I keep findin an entry ISTbar Hijacker.
I remove it but the next time I run scan there it is.
Details say something like H key local microsoft windows.
How do I get rid of this and how dangerous is it?
Thanks
> I keep findin an entry ISTbar Hijacker.
> I remove it but the next time I run scan there it is.
> Details say something like H key local microsoft windows.
You have flattened and rebuilt the system, yet it's still there? Then you
must be doing something incredibly wrong...
| I keep findin an entry ISTbar Hijacker.
| I remove it but the next time I run scan there it is.
| Details say something like H key local microsoft windows.
| How do I get rid of this and how dangerous is it?
| Thanks
Please download, install and update the following software...
On Tue, 19 Feb 2008 14:22:46 GMT
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote:
> Please download, install and update the following software...
I remember a discussion a few days ago. It was about useless products,
and about advertising them. Useless posts like these make me change my
mind at times. Luckily I'm pretty confident about my view.
Billy <Bob@BillyJoe.Bob's> wrote in news:eUsuj.66$qv2.1@newsfe02.lga:
> I keep findin an entry ISTbar Hijacker.
> I remove it but the next time I run scan there it is.
> Details say something like H key local microsoft windows.
> How do I get rid of this and how dangerous is it?
> Thanks
A better newsgroups in which to seek advice on this problem is:
alt.privacy.spyware
In general, you will find that cleaning your system usually does not
require flattening and rebuilding - despite Sebastian's (mis-)advice.
There are a number of programs which can remove most spyware without
requiring such drastic and tiresome methods.
On Tue, 19 Feb 2008 15:59:36 GMT
"nemo_outis" <abc@xyz.com> wrote:
> In general, you will find that cleaning your system usually does not
> require flattening and rebuilding - despite Sebastian's (mis-)advice.
> There are a number of programs which can remove most spyware without
> requiring such drastic and tiresome methods.
He is right in that flattening and rebuilding the system is the only way
to _guarantee_ that all malware has been removed.
> On Tue, 19 Feb 2008 15:59:36 GMT
> "nemo_outis" <abc@xyz.com> wrote:
>
>> In general, you will find that cleaning your system usually does not
>> require flattening and rebuilding - despite Sebastian's (mis-)advice.
>> There are a number of programs which can remove most spyware without
>> requiring such drastic and tiresome methods.
>
> He is right in that flattening and rebuilding the system is the only way
> to _guarantee_ that all malware has been removed.
Indeed.
There's quite a difference between "most spyware" and "all malware."
|
| He is right in that flattening and rebuilding the system is the only way
| to _guarantee_ that all malware has been removed.
|
| Regards,
| Ertugrul.
|
For ISTbar ?
That's like swatting a fly with a sledge hammer. Way overboard. We are not talking about a
password stealing Trojan with RootKit techniques. We are just talking about minor,
annoying, adware program.
> Ertugrul Söylemez <es@ertes.de> writes:
>
>> On Tue, 19 Feb 2008 15:59:36 GMT
>> "nemo_outis" <abc@xyz.com> wrote:
>>
>>> In general, you will find that cleaning your system usually does not
>>> require flattening and rebuilding - despite Sebastian's (mis-)advice.
>>> There are a number of programs which can remove most spyware without
>>> requiring such drastic and tiresome methods.
>> He is right in that flattening and rebuilding the system is the only way
>> to _guarantee_ that all malware has been removed.
>
> Indeed.
>
> There's quite a difference between "most spyware" and "all malware."
The problem is that's no way to differ between those, thus no "removal tool"
could provide just any non-zero reliability.
Do you think that one could reasonably work with a computer that must be
reasonably distrusted with everything he does?
> From: "Ertugrul Söylemez" <es@ertes.de>
>
>
> |
> | He is right in that flattening and rebuilding the system is the only way
> | to _guarantee_ that all malware has been removed.
> |
> | Regards,
> | Ertugrul.
> |
>
> For ISTbar ?
>
> That's like swatting a fly with a sledge hammer. Way overboard. We are not talking about a
> password stealing Trojan with RootKit techniques. We are just talking about minor,
> annoying, adware program.
No. We're talking about the unknown malware that installed ISTbar. We're
talking about the unknown malware that was installed by ISTbar. We're
talking about the unknown malware that was installed aisde from ISTbar.
We're talking about the malware that got in through the same vulnerability
as ISTbar.
Heck, we're not even sure that it's the same ISTbar as the analysts had,
much less that their analysis was complete.
|
| No. We're talking about the unknown malware that installed ISTbar. We're
| talking about the unknown malware that was installed by ISTbar. We're
| talking about the unknown malware that was installed aisde from ISTbar.
| We're talking about the malware that got in through the same vulnerability
| as ISTbar.
|
| Heck, we're not even sure that it's the same ISTbar as the analysts had,
| much less that their analysis was complete.
Once in a while I will agree with you. This is NOT one of those times.
This is a common annoying adware program most notably installed by not practicing Safe Hex.
> From: "Sebastian G." <seppi@seppig.de>
>
>
> |
> | No. We're talking about the unknown malware that installed ISTbar. We're
> | talking about the unknown malware that was installed by ISTbar. We're
> | talking about the unknown malware that was installed aisde from ISTbar.
> | We're talking about the malware that got in through the same vulnerability
> | as ISTbar.
> |
> | Heck, we're not even sure that it's the same ISTbar as the analysts had,
> | much less that their analysis was complete.
>
> Once in a while I will agree with you. This is NOT one of those times.
>
> This is a common annoying adware program most notably installed by not practicing Safe Hex.
Let me rephrase it: If this is really the same ISTbar as the analysts have
and if their analysis is correct and complete and if ISTbar was installed
primary through this vulnerability and if no other malware exploited this
vulnerability, then a removal might be possible.
Too many "if"s with too unlikely conditions, at least for me.
> David H. Lipman wrote:
>
>> From: "Ertugrul Söylemez" <es@ertes.de>
>> |
>> | He is right in that flattening and rebuilding the system is the only way
>> | to _guarantee_ that all malware has been removed.
>> |
>> | Regards,
>> | Ertugrul.
>> |
>> For ISTbar ?
>> That's like swatting a fly with a sledge hammer. Way overboard. We
>> are not talking about a
>> password stealing Trojan with RootKit techniques. We are just talking about minor,
>> annoying, adware program.
>
>
> No. We're talking about the unknown malware that installed
> ISTbar. We're talking about the unknown malware that was installed by
> ISTbar. We're talking about the unknown malware that was installed
> aisde from ISTbar. We're talking about the malware that got in through
> the same vulnerability as ISTbar.
>
> Heck, we're not even sure that it's the same ISTbar as the analysts
> had, much less that their analysis was complete.
I'm 100% with Sebastian's on this one.
The proper procedure is to flatten and rebuild after any malware
infection.
Should one eschew proper procedure they should do so with eyes wide
open of all the new risks they're taking on about custom variants of
malware that AV may not detect or new aspects of a detected threat
that differ from the version characterized by the AV vendors.
Now you might get lucky and remove the threat. Then again, you might
not. Depending on the system's use and risk posture, this added risk
may be acceptable (i.e. a machine that is never used to log on
anywhere with a password that matters, no confidential information on
the machine that's worthwhile--not sure there are many such machines
in the world though), or quite unacceptable.
comphelp@toddh.net (Todd H.) wrote in news:84k5l0x126@news.giganews.com:
Let's really be safe - flatten and rebuild the system at least twice a day.
Or hourly. After all, let's not take any chances by waiting for any
symptoms of malware to appear - instead be proactive and preempt by hourly
rebuilds. Just to really play it safe :-)
No, sarcasm aside, Lipman has it right - there is no need to use a sledge
hammer to crack a peanut.
On Tue, 19 Feb 2008 19:04:53 GMT, nemo_outis wrote:
> comphelp@toddh.net (Todd H.) wrote in news:84k5l0x126@news.giganews.com:
>
> Let's really be safe - flatten and rebuild the system at least twice a day.
Or change Operating Systems. :-D
> Or hourly. After all, let's not take any chances by waiting for any
> symptoms of malware to appear - instead be proactive and preempt by hourly
> rebuilds. Just to really play it safe :-)
> comphelp@toddh.net (Todd H.) wrote in news:84k5l0x126@news.giganews.com:
>
> Let's really be safe - flatten and rebuild the system at least twice a day.
> Or hourly. After all, let's not take any chances by waiting for any
> symptoms of malware to appear - instead be proactive and preempt by hourly
> rebuilds. Just to really play it safe :-)
There are public use computer systems that do get re-imaged with daily
frequency...
> No, sarcasm aside, Lipman has it right - there is no need to use a sledge
> hammer to crack a peanut.
If you're really dealing with a peanut, sure.
The underlying problem is that unless you have a strong baseline of
you system, you don't have strong certainty you're really dealing with
a peanut.
comphelp@toddh.net (Todd H.) wrote in news:84mypwlomu@news.giganews.com:
>...
> If you're really dealing with a peanut, sure.
>
> The underlying problem is that unless you have a strong baseline of
> you system, you don't have strong certainty you're really dealing with
> a peanut.
There is always a tension between productivity and security. Wanna be
completely secure? Then turn the damned thing off and never use it again.
Better yet, build a bonfire with it.
For garden variety nuisances like spyware, the appropriate remedy is
spyware cleaners, followed by a period of increased vigilance (aided by
tools such as firewalls).
Life is full of risks - no one gets out alive. Reasonable and
proportionate precautions and responses are all that are required;
otherwise one would never get out of bed, let alone get anything done.
> The underlying problem is that unless you have a strong baseline of
> you system, you don't have strong certainty you're really dealing with
> a peanut.
Which is exactly the reason why a strong baseline is a necessity for
reliable computer usage.
But unlike you I don't thing that this would be hard to achieve. Not even
for a beginner, as long as he's willing and reasonable.
> Todd H. wrote:
>
>
>> The underlying problem is that unless you have a strong baseline of
>> you system, you don't have strong certainty you're really dealing with
>> a peanut.
>
> Which is exactly the reason why a strong baseline is a necessity for
> reliable computer usage.
>
> But unlike you I don't thing that this would be hard to achieve. Not
> even for a beginner, as long as he's willing and reasonable.
We actually don't disagree on this. I don't think it's hard to
achieve.
I just know the reality is that nearly no one out there has such a
baseline, which make the recommendation you and I are making (flatten
and rebuild) all the more appropriate for anything but trivial systems
no one cares about whether they might have keyloggers or the like on
them.
Todd H. wrote:
> "Sebastian G." <seppi@seppig.de> writes:
>
>> Todd H. wrote:
>>
>>
>>> The underlying problem is that unless you have a strong baseline of
>>> you system, you don't have strong certainty you're really dealing with
>>> a peanut.
>> Which is exactly the reason why a strong baseline is a necessity for
>> reliable computer usage.
>>
>> But unlike you I don't thing that this would be hard to achieve. Not
>> even for a beginner, as long as he's willing and reasonable.
>
> We actually don't disagree on this. I don't think it's hard to
> achieve.
>
> I just know the reality is that nearly no one out there has such a
> baseline, which make the recommendation you and I are making (flatten
> and rebuild) all the more appropriate for anything but trivial systems
> no one cares about whether they might have keyloggers or the like on
> them.
>
> Best Regards,
Coincidence? I got rid of Norton because their latest and last update
caused their scan to cease. It said something like licensing issues need
resolving before continuing. I bought a program not a damned
subscription. I bought it before they started this stuff. It only
stopped one attack ,in the several years I have had it.
I got rid of it yesterday. The Hijacker hasn't resurfaced. I've had a
couple of free programs for some time. They work better. A few times
I've tried to resolve a problem with Norton. I don't remember what it
was right now. I could never get any sense out of their Indian and
Malaysian experts. All I could get was 19.95 or 2995 or some such to
analyze the problem or something similar.
Billy <Bob@BillyJoe.Bob's> wrote in news:woLuj.251$0o2.21@newsfe02.lga:
....
Norton is notorious for being bloatware, for slowing systems to a crawl,
for conflicting with other programs, and for putting down roots so deep
that it's a bitch to get rid of.
There's only one Norton program worth having and running, and running only
once: Norton Removal Tool!
Regards,
PS Symantec has the Midas touch in reverse; everything they touch turns to
shit. They buy up good small companies with good programs, digest those
programs, and like all digested matter, it becomes shit. They have no
ideas of their own but their marketing folks insists on issuing regular
releases to stay in the public eye and make money - but the useless
features only add to the bloat.
Long ago the Norton Utilities really were useful - before Symantec ruined
them. Long ago Ghost was excellent - before it became a gutted and
rebranded version of drive image. Long ago...
| Billy <Bob@BillyJoe.Bob's> wrote in news:woLuj.251$0o2.21@newsfe02.lga:
|
| ...
| Norton is notorious for being bloatware, for slowing systems to a crawl,
| for conflicting with other programs, and for putting down roots so deep
| that it's a bitch to get rid of.
|
| There's only one Norton program worth having and running, and running only
| once: Norton Removal Tool!
|
| Regards,
|
| PS Symantec has the Midas touch in reverse; everything they touch turns to
| shit. They buy up good small companies with good programs, digest those
| programs, and like all digested matter, it becomes shit. They have no
| ideas of their own but their marketing folks insists on issuing regular
| releases to stay in the public eye and make money - but the useless
| features only add to the bloat.
|
| Long ago the Norton Utilities really were useful - before Symantec ruined
| them. Long ago Ghost was excellent - before it became a gutted and
| rebranded version of drive image. Long ago...
The corporate products are *much* better then the retail products.
Symantec Ghost (corp.) is the only Symantec product I swear by and not swear at.
Unfortunately the corporate vs. retail product concept is the same for McAfee/NAI.
"David H. Lipman" <DLipman~nospam~@Verizon.Net> writes:
> From: "nemo_outis" <abc@xyz.com>
>
> | Billy <Bob@BillyJoe.Bob's> wrote in news:woLuj.251$0o2.21@newsfe02.lga:
> |
> | ...
> | Norton is notorious for being bloatware, for slowing systems to a crawl,
> | for conflicting with other programs, and for putting down roots so deep
> | that it's a bitch to get rid of.
> |
> | There's only one Norton program worth having and running, and running only
> | once: Norton Removal Tool!
> |
> | Regards,
> |
> | PS Symantec has the Midas touch in reverse; everything they touch turns to
> | shit. They buy up good small companies with good programs, digest those
> | programs, and like all digested matter, it becomes shit. They have no
> | ideas of their own but their marketing folks insists on issuing regular
> | releases to stay in the public eye and make money - but the useless
> | features only add to the bloat.
> |
> | Long ago the Norton Utilities really were useful - before Symantec ruined
> | them. Long ago Ghost was excellent - before it became a gutted and
> | rebranded version of drive image. Long ago...
>
> The corporate products are *much* better then the retail products.
> Symantec Ghost (corp.) is the only Symantec product I swear by and not swear at.
>
> Unfortunately the corporate vs. retail product concept is the same
> for McAfee/NAI.
This is my experience as well. SAV is relatively unannoying. NAV,
on the other hand, is horrendous.
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:VlNuj.11413$N95.9719@trnddc03:
> The corporate products are *much* better then the retail products.
> Symantec Ghost (corp.) is the only Symantec product I swear by and not
> swear at.
>
> Unfortunately the corporate vs. retail product concept is the same for
> McAfee/NAI.
Up to Ghost 2003/version 8 (the last based on the Binary research code)
it was just fine in the consumer version. I especially liked the detailed
command-line switches for backing up things like encrypted drives. (I
now prefer Acronis for day-to-day Windows convenience - as long as I
don't do anything tricky.)
I only tried the corporate Ghost versions up to 8 (although I have 12
lying around) and they didn't do much to differentiate themselves (for my
purposes).
I've got bootleg copies of the corporate anti-virus stashed away
somewhere (and I've heard it's not bad) but I've never gotten around to
trying it. (The corporations where I consulted mostly used Trend, so I
standardized on that for corporate compatibility uses. Personally, I use
Kaspersky - as much out of long habit as anything else.)
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:lyEuj.7762$N95.6498@trnddc03:
> From: "Sebastian G." <seppi@seppig.de>
>
>
>|
>| No. We're talking about the unknown malware that installed ISTbar.
>| We're talking about the unknown malware that was installed by ISTbar.
>| We're talking about the unknown malware that was installed aisde from
>| ISTbar. We're talking about the malware that got in through the same
>| vulnerability as ISTbar.
>|
>| Heck, we're not even sure that it's the same ISTbar as the analysts
>| had, much less that their analysis was complete.
>
> Once in a while I will agree with you. This is NOT one of those
> times.
>
> This is a common annoying adware program most notably installed by not
> practicing Safe Hex.
So, by not following safe hex, the OP has installed at least one mild
malware - ISTbar, but who knows what else he picked up? along the way?
I guess the OP could decide if they were foolish once, or foolish a few
times and got caught once, or have been foolish many times, and they
don't know what else is on their machine.
I'll agree that this mild malware could probably be removed simply. But
flattening and rebuilding gives the OP a chance to improve their security
model. Install all the patches, install some proper AV, sort out the
toy-firewalls, tell the kids not to surf pr0n sites, etc.
|
| So, by not following safe hex, the OP has installed at least one mild
| malware - ISTbar, but who knows what else he picked up? along the way?
|
| I guess the OP could decide if they were foolish once, or foolish a few
| times and got caught once, or have been foolish many times, and they
| don't know what else is on their machine.
|
| I'll agree that this mild malware could probably be removed simply. But
| flattening and rebuilding gives the OP a chance to improve their security
| model. Install all the patches, install some proper AV, sort out the
| toy-firewalls, tell the kids not to surf pr0n sites, etc.
Chances are the user will repeat the same mistakes. At least with attempting to remove the
malware the user will learn more about it (malware in general) and will tend to be more
proactive.
> Chances are the user will repeat the same mistakes. At least with attempting to remove the
> malware the user will learn more about it (malware in general) and will tend to be more
> proactive.
He will learn nothing except that his efforts are futile and a waste of time.
On the other hand, flattening and rebuilding the system is a painful effort,
including repeated downloads, secure bootstrapping, configuration etc. -
chances are that he'll understand even better why a compromise should be
avoided in first place.
Hijacker 
Linear Mode
