Can anyone help me. I have spent many hours trying to solve a security issue.
I am using Trend Micro Pc-cillin 2004 and my firewall is showing "caution" "security rule matched", with alot of different IP addresses.
I have run a virus check, spybot, adaware, and PestPatrol, all updated, and only had 1 report which has prooved unremovable, ISTbar, I have located this in the registry and there is no value, but when i delete it from the registry it returns. I had a serious security issue some time ago, and the pc is completely clean, but I will admit this has occurred since the security issue.
I have run hijackthis, and this is clean, other than a couple of 17s which I have now found to be related to my broadband. (log available if needed).
My running processes are normal, no unusual startup items in msconfig, everything seems ok, but this security rule matched, and istbar are driving me mad.
I have followed removal instructions for istbar, but referenced files and registry entries are not on my pc.
After many hours I need help.
Many thanks
You state above
OS: Windows MEYou should post in the Windows ME forum, or
the Security and Virus forum.This is the Windows XP forum.
XpUser-- What is that symbol before your name ??
Looks like an O with an i inside.
That is symbol for the company I retired from,
Owens-Illinois Inc.
chrlstine-- Have you tried your scans for nasties in Windows
Safe-Mode ?? Best to do scans there.Also nasties like to hide in System Restore files. Turn off System Restore then scan.
thanks for reply chuck, yes already tried in safe mode and with system restore off.
What is that symbol before your name ??
Looks like an O with an i inside.
That is symbol for the company I retired from, Owens-Illinois Inc.I wasn't aware that this symbol is Owens-Illinois Inc. corporate logo. Thanks for the info. Sci-Guy created it for me around the time KTTD was pressurizing me to learn HTML. The i in the O represents InfOrmation. Should I change it?
i_XpUser
XpUser--
I was just wondering.
O-I is the worlds largest glass container manufacturer.
If went in a market, pick up any glass or beverage container. Then look around at the heel (bottom edge)of the bottle. You may find an O with an i inside.www.o-i.com
Thanks Chuck. I now recall seeing that familiar symbol impressed on glass products. Am I now in trouble with I-O over logo infringments, given the facts that you're a retired perwson and you obviously know someone in the company's legal department? i_XpUser
Sorry chr1stine for my chattering with Chuck. It's just that we've known each others through this Forum. Hope you don't mind it :-) i_XpUser
XP User---
I was just a "pee-on", maintainance mechanic, at one of the plants. I don't care.
Hi Chuck I have ploughed through suggestions, and found i have already tried them. I have non of the files they suggest removing, yet all my spyware/adware keeps picking up this registry entry, istbar, that cannot be deleted, obviously something is pointing to it, and my firewall is still on caution, although i do not think the istbar is the cause for that.
I use a host of different spyware scanners but i've found that Ewido fixes this particular infection very well. Download it and give it a try. Also, use the online virus scanner for trendmicro. http://housecall.trendmicro.com
After everything's clean...we can move on with the other problem. I'm currently using trendmico 2005 but without the firewall. I use Sygate Personal Firewall PRO. All the reviews i've read state that Trendmico catches more viruses then any other (norton, mcafee etc..) but the firewall feature lacks in a lot of ways. I also use the Wifi intrusion detection feature, that works pretty good. just my 2 cents.
Thanks for your help Scott. I have already used Housecall, and I must admit it is something I use quite often as it does seem to find threats that pc-cillin 2004 misses.
I am now going to try Ewido, will post back tomorrow with results.
Hi Scott I have done an online scan with ewido which could not clean items found. So I then downloaded trial software and again it could not clean. Report listed below:
HKLM\SOFTWARE\ISTbar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\ISTbar\Historystring -> Spyware.ISTBar : Error during cleaning
wow! this is the first time i've ever heard of it not cleaning that! i'm shocked. Are you logged on as administrator or have admin rights on your account? the report didnt give any more details? anyone else have any suggestions? i'll keep thinking and doing research and let you know if I can come up with anything.
thanks Scott I know its mad isnt it, this is why I have spent so many hours on. This morning, for the first time ever, spybot does a scan on startup and calls it Isearch.Sidefind, but when looking at the registry entry it is that ISTbar. My feeling is it is a little dll file somewhere in the system that the registry is pointing at, but as you know there are thousands. Spybot reported it in the memory and would clean at next startup but it didn't. I have searched for every file associated with ISTbar on my system, not one, and this morning searched for files associated with isearch, one found patch.exe, which i know to be a virus, but it is also a file associated with trendmicro. I have files in quarrantine in lower case called patch.exe, but the one found is in c:\windows in upper case, and its well known so i know virus checker would have picked it up.
I have checked the "Pest Info" on my
Spyware X-terminator
program. In the list it shows 7 ISTBar related entries. So I presume the program will remove it. Program costs a few bucks. Paying for something will probably work better than free programs. Available in stores and online.***Also, be sure to update any software online
after installation, and every 1-2 weeks.
"I presume the program will remove it. Program costs a few bucks. Paying for something will probably work better than free programs. Available in stores and online." HAH, its funny that nobody references that as a recommended download except very rarely! Also the free end products usually are commercial brands that cut a lot of the extras so freeloaners like us aren't going pirating. It's also funny that Download.com and even microsoft lists adaware and spybot as recommend spyware removal tools besides their own... Hah!
Anyway, try Spybot and adaware in safe mode, or simply just goto start, run, msconfig, and goto diagnostics, and try a scan with the programs from diag/safe.Also try A2 Squared (less known but I like it),
Webroot (15 day trial http://www.download.com/Webroot-Spy-Sweeper/3000-8022_4-10192729.html?tag=txt
and
Spyware Doctor
http://www.download.com/Spyware-Doctor/3000-8022_4-10293212.html?tag=txt
also a very important tool to use is Hijack This.
If you still have this problem, it's because you need to change the permissions on the key before trying to delete it. I had the same problem and it took me several days to figure this out (on Windows 2000 in my case, so I had to use regedt32 instead of regedit). Anyhow, hope this helps someone out there.
 |
|
| « Windows Mngmnt Instrument... | Windows XP Boot Sector Vi... » |
TOM'S GUIDE AROUND THE WORLD | |
| United States | France |
| Germany | Italy |
| United Kingdom | Ireland |
