trojan ?

Discussion in 'malware problems & news' started by JLH60, Oct 17, 2003.

Thread Status:
Not open for further replies.
  1. JLH60

    JLH60 Registered Member

    Joined:
    Oct 17, 2003
    Posts:
    2
    Just installed spyware blaster and have spybot search and destroy. I had this problem before I installed spyblaster,and cant get rid of it. Any help please. C:\WINDOWS\SYSTEM32\Desire-uninstall.exe\DESIRE-UNINSTALL.EXE



    Can not delete file.
     
    JLH60, Oct 17, 2003
    #1
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,280
    Location:
    New England
    Hi JLH60,

    Can you go into the task manager (ctrl alt del) and check to see if that file is actually a running task? If it is, you should be able to kill it from there then go and try to delete the file.
     
    LowWaterMark, Oct 17, 2003
    #2
  3. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Looks like you have a variant of this exploit that seems to be running around in many versions....last time i looked it was up to Q in the alphabet.


    **************************



    Istbar.C follows the routine below:

    When the user accesses certain web pages, a message appears to ask for permission to run an ActiveX code.
    If the user agrees, the ActiveX code installs several spyware programs and dialers, downloads other programs from the Internet and displays advertisements from adult sites.




    Other Details
    Istbar.C is written in the programming language Visual C++ v 6.0. The Trojan is 176,128 bytes in size. Some of the files are compressed with UPX.





    RB32.EXE and LP.EXE. RB32.EXE drops the file LP.EXE. These Trojan components download dialers and display advertising pop-up windows of adult content. These files are detected by Panda Antivirus as Trj/Istbar.I.
    GM.EXE. This component downloads dialers and spyware programs to the affected computer, such as Rapid Blaster, 180Solutions, Igetnet, etc. It is able to update itself whenever new versions are available.
    LOADER.EXE and IGETNET.EXE. These files are detected by Panda Antivirus as Bck/Ruledor.A.
    Istbar.H could also create any of the following files:

    MSCACHE.EXE, AUPDATE.EXE, AUPDATE_UNINSTALL.EXE or MSCACHE.DLL.
    Istbar.H creates the following entry in the Windows Registry:

    HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
    IST Service %programfiles%istsvc.exe
    By creating this entry, Istbar.H ensures that it is run whenever Windows is started.
    Istbar.H modifies the following entry in the Windows Registry:

    HKEY_LOCAL_MACHINE\ Software\ Internet Explorer\ Main
    Start page http://www.slotch.com
    By modifying this entry, Istbar.H changes the home page of Internet Explorer.


    http://www.virusportal.com/com/virusinfo/encyclopedia/overview.aspx?idvirus=41127
     
    Primrose, Oct 17, 2003
    #3
  4. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Primrose, Oct 17, 2003
    #4
  5. JLH60

    JLH60 Registered Member

    Joined:
    Oct 17, 2003
    Posts:
    2
    Thanks guys, you are life savers. Have been fighting this for weeks. ;)
     
    JLH60, Oct 18, 2003
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...