I did an online scan at Panda and it found adware/ist.istbar. But it wasn't det. by Kas, NAV, Ad-aware, S/D, Microsoft Anti-spyware.

Location is C:\Prog. Files\Common Files\Totem Shared\update

I found files with Advertising & Distribution & Free Samples as file names but there are files with Network, System, Update, Windows names also.

Common to all these files is the ext. .dll with a number after it e.g.

Advertising.dll.043, FreeSamples.dll.042, Windows.dll.049 etc.

Is this a legit folder in xp? 'cuz I have encountered other .dll ext. from legit programs and they don't have the number after it.

I'm holding off in deleting the folder for now. Do some snooping around for info.

Any comment is appreciated. Thanks.???

http://www.wilderssecurity.com/archive/index.php/t-4758.html
I found this in another thread from google:
blaze no trust this one
Uninstall0001, "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver, HKEY_LM\Run

Some quick Google and other searches:
[hr]
stripsaver
In HOSTS is a site clicks.stripsaver.com that will be blocked by HOSTS.
After a quick look at Google I think stripsaver has to do with a porn site and/or screensaver.




{QUOTE-> Mr.Blaze
November 11th, 2002, 03:48 AM

ok i deleteted the strip saver from start up but do i delet the totem shared folder located in my common files folder located in windows xp?

cause im looking at totem folder
and it has two folders in it

Uninstall0001
Update

in totem shared folder under uninstall0001 folder has the following stuff in it
profile folder
Distribution.dll
msvcr70.dll
Network.dll
Stats.dll
System.dll
Upd
Update.dll
Windows.dll

in same folder but profile folder located in totem shared uninstall0001 folder called profile these files exsist

data.ndq
profile.lsf

In the update folder in totem shared i se these files
Advertising.dll.028
distribution.dll.012
msvcr70.dll.010
ScreenSaver.dll.019
System.dll.034
Windows.dll.035
Bpk.dll.028
FavoriteLinks.dll.026
Network.dll.026
Stats.dll.025
Update.dll.027
WindowsEx.dll.014

so do i delet this so called totem shared folder containing these files looks like scum ware to me?

<-QUOTE}
{QUOTE->
Hiya Blaze!!

Have you looked in Add/Remove Programs to see if there is actually an uninstall option for this totem stuff? If you've already scanned this system for malware (AV/AT, etc) and used SpyBot S&D and the like, then this is probably only a questionable piece of software, not malware. It's own uninstall might be the best thing to do.

The contents of the Uninstall0001 folder appear to be saved .dll files that might be put back in place if the uninstall is run. (You could right click on these files and check out their various attribute fields to see if they are normal window files or simply an earlier version of totem software files.)

If no uninstall exists, you could do a search in regedit for keys related to these files and these folders, just to see "how deeply" this software is integrated into that system. It might help to know that.

Fun, fun ;)
LowWaterMark <-QUOTE}

Do a search at Google for "Totem Shared" and you'll see that that Totem Shared folder belongs to that porn screensaver.

More helpful clues I've found...
http://www.answersthatwork.com/Tasklist_pages/tasklist_u.htm

TASK LIST NAME: Upd
PROGRAM & MANUFACTURER: UPD.exe (Totem)
WHAT IT IS AND WHAT YOU CAN DO:
This program is normally run from a folder called "Totem Shared\Uninstall0001" somewhere in your PC. We do not yet know what this task does but we do know that it gets installed by pornographic (our definition) screensavers such as VirtualGirl, VirtualGuy, VirtualGay, and StripSaver.
Recommendation :
This task dramatically slows down PCs at boot-up, and it also has a noticeable performance impact on Windows on PCs below 1.3GHz. If you want to get rid of it run SpyBot Search & Destroy available from our Downloads (http://www.answersthatwork.com/Downright_pages/downright.htm) page.

This totem shared thing, I've investigated it myself and I found a site called totemcash.com, and its a porn site, disgusting.


Yeah, another page from mcafee, seems related to exactly adware/ist.istbar
http://vil.nai.com/vil/content/v_132366.htm

Did you read Panda's website page on this item that was detected?
http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=41347

Thanks for d reply. I did google totem shared\update and it turned up a number of hits. I'll go through them 4 now. Thanks again.