ISTser.exe - testmy.net resource / tool
Home
Welcome, Guest. Please login or register.
Did you miss your activation email?

  



donations help testmy.net pay for the very high cost to run the site. Any amount is greatly appreciated.
Click to read why...

  spcr
    
News : Before you post... try a Why don't you search? - Many simple questions have already been answered.  If your query turns up dry then post, we always have people waiting for your questions. azn July 09, 2008, 01:26:59 AM
testmy.net broadband community  |  Main Forum  |  PC Security  |  Security Threats  |  Topic: ISTser.exe Advanced search
  0 Members and 1 Guest are viewing this topic. « previous next »
Topic Tools Search this topic
 Pages 1 Go Down
Author
Topic: ISTser.exe  (Read 1999 times)
igarek77
Full Member
*
Offline Offline

Gender: Male
Posts: 75


View Profile
« on: July 28, 2006, 01:39:01 AM »
Hi All,

I have a question for you, how do I remove the ISTserv.exe.and all the other ist*.* that I have on my friends computer? I've tried so far, Webroot Spysweeper, Spybot, and CWSshredder, got rid of everything but that adware/spyware. Please advise. I have included the hijackthis log. Thanks for the help!!!

Logfile of HijackThis v1.99.1
Scan saved at 12:22:51 AM, on 7/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\System32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ismon.exe
C:\Documents and Settings\Andrey\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sysprotectionpage.net/
F2 - REG:system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,vqwkwwx.exe
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\jt6s07j7e.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
Logged
tommie gorman
Sophist Member
TMN Seasoned Veteran
*
Offline Offline

Gender: Male
Posts: 9755


"OLD GLORY"


View Profile
« Reply #1 on: July 28, 2006, 02:39:58 AM »
igarek77 did you try safe mode without networking or Ewido on-line scan?
Or vcleaner by Grisoft in safemode?
If you do get it out try Spyware Blaster to keep it out.
Logged
IF YOU DON'T STAND BEHIND OUR TROOPS, PLEASE, FEEL FREE TO STAND IN FRONT OF THEM !!!

Sprint EVDO Rev. A * AMD 64 3500+ 2.2 GHz cpu Ram 2GB/XP Home * TCP Optimizer
Swimmer
Vice Admin
TMN Seasoned Veteran
*
Offline Offline

Gender: Male
Posts: 6392



View Profile
« Reply #2 on: July 28, 2006, 06:35:01 AM »
http://fileinfo.prevx.com/adware/qqdbe732639086-ISSE17080133/ISSEARCH.EXE.html
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453098888

Might have to wait a little bit..  I am not seeing any of the major vendors issuing fixes for this problem..
Logged
igarek77
Full Member
*
Offline Offline

Gender: Male
Posts: 75


View Profile
« Reply #3 on: July 28, 2006, 10:14:17 AM »
Hi All,

Thanks for the replies, I actually did all of my scanning and removing of other adware/spyware/trojans in SafeMode. Tommie Gorman, I have not tried the Ewido online scan, would that help me remove the adware? I'll also try the vcleaner. I have worked on machines before and encountered the IST malware, but was able to clean it, this time, it's pretty bad, I guess I'll have to do some manual cleaning in the registry. I'll try the above mentioned products, and let you know how it went. Thanks again.

-Z-
Logged
tommie gorman
Sophist Member
TMN Seasoned Veteran
*
Offline Offline

Gender: Male
Posts: 9755


"OLD GLORY"


View Profile
« Reply #4 on: July 28, 2006, 03:23:10 PM »
vcleaner:
http://grisoft.com/doc/112/lng/us/tpl/tpl01
Logged
IF YOU DON'T STAND BEHIND OUR TROOPS, PLEASE, FEEL FREE TO STAND IN FRONT OF THEM !!!

Sprint EVDO Rev. A * AMD 64 3500+ 2.2 GHz cpu Ram 2GB/XP Home * TCP Optimizer
FallowEarth
Inactive Moderator
TMN Veteran
*
Offline Offline

Gender: Male
Posts: 2871



View Profile
« Reply #5 on: July 28, 2006, 03:57:39 PM »
Computer Associates recognizes 3 of 4 similar processes running on your machine as known spyware/trojan.  Here's the LINK (I think it's the same one Swimmer posted).

Other sites (not as familiar to me) show it as an exploit, but doesn't really say through what.  This may be contracted by P2P programs.  I see you are running Symantec and SpySweeper.  Might I suggest Spybot and AdAware.

Computer Associates also has a free online virus scan: http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

CA also has an online spyware scan too, but it only diagnoses the infection, not treat it.  However, running it may still help you better understand the infection: http://www3.ca.com/securityadvisor/pestscan/

I would suggest a few other online spyware/malware scans too:

http://housecall.trendmicro.com/
http://www.ewido.net/en/onlinescan/
http://www.pandasoftware.com/activescan/
http://www.bitdefender.com/scan8/ie.html
Logged
Print  Pages 1 Go Up
testmy.net broadband community  |  Main Forum  |  PC Security  |  Security Threats  |  Topic: ISTser.exe « previous next »
Jump to:  

 
    
testmy.net's forum is proudly Powered by SMF | SMF © 2006-2007, Simple Machines LLC
Bookmark: Del.icio.us    StumbleUpon
 		  

 

 © 1999-2008 testmy.net - Contact - Legal - Facts & FAQs
Page Loading Stats: This forum Page created in 0.103 seconds with 35 queries.