Main Menu
Home
Bookmark
Contact Us



 
IST.ISTbar Browser Hijacker Information

Name: IST.ISTbar
Category: Browser Hijacker
Alias: - Alias: SearchEnhancement, WindowEnhancer, SearchExe
Advice: Remove
Risk: Elevated Risk Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.
Description: ISTbar is an Internet Explorer Hijacker, which modifies your homepages and searches without a userís consent using an Internet Explorer toolbar.

ISTbar is usually installed by ActiveX drive-by download on ISTbar affiliate sites, typically porn sites in the case of the XXXToolbar variant. The ISTbar downloader is very forceful in persuading the user to install itself, if you refuse the download, a JavaScript alert complains that it won't take no for an answer and opens the download window again. ISTbar also installs other third-party software which includes advertising.

ISTbar has a number of variants that work in different ways:

The ISTbar.AUpdate variant installs a TinyBar variant to implement its toolbar. The hijacker (ISTbar) is aimed at my-internet.info and blazefind.com; distribution is managed by searchbarcash.com, its controlling server. Updates are loaded by an 'AUpdate' process.

The ISTbar.MSCache variant also uses TinyBar, along with a Browser Helper Object called mscache.dll used to load updates. The controlling server is www2.skoobidoo.com. ISTbar.MSCache was widely distributed to victims clicking on links to the 'OutWar' online game.

The ISTbar.XXXToolbar variant is an update based around adult porn. It uses its own toolbar based on a Pugi toolbar variant. The hijacker (ISTbar) is aimed at its controlling server xxxtoolbar.com, and slotch.com, distribution of this variant is controlled by toolbarcash.com.

ISTbar also installs other spyware/adware threats including: AUpdate and XXXToolbar install porn pop-up producer RapidBlaster/lp, and the AUpdate variant is also known to install DownloadPlus and the MSCache variant installs nCase and the Wink/EasyDates dialler.

Signatures: process: ist.exe: MD5 Hash: cc084bba5c92824ac6f... process: istsvc.exe: MD5 Hash: 7be389b65ad11ca48fa... process: istsvc.exe: MD5 Hash: 895d646548bb831bee2... process: mcinstl.exe: MD5 Hash: 4f3cf98250213810f69... process: mscache.exe: MD5 Hash: ... process: penoghih.exe: MD5 Hash: ... process: aupdate.exe: MD5 Hash: ... process: istsvc.exe: MD5 Hash: b5b0cae429c72c08bf0... process: istsvc.exe: MD5 Hash: ed71cd2753c5946aa8c... process: iinstall.exe: MD5 Hash: ... process: aupdate.exe: MD5 Hash: ... process: aowhih.exe: MD5 Hash: b81e56ac786c5c1fbb9... process: aowhih.exe: MD5 Hash: ... process: lovafw.exe: MD5 Hash: c1573eea9bf5464fd90... process: kfjd7l.exe: MD5 Hash: ... process: KfjD7L.exe: MD5 Hash: c1573eea9bf5464fd90... process: istsvc.exe: MD5 Hash: 7edcfbcb4ae5556e8d4... process: istsvc.exe: MD5 Hash: abeb6014b05c416443f... process: istsvc.exe: MD5 Hash: da7f10f0a4865623883... process: istsvc.exe: MD5 Hash: 60fa71b30ad87c75dcc... process: iinstall.exe: MD5 Hash: dd7d77ee74b06eb7b09... process: iinstall.exe: MD5 Hash: f78685bc0f16876c103... process: iinstall.exe: MD5 Hash: a94a8386be2a96ac1ca... process: ogbdev.exe: MD5 Hash: ... process: istsvc.exe: MD5 Hash: d322b1ba8607e8cd661... process: istsvc.exe: MD5 Hash: d322b1ba8607e8cd661... process: iinstall.exe: MD5 Hash: c6e290c79179a0f1b15... process: iinstall.exe: MD5 Hash: 099ffccfbc6e4ff4728... process: iinstall.exe: MD5 Hash: 099ffccfbc6e4ff4728... process: istdownload.exe: MD5 Hash: 1e2e1b63c418e8e735a... process: istrecover.exe: MD5 Hash: b81e56ac786c5c1fbb9... process: istsvc.exe: MD5 Hash: 6c0fdcc8affc8354f45... process: istsvc.exe: MD5 Hash: 329995a1dc9b80492e5... process: istsvc.exe: MD5 Hash: e43fcfccbb50c8ed60e... process: iinstall.exe: MD5 Hash: 8998213d819f5a271a1... process: istsvc.exe: MD5 Hash: 6e9a6e64d8362bae763... process: iinstall.exe: MD5 Hash: e0916da92d026d74810... process: vvzpmrgs.exe: MD5 Hash: 7e34435378cf5a9d74c... process: iinstall.exe: MD5 Hash: a205333b4869b59b97e... process: mtiauifq.exe: MD5 Hash: ... process: istsvc.exe: MD5 Hash: d1f01cea83144e3db8e... process: istsvc.exe: MD5 Hash: 274b0234073e94df812... process: istsvc.exe: MD5 Hash: 21b015c107b553afb1d... process: istsvc.exe: MD5 Hash: fa6572f450d3660ed39... process: iinstall.exe: MD5 Hash: 1733a7319540f6526dc... process: iinstall.exe: MD5 Hash: e932e38ec56d490731a... process: istsvc.exe: MD5 Hash: 21b015c107b553afb1d... process: ctcwcelg.exe: MD5 Hash: ... process: istrecover[1].exe: MD5 Hash: ... process: istrecover[1].exe: MD5 Hash: ... process: istrecover[1].exe: MD5 Hash: ... process: istsvc[1].exe: MD5 Hash: ... process: istsvc[1].exe: MD5 Hash: ... process: umllnbeu.exe: MD5 Hash: ... process: iinstall.exe: MD5 Hash: 6c90b17c36eed2a3e5b... process: istsvc.exe: MD5 Hash: 5571922d9ddd13ddb31... process: istsvc.exe: MD5 Hash: 4fa705da4dcb4531c7e... process: istsvc.exe: MD5 Hash: 3003973541c862d1c3f... process: istsvc.exe: MD5 Hash: 3b8c4853691cc4cf5b5... process: istsvc.exe: MD5 Hash: 0c6f2c474ff1327dd8a... process: istsvc.exe: MD5 Hash: 62e69d4ea129d75b89d... process: istsvc.exe: MD5 Hash: 4a8e673df91a049c236... process: istsvc.exe: MD5 Hash: 0c6f2c474ff1327dd8a... process: istsvc.exe: MD5 Hash: 4a8e673df91a049c236... process: istinstall_155013.exe: MD5 Hash: eabfd27f4e77ab2074e... process: iyfeco.exe: MD5 Hash: 1dc360e345fd8039e3a... process: aqtdrljm.exe: MD5 Hash: 1dc360e345fd8039e3a... process: istsvc.exe: MD5 Hash: 970b3d5747742033839... process: istsvc[1].exe: MD5 Hash: 9c855da8adaf3d87497... process: istsvc.exe: MD5 Hash: b1b85898e8329b4397e... process: istsvc.exe: MD5 Hash: 970b3d5747742033839... process: regular_plugin.exe: MD5 Hash: 2a393d66a0848e1ee14... process: regular_plugin.exe: MD5 Hash: 2a393d66a0848e1ee14... process: ylkmkant.exe: MD5 Hash: 1dc360e345fd8039e3a... process: kgufftkp.exe: MD5 Hash: 1dc360e345fd8039e3a... process: gtamox.exe: MD5 Hash: 1dc360e345fd8039e3a... process: ldefdu.exe: MD5 Hash: eac80a0b28cdefac0db... process: ysb.exe: MD5 Hash: a84d4cc80ed6bb224ea... process: istsvc.exe: MD5 Hash: e288cb46ff822e187d2... process: istsvc.exe: MD5 Hash: cbf1159fbbd66604085... process: istsvc.exe: MD5 Hash: 8ed5cc47397f86606c6... process: istsvc.exe: MD5 Hash: a327ff15256e48e0a6c... process: istsvc.exe: MD5 Hash: f937a379597d6e7e367... process: istsvc.exe: MD5 Hash: 83d15ca685022c1759f... process: istsvc.exe: MD5 Hash: 1513d181f2d153fd0aa... process: istsvc.exe: MD5 Hash: d2b3c91606f51537d3c... process: jotxeyl.exe: MD5 Hash: 1dc360e345fd8039e3a... process: afdfbcey.exe: MD5 Hash: 1dc360e345fd8039e3a... process: istrecover[1].exe: MD5 Hash: 1dc360e345fd8039e3a... process: istrecover[1].exe: MD5 Hash: 1dc360e345fd8039e3a... process: istrecover.exe: MD5 Hash: 1dc360e345fd8039e3a... process: fpf8v9.exe: MD5 Hash: eac80a0b28cdefac0db... process: ddtxxw.exe: MD5 Hash: 1dc360e345fd8039e3a... process: istsvc.exe: MD5 Hash: 1513d181f2d153fd0aa... process: cpxkhj.exe: MD5 Hash: eac80a0b28cdefac0db... process: istdownload[1].exe: MD5 Hash: be1c2d2f626d9386a45... process: istdownload[1].exe: MD5 Hash: be1c2d2f626d9386a45... process: istsvc.exe: MD5 Hash: 0af4df1e13b95c1991d... process: istsvc_updater.exe: MD5 Hash: dfbde72f7ed885fcff1... process: istsvc.exe: MD5 Hash: f01e0b79edefa13cdfd... process: istsvc.exe: MD5 Hash: 7af11e6ca39e9e46c48... process: istsvc.exe: MD5 Hash: fb8c63bc9ba28d468ed... process: istsvc.exe: MD5 Hash: 389845e1a99b45749c7... process: istsvc.exe: MD5 Hash: ... process: istinstall_155828.exe: MD5 Hash: 057bed8840924c66c91... process: iinstall.exe: MD5 Hash: 1b3d017fe45a1c9d0c0... process: istinstall_155828.exe: MD5 Hash: 8d9a815003266767373... process: wekwq.exe: MD5 Hash: 1dc360e345fd8039e3a... process: owpabf.exe: MD5 Hash: 99e29da69bb1a47d894... process: owpabf.exe: MD5 Hash: 99e29da69bb1a47d894... process: redirect7.exe: MD5 Hash: 6bd1d0d855d74ca5913... process: iinstall.exe: MD5 Hash: 7dc1423a20516c54a4e..
Type: Browser Hijacker - Spyware's primary purpose is to collect demographic and usage information from your computer, usually for advertising purposes. Spyware usually that 'sneaks' onto a system or performs other activities hidden to the user. Spyware programs are usually bundled as a hidden component and downloaded from the Internet. These modules are almost always installed on the system secretively and try to run secretively as well.



Top Browser Hijacker Visited Pages:
SuperSpider - Alias: Network Security Guard, Melcosoft - 560 visits
Tubby - Alias: MakeMeSearch, CoolWebSearch.Tubby, Spyware.Arau, Trojan.Win32.StartPage.ih, Trojan.StartPage-FJ - 208 visits
SecurityToolbar.DesktopScam - 121 visits
Spyass.com - 121 visits
EUniverse Updater - Alias: WUpdate, eUniverse Flowgo toolbar, eUniverse SirSearch, SearchUpgrader, Search Upgrader - 119 visits
CoolWebSearch - Alias: CWS, Cool Web Serach, CoolWwwSearch - 111 visits
CrackSpider - Alias: Troj/Favadd-D - 105 visits
Trojan.StartPage - Alias: SearchCentral - 85 visits
Paytime - 83 visits
IEHijacker.Q - 79 visits

Random Browser Hijacker Pages:
2nd Thought
SP32 HomePage
Super Spider
ShopNav - Alias: SRNG
iLookup - Alias: i-Lookup/GlobalWebSearch, ILookup, SearchBus, TrafficHog, SpiderSearch, I-Lookup.com
OmegaSearch - Alias: Omegasearch.com Prosearching.com. Search200.com. Mysearchnow.com. Searchexe.com
Whazit Toolbar - Alias: Whattt
CoolWebSearch.StartPage - Alias: CWS.StartPage, Win32.Startpage
IETray
SCBar - Alias: SearchEnhancement, WindowEnhancer, SearchExe


 


© 2006-2008 spyware32.com - Privacy Policy