istsvc.exe definition, relationships, removal:
|
|
|
istsvc.exe
2 Spyware.com recommends: SpeedUpMyPC Download
Fix istsvc.exe Errors: Free Registry Download
istsvc.exe is a file and a process of the same name that is part of the ISTBar Adware. It is a harmful process that may cause damage to your system, therefore it should be terminated immediately after detection. You should also remove the istsvc.exe file, as it may restart itself after you kill the process.
istsvc.exe is located in "C:\Program Files\ISTsvc\", a directory that should be deleted altogether as part of the ISTBar Adware removal process.
Discuss istsvc.exe in spyware removal Forum
istsvc.exe removal:
|
WARNING!!! File istsvc.exe is related to spyware. This is serious violation of your privacy, your system is under security threat.
We advice you to scan your computer and eliminate possible threats. |
|
Information added: 19/03/04
Information updated: 29/08/07
Additional resources related to istsvc.exe:
Attention: If you
know or you have a website or page about istsvc.exe file, feel free
to add a link to this list: add
url
Post Comment:
Attention: Use
this form only if you have additional information about istsvc.exe file,
its removal instructions, additional resources or behavior. By clicking
"post comment" button you agree not to post any copyrighted,
unlawful, harmful, threatening, abusive, harassing, defamatory,
vulgar, obscene, profane, hateful, racially, ethnically or otherwise
objectionable material of any kind.
|
Comments from visitors:
1. by Guest. 2005-10-09 23:10:41
ISearchTech.Sidefind: Executable (File, nothing done)
C:\Documents and Settings\Simon Ingram\Local Settings\Temp\sidefind.exe
ISearchTech.YSB: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}
ISearchTech.YSB: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}
ISearchTech.YSB: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}
ISearchTech.YSB: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}
ISearchTech.YSB: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\YourSiteBar
ISearchTech.YSB: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Ysb.YsbObj
ISearchTech.YSB: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Ysb.YsbObj.1
ISearchTech.YSB: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686}
ISearchTech.YSB: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar
ISearchTech.YSB: Program directory (Directory, nothing done)
C:\Program Files\YourSiteBar\
I hope thismay help some people
2. by Guest. 2005-09-10 13:09:29
We cannot remove the files from the registry in Win XP because it keeps telling us Access Denied
3. ISTSVC Gone!! by Guest. 2005-08-24 21:08:40
Dad Class - thank you.
4. A FREAKIN' PAIN! by Guest. 2005-08-21 04:08:17
every single damn time i try to uninstall this thing using the "add or remove programs" feature on XP, the window freezes......what a pain!
5. istsvc by Guest. 2005-07-14 09:07:00
I found that it is an attachment that came with Powerscan. I deleted Powerscan first then deleted IStsvc and it also removed the search bar from my brower.
If you go to Powerscan.com you find that Powerscan and ISTsvc are same people.
6. Istsvc bug by thatek by Guest. 2005-05-30 15:05:29
If anyone is having problems removing this problem or just cannot get the hang of all the steps needed, the quickest way that I found to prevent this bug from running on your pc without removing it or its parent was with the program ZoneAlarm Security Suite (www.zonelabs.com). If you can get a hold to this program simply click on the Program Control tab, select the Programs tab, find the Istsv_.exe program in the list, click in the Access section and select Block. Repeat this method for Istsvc.exe. As long as Zonealarm is installed on your pc (which by the way is an excellent firewall program,) it will prevent the bug from ever running on your system. I Hope I Could Help
7. thx a lot!!! by Guest. 2005-05-05 10:05:35
thank you for giving many siggestion that aided me in battling with the adware.. one of the methord where i cross use is that go to RUN and type in regedit. after u find the folder, go to HKEY_USERS press it and go to edit. there u find for the file name istsvc. after a while, it will show u the files that are being search. destroy them n u can go to the program file to remove the file.. if my does not work, use other peps idea
8. The mother file by Guest. 2005-04-30 09:04:31
i was stuck with this problem for many days trying to locate the mother to kill it. Finally, I found it within the temp file at "C:\Documents and Settings\{your user name}\Local Settings\Temp". I found it within a folder with the Temp. So trying searching it. Good luck to you all.
9. AH! freedom by Guest. 2005-04-17 12:04:48
Thank you everyone! Im free from the ISTcurse :D
10. re: comment about file Istsvc.exe by S Rodriguez. 2005-04-13 09:04:58
So advanced it will not allow me to execute any program designed to eliminate it. I have tried 6. I download an antidote , click to install and hey presto the program in question has done something illegal and will be shut down...
I am desperate.
11. Remove file ISTsvc.exe by ds_rajat@rediffmail.com. 2005-04-06 10:04:45
to remove ISTsvc.exe, boot ur computer with windows bootable floppy. then from a: go to c: and open c:\windows\progra~1\ISTsvc and simply delete it with del command. reboot. then open ur regedit file and remove all entries witch contains ISTsvc or ISTbar.
note: progra~1 = Program files
12. re: comment about file Istsvc.exe by juh. 2005-04-01 09:04:39
Thanks to dadclass !
jonulex.exe killed !
13. re: comment about file Istsvc.exe by stioffan. 2005-03-31 08:03:13
the task manager method worked well
14. no need for hard steps. it's just simple by Vina R. 2005-03-30 01:03:00
I removed it! But I do not know if I removed the mother file.
I suggest you print this. It will require rebooting.
If you cant open the TASKMANAGER:
1. Copy the taskmgr.exe to your desktop
2. Rename the original into mgrtask.exe
3. Launch mgrtask.exe
!---I guess task manager works now---!
If you cant open MSCONFIG:
1. Copy the msconfig.exe to your desktop
2. Rename the original into configms.exe
3. Launch configms.exe
!---I guess MSCONFIG works now---!
To know the mother of ISTsvc:
1. End istsvc.exe
2. End every other process that are unfamiliar to you.
3. After ending one, wait until istsvc appears. 2 mins?
4. If it appears, end istsvc again and repeat step 2.
5. If it comes to the point that after ending a process and then istsvc doesnt appear again, you killed the mother!
To remove ISTsvc:
1. Using the working mgrtask.exe, end the ISTsvc process and its mother.
2. Delete the istsvc folder
3. Reboot
4. If an internet explorer window appears with a web address that is made of numbers, copy that web address
5. In the internet explorer options, click on the Content tab. Under Content Advisor, click Enable.
6. Click on settings
7. Click on the Approved Sites tab
8. Paste the web address from step 4 there and click Never
9. Reboot
10. If ISTsvc installs itself again, DO NOT DELETE
11. Go to notepad.
12. Do not type anything
13. Save it and replace the istsvc.exe file.
14. ISTsvc is now unable to open.
15. And istsvc cannot re-install cause this fake istsvc.exe file is in the way.
Hope this helped newbies and others! See ya!
-Vina R
15. re: comment about file Istsvc.exe by ^_^. 2005-03-28 02:03:47
i got this istsvc and its in my program file. i can find it from Add/Remove Programs from Control Panel.
so is it possible to eliminate this istsvc file thru tool i stated above? will it effect other program in my computer?
16. re: comment about file Istsvc.exe by guest. 2005-03-26 17:03:51
please help me! this stupid thing is on my computer and i cant get rid of it.
i have limited ability/knowledge with computers and don't understand all of your terms! (sorry!) eg: mother file???
could some generous helpful (potential hero) please post a step by step way to saving my computer?
thanks!!!!!!!!!!!
17. re: comment about file Istsvc.exe by 2005-03-25 21:03:13
just an idea...i created a read only empty istsvc.exe to replace the origonal. now it cannot create a new one because this is in its way
18. re: comment about file Istsvc.exe by David A. Seiver. 2005-03-22 20:03:39
Use Security Task Manager to identify the file and all related files for this spyware. Quarentine the files and that should eliminate the threat permanently.
Security Task Manager can be found at:
http://www.neuber.com/taskmanager/
This program will also identify and rate security ricks for all other programs and running tasks in your computer. I suggest getting the Registered version.
19. re: comment about file Istsvc.exe by kegs. 2005-03-21 08:03:48
Set your pc to safemode then restart. You can then delete the file and any others it installs
20. re: comment about file Istsvc.exe by jiker. 2005-03-20 20:03:58
thanks dadclass , worked like a dream and only took 2 hours.
21. re: comment about file Istsvc.exe by 2005-03-18 10:03:43
dam thing kept popping up.thank you
22. re: comment about file Istsvc.exe by kemiro. 2005-03-18 05:03:00
Adios istsvc!!! Dadclass, thank you so very very much,
23. re: comment about file Istsvc.exe by :D. 2005-03-17 20:03:48
if u try to delete the file itself witout end processing it, it would say it is still in use and u cant delete it. or u can end process it and try to go to add or remove and remove it from there. after u remove it, its best if u use ur spyware/adware remover to remove any other ones that are left and to make sure its really gone :D good luck
24. re: comment about file Istsvc.exe by :D. 2005-03-17 20:03:44
i got rid of it by going to windows task manager and then going to processes and looking for ISTsvc.exe. from there i went to Windows Explorer and started looking for the file. i later found it and then i end process ISTsvc.exe then i deleted the file. it might come back later like 2 more times before it goes away.
25. re: comment about file Istsvc.exe by Kris. 2005-03-17 12:03:40
Follow dadclass, but to find the mother .exe you look under, in the registry, hkey_local_machine, software, microsoft, windows, current version, run and then look for a .exe with 5 random letters.
thanks dadclass!
26. re: comment about file Istsvc.exe by QueenVee. 2005-03-13 20:03:09
Thank you SO MUCH for recommending Process Explorer. It helped me get rid of Istsvc.exe and a couple of other pesky spyware applications I was having trouble deleting. Finding your advice was a life saver!
27. re: comment about file Istsvc.exe by Jason. 2005-03-13 09:03:27
simply follow the advice of dadclass see earlier post. worked for me. Stop Istsvc and the mother program and then delete them. Thanks dadclass.
28. re: comment about file Istsvc.exe by fcb64. 2005-03-11 10:03:09
I too used Symantec istbar remover with no success. Used dadclass (post #39). Went to www.sysinternals.com and downloaded the process explorer. In my case is the mother was "napekmk.exe". My sincere thanks to everyone on this blog who helped me, especially dadclass for sharing your secret- High five my man! I got the istsvc.exe from Limewire. What I thought was a trial program of Limewire pro was really the virus. BEWARE!
29. re: comment about file Istsvc.exe by Fia. 2005-03-08 14:03:45
Thanks Lonnie for your method it worked perfect! I don't know yet if the virus is annihilated but it definitely seems that way. Otherwise I'll come back ;)
30. re: comment about file Istsvc.exe by ac. 2005-03-07 10:03:04
Ran the istbar remover tool from Symantec and it did not remove the service properly. Used dadclass' method instead and worked like a charm
31. re: comment about file Istsvc.exe by ac. 2005-03-07 09:03:38
Symantec has released this, perhaps it will be easier for some of you:
http://securityresponse.symantec.com/avcenter/venc/data/adware.istbar.html
32. re: comment about file Istsvc.exe by jonxallen. 2005-03-03 17:03:24
I have fought this thing for over a week with Adware and MS AntiSpyware Beta with no success.
Used Thomas' method now it is gone. Thank God.
I'll go have a beer with Lonnie.
33. re: comment about file Istsvc.exe by Lonnie. 2005-03-03 05:03:00
I killed mother. Yeah. My mother file name was shkiwa.exe and I'm happy to see her go. This nasty virus has been stalking me for weeks.
I found her by:
doing a search of drive C in "My Computer" for *.exe. I selected the "when was it modified?" option and picked "in the past month".
There weren't that many filed and looked for the one that I couldn;t rename in the c:windows directory. You'll also probably see istsvc on the list. Dont shut down this search window because you'll be right back for the kill
Once I had her name I went into Task Manager under the processes and found her running. Right click on her and select "End Process Tree". This shut her down along with ISTSVC and essentially lowered their shields.
Now with their shields down, go back to your search window and quickly delete momma along with the istsvc. Then run Ad Aware or your favorite spy ware software to delete the rest of this creepy monster.
crack open a favorite beverage of your choice and celebrate.
34. re: comment about file Istsvc.exe by Thomas. 2005-03-01 18:03:39
It was really hard to remove.
Thanks for all the comments.
I used Ad Aware first, but it was helpless because it could not delete ist file. So, I used the task manager to delete the ist file first. link below.
http://www.neuber.com/taskmanager/process/istsvc.exe.html
Then, I used spyhunter to locate the all files related to istsv. You have to purchase spyhunter to delete the file, but I didn't. just needed to know the location.
Also searched both word ist or istsv in windows to find any other files. After that, delete the files.
Finally, I could fix this problem spending 2 hours.
35. re: comment about file Istsvc.exe by Wesn. 2005-02-28 15:02:51
Thx for your help Alex Leong I followed all your steps and my problem is solved. My mothers name was hh.exe in de windows folder. Thx again you're a lifesaver
36. re: comment about file Istsvc.exe by pelle. 2005-02-28 04:02:17
Follow this link and all your problems be over http://www.ysbweb.com/uninstall.html
37. thx dadclass...u rock!!! by gary. 2005-02-27 15:02:49
search for dadclass' post and follow what he says...it rocks!!!
once again,,,thx dadclass
38. re: comment about file Istsvc.exe by 2005-02-27 11:02:33
ok, i found the mother .exe, but i have windows 98 se, how do i stop the mothere exe from running. the "stop program" menu doesnt have anything that looks like it the right thing. i cant find the task manager.
39. re: comment about file Istsvc.exe by White Dragon. 2005-02-27 10:02:01
The mother .exe is right above the istsvc file on the process explorer tree. You find it in the hard drive by locating the file of the same name as the mother file inside the c:/windows/ directory. Delete this file, and all the problems should go away.
40. re: comment about file Istsvc.exe by 2005-02-27 00:02:30
i downloaded process explorer, find it, but dont see the mother .exe.... HELP!!!
41. re: comment about file Istsvc.exe by Jones. 2005-02-26 23:02:49
Cheers DadClass! I really appreciate your help. Keep it up!
42. process explorer by 2005-02-26 19:02:47
how do you use it?
43. re: comment about file Istsvc.exe by Ferral. 2005-02-26 09:02:57
Didn't think I'd ever get rid of this piece of crap adware. Thanks for helping me find mother, Dad.
44. re: comment about file Istsvc.exe by Dee. 2005-02-26 06:02:27
Million thx to dadclass, istsvc gone!!
45. re: comment about file Istsvc.exe by pelle. 2005-02-25 13:02:57
the parasite himself sems to have a removal tool for his virus ( it really works)
46. re: comment about file Istsvc.exe by Sunnysideup. 2005-02-25 11:02:37
Thanks to Dad class..... it worked very well!!!
47. re: comment about file Istsvc.exe by 2005-02-25 11:02:01
i downloaded process explorer, find it, but dont see the mother .exe.... HELP!!!
48. re: comment about file Istsvc.exe by chris5579. 2005-02-25 05:02:38
how can check out My ISTSVC Mother File?
49. re: comment about file Istsvc.exe by Dreaming Entirely. 2005-02-25 01:02:11
Hey all: a couple of additional steps you might want to follow through on are: delete the ActiveX installer files in the folder called Downloaded Program Files (usually under WINNT for Win2K users). Double click the ones that don't seem obvious and you will see reference to YSB.com etc. Also, the random mother files are 8KB and get spawned in the WINNT directory (or wherever you find them on your OS). At one point, I had at least three of them there. Kill em all by sorting by file size. I also went one step further and added both of the URLs to the offending company to my IE restricted sites list. Someone please correct me if I am wrong, but if you add the entries *.ysbweb.com AND *.isearchtech.com, IE should block further popup ActiveX installer downloads. I could be way off on that last point but it seems logical to me.
50. re: comment about file Istsvc.exe by Preston. 2005-02-25 00:02:52
For those trying to eliminate ISTSVC, do eveything dad class says, but in addition you must also completely delete the mother/parent file along with stopping its process, otherwise the mother file will just create ISTSVC again. Thanks again Dad Class
51. re: comment about file Istsvc.exe by Simon. 2005-02-24 21:02:11
Nice one dadclass. Process explorer is a handy prog. I just hope it doesn't have any spyware :)
I wasn't able to remove it as it was a running process and couldn't kill it as the mother process started it immediatly so I followed your steps and now it's gone! Very easy to do, finally.
Thanks
52. re: comment about file Istsvc.exe by Jipp. 2005-02-24 12:02:45
TO LOCATE THE MOTHER FILE WITHOUT ANY DOUBTS:
In ProcessExplorer,
right-clic ISTSVC.EXE and kill it (Kill Process)
It will come back under the mother application as Process Explorer probably identifies it as the one who restarted it.
I found that just by fouling around, I owe everything to DADCLASS' clean-up steps.
THANK YOU DADCLASS.
53. re: comment about file Istsvc.exe by Nisse_Hult. 2005-02-24 03:02:20
The mother file is started automatically by a registry entry in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
named with 5 randow characters pointing to the random named .exe in the windows directory. Deltete this, kill that proc and delete the exe and you should be fine, otherwise ISTsvc will just be reinstalled over and over again...
54. re: comment about file Istsvc.exe by satay. 2005-02-23 22:02:33
you can find the mother file by using Process Explorer. Once you launch the Process Explorer, click on istsvc and a window at the bottom will display a list of properties related to istsvc. Now, locate an application file that reside at c:windows and click on it. The mother file will have a very similar properties as istsvc file. Some of the property in the mother file actually linked to istsvc.
Happy killing istsvc!
55. re: comment about file Istsvc.exe by RJ. 2005-02-23 13:02:38
I'm reading what you all are saying about the mother file, but how do I determine which is the mother file?
56. by 0000-00-00 00:00:00
Thanks dadclass ! I dont think this is any help since the name is apparently totally random but my mother file was "cpllanr.exe"
57. re: comment about file Istsvc.exe by 2005-02-22 18:02:49
Well Done! Seems istsvc is gone!
58. re: comment about file Istsvc.exe by nick marchand. 2005-02-22 16:02:58
I have a problem with the above titled file that has caused a paged default. It is stopping me from scan my C drive. I think this is correct. PLEASE HELP??????
59. re: comment about file Istsvc.exe by JP. 2005-02-22 03:02:28
Thanks Dadclass...worked very well!
My mother file was named Fndki.exe...
JP
60. re: comment about file Istsvc.exe by nutnog. 2005-02-22 01:02:09
Beat it finally using Startup Mechanic to find the mother program then deleting that program then cleaning up reg...whew thanks for the help I found on this topic
61. re: comment about file Istsvc.exe by fasteddie. 2005-02-21 01:02:39
onpeo.exe was the name of mine. Thanks again dadclass
62. re: comment about file Istsvc.exe by 2005-02-21 00:02:30
Thank's Dadclass, worked like a charm!
63. re: comment about file Istsvc.exe by M. 2005-02-20 20:02:36
i have tried dadclass's way...it worked well but i dont know why its still come back but the mother program becomes another name... please help
64. re: comment about file Istsvc.exe by 2005-02-20 13:02:39
Sorry, didn't realize which way this thing scrolled, the one directly below this was my post as well, I meant the deleting unfamiliar files in the task manager worked very well.
65. re: comment about file Istsvc.exe by 2005-02-20 13:02:29
ulvpvy.exe just wanted to throw another .exe file in there for ya, ulvpvy.exe was the name of mine, thanks. Thanks to the comment in #13, I found it and removed it very simply. Good luck everyone.
66. re: comment about file Istsvc.exe by Mattias. 2005-02-20 10:02:15
Process Explorer works great. It found the mother process... I killed it along with istsvc.exe, ran PestPatrol and now it's gone. Great help! dadclass
67. re: comment about file Istsvc.exe by dadclass. 2005-02-19 19:02:40
How I did it:
1. Download a freeware Process Explorer for Windows from www.sysinternals.com, install and run it
2. Find the mother of ISTsvc.exe, for my case, it was c:Windowsyagoumc.exe
3. Fire up TaskManager, stop the mother process
4. Delete the mother .exe
5. Again, stop the ISTsvc.exe
6. Delete the ISTsvc.exe
7. Run Ad-Aware to clean up Registry entries
8. Yawn
Hope that help.
68. re: comment about file Istsvc.exe by M. 2005-02-18 23:02:06
i tried puttin my comp in safe mode n ran that ist bar removal program from symantec but after i cleared it out it comes back again... i dunno wht else to do plz help me
69. re: comment about file Istsvc.exe by arfi. 2005-02-17 19:02:27
well.....istsvc is gone but hose popups still keep comin in the middle of my games and minimize my screen.. i searched for all things made today and i found lots of garbage and a folder called deskadservice which i cant delete...i think thats the cause...HELP!
70. re: comment about file Istsvc.exe by arfi. 2005-02-17 14:02:49
i tried working w/ alex's comments "#12" and i ran adaware on safe mode and its gone! THANX.....use the isp ank TAKE REVENGE!!!cya alll
71. re: comment about file Istsvc.exe by arfi. 2005-02-17 14:02:54
i ran adaware and symantics istbar removal and it cant get off the "HKEY_current_user;softawre/ist" file.....MY FIREWALL GOT THEIR #66.217.137.48 please help me!!!!
72. re: comment about file Istsvc.exe by 2005-02-15 22:02:14
found a new mother program named dyckr.exe Used removal info from A Leong and 2/11/2005 01:02 comments Thanks and good luck
73. re: comment about file Istsvc.exe by 2005-02-12 16:02:07
and gone is istsvc
http://www.ysbweb.com/uninstall.html
74. re: comment about file Istsvc.exe by 2005-02-12 13:02:20
I think I found the easiest way.Go to add/remove programs and remove it.
75. re: comment about file Istsvc.exe by 2005-02-12 05:02:07
Maybe I'm a little naive, but I went their website and found remover that worked for me. Here is the link to the software and homepage, hope it works for you.
http://www.ysbweb.com/ist/softwares/remove/ist_remove.exe
http://www.isearchtech.com/
76. re: comment about file Istsvc.exe by 2005-02-11 21:02:17
hey guys... i got this shit too..
i remove it wif ad aware but then wen i come on net again it comes back..
how to permanantly remove dis pls help..
email. dr_gtr@hotmail.com cheers.
make the subject Virus Removal thx
77. re: comment about file Istsvc.exe by retzel. 2005-02-11 15:02:55
The removal tool worked well, but I needed a 2nd pc and good old floppy to get the tool onto the infected pc.
78. re: comment about file Istsvc.exe by 2005-02-11 01:02:54
Another method to find the Parent file. In my case it was called ulcapt.exe. My method was to end the ISTsvc process under Windows Task Manager along with another process that I was unfamilar with. Wait a couple of minutes and if ISTsvc reappears under processes, then repeat until you find the Parent exe file. You will know this because ISTsvc will not reappear. Once I found the Parant file, I deleted all references to ISTsvc and the Parent file from my registry.
79. by Mudd. 0000-00-00 00:00:00
anybody interested in joining a class action suit against ist? Enough is enough
80. A good site by anon. 2005-02-10 15:02:13
http://securityresponse.symantec.com/avcenter/venc/data/adware.istbar.html
they have a removal tool there
81. Step by step guide & completely remove by Alex Leong. 2005-02-10 02:02:56
Someone reports some method works but someone still get stuck.
Step 1 -Simplest way - out of sign, out of mind.
1.1 Enter safe mode
1.2 Remove istscr.exe
1.3 Use Notepad to create an empty file and save as "istscr.exe".
1.4 Make the file or folder "read only".
OR
1.4 Deny access to the file.
/*now the virus would not be able to run next time you reboot */
/* You can stop here if you do not understand the following steps */
/* The following step involves editing registers, please STOP if you do not understand */
/* Or find someone who knows */
/* BACKGROUND - how this virus works
Note that some varient is harder than each other. I am talking the hardest one in here. */
/* ISTSVC has a host program (mother) in your windows directory. Same as your istsvc, the mother log up in your computer during startup. */
/* That is why you cannot remove it, even with some commerical software and removing all ISTSVC registers. You kill the son but not the mother*/
/* The mother is still not be able to be removed by any commerical anti-virus software in know so far. So if you do not want all the fuss, stop at Step 1 and wait for commerical guys to fix it. They should do it as they got paid for that*/
/* I have a lot of fund tackling this virus and if you think you want your system really clean. Go ahead with the following steps, at your own risk */
Step 2 - fix the regsiters
2.1 BACKUP your registers.
2.2 Find "ISTSVC" and remove all registers with ISTSVC attached to it.
2.3 Reboot
/* this step will let you know if "mother" exist in your machine. If you can find registers with ISTSVC on your next boot. Bingo, you have the mother program in your computer. */
/* Several names have been report so far, pdlluldv.exe, oaxit.exe, systvc.exe.... and people releasing this virus can us any name and size */
Step 3 - Where is the MOTHER, what is her name?
3.1 Use commerical software such as "Startup Machanic" (after Step 2) to find the MOTHER program. Last version of startup machanic work with 90% of the varient I found so far. JUMP TO STEP 4.
3.2 - If "startup machanic " cannot identify it, or you cannot download "startup machanic". Continous
3.3 Reboot, go to your windows directory (usually C:WINDOWS ) and search "*.exe".
3.4 From your search result, try to rename it one by one, if the file CAN be renamed, they are NOT the mother virus. Rename it back before you forget the real file name.
3.5 Now you should have more than one .exe file you cannot rename. If not, jump to my conclusion section.
3.6 Reboot and enter safe mode, rename the suspected mother virus. If you are smart, you should be able to start with the file with some unusual file names.
3.7 Peform STEP 2 above. If you sucessfully removed the mother virus, you will not find the register istsvc after a normal reboot.
/*I use "Startup machanic" becuase it is fast, some other software can identify it too.*/
STEP 4 -
4.1 Remove the virus, some older version of the "mother" let you just delete it, but some tougher version only allow you to remove the file in safe mode.
4.2 Remove all registers with "ISTSVC" found.
CONCLUSION
That is all folks. That is a battle between good and evil. The above work for all the varients I know so far.
In fact, in there web site, the offer a solution to remove the virus from your computer (in very small prints). But it is a matter of "Do you trust the bad guys to clean up for you?". Anyway, some people does report some sucess with it.
Most important, please use less energy, you are using my children's resource. So please turn off the switch, drive less. Be smart and green.
82. re: comment about file Istsvc.exe by Arkady. 2005-02-09 00:02:10
Ha ha.. I actully got it, I think. There is another file that needs to be removed.. it is pdluldv.exe .. it is in teh Windows folder. There is an entery of it in the Registry as well. After i deleted that file (end the process first) then ended the istsvc.exe process, and boom! deleted the istsvc folder.
83. Spyware removers that actually work by rl47. 2005-02-08 13:02:00
You can search Ad-Aware 6.0 or Spybot: Search and Destroy on Google. These two actually get rid of the spyware.
84. Solution for istsvc by rl47. 2005-02-08 13:02:58
I found a good solution for istsvc. If you have Win95, 98, or 2000 (i don't know if it would work on 2000), hold SHIFT as you start up to go into Safe Mode. When you are there, open notepad, drag istsvc.exe into it, and a bunch of computer language will come up. Just select a bunch of the text (it doesnt matter how much you select, even deleting one letter will mess it up). when some letters are gone, close notepad and it will ask you to save. Click yes, and istsvc is gone. Since it is already there, another istsvc may not come.
You can also do this in windows xp. To get in safe mode in xp, click start, run, and type MSCONFIG. Under the BOOT.INI tab, check the SAFEBOOT box. When you restart you will be in safe mode. To return to normal, run msconfig again in safe mode and uncheck SAFEBOOT. Windows xp will start normally.
85. re: comment about file Istsvc.exe by Alfredo Arcanio. 2005-02-08 09:02:49
i removed both reg entries lucamjk and istsvc,but am still unable to delete the prog folder without rebooting.and when i connect to the internet it comes back.
86. re: comment about file Istsvc.exe by Mridula. 2005-02-06 06:02:53
I have this file istsvc.exe on my computer. i detected it through spysweeper (a spyware detecting software) and it was unable to remove this file. I tried deleting it but obviously it didnt work. pleases coul you mail me telling me how to remove this file. Also my internet explorer recently stopped functioning. Do you think this is related to the virus?
may13_friday_88@hotmail.com
87. re: comment about file Istsvc.exe by PLo. 2005-02-05 21:02:10
It's in the registry, type in regedit, then in HKEY_USERS search and find lucamjk.exe, delete that from your registry
88. re: comment about file Istsvc.exe by ArkadyGr@aol.com. 2005-02-05 17:02:10
I coudnt find a file lucamjk.exe on my hard drive. DOes anyone have any sugestions? Please email me if you know how to get rid of istsvc
Arkadygr@aol.com
89. re: comment about file Istsvc.exe by Arkady. 2005-02-05 17:02:58
Indeed.. i removed it several times.. and tried killing the process - it just comes back. What is lucamjk.exe?
90. re: comment about file Istsvc.exe by 2005-02-04 11:02:40
you can remove istsvc as many times as you like. Unless you get rid of lucamjk.exe it'll just come back.
|
|
Latest spyware news:
Related discussions:
|
How to Keep Your Credentials Save
