Sign in with
Sign up | Sign in
Your question

IST svc and W32 worm problems

Last response: in Windows XP
Share
Anonymous
June 17, 2005 4:33:07 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

Thanks, I browsed the websites and printed hard copies to read.
I'm embarassed to admit most of the reading was above my level
of comprehension and while I did rid myself of the W32 worm, I'm
still stuck with (2) registry keys (IST and ISTBar) that comes up
as malware and cannot be deleted because they're in use. I've
even done a couple "safe mode" reboots and run Spybot, McAfee,
AdAware, etc. and those files remain. I've now taken the tower
to someone else to clean/fix - I work full time and this had
become another full time job. :-(


PA Bear Wrote:
> Checking for/Help with Hijackware
> http://aumha.org/a/parasite.htm
> http://aumha.org/a/quickfix.htm
> http://aumha.net/viewtopic.php?t=5878
> http://mvps.org/winhelp2002/unwanted.htm
> http://inetexplorer.mvps.org/darnit.html
> http://inetexplorer.mvps.org/data/prevention.htm
> http://inetexplorer.mvps.org/tshoot.html
> http://www.mvps.org/sramesh2k/Malware_Defence.htm
> http://defendingyourmachine.blogspot.com/
>
> --
> ~Robear Dyer (PA Bear)
> MS MVP-Windows (IE/OE) & Security
>
> tmcook wrote:--
> confused:-
> I'm running WIN XP and have McAfee Firewall & Antivirus, Spybot,
> AdAware and Trojan Guardian installed and running and using DSL for
> connectivity.
>
> Due to a sluggish hard drive and weird things happening (duplicating
> windows across monitor and green boxes appearing across the toolbar),
> I
> bought several products and downloaded freeware. (See above). I have
> spent literally! hours/days running these programs to clean up the
> hard
> drive and when I reboot, I get a prompt from McAfee that it's cleaned
> a
> file named "winlite" and the virus was w32/sdbot.worm.gen which was
> found in windows/system32. So I ran all the programs again and get a
> prompt stating that all files were cleaned except for 3-4 that were
> in
> use or running off a program. I do not know how to get around this
> problem.
>
> I get another msg. from McAfee stating;
> C:/Programfiles/IST svc/istsvc.exe was found and it's a potentially
> unwanted program, PUP name: Adware-ISTbar.b
> Then it says it was cleaned.
>
> Please help... I'm readly to unplug from the DSL and go back to dial
> up
> - or just use my Apple laptop. :) -


--
tmcook
Anonymous
June 17, 2005 6:44:12 PM

Archived from groups: microsoft.public.windowsxp.newusers (More info?)

When all else fails, HijackThis v1.99.1
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
for expert analysis, not here.**

--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE) & Security

tmcook wrote:
> Thanks, I browsed the websites and printed hard copies to read.
> I'm embarassed to admit most of the reading was above my level
> of comprehension and while I did rid myself of the W32 worm, I'm
> still stuck with (2) registry keys (IST and ISTBar) that comes up
> as malware and cannot be deleted because they're in use. I've
> even done a couple "safe mode" reboots and run Spybot, McAfee,
> AdAware, etc. and those files remain. I've now taken the tower
> to someone else to clean/fix - I work full time and this had
> become another full time job. :-(
>
>
> PA Bear Wrote:
> > Checking for/Help with Hijackware
> > http://aumha.org/a/parasite.htm
> > http://aumha.org/a/quickfix.htm
> > http://aumha.net/viewtopic.php?t=5878
> > http://mvps.org/winhelp2002/unwanted.htm
> > http://inetexplorer.mvps.org/darnit.html
> > http://inetexplorer.mvps.org/data/prevention.htm
> > http://inetexplorer.mvps.org/tshoot.html
> > http://www.mvps.org/sramesh2k/Malware_Defence.htm
> > http://defendingyourmachine.blogspot.com/
> >
> > --
> > ~Robear Dyer (PA Bear)
> > MS MVP-Windows (IE/OE) & Security
> >
> > tmcook wrote:--
> > confused:-
> > I'm running WIN XP and have McAfee Firewall & Antivirus, Spybot,
> > AdAware and Trojan Guardian installed and running and using DSL for
> > connectivity.
> >
> > Due to a sluggish hard drive and weird things happening (duplicating
> > windows across monitor and green boxes appearing across the toolbar),
> > I
> > bought several products and downloaded freeware. (See above). I have
> > spent literally! hours/days running these programs to clean up the
> > hard
> > drive and when I reboot, I get a prompt from McAfee that it's cleaned
> > a
> > file named "winlite" and the virus was w32/sdbot.worm.gen which was
> > found in windows/system32. So I ran all the programs again and get a
> > prompt stating that all files were cleaned except for 3-4 that were
> > in
> > use or running off a program. I do not know how to get around this
> > problem.
> >
> > I get another msg. from McAfee stating;
> > C:/Programfiles/IST svc/istsvc.exe was found and it's a potentially
> > unwanted program, PUP name: Adware-ISTbar.b
> > Then it says it was cleaned.
> >
> > Please help... I'm readly to unplug from the DSL and go back to dial
> > up
> > - or just use my Apple laptop. :) -
!