1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HowTo? remove ISTBAR

Discussion in 'Virus & Other Malware Removal' started by kerryprance, Feb 11, 2005.

Thread Status:
Not open for further replies.
  1. kerryprance

    kerryprance Thread Starter

    Nov 26, 2004
    Hey all,

    I've got something causing a continuious stream of data to be downloading from my my system (XPpro on a ...yeeeeech...HP syst so I don't have sp 2 running). According to "Yahoo" anti-spy there are 2 hijackers
    ISTbar & ISTbarXXXtoolbar

    1 trojan downloader -
    Win32.ISTbar.ce located - C:\PROGRAMFILES\jstsvc\jstsvc.exe

    (also showing a Atlas DTM.com and XXXToolbar.com tracking cookies)

    Adaware 6.0 confirms the jstsvc\jstsvc.exe BUT..... neither program will get rid of it & windows won't let me delete it.

    So guys, what do I do here..please?
    also as per advise I have seen posted here & PCHell I dissabled "messenger" in the "services.msc", but havn't noticed any changes. Could somebody explain to me (in laymans terms) A) what is messenger & what it doesB) what I did by dissabling it, and C) how do I restore it IF I should need it? It dissapeared from the list when I dissabled it.

    OH----also, since I have noticed this problem my screen image jumps around a little. Is this common to the virus or just another little video suprise that HP has in store for me? ( I swear i'm having to rebuild this piece of junk one piece at a time)

    Thanks in advance

  2. MFDnNC


    Sep 7, 2004
    First of all get the new AdAware - check for updates and run and fix all

    then Istsvc http://securityresponse.symantec.com/avcenter/FxIstbar.exe

    From Symantec
    · The date and time displayed will be adjusted to your time zone, if your computer is not set to the Pacific time zone.
    · The removal tool may terminate Internet Explorer and Windows Explorer. It is recommended that users save their work and log out of these programs before running the removal tool.
    · The removal tool will reset the Internet start page to a blank page. The start page can be modified by clicking on Tools > Internet Options in Internet Explorer.
    · The removal tool will not delete some harmless Temporary Internet files, which Adware.Istbar created, in C:\Documents and Setings\Administrator\Local Settings\Temporary Internet Files.
    These can be manually deleted using the following steps:
    a. Start Internet Explorer.
    b. Click Tools > Internet Options.
    c. In the Temporary Internet Files section, then click the Delete Files button.
    d. Check Delete all offline content, and then click OK.

    boot and Then get HiJack This http://www.majorgeeks.com/download3155.html, put
    it in a permanent folder (C:\HJT) , run it , DO NOT fix anything, post the
    log here.
  3. ukcaracc


    Feb 23, 2005
    I have just solved this issue on XP sp2. It took me 4 hours of google surfing and experimenting and pain, as the fix at symantec DOES NOT WORK and I would rather try to have babies with satan than use the fix supplied by the spyware authors. Who I honestly believe should be covered in petrol and set on fire during a live web broadcast.

    In a nutshell:
    everytime istsvc is attacked, another process with a random name repaires the damage and you are at square one again. I found the repairer file's name and path by checking in the registry location :


    It looked out of place being random! I confirmed its identity by checking for and halting a process with the same name in task manager and checking that once deleted the istsvc.exe file stayed deleted.

    - open the task manager
    - halt and delete (or move for safety's sake) the repairer executable (I found it in /windows)
    - halt istsvc and delete the executable (I found it in /program files/istscv)
    - run adaware and spybot repeatedly until clean.
    - (maybe optional) delete all temporary internet files and temp files the origonal installers hide here. Norton finds these but can't delete them itself.
    - (almost certainly optional) open regedit, find and delete everything to do with the name of the repairer and istsvc.

    Incidentally if you look at the name my repairer program had - lcurits - long enough (squinting and ignoring the l helps) you get an uncanny insight into who the authors are.

    Companies that produce this sort of software should be named, shamed and where possible shut down. The director's names and addresses should be published and there lives wrecked.
  4. cybertech

    cybertech Retired Moderator

    Apr 16, 2002
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/329262

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice