Hard Light Productions Forums

Off-Topic Discussion => General Discussion => Topic started by: Jonathan_S47 on January 22, 2005, 05:02:44 pm

Title: ISTsvc
Post by: Jonathan_S47 on January 22, 2005, 05:02:44 pm: A piece of spyware that almost impossible to get rid of, and my brother got it in his laptop. We have tired everything from a fix from symnatic to removing it manually in safemode. It still comes back. In safe mode it completely disappears but returns when we boot normally. Has any one here ever been successful in removing this without a format?
Title: ISTsvc
Post by: Holmes on January 22, 2005, 05:03:51 pm: Try Microsoft antispyware: www.microsoft.com/spyware
If that doesn't work take a look at www.spywarewarrior.com
Title: ISTsvc
Post by: Liberator on January 22, 2005, 05:05:43 pm: Try it manually. Using regedit, delete all the keys that mention this. Clear out the Temp folder, all the tempory internet folders, as well as delete whatever program installed it in the first place.
Title: ISTsvc
Post by: Jonathan_S47 on January 22, 2005, 05:26:23 pm: Got it. When the system shuts down the spyware hides its self. I just hit power and booted to safe mode again.

Edit: :mad: spoke too soon. It’s back.
Title: ISTsvc
Post by: Liberator on January 22, 2005, 05:39:38 pm: Find out who uses it and sue 'em for illegal tracking and...stuff.
Title: ISTsvc
Post by: WMCoolmon on January 22, 2005, 05:40:46 pm: Have you tried Spybot S&D and Adaware?
Title: ISTsvc
Post by: Taristin on January 22, 2005, 05:43:46 pm: Probably something that gets reinstalled on startup. What kind of proggies is he running that launch atomagically?
Title: ISTsvc
Post by: Jonathan_S47 on January 22, 2005, 05:44:40 pm: My brothers tried that before they put me to work in it. They got rid of it, but when the computer was restarted it came back. Two chat programs come up right away. Yahoo and MSN.
Title: ISTsvc
Post by: Windrunner on January 22, 2005, 05:44:48 pm: As someone said use the microsoft antispyware. Their program will detect the IST spyware if they use the same antispyware database in their program as the company that they bought the software from.

or you can use www.avast.com antivirus(freeware) it also detects the IST spy.
Title: ISTsvc
Post by: phatosealpha on January 22, 2005, 05:49:43 pm: Sounds like a job for hijackthis. It should at least give you a big lead on how and what it's doing.
Title: ISTsvc
Post by: Jonathan_S47 on January 22, 2005, 05:55:05 pm: Sadly we already know what it’s doing. Ad popups….. mostly porn
Title: ISTsvc
Post by: mikhael on January 22, 2005, 05:57:17 pm: Spybot Search and Destroy, Adaware SE, Mike Lin's StartupCPL, and SysInternals PSTools and Process Explorer are just the tools for taking care of spyware.

Try looking to see if you have any BHOs that might be reinstalling the spyware when you run your browser. Also look to see if anything has replaced the normal session initialization binary in the registry.
Title: ISTsvc
Post by: phatosealpha on January 22, 2005, 06:04:19 pm: Quote
Originally posted by Jonathan_S47
Sadly we already know what it’s doing. Ad popups….. mostly porn

Not exactly what I meant. Hijackthis is a very powerful tool that will allow you to see all programs loaded by windows at startup through the registry or whatever, as well as any installed BHOs. That really sounds like a combo of something snuck into your startup somehow to constantly reinstall itself and a pain in the ass BHO that makes it do all that stuff.

Hijackthis will show you everything, and let you remove even stubbon suckers like that. Just be careful, since HJT shows everything, including neccessary bits.
Title: ISTsvc
Post by: Bobboau on January 22, 2005, 06:20:07 pm: Hijackthis

the omega of spyware removal

only for those who know what they are doing!
Title: ISTsvc
Post by: Jonathan_S47 on January 22, 2005, 06:42:48 pm: I should download it for my home system then. :D

Anyway, Microsoft antispyware did the trick. It hasn’t reappeared yet and hopefully never will. Thanks for the help!