JS:Isbar [Trj]

Discussion in 'Computer Security' started by DD, May 5, 2005.

  1. DD

    DD Guest

    Can anyone tell me what JS:Isbar is? My Avast AV detected it when I
    downloaded a page but there seems to have been no bad effects. [as
    yet!]. Google only throws up foreign language links.

    DD
    DD, May 5, 2005
    #1
    1. Advertising

  2. DD

    Ashp Guest

    DD wrote:

    > Can anyone tell me what JS:Isbar is? My Avast AV detected it when I
    > downloaded a page but there seems to have been no bad effects. [as
    > yet!]. Google only throws up foreign language links.


    Its most likely the webpage using Javascript to hide or trick the
    address bar in IE. Assume you were looking at a phishing site?

    There won't be any other bad effects.

    Ash.
    Ashp, May 5, 2005
    #2
    1. Advertising

  3. From: "DD" <>

    | Can anyone tell me what JS:Isbar is? My Avast AV detected it when I
    | downloaded a page but there seems to have been no bad effects. [as
    | yet!]. Google only throws up foreign language links.
    |
    | DD

    1) Dump the contents of your IE cache -
    Start --> settings --> control panel --> Internet options --> delete files

    2) Dump the contents of the Mozilla FireFox Cache { if you use it }
    Tools --> Options --> Privacy --> Cache --> Clear

    3) Dump the contents of your Sun Java cache -
    Start --> settings --> control panel --> Java applet --> cache --> clear
    or
    Start --> settings --> control panel --> Java applet --> general --> settings -->
    delete files

    4) Download TrendMicro Sysclean by one of the following 2 methods

    Trend Sysclean Method 1
    ---------------------------------------
    Trend Sysclean Package
    http://www.trendmicro.com/download/dcs.asp

    Latest Trend signature files.
    http://www.trendmicro.com/download/pattern.asp

    Create a directory.
    On drive "C:\"
    (e.g., "c:\sysclean")

    Download SYSCLEAN.COM and place it in that directory.
    Download the signature files (pattern files) by obtaining the ZIP file.
    For example; lpt613.zip

    Extract the contents of the ZIP file and place the contents in the same directory as
    SYSCLEAN.COM.

    Trend Sysclean Method 2
    ---------------------------------------
    Download the utility SYSCLEAN_FE at the following URL --
    http://www.ik-cs.com/got-a-virus.htm
    SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
    Direct URL --
    http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

    5) If you are using WinME or WinXP, disable System Restore
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    6) Reboot your PC into Safe Mode and shutdown as many applications as possible.
    7) Using Trend Sysclean utility, perform a Full Scan of your platform and clean/delete
    any infectors/parasites found.
    (a few cycles may be needed)
    8) Restart your PC and perform a "final" Full Scan of your platform using the
    Trend Sysclean utility.
    9) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
    System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
    10) Reboot your PC.
    11) If you are using WinME or WinXP, create a new Restore point

    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, May 5, 2005
    #3
  4. DD

    DD Guest

    Thanks for such detailed instructions, just what I need! I took option
    2 and downloaded SYSCLEAN_FE, unzipped it and did all the other things
    you detailed before booting into Safe Mode and running Sysclean_ FE.bat.
    The files seemed to download satisfactorily but I got an error message
    -"Sysclean\pattern.txt not opened for READ, error code [0]"
    I also tried to run Sysclean_FE.link with the same result.

    Any suggestions where the problem could be?

    Thanks again, DD





    David H. Lipman wrote:
    > From: "DD" <>
    >
    > | Can anyone tell me what JS:Isbar is? My Avast AV detected it when I
    > | downloaded a page but there seems to have been no bad effects. [as
    > | yet!]. Google only throws up foreign language links.
    > |
    > | DD
    >
    > 1) Dump the contents of your IE cache -
    > Start --> settings --> control panel --> Internet options --> delete files
    >
    > 2) Dump the contents of the Mozilla FireFox Cache { if you use it }
    > Tools --> Options --> Privacy --> Cache --> Clear
    >
    > 3) Dump the contents of your Sun Java cache -
    > Start --> settings --> control panel --> Java applet --> cache --> clear
    > or
    > Start --> settings --> control panel --> Java applet --> general --> settings -->
    > delete files
    >
    > 4) Download TrendMicro Sysclean by one of the following 2 methods
    >







    > Trend Sysclean Method 1
    > ---------------------------------------
    > Trend Sysclean Package
    > http://www.trendmicro.com/download/dcs.asp
    >
    > Latest Trend signature files.
    > http://www.trendmicro.com/download/pattern.asp
    >
    > Create a directory.
    > On drive "C:\"
    > (e.g., "c:\sysclean")
    >
    > Download SYSCLEAN.COM and place it in that directory.
    > Download the signature files (pattern files) by obtaining the ZIP file.
    > For example; lpt613.zip
    >
    > Extract the contents of the ZIP file and place the contents in the same directory as
    > SYSCLEAN.COM.
    >
    > Trend Sysclean Method 2
    > ---------------------------------------
    > Download the utility SYSCLEAN_FE at the following URL --
    > http://www.ik-cs.com/got-a-virus.htm
    > SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
    > Direct URL --
    > http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe
    >
    > 5) If you are using WinME or WinXP, disable System Restore
    > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    > 6) Reboot your PC into Safe Mode and shutdown as many applications as possible.
    > 7) Using Trend Sysclean utility, perform a Full Scan of your platform and clean/delete
    > any infectors/parasites found.
    > (a few cycles may be needed)
    > 8) Restart your PC and perform a "final" Full Scan of your platform using the
    > Trend Sysclean utility.
    > 9) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
    > System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
    > 10) Reboot your PC.
    > 11) If you are using WinME or WinXP, create a new Restore point
    >
    > * * * Please report back your results * * *
    >
    >
    DD, May 6, 2005
    #4
  5. From: "DD" <>

    | Thanks for such detailed instructions, just what I need! I took option
    | 2 and downloaded SYSCLEAN_FE, unzipped it and did all the other things
    | you detailed before booting into Safe Mode and running Sysclean_ FE.bat.
    | The files seemed to download satisfactorily but I got an error message
    | -"Sysclean\pattern.txt not opened for READ, error code [0]"
    | I also tried to run Sysclean_FE.link with the same result.
    |
    | Any suggestions where the problem could be?
    |
    | Thanks again, DD
    |


    Yes... when you reboot into Safe Mode it has already downloaded the Pattern File and
    SYSCLEAN.COM so in Safe Mode just execute..

    c:\sysclean\sysclean.com

    I 'll have to re-write the instuctions to make this easier to understand for future replies.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, May 6, 2005
    #5
  6. DD

    DD Guest

    I don't know what the site was, my Avast AV jumped in and gave me the
    warning before I saw it. I was looking for some ACDSee information at
    the time and it was one of the sites that Google found. I have not
    noticed any problems but I thought there would be no harm in doing what
    David Lipman suggests in case there is something lurking in the background.
    Thanks for the answer and reassurance.
    DD



    Ashp wrote:
    > DD wrote:
    >
    >> Can anyone tell me what JS:Isbar is? My Avast AV detected it when
    >> I downloaded a page but there seems to have been no bad effects. [as
    >> yet!]. Google only throws up foreign language links.

    >
    >
    > Its most likely the webpage using Javascript to hide or trick the
    > address bar in IE. Assume you were looking at a phishing site?
    >
    > There won't be any other bad effects.
    >
    > Ash.
    DD, May 6, 2005
    #6
  7. DD

    DD Guest

    Thanks for that quick reply, I think you hold the record for an answer!

    DD


    David H. Lipman wrote:
    > From: "DD" <>
    >
    > | Thanks for such detailed instructions, just what I need! I took option
    > | 2 and downloaded SYSCLEAN_FE, unzipped it and did all the other things
    > | you detailed before booting into Safe Mode and running Sysclean_ FE.bat.
    > | The files seemed to download satisfactorily but I got an error message
    > | -"Sysclean\pattern.txt not opened for READ, error code [0]"
    > | I also tried to run Sysclean_FE.link with the same result.
    > |
    > | Any suggestions where the problem could be?
    > |
    > | Thanks again, DD
    > |
    >
    >
    > Yes... when you reboot into Safe Mode it has already downloaded the Pattern File and
    > SYSCLEAN.COM so in Safe Mode just execute..
    >
    > c:\sysclean\sysclean.com
    >
    > I 'll have to re-write the instuctions to make this easier to understand for future replies.
    >
    DD, May 6, 2005
    #7
  8. From: "DD" <>

    | Thanks for that quick reply, I think you hold the record for an answer!
    |
    | DD

    See if this is a better set of instructions...

    Dump the contents of the IE Temporary Internet Folder cache (TIF)
    Start --> Settings --> Control Panel --> Internet Options --> Delete Files

    Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
    Tools --> Options --> Privacy --> Cache --> Clear

    1) Download the TrendMicro Sysclean Front End

    Download the utility SYSCLEAN_FE at the following URL --
    http://www.ik-cs.com/got-a-virus.htm
    SYSCLEAN_FE automates the download and execution process of the Trend Sysclean Package.
    Direct URL --
    http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

    2) Execute; SYSCLEAN_FE.EXE
    Choose; Unzip
    Choose; Close

    Execute; c:\sysclean\SYSCLEAN_FE.BAT
    { or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
    when you get to the menu exit the utility so you can boot into Safe Mode.

    3) If you are using WinME or WinXP, disable System Restore
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm

    4) Reboot your PC into Safe Mode and shutdown as many applications as possible.

    5) Execute; c:\sysclean\sysclean.com
    Let SYCLEAN.COM scan your computer.

    6) Restart your PC and perform a "final" Full Scan of your platform
    Execute; c:\sysclean\SYSCLEAN_FE.BAT
    { or Double-click on 'SYSCLEAN_FE Link' in c:\sysclean }
    This time, choose to execute SYSCLEAN.COM from the menu.

    7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
    System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),

    8) Reboot your PC.

    9) If you are using WinME or WinXP, create a new Restore point

    * * * Please report back your results * * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
    David H. Lipman, May 6, 2005
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page