Cannot get rid of ist/svc in registry-values

[JerryA]

I have downloaded the specific Windows 98 Symantec tool for the Adware (Malware) ISTbar virus as well as SpyBot and Ad Aware and have followed directions maticulously.  Fact is the Symantec tool, after 20minutes of a download failed to find anything of a virus at all.  
   SpyBot and Ad Aware programs list them over and over even after repeatedy scanning and deletion attempts(without opening the internet explorer). I have been inside the registry keys and values and tried to delete locations individually and by suggested sequencing.  The most bizarre thing I have found that no one seems to talk about is that one of the keys values listed in the right pane has the word  "recovery" listed with a string of bar codes and undescernable symbols and signs. With this, I have tried to delete, modify, change values, even relocating the key/values...and nothing works.

Anyone have any ideas?  Thanks a bunch.

Treading water for 3 days......help !!!

JerryA

[guestolo]

Can you Download Hijackthis 1.99
A small utility to help identify if any Hijackers, Malware, Spyware, etc.....Reside on your computer

Important: Create a Permanent folder for Hijackthis
Double Click "MY Computer"
Open your C: drive
Click "File" >>> "New" >>>> "Folder"
A new folder will be created, name it HJT

Now you will have C:\HJT

Download Hijackthis from This Link--CLICK HERE or This Link--CLICK HERE
Save it to that new folder

Do a SCAN and Save a Log file---Save the log----copy and paste the WHOLE contents of the log  here... Don't try and fix anything yet----It is all important

Can you also let me know what versions of Spybot and Ad-Aware your running
Open Spybot>>Click on HELP>>ABOUT
Let me know Spybot version and Latest detection date

Open Ad-Aware>>Click on DETAILS
Let me know reference no. and Internal Build

[awstokes]

I have exactly the same problem, have run hijackthis 1.99 and that program detects NOTHING - no boxes checked.

[guestolo]

Follow the instructions I gave to the last poster


Do a SCAN and Save a Log file---Save the log----copy and paste the WHOLE contents of the log here... Don't try and fix anything yet----It is all important

[Stefan]

I have the same problem with IST.svc .. After trying to remove it several times I tried removing it directly through the registry by searching every file with "IST" in it. I went through hundreds of files(mostly list files) before I found one with a link to a website called: WWW.YSBWEB.COM who had on they're main page a link for removing this spyware from my computer. Problem is when you click on the link, you only get computer code. I then tried right-clicking on the link went down to "Save as:" and saved it as an .exe file. When I tried to open it I get the remark "Not a valid Win32 Application" Now I'm really miffed and close to reformatting the whole thing.

if you or anyone else has any clues, please let me know!!!

PS: this computer is running Win98SE on an Intel 333 processor. (my internet only computer so I don't get viruses on my main computers.. now I'm glad I set it up this way!!)

[guestolo]

Stefan, this is the Advise I gave to the Original Poster
This may be quite easily removed

Can you Download Hijackthis 1.99
A small utility to help identify if any Hijackers, Malware, Spyware, etc.....Reside on your computer

Important: Create a Permanent folder for Hijackthis
Double Click "MY Computer"
Open your C: drive
Click "File" >>> "New" >>>> "Folder"
A new folder will be created, name it HJT

Now you will have C:\HJT

Download Hijackthis from CLICK HERE or CLICK HERE
Save it to that new folder

Do a SCAN and Save a Log file---Save the log----copy and paste the WHOLE contents of the log  here... Don't try and fix anything yet----It is all important

EDIT>>If you start your own post in this forum with your log that would make things a lot easier  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'\' />

[detect2173]

Here is my hijack this log:

Logfile of HijackThis v1.99.0
Scan saved at 1:38:37 PM, on 01/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\iosdt\iosdt.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\WINDOWS\mqaitfq.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\ScanSpyware v3.8\Scanner.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://jfb.cyberwize.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = J & K Marketing Group
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\7wfgmvfa.slt\prefs.js)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-watch] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Errvj] C:\WINDOWS\mqaitfq.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Spybot] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu   &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms   &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Open Link Target in Firefox - file://C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.a8o\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O8 - Extra context menu item: RoboForm   &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms   &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: View This Page in Firefox - file://C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\default.a8o\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O15 - Trusted Zone: *.allcracks.net
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://stamps.com/download/us/cab/stamps/s...file=stamps.cab
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: distributed.net client - Distributed Computing Technologies, Inc. - C:\WINDOWS\system32\iosdt\iosdt.exe
O23 - Service: Gear Security Service - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Virtual CD v5 Security service - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe

Thank you!

[guestolo]

Hi detect, if you wouldn't mind
Can you start a fresh post in this forum with your Hijackthis log, thanks
It keeps it organized and easier to follow if you start your own topic

Also, try and save Hijackthis to a Permanent folder

Don't save it to your temp folder
Instructions were posted above