Results 1 to 9 of 9

Thread: ISTBar

  1. #1
    Plutonium Lounger
    Join Date
    Dec 2000
    Location
    Sacramento, California, USA
    Posts
    16,775
    Thanks
    0
    Thanked 1 Time in 1 Post

    ISTBar

    I ran a couple of routine anti-malware scans this morning and although Ad-Aware and SpyBot didn't find anything, PestPatrol came up with ISTBar, which a Google search suggests is a bad actor. Anyone else have any experience with this? PestPatrol took care of it, but I'm curious about the ramifications.
    Charlotte

  2. #2
    5 Star Lounger
    Join Date
    May 2002
    Location
    43.8N 81.0W, Ontario
    Posts
    815
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ISTBar

    Hi Charlotte

    Here's a little info on ISTBar.

    ISTbar is a homepage and search hijacking adware. It adds a toolbar to Internet Explorer and displays popup ads that come mainly from porn sites. This adware is distributed by Integrated Search Technologies/CDT Inc. It may also install third-party adware and spyware on the computer.

    ISTbar is an IE toolbar, homepage- and search-hijacker provided by Integrated Search Technologies/CDT Inc.

    Troj/Istbar-O is an downloader Trojan and browser hijacker.
    Troj/Istbar-O attempts to download and install executables without notifying the user. Names of files downloaded may include: ......

    Symantec and other AV sites have more info on this little feller.

    Have a Great day!!!
    Ken
    <IMG SRC=http://www.wopr.com/w3tuserpics/KenK_sig.gif>

  3. #3
    3 Star Lounger
    Join Date
    Aug 2004
    Location
    Saco, Maine, USA
    Posts
    293
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ISTBar

    Charlotte,
    I know that Pest Patrol is highly rated, but I'm beginning to have more than a few passing doubts about the program. I just ran the online version of Pest Patrol on my main machine, and it found not only the ISTBar, but also Bonzi Buddy. Needless to say, that grape ape hasn't been within a mile of my computers, ever! Neither of these "so-called" problems show up in the Registry at the locations that the scans indicate, which tells me that perhaps the folks at Pest Patrol may be doing a little salting in order to drum up business.

    Hold on a moment -- I just did a little checking...

    On another machine -- a brand-new installation of XPSP2 -- one which IE 6 has seen no other web sites other than Windows Update and Office Update -- the Pest Patrol scanner found the ISTBar. It did not find evidence of Bonzi Buddy. Unless Microsoft is installing third party spyware/adware, I don't see how it is possible for the ISTBar to be there. I think it's probably a false positive -- could be in your case, too.

    I rechecked the machine on which traces of Bonzi Buddy were found. There was a Registry key for Bonzi.com, but no value had been set. It's simply listed as a domain that's blocked. Big deal -- it was a false positive, as I thought. Between SpySweeper, AdAware, Spybot S&D, MS Antispyware, SpywareBlaster, and CleanMOCache, I think I'm pretty well set, and anything PestPatrol finds can be discounted as a false positive.

    So, Charlotte, I'm guessing that you may find the ISTBar is a false positive as well.
    Liberty R.

  4. #4
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Cumberland, Maryland, USA
    Posts
    880
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ISTBar

    Today, after running AdAware and Spybot (I also have SpyBlaster installed), I ran Pest Patrol. It located 4 malware/spyware programs that did, in fact, exist. Might there be a difference in running an online version?

  5. #5
    Uranium Lounger
    Join Date
    Dec 2000
    Location
    Los Angeles Area, California, USA
    Posts
    7,453
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ISTBar

    Hi Charlotte:
    I think <!post=Liberty Raynes,493299>Liberty Raynes<!/post> is right. I have the free version of Pest Patrol, so I have to delete anthing it finds manually. I ran PP & it found ISTBar. However, it gave the location as a registry entry:
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftDownloadManager

    When I checked that location in the registry, it only had a Name default, with no value set. I ran MS AntiSpyware, Ad-Aware, & Spybot S&D. All were negative. When I went to the Pest Patrol Spyware Encyclopedia to look it up, I had none of the running processes they mention should be removed. I also spot checked a number of registry entries associated with ISTBar & none existed. (I didn't check everything).

    It seems to me that Pest Patrol errs on the side of caution. Whenevery it finds a registry key or cookie, etc. whose name may or may not be spyware (depending upon other entries), it lists it as spyware.

    By the way, I ran PP about a week ago & ISTBar didn't show up, so we must be visiting the same p--n sites. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>
    Cheers,
    P.S. Just kidding. I don't visit those sites intentionally.

  6. #6
    Plutonium Lounger
    Join Date
    Dec 2000
    Location
    Sacramento, California, USA
    Posts
    16,775
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: ISTBar

    I use the Pro versions (if available) of all my anti malware products, and PestPatrol definitely found something which wasn't there the last time it looked. I'm not suggesting it is any better or worse than the other products, but if you look at those google searches carefully, you'll find PP listed as one of the products that finds and removes ISTBar. Yes, it does err on the side of caution and it can throw false positives, so I tend to track down the results before I take steps. I was just asking whether anyone had encountered any popups, etc., as a result of ISTBar, more as a matter of curiousity than anything else. <img src=/S/shrug.gif border=0 alt=shrug width=39 height=15>
    Charlotte

  7. #7
    Plutonium Lounger
    Join Date
    Dec 2000
    Location
    Sacramento, California, USA
    Posts
    16,775
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: ISTBar

    I don't know about the on-line scan, since I've never used it, but PestPatrol often misidentifies some things as BonziBuddy because certain libraries in legitimate products are also used by spyware. I ran into this with EasyMailSMTP. The thing to do with PestPatrol or any other anti-malware product, is to notify the publisher when they throw false positives like that. If you're sure the file is legitmate and belongs to a valid product, letting the publisher know often leads to a very fast patch.
    Charlotte

  8. #8
    3 Star Lounger
    Join Date
    Aug 2004
    Location
    Saco, Maine, USA
    Posts
    293
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ISTBar

    DenGar,
    I'm not saying that your malware didn't exist, or that PestPatrol has no merit. What I am saying is that I am now discounting what I believe to be false positives found by PestPatrol on my systems. Your machine, as well as your security precautions, may be entirely different than mine.
    Yes, it's possible for the online version to be different than the retail version; there are probably many more options available during a scan done with the retail version. It's possible that CA has the heuristics cranked up super-high in their online version. Who knows? Maybe someone from PestPatrol will answer Charlotte's post, and we'll get some answers. Good question, though. <img src=/S/newbrain.gif border=0 alt=newbrain width=21 height=22>

  9. #9
    Platinum Lounger
    Join Date
    Nov 2001
    Location
    Melbourne, Victoria, Australia
    Posts
    5,016
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: ISTBar

    Another possible scenario is if a particular malware is identified by, say Spybot, but the program is unable to clean up all vestiges of its original installation. Even though the malware is negated, some of its old footprints remain. Then when another program does its malware scanning, using other methods, it finds one of these old forgotten entries and alerts you to an infection.

    The best guide IMO is to check out a manual removal guide, if possible. This should give a fair indication as to whether the offender is just an innocuous orphan, or whether the malware is really still there.

    Alan

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •