Hijacker

Discussion in 'Computer Security' started by Billy, Feb 19, 2008.

  1. Billy

    Billy Guest

    I keep findin an entry ISTbar Hijacker.
    I remove it but the next time I run scan there it is.
    Details say something like H key local microsoft windows.
    How do I get rid of this and how dangerous is it?
    Thanks
     
    Billy, Feb 19, 2008
    #1
    1. Advertising

  2. Billy

    Sebastian G. Guest

    Billy wrote:

    > I keep findin an entry ISTbar Hijacker.
    > I remove it but the next time I run scan there it is.
    > Details say something like H key local microsoft windows.



    You have flattened and rebuilt the system, yet it's still there? Then you
    must be doing something incredibly wrong...
     
    Sebastian G., Feb 19, 2008
    #2
    1. Advertising

  3. Billy

    Jim Watt Guest

    On Mon, 18 Feb 2008 22:26:53 -0600, Billy <'s> wrote:

    >I keep findin an entry ISTbar Hijacker.
    >I remove it but the next time I run scan there it is.
    >Details say something like H key local microsoft windows.
    >How do I get rid of this and how dangerous is it?
    >Thanks


    According the Google which many people use to
    find information rather than asking here;

    "Installed by ActiveX drive-by download on affiliate sites, typically
    porn adverts, from April 2003. At least ISTbar/AUpdate is known to
    install using aggressive JavaScript."

    You may be able to get rid of it easily enough
    without following Sebastians crash and burn advice.

    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Feb 19, 2008
    #3
  4. From: "Billy" <'s>

    | I keep findin an entry ISTbar Hijacker.
    | I remove it but the next time I run scan there it is.
    | Details say something like H key local microsoft windows.
    | How do I get rid of this and how dangerous is it?
    | Thanks

    Please download, install and update the following software...

    * Ad-aware SE 2007
    http://www.lavasoft.de/
    http://www.lavasoftusa.com/
    http://www.lavasoft.de/ms/index.htm

    * SpyBot Search and Destroy v1.5
    http://security.kolla.de/
    http://www.safer-networking.org/microsoft.en.html

    * SuperAntiSpyware
    http://www.superantispyware.com/superantispywarefreevspro.html


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Feb 19, 2008
    #4
  5. On Tue, 19 Feb 2008 14:22:46 GMT
    "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote:

    > Please download, install and update the following software...


    I remember a discussion a few days ago. It was about useless products,
    and about advertising them. Useless posts like these make me change my
    mind at times. Luckily I'm pretty confident about my view.


    Regards,
    Ertugrul.


    --
    http://ertes.de/
     
    Ertugrul Söylemez, Feb 19, 2008
    #5
  6. Billy

    nemo_outis Guest

    Billy <'s> wrote in news:eUsuj.66$:

    > I keep findin an entry ISTbar Hijacker.
    > I remove it but the next time I run scan there it is.
    > Details say something like H key local microsoft windows.
    > How do I get rid of this and how dangerous is it?
    > Thanks



    A better newsgroups in which to seek advice on this problem is:

    alt.privacy.spyware

    In general, you will find that cleaning your system usually does not
    require flattening and rebuilding - despite Sebastian's (mis-)advice.
    There are a number of programs which can remove most spyware without
    requiring such drastic and tiresome methods.

    Regards,
     
    nemo_outis, Feb 19, 2008
    #6
  7. On Tue, 19 Feb 2008 15:59:36 GMT
    "nemo_outis" <> wrote:

    > In general, you will find that cleaning your system usually does not
    > require flattening and rebuilding - despite Sebastian's (mis-)advice.
    > There are a number of programs which can remove most spyware without
    > requiring such drastic and tiresome methods.


    He is right in that flattening and rebuilding the system is the only way
    to _guarantee_ that all malware has been removed.


    Regards,
    Ertugrul.


    --
    http://ertes.de/
     
    Ertugrul Söylemez, Feb 19, 2008
    #7
  8. Billy

    Todd H. Guest

    Ertugrul Söylemez <> writes:

    > On Tue, 19 Feb 2008 15:59:36 GMT
    > "nemo_outis" <> wrote:
    >
    >> In general, you will find that cleaning your system usually does not
    >> require flattening and rebuilding - despite Sebastian's (mis-)advice.
    >> There are a number of programs which can remove most spyware without
    >> requiring such drastic and tiresome methods.

    >
    > He is right in that flattening and rebuilding the system is the only way
    > to _guarantee_ that all malware has been removed.


    Indeed.

    There's quite a difference between "most spyware" and "all malware."

    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Feb 19, 2008
    #8
  9. From: "Ertugrul Söylemez" <>


    |
    | He is right in that flattening and rebuilding the system is the only way
    | to _guarantee_ that all malware has been removed.
    |
    | Regards,
    | Ertugrul.
    |

    For ISTbar ?

    That's like swatting a fly with a sledge hammer. Way overboard. We are not talking about a
    password stealing Trojan with RootKit techniques. We are just talking about minor,
    annoying, adware program.

    http://vil.nai.com/vil/content/v_116303.htm


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Feb 19, 2008
    #9
  10. Billy

    Sebastian G. Guest

    Todd H. wrote:

    > Ertugrul Söylemez <> writes:
    >
    >> On Tue, 19 Feb 2008 15:59:36 GMT
    >> "nemo_outis" <> wrote:
    >>
    >>> In general, you will find that cleaning your system usually does not
    >>> require flattening and rebuilding - despite Sebastian's (mis-)advice.
    >>> There are a number of programs which can remove most spyware without
    >>> requiring such drastic and tiresome methods.

    >> He is right in that flattening and rebuilding the system is the only way
    >> to _guarantee_ that all malware has been removed.

    >
    > Indeed.
    >
    > There's quite a difference between "most spyware" and "all malware."


    The problem is that's no way to differ between those, thus no "removal tool"
    could provide just any non-zero reliability.

    Do you think that one could reasonably work with a computer that must be
    reasonably distrusted with everything he does?
     
    Sebastian G., Feb 19, 2008
    #10
  11. Billy

    Sebastian G. Guest

    David H. Lipman wrote:

    > From: "Ertugrul Söylemez" <>
    >
    >
    > |
    > | He is right in that flattening and rebuilding the system is the only way
    > | to _guarantee_ that all malware has been removed.
    > |
    > | Regards,
    > | Ertugrul.
    > |
    >
    > For ISTbar ?
    >
    > That's like swatting a fly with a sledge hammer. Way overboard. We are not talking about a
    > password stealing Trojan with RootKit techniques. We are just talking about minor,
    > annoying, adware program.



    No. We're talking about the unknown malware that installed ISTbar. We're
    talking about the unknown malware that was installed by ISTbar. We're
    talking about the unknown malware that was installed aisde from ISTbar.
    We're talking about the malware that got in through the same vulnerability
    as ISTbar.

    Heck, we're not even sure that it's the same ISTbar as the analysts had,
    much less that their analysis was complete.
     
    Sebastian G., Feb 19, 2008
    #11
  12. From: "Sebastian G." <>


    |
    | No. We're talking about the unknown malware that installed ISTbar. We're
    | talking about the unknown malware that was installed by ISTbar. We're
    | talking about the unknown malware that was installed aisde from ISTbar.
    | We're talking about the malware that got in through the same vulnerability
    | as ISTbar.
    |
    | Heck, we're not even sure that it's the same ISTbar as the analysts had,
    | much less that their analysis was complete.

    Once in a while I will agree with you. This is NOT one of those times.

    This is a common annoying adware program most notably installed by not practicing Safe Hex.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Feb 19, 2008
    #12
  13. Billy

    Sebastian G. Guest

    David H. Lipman wrote:

    > From: "Sebastian G." <>
    >
    >
    > |
    > | No. We're talking about the unknown malware that installed ISTbar. We're
    > | talking about the unknown malware that was installed by ISTbar. We're
    > | talking about the unknown malware that was installed aisde from ISTbar.
    > | We're talking about the malware that got in through the same vulnerability
    > | as ISTbar.
    > |
    > | Heck, we're not even sure that it's the same ISTbar as the analysts had,
    > | much less that their analysis was complete.
    >
    > Once in a while I will agree with you. This is NOT one of those times.
    >
    > This is a common annoying adware program most notably installed by not practicing Safe Hex.


    Let me rephrase it: If this is really the same ISTbar as the analysts have
    and if their analysis is correct and complete and if ISTbar was installed
    primary through this vulnerability and if no other malware exploited this
    vulnerability, then a removal might be possible.

    Too many "if"s with too unlikely conditions, at least for me.
     
    Sebastian G., Feb 19, 2008
    #13
  14. Billy

    Todd H. Guest

    "Sebastian G." <> writes:

    > David H. Lipman wrote:
    >
    >> From: "Ertugrul Söylemez" <>
    >> |
    >> | He is right in that flattening and rebuilding the system is the only way
    >> | to _guarantee_ that all malware has been removed.
    >> |
    >> | Regards,
    >> | Ertugrul.
    >> |
    >> For ISTbar ?
    >> That's like swatting a fly with a sledge hammer. Way overboard. We
    >> are not talking about a
    >> password stealing Trojan with RootKit techniques. We are just talking about minor,
    >> annoying, adware program.

    >
    >
    > No. We're talking about the unknown malware that installed
    > ISTbar. We're talking about the unknown malware that was installed by
    > ISTbar. We're talking about the unknown malware that was installed
    > aisde from ISTbar. We're talking about the malware that got in through
    > the same vulnerability as ISTbar.
    >
    > Heck, we're not even sure that it's the same ISTbar as the analysts
    > had, much less that their analysis was complete.


    I'm 100% with Sebastian's on this one.

    The proper procedure is to flatten and rebuild after any malware
    infection.

    Should one eschew proper procedure they should do so with eyes wide
    open of all the new risks they're taking on about custom variants of
    malware that AV may not detect or new aspects of a detected threat
    that differ from the version characterized by the AV vendors.

    Now you might get lucky and remove the threat. Then again, you might
    not. Depending on the system's use and risk posture, this added risk
    may be acceptable (i.e. a machine that is never used to log on
    anywhere with a password that matters, no confidential information on
    the machine that's worthwhile--not sure there are many such machines
    in the world though), or quite unacceptable.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Feb 19, 2008
    #14
  15. Billy

    nemo_outis Guest

    (Todd H.) wrote in news::

    Let's really be safe - flatten and rebuild the system at least twice a day.
    Or hourly. After all, let's not take any chances by waiting for any
    symptoms of malware to appear - instead be proactive and preempt by hourly
    rebuilds. Just to really play it safe :)

    No, sarcasm aside, Lipman has it right - there is no need to use a sledge
    hammer to crack a peanut.

    Regards,
     
    nemo_outis, Feb 19, 2008
    #15
  16. Billy

    Bit Twister Guest

    On Tue, 19 Feb 2008 19:04:53 GMT, nemo_outis wrote:
    > (Todd H.) wrote in news::
    >
    > Let's really be safe - flatten and rebuild the system at least twice a day.


    Or change Operating Systems. :-D

    > Or hourly. After all, let's not take any chances by waiting for any
    > symptoms of malware to appear - instead be proactive and preempt by hourly
    > rebuilds. Just to really play it safe :)


    Hourly, is not going to hack it.
    5,000,000 divided by 365 = 13,698.6 new malware per day
    13,698.6 divided by 24 hr = 570.7 new malware per hour.
    http://www.darkreading.com/document.asp?doc_id=143424

    Hey, go to
    http://www.commtouch.com/Site/ResearchLab/VirusLab/recent_activity.asp

    Check out some of the detection rates for your AV product on what is
    going around just in email.
     
    Bit Twister, Feb 19, 2008
    #16
  17. Billy

    Todd H. Guest

    "nemo_outis" <> writes:

    > (Todd H.) wrote in news::
    >
    > Let's really be safe - flatten and rebuild the system at least twice a day.
    > Or hourly. After all, let's not take any chances by waiting for any
    > symptoms of malware to appear - instead be proactive and preempt by hourly
    > rebuilds. Just to really play it safe :)


    There are public use computer systems that do get re-imaged with daily
    frequency...

    > No, sarcasm aside, Lipman has it right - there is no need to use a sledge
    > hammer to crack a peanut.


    If you're really dealing with a peanut, sure.

    The underlying problem is that unless you have a strong baseline of
    you system, you don't have strong certainty you're really dealing with
    a peanut.

    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Feb 19, 2008
    #17
  18. Billy

    nemo_outis Guest

    (Todd H.) wrote in news::

    >...
    > If you're really dealing with a peanut, sure.
    >
    > The underlying problem is that unless you have a strong baseline of
    > you system, you don't have strong certainty you're really dealing with
    > a peanut.


    There is always a tension between productivity and security. Wanna be
    completely secure? Then turn the damned thing off and never use it again.
    Better yet, build a bonfire with it.

    For garden variety nuisances like spyware, the appropriate remedy is
    spyware cleaners, followed by a period of increased vigilance (aided by
    tools such as firewalls).

    Life is full of risks - no one gets out alive. Reasonable and
    proportionate precautions and responses are all that are required;
    otherwise one would never get out of bed, let alone get anything done.

    Regards,
     
    nemo_outis, Feb 19, 2008
    #18
  19. Billy

    Sebastian G. Guest

    Todd H. wrote:


    > The underlying problem is that unless you have a strong baseline of
    > you system, you don't have strong certainty you're really dealing with
    > a peanut.


    Which is exactly the reason why a strong baseline is a necessity for
    reliable computer usage.

    But unlike you I don't thing that this would be hard to achieve. Not even
    for a beginner, as long as he's willing and reasonable.
     
    Sebastian G., Feb 19, 2008
    #19
  20. Billy

    Todd H. Guest

    "Sebastian G." <> writes:

    > Todd H. wrote:
    >
    >
    >> The underlying problem is that unless you have a strong baseline of
    >> you system, you don't have strong certainty you're really dealing with
    >> a peanut.

    >
    > Which is exactly the reason why a strong baseline is a necessity for
    > reliable computer usage.
    >
    > But unlike you I don't thing that this would be hard to achieve. Not
    > even for a beginner, as long as he's willing and reasonable.


    We actually don't disagree on this. I don't think it's hard to
    achieve.

    I just know the reality is that nearly no one out there has such a
    baseline, which make the recommendation you and I are making (flatten
    and rebuild) all the more appropriate for anything but trivial systems
    no one cares about whether they might have keyloggers or the like on
    them.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Feb 19, 2008
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John D

    browser hijacker problem

    John D, Jul 29, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    540
    ProfGene
    Jul 29, 2004
  2. punty

    How do I get rid of browser hijacker?

    punty, Nov 7, 2004, in forum: Computer Support
    Replies:
    4
    Views:
    4,919
    punty
    Nov 7, 2004
  3. the.tall.hobbit

    Please help me get rid of a hijacker!

    the.tall.hobbit, Nov 21, 2004, in forum: Computer Support
    Replies:
    5
    Views:
    684
  4. stewy

    The US issued a Visa to a 911 hijacker

    stewy, Apr 2, 2004, in forum: Digital Photography
    Replies:
    3
    Views:
    352
    countertroll
    Apr 3, 2004
  5. Montgomery BOO...URNS

    Adware "Hijacker" Situation...

    Montgomery BOO...URNS, Aug 8, 2004, in forum: Computer Security
    Replies:
    10
    Views:
    777
    johns
    Aug 10, 2004
Loading...

Share This Page