the script at this site as TinyBar/B. The hijacker is aimed at my-internet.info and blazefind.com; distribution is managed by searchbarcash.com, its controlling server. Updates are loaded by an ‘AUpdate’ process.

ISTbar/MSCache also uses TinyBar, along with a Browser Helper Object called mscache.dll used to load updates. The controlling server is www2.skoobidoo.com.

ISTbar/XXXToolbar is an update based around porn. It uses its own toolbar based on the Pugi toolbar. The hijacker is aimed at its controlling server xxxtoolbar.com, and slotch.com; distribution is controlled by toolbarcash.com.

ISTbar also installs other parasites: AUpdate and XXXToolbar install porn pop-up producer RapidBlaster/lp; the AUpdate variant is also known to installDownloadPlus; the MSCache variant installs nCase and the Wink/EasyDates dialler.

Also known as

The AUpdate variant is known as SearchBarCash-Hijacker, and the MSCache varaint as MSUpdates\MSCache, by Ad-Aware.

Distribution

Installed by ActiveX drive-by download on affiliate sites; typically porn in the case of XXXToolbar, from April 2003. An ‘aggressive’ downloader is usually used: if you refuse the download, a JavaScript alert complains that it won’t take no for an answer and opens the download window again.

ISTbar/MSCache was widely distributed to victims clicking on links to the ‘OutWar’ online game.

What it does

Advertising

In the XXXToolbar variant, yes: opens pop-ups as directed by its controlling server. Otherwise, no, though the TinyBar component could be used to open pop-ups.

All versions also install other third-party software which includes advertising.

Privacy violation

No.

Security issues

Yes. Can download and execute arbitrary unsigned code from its controlling server. This is used both to update the software and to install third-party software.

Stability problems

None known.

Removal

There is a entry in Add/Remove Programs for ‘MS AUpdate’ (AUpdate variant), ‘MS Updates’ (MSCache variant), or ‘ISTbar’ (ISTbar variant). Unfortunately this doesn’t remove the toolbar in the AUpdate variant, or RapidBlaster in the AUpdate or ISTbar variants; in the MSCache variant it does not appear to work at all.

Ad-Aware reflist 20.04.2003 and Spybot S&D update 2003-04-24 can remove ISTbar/AUpdate.

 

Manual removal

AUpdate variant

Open the registry (click ‘Start’, choose ‘Run’ and enter ‘regedit’) and find the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. Delete the ‘AutoUpdater’ entry on the right (pointing to aupdate.exe). Find the key HKEY_CLASSES_ROOT\CLSID, and delete the subkey ‘{69550BE2-9A78-11D2-BA91-00600827878D}’. Delete the subkey of the same name from HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars, and the entry of the same name from HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar.

Restart the computer and you should be able to delete the files ‘aupdate.exe’, ‘aupdate.conf’, ‘aupdate.trk’ and (if it is there) ‘aupdate_uninstall.exe’ from the System folder. (The System folder can be found inside the Windows folder; it is called ‘System32’ on Windows NT/2000/XP or just ‘System’ on Windows 95/98/Me.)

Finally you can restore your normal search settings (Internet Options->Programs->Reset Web Settings) and deal with RapidBlaster andDownloadPlus.

MSCache variant

Open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands:

cd "%WinDir%\System"
regsvr32 /u ../mscache.dll

Next, open the registry (click ‘Start’, choose ‘Run’ and enter ‘regedit’) and find the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. Delete the ‘MS Updates’ entry on the right (pointing to mscache.exe). Find the key HKEY_CLASSES_ROOT\CLSID, and delete the subkey ‘{69550BE2-9A78-11D2-BA91-00600827878D}’. Delete the subkey of the same name from HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars, and the entry of the same name from HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar.

Restart the computer and you should be able to delete the files ‘mscache.exe’, and ‘mscache.dll’ from the Windows folder

Finally you can restore your normal search settings (Internet Options->Programs->Reset Web Settings) and deal with nCase and Wink/EasyDates.

XXXToolbar variant

Open the registry (click ‘Start’, choose ‘Run’ and enter ‘regedit’) and find the key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run. Delete the ‘IST Service’ entry, if it is there. (Some early releases of XXXToolbar did not include this.)

Open a DOS command prompt window (form Start->Programs->Accessories) and enter the following commands:

cd "%WinDir%\System"
regsvr32 /u "\Program Files\ISTbar\istbar.dll"

Restart the computer and you should be able to delete the ‘ISTbar’ folder inside Program Files, and the ‘istsvc.exe’ file inside the Windows folder. You can also delete the registry keys HKEY_CURRENT_USER\Software\ISTbar and HKEY_CLASSES_ROOT\Pugi.PugiObj (and .1) to clean up if you like.

Finally you can restore your normal search settings (Internet Options->Programs->Reset Web Settings) and deal with RapidBlaster.

 

woolrich jacken

Antivirus Guide

We’re going to take a look at what some of the best antivirus software programs are, and give you an idea of what to choose from.  There are several companies that make respectable applications to protect your computer from harm, but it’s difficult to decide which the best are and which aren’t so great.  We’ll go through them one by one looking at things like easy of use, their complete antivirus feature sets, virus isolation and eradication, and more.

Norton Antivirus
norton-antivirus-2005Far and above the most popular choice among many computer users, we want to take a look at its overall effectiveness in comparison to others.  The interface for the program itself is simple and easy to use, and upon the programs installation, you’ll find that it pre-scans your computer to help protect you from any viruses that are already on there.  The program is a bit larger than other antivirus programs, but it’s worth the additional installation time.  Norton focuses on blocking not only malicious viruses, but also the dreaded and often hated adware and spyware type programs that end up ruining and slowing down your computer.  Adware and spyware are huge problems on many computers so you want your antivirus solution to include help against it.  There is an available scheduler in the application that allows you to pre-schedule all your future computer scans so that they are performed consistently but also conveniently.   Norton successfully passed all antivirus standards by West Coast Labs in both level 1 & 2, so the outside confirmation of it’s success is a great bonus when looking at antivirus options.  Additional features include protection against instant messaging viruses, malicious scripts, and will also protect your POP3 email.  There is no protection against peer to peer however.

woolrich sale