ISTbar Description:
ISTbar is an IE toolbar, homepage and
search hijacker provided by Integrated Search
Technologies/CDT Inc.
ISTbar/AUpdate installs a TinyBar variant to implement its toolbar, and will be
detected by the script at this site as TinyBar/B
. The hijacker is aimed at my-internet.info and
blazefind.com; distribution is managed by
searchbarcash.com, its controlling server.
Updates are loaded by an 'AUpdate' process.
ISTbar/MSCache also uses TinyBar, along with a Browser Helper Object called
mscache.dll used to load updates. The controlling
server is www2.skoobidoo.com.
ISTbar/XXXToolbar is an update based around
porn. It uses its own toolbar based on the Pugi toolbar. The hijacker is aimed at its
controlling server xxxtoolbar.com, and slotch.com;
distribution is controlled by toolbarcash.com.
ISTbar also installs other parasites: AUpdate
and XXXToolbar install porn pop-up producer RapidBlaster/lp; the AUpdate variant is also known to
install DownloadPlus; the MSCache variant installs nCase and the Wink/EasyDates dialler.
Also known as: SearchBarCash-Hijacker, MSUpdates\MSCache, SlotchBar.
ISTbar Automatic Removal:
Using Spyware Doctor
to detect and remove ISTBar AUTOMATICALLY!
Sponsored Links:
Free Download Now:
ISTbar Manual Removal:
There is a entry in Add/Remove Programs for
'MS AUpdate' (AUpdate variant), 'MS Updates' (MSCache
variant), or 'ISTbar' (ISTbar variant).
Unfortunately this doesn't remove the toolbar in
the AUpdate variant, or RapidBlaster in the
AUpdate or ISTbar variants; in the MSCache
variant it does not appear to work at all.
AUpdate variant
Open the registry (click 'Start', choose 'Run'
and enter 'regedit') and find the key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
Delete the 'AutoUpdater' entry on the right
(pointing to aupdate.exe). Find the key
HKEY_CLASSES_ROOT\CLSID, and delete the subkey
'{69550BE2-9A78-11D2-BA91-00600827878D}'. Delete
the subkey of the same name from
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Explorer Bars, and the entry of the same
name from HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Toolbar.
Restart the computer and you should be able to
delete the files 'aupdate.exe', 'aupdate.conf',
'aupdate.trk'
and (if it is there) 'aupdate_uninstall.exe' from
the System folder. (The System folder can be
found inside the Windows folder; it is called
'System32' on Windows NT/2000/XP or just 'System'
on Windows 95/98/Me.)
Finally you can restore your normal search
settings (Internet Options->Programs->Reset
Web Settings) and deal with RapidBlaster
and DownloadPlus.
MSCache variant
Open a DOS command prompt window (from
Start->Programs->Accessories) and enter the
following commands:
cd "%WinDir%\System"
regsvr32 /u ../mscache.dll
Next, open the registry (click 'Start', choose
'Run' and enter 'regedit') and find the key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
Delete the 'MS Updates' entry on the right
(pointing to mscache.exe). Find the key
HKEY_CLASSES_ROOT\CLSID, and delete the subkey
'{69550BE2-9A78-11D2-BA91-00600827878D}'. Delete
the subkey of the same name from
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Explorer Bars, and the entry of the same
name from HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\Toolbar.
Restart the computer and you should be able to
delete the files 'mscache.exe', and 'mscache.dll'
from the Windows folder
Finally you can restore your normal search
settings (Internet Options->Programs->Reset
Web Settings) and deal with nCase and Wink/EasyDates.
XXXToolbar variant
Open the registry (click 'Start', choose 'Run'
and enter 'regedit') and find the key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
Delete the 'IST Service' entry, if it is there.
(Some early releases of XXXToolbar did not
include this.)
Open a DOS command prompt window (form
Start->Programs->Accessories) and enter the
following commands:
cd "%WinDir%\System"
regsvr32 /u "\Program Files\ISTbar\istbar.dll"
Restart the computer and you should be able to
delete the 'ISTbar' folder inside Program Files,
and the 'istsvc.exe' file inside the Windows
folder. You can also delete the registry keys
HKEY_CURRENT_USER\Software\ISTbar and
HKEY_CLASSES_ROOT\Pugi.PugiObj (and .1) to clean
up if you like.
Finally you can restore your normal search
settings (Internet Options->Programs->Reset
Web Settings) and deal with RapidBlaster.
|
IMPORTANT!
Tired of not knowing what is running on your computer?
WinTasks 5 Pro will help you solve computer
problems and improve system speed instantly.
Get complete control over your PC today!
Learn more about WinTasks!
| |
More
Removal Instructions for Adware/Spyware Programs -
'I'
| 
