got this info from
www.Trend.com it will help you remove the virus..
which is not hard to remove.. just follow the instructions.. good luck
ADW_ISTBAR.C
Description:
Alias: Trojan-Downloader.Win32.IstBar.ga (KAV), security risk named W32/Istbar.BH@dl (F-Prot), Troj/Istbar-GA (Sophos), PAK:UPX (DrWeb), Win32:Trojan-gen (Alwil), TR/Dldr.IstBar.GA (HBEDV), PAK:UPX (Softwin), TrojanDownloader.Win32.IstBar.GA (Ikarus), Trojan.Win32.lstBar.11264.B (Hauri)
Threat Type: Adware
Removal Difficulty: Low
Systems Affected: Windows 98, NT, 2000, XP
Installer Name: ISTSVC.EXE
Download URL:
http://www.xxxtoolbar.comhttp://www.slotch.comDescription:
This adware is an executable file that arrives from a Web site or is installed manually by a user. It also serves as a Browser Helper Object (BHO) to execute while the internet browser is running.
It connects to a Web site to download and install programs into the system.
Solution:
Minimum scan engine version needed: 7.100
TREND MICRO SOLUTION
Minimum scan engine version needed: 7.100
TMAPTN version needed: 178.01
MANUAL REMOVAL INSTRUCTIONS
Identifying the Spyware/Adware/Dialer Program
Download the latest spyware pattern file and scan your system. Note all files detected as ADW_ISTBAR.C.
Terminating the Adware Program
This procedure terminates the running adware process. You will need the name(s) of the file(s) detected earlier.
Open Windows Task Manager.
» On Windows 95, 98, and ME, press
CTRL+ALT+DELETE
» On Windows NT, 2000, and XP, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the adware file(s) detected earlier.
Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
Do the same for all detected adware files in the list of running processes.
To check if the adware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
--------------------------------------------------------------------------------
*NOTE: On systems running Windows 95, 98, and ME, Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the adware process. Otherwise, continue with the next procedure, noting additional instructions.
Uninstalling the Adware Program
At the start menu choose run.
Type "%program Files%\ISTSVC\ISTSVC.EXE" /remove
(Note: %Program Files% is the default Program Files folder, usually C:\Program Files.)
After choosing run these message box will appear, then choose yes:
Removing Autostart Entries from the Registry
Removing autostart entries from the registry prevents the adware from executing at startup.
Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry:
IST Service = "%Program Files%\ISTsvc\ISTSVC.EXE"
(Note: %Program Files% is the default Program Files folder, usually C:\Program Files.)
Close Registry Editor.
NOTE: If you were not able to terminate the adware process as described in the previous procedure, restart your system.
Additional Windows ME/XP Cleaning Instructions
Users running Windows ME and XP must disable System Restore to allow full scanning of infected systems.
Users running other Windows versions can proceed with the succeeding procedure sets.
Running Trend Micro Antivirus
Download and unzip the latest spyware pattern file and scan your system. Then, delete all files detected as ADW_ISTBAR.C.
Details:
Alias: Trojan-Downloader.Win32.IstBar.ga (KAV), security risk named W32/Istbar.BH@dl (F-Prot), Troj/Istbar-GA (Sophos), PAK:UPX (DrWeb), Win32:Trojan-gen (Alwil), TR/Dldr.IstBar.GA (HBEDV), PAK:UPX (Softwin), TrojanDownloader.Win32.IstBar.GA (Ikarus), Trojan.Win32.lstBar.11264.B (Hauri)
Threat Type: Adware
Removal Difficulty: Low
Systems Affected: Windows 98, NT, 2000, XP
Installer Name: ISTSVC.EXE
Download URL:
http://www.xxxtoolbar.comhttp://www.slotch.comDescription:
This adware is an executable file that arrives from a Web site or is installed manually by a user. It also serves as a Browser Helper Object (BHO) to execute while the internet browser is running.
It connects to a Web site to download and install programs into the system.
It creates the following autostart entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Run
IST Service = "%Program Files%\ISTsvc\ISTVC.EXE"
(Note: %Program Files% is the default Program Files folder, usually C:\Program Files.)
It also adds this registry key:
HKEY_CURRENT_USER\Software\LQ
AC = "3730"
It also accesses the Web site
http://www.ysbweb.com where it attempts to download updates for itself.
Analysis by: Patrick William J. Estavillo
Description Created: Dec 21, 2004
