hey i recently posted on here about the lstbar downloader virus. i got alot of advice on how to get rid of it and nothing worked so in the end i just did system restore (or recovery whatever one formats everything except the first thing on the harddrive) after doing this and getting my comp set up again, i finally got connected to the net and i keep getting pop ups saying message from windows and it says i have a virus which normal virus packages cannot remove, i think this might be fake because theres one spelling mistake in it (infecte instead of infected) also it mentions a link at the bottom (www.xpvirusclean.com) i went there and it was basically a waste of time.after that i set up norton and straight away i got a virus pop up saying bloodhound.w32.ep was detected. this doesnt effect windows xp so im not to worried. but then i also got one a while later saying w32.spybot.worm was detected and then trojan.horse.downloader.lstbar.4.ag was detected ( the one i had trouble with before i restored my comp) and then trojan horse IRC/Backdoor.sdbot.54.AT and another one the same with 44 instead of 54. i know that one of them is infected in file istactivex.dll and the other is infected in crsss.exe. is it ok to delete them? i had avg and im still downloading more anti virus but i dont get how its still infected when i just did system restore. i am also running ad-aware right now and its come up with some stuff but i cant tell what they are. sorry if this post is really long by the way. any help is appriecated. thanks :)

ok well now the back.door.sdbot virus is spreading really quickly and so far a file called bling.exe and videosd32.exe are infected. im just wondering if they can be deleted? i ran avg and got rid of the lstbar trojan but it came back again so i think it might be downloaded thru the sdbot virus but i have no idea,

Instead of relying on third-party programs to clean your puter for you, why not check you %windir% for strange .dll's and .exe's, and manually run through the registry?
It is not too dificult, and it works every time.

Don't let the smoke out... It won't work anymore if you do!

close port 445 on your computer from registry or use some firewall like zonealarm.
start regedit and search for Transportbindname - modify key (erase \device\)
...if your system is win2000 and get crazy after this, run services.msc and make DNS client run Manual -not Atomatic.

Search for hotbar, toolbars, ezula, etc...
Than insert few of this into c:\win%\system32\drivers\etc\hosts.

172.0.0.1 toolbars.com
172.0.0.1 hotbar.com
172.0.0.1 ezula.com
172.0.0.1 advertising.com
172.0.0.1 adsrve.com
172.0.0.1 affilate.com
172.0.0.1 advertising.com
172.0.0.1 atdmt.com
172.0.0.1 banner.goldenpalace.com
172.0.0.1 casalemedia.com
172.0.0.1 doubleclick.com
172.0.0.1 edge.ru4.com
172.0.0.1 ehg-lowermybills.hitbox.com
172.0.0.1 ezz.ezzmedia.com
172.0.0.1 gator.com
172.0.0.1 hitbox.com
172.0.0.1 insightexpress.com
172.0.0.1 pacificpoker.com
172.0.0.1 queue.jmnad1.com
172.0.0.1 servedby.advertising.com
172.0.0.1 targetnet.com
172.0.0.1 trafficmp.com
172.0.0.1 winhundred.com
172.0.0.1 ads234.com
172.0.0.1 jmnad1.com
172.0.0.1 lowermybills.com
172.0.0.1 sanderbox.com
172.0.0.1 z1.adserver.com
172.0.0.1 zedo.com

Clean registry from run, runonce files in safe mode that should not be there or run msconfig.exe to delete not needed startup files, than run antivirus, make backup of iexplorer.exe, download opera or similiar browser and copy opera.exe -> iexplorer.exe and replace file with opera

Well, dear worm maker, after this we will get you, You can run, but... :)))

I got the downloader.lstbar.4.AE. on my computer. Can anyone help please. Seems I'm the only one with this virus because I cannot find any info. Please help