ISTBar

Topic

New Reply

I ran a couple of routine anti-malware scans this morning and although Ad-Aware and SpyBot didn’t find anything, PestPatrol came up with ISTBar, which a Google search suggests is a bad actor. Anyone else have any experience with this? PestPatrol took care of it, but I’m curious about the ramifications.

Reply | Quote

Replies

Hi Charlotte

Here’s a little info on ISTBar.

ISTbar is a homepage and search hijacking adware. It adds a toolbar to Internet Explorer and displays popup ads that come mainly from porn sites. This adware is distributed by Integrated Search Technologies/CDT Inc. It may also install third-party adware and spyware on the computer.

ISTbar is an IE toolbar, homepage- and search-hijacker provided by Integrated Search Technologies/CDT Inc.

Troj/Istbar-O is an downloader Trojan and browser hijacker.
Troj/Istbar-O attempts to download and install executables without notifying the user. Names of files downloaded may include: ……

Symantec and other AV sites have more info on this little feller.

Have a Great day!!!
Ken

Reply | Quote

Charlotte,
I know that Pest Patrol is highly rated, but I’m beginning to have more than a few passing doubts about the program. I just ran the online version of Pest Patrol on my main machine, and it found not only the ISTBar, but also Bonzi Buddy. Needless to say, that grape ape hasn’t been within a mile of my computers, ever! Neither of these “so-called” problems show up in the Registry at the locations that the scans indicate, which tells me that perhaps the folks at Pest Patrol may be doing a little salting in order to drum up business.

Hold on a moment — I just did a little checking…

On another machine — a brand-new installation of XPSP2 — one which IE 6 has seen no other web sites other than Windows Update and Office Update — the Pest Patrol scanner found the ISTBar. It did not find evidence of Bonzi Buddy. Unless Microsoft is installing third party spyware/adware, I don’t see how it is possible for the ISTBar to be there. I think it’s probably a false positive — could be in your case, too.

I rechecked the machine on which traces of Bonzi Buddy were found. There was a Registry key for Bonzi.com, but no value had been set. It’s simply listed as a domain that’s blocked. Big deal — it was a false positive, as I thought. Between SpySweeper, AdAware, Spybot S&D, MS Antispyware, SpywareBlaster, and CleanMOCache, I think I’m pretty well set, and anything PestPatrol finds can be discounted as a false positive.

So, Charlotte, I’m guessing that you may find the ISTBar is a false positive as well.
Liberty R.

Reply | Quote

Today, after running AdAware and Spybot (I also have SpyBlaster installed), I ran Pest Patrol. It located 4 malware/spyware programs that did, in fact, exist. Might there be a difference in running an online version?

Reply | Quote

DenGar,
I’m not saying that your malware didn’t exist, or that PestPatrol has no merit. What I am saying is that I am now discounting what I believe to be false positives found by PestPatrol on my systems. Your machine, as well as your security precautions, may be entirely different than mine.
Yes, it’s possible for the online version to be different than the retail version; there are probably many more options available during a scan done with the retail version. It’s possible that CA has the heuristics cranked up super-high in their online version. Who knows? Maybe someone from PestPatrol will answer Charlotte’s post, and we’ll get some answers. Good question, though.

Reply | Quote

I don’t know about the on-line scan, since I’ve never used it, but PestPatrol often misidentifies some things as BonziBuddy because certain libraries in legitimate products are also used by spyware. I ran into this with EasyMailSMTP. The thing to do with PestPatrol or any other anti-malware product, is to notify the publisher when they throw false positives like that. If you’re sure the file is legitmate and belongs to a valid product, letting the publisher know often leads to a very fast patch.

Reply | Quote

Hi Charlotte:
I think Liberty Raynes is right. I have the free version of Pest Patrol, so I have to delete anthing it finds manually. I ran PP & it found ISTBar. However, it gave the location as a registry entry:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftDownloadManager

When I checked that location in the registry, it only had a Name default, with no value set. I ran MS AntiSpyware, Ad-Aware, & Spybot S&D. All were negative. When I went to the Pest Patrol Spyware Encyclopedia to look it up, I had none of the running processes they mention should be removed. I also spot checked a number of registry entries associated with ISTBar & none existed. (I didn’t check everything).

It seems to me that Pest Patrol errs on the side of caution. Whenevery it finds a registry key or cookie, etc. whose name may or may not be spyware (depending upon other entries), it lists it as spyware.

By the way, I ran PP about a week ago & ISTBar didn’t show up, so we must be visiting the same p–n sites.
Cheers,
P.S. Just kidding. I don’t visit those sites intentionally.

Reply | Quote

I use the Pro versions (if available) of all my anti malware products, and PestPatrol definitely found something which wasn’t there the last time it looked. I’m not suggesting it is any better or worse than the other products, but if you look at those google searches carefully, you’ll find PP listed as one of the products that finds and removes ISTBar. Yes, it does err on the side of caution and it can throw false positives, so I tend to track down the results before I take steps. I was just asking whether anyone had encountered any popups, etc., as a result of ISTBar, more as a matter of curiousity than anything else.

Reply | Quote

Another possible scenario is if a particular malware is identified by, say Spybot, but the program is unable to clean up all vestiges of its original installation. Even though the malware is negated, some of its old footprints remain. Then when another program does its malware scanning, using other methods, it finds one of these old forgotten entries and alerts you to an infection.

The best guide IMO is to check out a manual removal guide, if possible. This should give a fair indication as to whether the offender is just an innocuous orphan, or whether the malware is really still there.

Alan

Reply | Quote