istBar

boombastic · 05-04-2005, 14:08

Ad ogni avvio Microsoft Antispyware mi dice che istBar cerca di installarsi,io clicco su remove e me lo rimuove.Poi per sicurezza faccio una scansione di tutto il sistema,la rifaccio anche con adaware ma al riavvio mi ricompare lo stesso messaggio

C'è un modo per rimuovere manualmente questo spywareo qualunque cosa sia?

hurryowl · 05-04-2005, 15:41

pest patrol lo rimuove.

bluepix · 05-04-2005, 16:10

Anche AD-Aware e Spybot

boombastic · 06-04-2005, 12:36

Ho provato sia con AdAware che con Sybot,effettivamente me lo rilevano e lo tolgono ma al riavvio L'antispyware della microsoft mi dice che è ancora lì!

bluepix · 06-04-2005, 15:26

Log di Hijackthis please

boombastic · 06-04-2005, 15:32

Grazie:

Logfile of HijackThis v1.99.1
Scan saved at 16.32.08, on 06/04/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
d:\Programmi\Sophos\Remote Update\cachemgr.exe
D:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
D:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Sophos SWEEP for NT\SWNETSUP.EXE
D:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Sophos SWEEP for NT\SWEEPSRV.SYS
D:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Sophos SWEEP for NT\ICMON.EXE
D:\Programmi\Sophos\Remote Update\imonitor.exe
C:\WINDOWS\System32\MsPMSPSv.exe
d:\Programmi\Raxco\PerfectDisk\PDSched.exe
D:\Programmi\Crystal XP\YzToolbar\YzToolbar.exe
C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia Premium DVD\EDICT.EXE
C:\WINDOWS\System32\WISPTIS.EXE
D:\Programmi\OriginLab\OriginPro70\Origin70.exe
D:\Programmi\Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.202\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.unipg.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.unipg.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - -{8E718888-423F-11D2-876E-00A0C9082467} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programmi\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [0PvF] C:\WINDOWS\oawojudb.exe
O4 - HKLM\..\Run: [gcasServ] "D:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [0Pvùõš/‚²ÆßfÏNb_»C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\oawojudb.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] D:\Programmi\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: ERUNT AutoBackup.lnk = D:\Programmi\ERUNT\AUTOBACK.EXE
O4 - Startup: Y'z Toolbar.lnk = ?
O4 - Global Startup: Acrobat Assistant.lnk = D:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Programmi\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Remote Update Monitor.lnk = D:\Programmi\Sophos\Remote Update\imonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Scarica con il Wizard di LeechGet - file://d:\Programmi\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Scarica con LeechGet - file://d:\Programmi\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Scarica pagina con LeechGet - file://d:\Programmi\LeechGet 2004\\Parser.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1111394801481
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - d:\Programmi\Sophos\Remote Update\cachemgr.exe
O23 - Service: PDEngine - Raxco Software, Inc. - d:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - d:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Programmi\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Programmi\Sophos SWEEP for NT\SWEEPSRV.SYS

bluepix · 06-04-2005, 16:14

Da fixare

R3 - Default URLSearchHook is missing

O3 - Toolbar: (no name) - -{8E718888-423F-11D2-876E-00A0C9082467} - (no file)

O4 - HKLM\..\Run: [0PvF] C:\WINDOWS\oawojudb.exe
O4 - HKLM\..\Run: [0Pvùõš/‚²ÆßfÏNb_»C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\oawojudb.exe

O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:

e poi cancella il file:C:\WINDOWS\oawojudb.exe

05-04-2005, 14:08	#1
boombastic Senior Member Iscritto dal: Feb 2004 Messaggi: 1168	istBar Ad ogni avvio Microsoft Antispyware mi dice che istBar cerca di installarsi,io clicco su remove e me lo rimuove.Poi per sicurezza faccio una scansione di tutto il sistema,la rifaccio anche con adaware ma al riavvio mi ricompare lo stesso messaggio C'è un modo per rimuovere manualmente questo spywareo qualunque cosa sia? __________________ Trattato e concluso con:RedBlack9 nicola1985 KHAMBRA oldfield jokervero VitOne nightmare78 MaxP4 Salvatore.Caligiuri Darkmistery00 ilcalmo Maurizio979,g0ldf3n1x, ecc.....

05-04-2005, 15:41	#2
hurryowl Senior Member Iscritto dal: Feb 2004 Messaggi: 343	pest patrol lo rimuove. __________________ Apple iMac 4k 2017; Apple Macbook pro 15" 2015;

06-04-2005, 12:36	#4
boombastic Senior Member Iscritto dal: Feb 2004 Messaggi: 1168	Ho provato sia con AdAware che con Sybot,effettivamente me lo rilevano e lo tolgono ma al riavvio L'antispyware della microsoft mi dice che è ancora lì! __________________ Trattato e concluso con:RedBlack9 nicola1985 KHAMBRA oldfield jokervero VitOne nightmare78 MaxP4 Salvatore.Caligiuri Darkmistery00 ilcalmo Maurizio979,g0ldf3n1x, ecc.....

06-04-2005, 15:32	#6
boombastic Senior Member Iscritto dal: Feb 2004 Messaggi: 1168	Grazie: Logfile of HijackThis v1.99.1 Scan saved at 16.32.08, on 06/04/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE d:\Programmi\Sophos\Remote Update\cachemgr.exe D:\Programmi\Java\jre1.5.0\bin\jusched.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe D:\Programmi\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\System32\ctfmon.exe D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe C:\Programmi\Sophos SWEEP for NT\SWNETSUP.EXE D:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe C:\Programmi\Sophos SWEEP for NT\SWEEPSRV.SYS D:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programmi\Sophos SWEEP for NT\ICMON.EXE D:\Programmi\Sophos\Remote Update\imonitor.exe C:\WINDOWS\System32\MsPMSPSv.exe d:\Programmi\Raxco\PerfectDisk\PDSched.exe D:\Programmi\Crystal XP\YzToolbar\YzToolbar.exe C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia Premium DVD\EDICT.EXE C:\WINDOWS\System32\WISPTIS.EXE D:\Programmi\OriginLab\OriginPro70\Origin70.exe D:\Programmi\Firefox\firefox.exe C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.202\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.unipg.it R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.unipg.it R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Programmi\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - -{8E718888-423F-11D2-876E-00A0C9082467} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programmi\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [0PvF] C:\WINDOWS\oawojudb.exe O4 - HKLM\..\Run: [gcasServ] "D:\Programmi\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [0Pvùõš/‚²ÆßfÏNb_»C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\oawojudb.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] D:\Programmi\Microsoft AntiSpyware\gcASCleaner.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Programmi\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: ERUNT AutoBackup.lnk = D:\Programmi\ERUNT\AUTOBACK.EXE O4 - Startup: Y'z Toolbar.lnk = ? O4 - Global Startup: Acrobat Assistant.lnk = D:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: InterCheck Monitor.LNK = C:\Programmi\Sophos SWEEP for NT\ICMON.EXE O4 - Global Startup: Remote Update Monitor.lnk = D:\Programmi\Sophos\Remote Update\imonitor.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Scarica con il Wizard di LeechGet - file://d:\Programmi\LeechGet 2004\\Wizard.html O8 - Extra context menu item: Scarica con LeechGet - file://d:\Programmi\LeechGet 2004\\AddUrl.html O8 - Extra context menu item: Scarica pagina con LeechGet - file://d:\Programmi\LeechGet 2004\\Parser.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O13 - DefaultPrefix: O13 - WWW Prefix: O13 - Home Prefix: O13 - Mosaic Prefix: O13 - FTP Prefix: O13 - Gopher Prefix: O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1111394801481 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - d:\Programmi\Sophos\Remote Update\cachemgr.exe O23 - Service: PDEngine - Raxco Software, Inc. - d:\Programmi\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - d:\Programmi\Raxco\PerfectDisk\PDSched.exe O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Programmi\Sophos SWEEP for NT\SWNETSUP.EXE O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Programmi\Sophos SWEEP for NT\SWEEPSRV.SYS __________________ Trattato e concluso con:RedBlack9 nicola1985 KHAMBRA oldfield jokervero VitOne nightmare78 MaxP4 Salvatore.Caligiuri Darkmistery00 ilcalmo Maurizio979,g0ldf3n1x, ecc.....

05-04-2005, 16:10	#3
bluepix Senior Member Iscritto dal: Dec 2004 Città: Magenta(MI) Messaggi: 1513	Anche AD-Aware e Spybot

06-04-2005, 15:26	#5
bluepix Senior Member Iscritto dal: Dec 2004 Città: Magenta(MI) Messaggi: 1513	Log di Hijackthis please

06-04-2005, 16:14	#7
bluepix Senior Member Iscritto dal: Dec 2004 Città: Magenta(MI) Messaggi: 1513	Da fixare R3 - Default URLSearchHook is missing O3 - Toolbar: (no name) - -{8E718888-423F-11D2-876E-00A0C9082467} - (no file) O4 - HKLM\..\Run: [0PvF] C:\WINDOWS\oawojudb.exe O4 - HKLM\..\Run: [0Pvùõš/‚²ÆßfÏNb_»C:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\oawojudb.exe O13 - DefaultPrefix: O13 - WWW Prefix: O13 - Home Prefix: O13 - Mosaic Prefix: O13 - FTP Prefix: O13 - Gopher Prefix: e poi cancella il file:C:\WINDOWS\oawojudb.exe

Strumenti
Mostra una versione stampabile Invia questa pagina per email