adware/ist.istbar

Discussion in 'other security issues & news' started by bounty69sx, Jan 31, 2006.

Thread Status:
Not open for further replies.
  1. bounty69sx

    bounty69sx Registered Member

    Joined:
    Jun 5, 2004
    Posts:
    46
    Location:
    Montana, USA
    I did an online scan at Panda and it found adware/ist.istbar. But it wasn't det. by Kas, NAV, Ad-aware, S/D, Microsoft Anti-spyware.

    Location is C:\Prog. Files\Common Files\Totem Shared\update

    I found files with Advertising & Distribution & Free Samples as file names but there are files with Network, System, Update, Windows names also.

    Common to all these files is the ext. .dll with a number after it e.g.

    Advertising.dll.043, FreeSamples.dll.042, Windows.dll.049 etc.

    Is this a legit folder in xp? 'cuz I have encountered other .dll ext. from legit programs and they don't have the number after it.

    I'm holding off in deleting the folder for now. Do some snooping around for info.

    Any comment is appreciated. Thanks.o_O
     
  2. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    https://www.wilderssecurity.com/archive/index.php/t-4758.html
    I found this in another thread from google:
    blaze no trust this one
    Uninstall0001, "C:\Program Files\Common Files\Totem Shared\Uninstall0001\upd.exe" LASTCALL!adverts.stripsaver.com!StatsStripSaver, HKEY_LM\Run

    Some quick Google and other searches:
    [hr]
    stripsaver
    In HOSTS is a site clicks.stripsaver.com that will be blocked by HOSTS.
    After a quick look at Google I think stripsaver has to do with a porn site and/or screensaver.




    Do a search at Google for "Totem Shared" and you'll see that that Totem Shared folder belongs to that porn screensaver.

    More helpful clues I've found...
    http://www.answersthatwork.com/Tasklist_pages/tasklist_u.htm

    TASK LIST NAME: [FONT=Verdana, Arial]Upd
    [/FONT][FONT=Verdana, Arial]PROGRAM & MANUFACTURER: [/FONT][FONT=Verdana, Arial]UPD.exe (Totem)
    [/FONT][FONT=Verdana, Arial]WHAT IT IS AND WHAT YOU CAN DO:
    [/FONT]
    [FONT=Verdana, Arial]This program is normally run from a folder called "Totem Shared\Uninstall0001" somewhere in your PC. We do not yet know what this task does but we do know that it gets installed by pornographic (our definition) screensavers such as VirtualGirl, VirtualGuy, VirtualGay, and StripSaver.
    Recommendation :
    This task dramatically slows down PCs at boot-up, and it also has a noticeable performance impact on Windows on PCs below 1.3GHz. If you want to get rid of it run SpyBot Search & Destroy available from our
    [/FONT] [FONT=Verdana, Arial] Downloads[/FONT][FONT=Verdana, Arial] page.

    This totem shared thing, I've investigated it myself and I found a site called totemcash.com, and its a porn site, disgusting.
    [/FONT]

    Yeah, another page from mcafee, seems related to exactly adware/ist.istbar
    http://vil.nai.com/vil/content/v_132366.htm

    Did you read Panda's website page on this item that was detected?
    http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=41347
     
    Last edited: Jan 31, 2006
  3. bounty69sx

    bounty69sx Registered Member

    Joined:
    Jun 5, 2004
    Posts:
    46
    Location:
    Montana, USA
    Thanks for d reply. I did google totem shared\update and it turned up a number of hits. I'll go through them 4 now. Thanks again.
     
Loading...
Thread Status:
Not open for further replies.