trojan ?

Discussion in 'malware problems & news' started by JLH60, Oct 17, 2003.

Thread Status:
Not open for further replies.
  1. JLH60

    JLH60 Registered Member

    Joined:
    Oct 17, 2003
    Posts:
    2
    Just installed spyware blaster and have spybot search and destroy. I had this problem before I installed spyblaster,and cant get rid of it. Any help please. C:\WINDOWS\SYSTEM32\Desire-uninstall.exe\DESIRE-UNINSTALL.EXE



    Can not delete file.
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    Hi JLH60,

    Can you go into the task manager (ctrl alt del) and check to see if that file is actually a running task? If it is, you should be able to kill it from there then go and try to delete the file.
     
  3. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Looks like you have a variant of this exploit that seems to be running around in many versions....last time i looked it was up to Q in the alphabet.


    **************************



    Istbar.C follows the routine below:

    When the user accesses certain web pages, a message appears to ask for permission to run an ActiveX code.
    If the user agrees, the ActiveX code installs several spyware programs and dialers, downloads other programs from the Internet and displays advertisements from adult sites.




    Other Details
    Istbar.C is written in the programming language Visual C++ v 6.0. The Trojan is 176,128 bytes in size. Some of the files are compressed with UPX.





    RB32.EXE and LP.EXE. RB32.EXE drops the file LP.EXE. These Trojan components download dialers and display advertising pop-up windows of adult content. These files are detected by Panda Antivirus as Trj/Istbar.I.
    GM.EXE. This component downloads dialers and spyware programs to the affected computer, such as Rapid Blaster, 180Solutions, Igetnet, etc. It is able to update itself whenever new versions are available.
    LOADER.EXE and IGETNET.EXE. These files are detected by Panda Antivirus as Bck/Ruledor.A.
    Istbar.H could also create any of the following files:

    MSCACHE.EXE, AUPDATE.EXE, AUPDATE_UNINSTALL.EXE or MSCACHE.DLL.
    Istbar.H creates the following entry in the Windows Registry:

    HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
    IST Service %programfiles%istsvc.exe
    By creating this entry, Istbar.H ensures that it is run whenever Windows is started.
    Istbar.H modifies the following entry in the Windows Registry:

    HKEY_LOCAL_MACHINE\ Software\ Internet Explorer\ Main
    Start page http://www.slotch.com
    By modifying this entry, Istbar.H changes the home page of Internet Explorer.


    http://www.virusportal.com/com/virusinfo/encyclopedia/overview.aspx?idvirus=41127
     
  4. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
  5. JLH60

    JLH60 Registered Member

    Joined:
    Oct 17, 2003
    Posts:
    2
    Thanks guys, you are life savers. Have been fighting this for weeks. ;)
     
Loading...
Thread Status:
Not open for further replies.