istsvc.exe

ISearchTech.Sidefind: Executable (File, nothing done)
C:Documents and SettingsSimon IngramLocal SettingsTempsidefind.exe

ISearchTech.YSB: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOTCLSID{86227D9C-0EFE-4f8a-AA55-30386A3F5686}

ISearchTech.YSB: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOTInterface{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}

ISearchTech.YSB: Interface (Registry key, nothing done)
HKEY_CLASSES_ROOTInterface{DFBCC1EB-B149-487E-80C1-CC1562021542}

ISearchTech.YSB: Type library (Registry key, nothing done)
HKEY_CLASSES_ROOTTypeLib{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}

ISearchTech.YSB: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINESOFTWAREYourSiteBar

ISearchTech.YSB: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINESoftwareClassesYsb.YsbObj

ISearchTech.YSB: Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINESoftwareClassesYsb.YsbObj.1

ISearchTech.YSB: Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINESoftwareClassesCLSID{86227D9C-0EFE-4f8a-AA55-30386A3F5686}

ISearchTech.YSB: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallYourSiteBar

ISearchTech.YSB: Program directory (Directory, nothing done)
C:Program FilesYourSiteBar

I hope thismay help some people

We cannot remove the files from the registry in Win XP because it keeps telling us Access Denied

Dad Class - thank you.

every single damn time i try to uninstall this thing using the "add or remove programs" feature on XP, the window freezes......what a pain!

I found that it is an attachment that came with Powerscan. I deleted Powerscan first then deleted IStsvc and it also removed the search bar from my brower.
If you go to Powerscan.com you find that Powerscan and ISTsvc are same people.

If anyone is having problems removing this problem or just cannot get the hang of all the steps needed, the quickest way that I found to prevent this bug from running on your pc without removing it or its parent was with the program ZoneAlarm Security Suite (www.zonelabs.com). If you can get a hold to this program simply click on the Program Control tab, select the Programs tab, find the Istsv_.exe program in the list, click in the Access section and select Block. Repeat this method for Istsvc.exe. As long as Zonealarm is installed on your pc (which by the way is an excellent firewall program,) it will prevent the bug from ever running on your system. I Hope I Could Help

thank you for giving many siggestion that aided me in battling with the adware.. one of the methord where i cross use is that go to RUN and type in regedit. after u find the folder, go to HKEY_USERS press it and go to edit. there u find for the file name istsvc. after a while, it will show u the files that are being search. destroy them n u can go to the program file to remove the file.. if my does not work, use other peps idea

i was stuck with this problem for many days trying to locate the mother to kill it. Finally, I found it within the temp file at "C:Documents and Settings{your user name}Local SettingsTemp". I found it within a folder with the Temp. So trying searching it. Good luck to you all.

Thank you everyone! Im free from the ISTcurse :D

So advanced it will not allow me to execute any program designed to eliminate it. I have tried 6. I download an antidote , click to install and hey presto the program in question has done something illegal and will be shut down...
I am desperate.

to remove ISTsvc.exe, boot ur computer with windows bootable floppy. then from a: go to c: and open c:windowsprogra~1ISTsvc and simply delete it with del command. reboot. then open ur regedit file and remove all entries witch contains ISTsvc or ISTbar.

note: progra~1 = Program files

Thanks to dadclass !
jonulex.exe killed !

the task manager method worked well

I removed it! But I do not know if I removed the mother file.

I suggest you print this. It will require rebooting.


If you cant open the TASKMANAGER:
1. Copy the taskmgr.exe to your desktop
2. Rename the original into mgrtask.exe
3. Launch mgrtask.exe
!---I guess task manager works now---!

If you cant open MSCONFIG:
1. Copy the msconfig.exe to your desktop
2. Rename the original into configms.exe
3. Launch configms.exe
!---I guess MSCONFIG works now---!

To know the mother of ISTsvc:
1. End istsvc.exe
2. End every other process that are unfamiliar to you.
3. After ending one, wait until istsvc appears. 2 mins?
4. If it appears, end istsvc again and repeat step 2.
5. If it comes to the point that after ending a process and then istsvc doesnt appear again, you killed the mother!

To remove ISTsvc:
1. Using the working mgrtask.exe, end the ISTsvc process and its mother.
2. Delete the istsvc folder
3. Reboot
4. If an internet explorer window appears with a web address that is made of numbers, copy that web address
5. In the internet explorer options, click on the Content tab. Under Content Advisor, click Enable.
6. Click on settings
7. Click on the Approved Sites tab
8. Paste the web address from step 4 there and click Never
9. Reboot
10. If ISTsvc installs itself again, DO NOT DELETE
11. Go to notepad.
12. Do not type anything
13. Save it and replace the istsvc.exe file.
14. ISTsvc is now unable to open.
15. And istsvc cannot re-install cause this fake istsvc.exe file is in the way.

Hope this helped newbies and others! See ya!

-Vina R

i got this istsvc and its in my program file. i can find it from Add/Remove Programs from Control Panel.
so is it possible to eliminate this istsvc file thru tool i stated above? will it effect other program in my computer?

please help me! this stupid thing is on my computer and i cant get rid of it.<br />
<br />
i have limited ability/knowledge with computers and don't understand all of your terms! (sorry!) eg: mother file???<br />
<br />
could some generous helpful (potential hero) please post a step by step way to saving my computer?<br />
<br />
thanks!!!!!!!!!!!

just an idea...i created a read only empty istsvc.exe to replace the origonal. now it cannot create a new one because this is in its way

Use Security Task Manager to identify the file and all related files for this spyware. Quarentine the files and that should eliminate the threat permanently.

Security Task Manager can be found at:

http://www.neuber.com/taskmanager/

This program will also identify and rate security ricks for all other programs and running tasks in your computer. I suggest getting the Registered version.

Set your pc to safemode then restart. You can then delete the file and any others it installs

thanks dadclass , worked like a dream and only took 2 hours.

dam thing kept popping up.thank you

Adios istsvc!!! Dadclass, thank you so very very much,

if u try to delete the file itself witout end processing it, it would say it is still in use and u cant delete it. or u can end process it and try to go to add or remove and remove it from there. after u remove it, its best if u use ur spyware/adware remover to remove any other ones that are left and to make sure its really gone :D good luck

i got rid of it by going to windows task manager and then going to processes and looking for ISTsvc.exe. from there i went to Windows Explorer and started looking for the file. i later found it and then i end process ISTsvc.exe then i deleted the file. it might come back later like 2 more times before it goes away.

Follow dadclass, but to find the mother .exe you look under, in the registry, hkey_local_machine, software, microsoft, windows, current version, run and then look for a .exe with 5 random letters.
thanks dadclass!

Thank you SO MUCH for recommending Process Explorer. It helped me get rid of Istsvc.exe and a couple of other pesky spyware applications I was having trouble deleting. Finding your advice was a life saver!

simply follow the advice of dadclass see earlier post. worked for me. Stop Istsvc and the mother program and then delete them. Thanks dadclass.

I too used Symantec istbar remover with no success. Used dadclass (post #39). Went to www.sysinternals.com and downloaded the process explorer. In my case is the mother was "napekmk.exe". My sincere thanks to everyone on this blog who helped me, especially dadclass for sharing your secret- High five my man! I got the istsvc.exe from Limewire. What I thought was a trial program of Limewire pro was really the virus. BEWARE!

Thanks Lonnie for your method it worked perfect! I don't know yet if the virus is annihilated but it definitely seems that way. Otherwise I'll come back ;)

Ran the istbar remover tool from Symantec and it did not remove the service properly. Used dadclass' method instead and worked like a charm

Symantec has released this, perhaps it will be easier for some of you:

http://securityresponse.symantec.com/avcenter/venc/data/adware.istbar.html

I have fought this thing for over a week with Adware and MS AntiSpyware Beta with no success.

Used Thomas' method now it is gone. Thank God.

I'll go have a beer with Lonnie.

I killed mother. Yeah. My mother file name was shkiwa.exe and I'm happy to see her go. This nasty virus has been stalking me for weeks.

I found her by:
doing a search of drive C in "My Computer" for *.exe. I selected the "when was it modified?" option and picked "in the past month".

There weren't that many filed and looked for the one that I couldn;t rename in the c:windows directory. You'll also probably see istsvc on the list. Dont shut down this search window because you'll be right back for the kill

Once I had her name I went into Task Manager under the processes and found her running. Right click on her and select "End Process Tree". This shut her down along with ISTSVC and essentially lowered their shields.

Now with their shields down, go back to your search window and quickly delete momma along with the istsvc. Then run Ad Aware or your favorite spy ware software to delete the rest of this creepy monster.

crack open a favorite beverage of your choice and celebrate.

It was really hard to remove.
Thanks for all the comments.
I used Ad Aware first, but it was helpless because it could not delete ist file. So, I used the task manager to delete the ist file first. link below.
http://www.neuber.com/taskmanager/process/istsvc.exe.html
Then, I used spyhunter to locate the all files related to istsv. You have to purchase spyhunter to delete the file, but I didn't. just needed to know the location.
Also searched both word ist or istsv in windows to find any other files. After that, delete the files.
Finally, I could fix this problem spending 2 hours.

Thx for your help Alex Leong I followed all your steps and my problem is solved. My mothers name was hh.exe in de windows folder. Thx again you're a lifesaver

Follow this link and all your problems be over http://www.ysbweb.com/uninstall.html

search for dadclass' post and follow what he says...it rocks!!!
once again,,,thx dadclass

ok, i found the mother .exe, but i have windows 98 se, how do i stop the mothere exe from running. the "stop program" menu doesnt have anything that looks like it the right thing. i cant find the task manager.

The mother .exe is right above the istsvc file on the process explorer tree. You find it in the hard drive by locating the file of the same name as the mother file inside the c:/windows/ directory. Delete this file, and all the problems should go away.

i downloaded process explorer, find it, but dont see the mother .exe.... HELP!!!

Cheers DadClass! I really appreciate your help. Keep it up!

how do you use it?

Didn't think I'd ever get rid of this piece of crap adware. Thanks for helping me find mother, Dad.

Million thx to dadclass, istsvc gone!!

the parasite himself sems to have a removal tool for his virus ( it really works)

Thanks to Dad class..... it worked very well!!!

i downloaded process explorer, find it, but dont see the mother .exe.... HELP!!!

how can check out My ISTSVC Mother File?

Hey all: a couple of additional steps you might want to follow through on are: delete the ActiveX installer files in the folder called Downloaded Program Files (usually under WINNT for Win2K users). Double click the ones that don't seem obvious and you will see reference to YSB.com etc. Also, the random mother files are 8KB and get spawned in the WINNT directory (or wherever you find them on your OS). At one point, I had at least three of them there. Kill em all by sorting by file size. I also went one step further and added both of the URLs to the offending company to my IE restricted sites list. Someone please correct me if I am wrong, but if you add the entries *.ysbweb.com AND *.isearchtech.com, IE should block further popup ActiveX installer downloads. I could be way off on that last point but it seems logical to me.

For those trying to eliminate ISTSVC, do eveything dad class says, but in addition you must also completely delete the mother/parent file along with stopping its process, otherwise the mother file will just create ISTSVC again. Thanks again Dad Class

Nice one dadclass. Process explorer is a handy prog. I just hope it doesn't have any spyware :)

I wasn't able to remove it as it was a running process and couldn't kill it as the mother process started it immediatly so I followed your steps and now it's gone! Very easy to do, finally.

Thanks

TO LOCATE THE MOTHER FILE WITHOUT ANY DOUBTS:
In ProcessExplorer,
right-clic ISTSVC.EXE and kill it (Kill Process)
It will come back under the mother application as Process Explorer probably identifies it as the one who restarted it.

I found that just by fouling around, I owe everything to DADCLASS' clean-up steps.
THANK YOU DADCLASS.

The mother file is started automatically by a registry entry in HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun<br />
named with 5 randow characters pointing to the random named .exe in the windows directory. Deltete this, kill that proc and delete the exe and you should be fine, otherwise ISTsvc will just be reinstalled over and over again...

you can find the mother file by using Process Explorer. Once you launch the Process Explorer, click on istsvc and a window at the bottom will display a list of properties related to istsvc. Now, locate an application file that reside at c:windows and click on it. The mother file will have a very similar properties as istsvc file. Some of the property in the mother file actually linked to istsvc.

Happy killing istsvc!

I'm reading what you all are saying about the mother file, but how do I determine which is the mother file?

Thanks dadclass ! I dont think this is any help since the name is apparently totally random but my mother file was "cpllanr.exe"

Well Done! Seems istsvc is gone!

I have a problem with the above titled file that has caused a paged default. It is stopping me from scan my C drive. I think this is correct. PLEASE HELP??????

Thanks Dadclass...worked very well!
My mother file was named Fndki.exe...

JP

Beat it finally using Startup Mechanic to find the mother program then deleting that program then cleaning up reg...whew thanks for the help I found on this topic

onpeo.exe was the name of mine. Thanks again dadclass

Thank's Dadclass, worked like a charm!

i have tried dadclass's way...it worked well but i dont know why its still come back but the mother program becomes another name... please help

Sorry, didn't realize which way this thing scrolled, the one directly below this was my post as well, I meant the deleting unfamiliar files in the task manager worked very well.

ulvpvy.exe just wanted to throw another .exe file in there for ya, ulvpvy.exe was the name of mine, thanks. Thanks to the comment in #13, I found it and removed it very simply. Good luck everyone.

Process Explorer works great. It found the mother process... I killed it along with istsvc.exe, ran PestPatrol and now it's gone. Great help! dadclass

How I did it:
1. Download a freeware Process Explorer for Windows from www.sysinternals.com, install and run it
2. Find the mother of ISTsvc.exe, for my case, it was c:Windowsyagoumc.exe
3. Fire up TaskManager, stop the mother process
4. Delete the mother .exe
5. Again, stop the ISTsvc.exe
6. Delete the ISTsvc.exe
7. Run Ad-Aware to clean up Registry entries
8. Yawn

Hope that help.

i tried puttin my comp in safe mode n ran that ist bar removal program from symantec but after i cleared it out it comes back again... i dunno wht else to do plz help me

well.....istsvc is gone but hose popups still keep comin in the middle of my games and minimize my screen.. i searched for all things made today and i found lots of garbage and a folder called deskadservice which i cant delete...i think thats the cause...HELP!

i tried working w/ alex's comments "#12" and i ran adaware on safe mode and its gone! THANX.....use the isp ank TAKE REVENGE!!!cya alll

i ran adaware and symantics istbar removal and it cant get off the "HKEY_current_user;softawre/ist" file.....MY FIREWALL GOT THEIR #66.217.137.48 please help me!!!!

found a new mother program named dyckr.exe Used removal info from A Leong and 2/11/2005 01:02 comments Thanks and good luck

and gone is istsvc
http://www.ysbweb.com/uninstall.html

I think I found the easiest way.Go to add/remove programs and remove it.

Maybe I'm a little naive, but I went their website and found remover that worked for me. Here is the link to the software and homepage, hope it works for you.
http://www.ysbweb.com/ist/softwares/remove/ist_remove.exe
http://www.isearchtech.com/

hey guys... i got this shit too..
i remove it wif ad aware but then wen i come on net again it comes back..
how to permanantly remove dis pls help..
email. dr_gtr@hotmail.com cheers.
make the subject Virus Removal thx

The removal tool worked well, but I needed a 2nd pc and good old floppy to get the tool onto the infected pc.

Another method to find the Parent file. In my case it was called ulcapt.exe. My method was to end the ISTsvc process under Windows Task Manager along with another process that I was unfamilar with. Wait a couple of minutes and if ISTsvc reappears under processes, then repeat until you find the Parent exe file. You will know this because ISTsvc will not reappear. Once I found the Parant file, I deleted all references to ISTsvc and the Parent file from my registry.

anybody interested in joining a class action suit against ist? Enough is enough

http://securityresponse.symantec.com/avcenter/venc/data/adware.istbar.html
they have a removal tool there

Someone reports some method works but someone still get stuck.

Step 1 -Simplest way - out of sign, out of mind.
1.1 Enter safe mode
1.2 Remove istscr.exe
1.3 Use Notepad to create an empty file and save as "istscr.exe".
1.4 Make the file or folder "read only".
OR
1.4 Deny access to the file.

/*now the virus would not be able to run next time you reboot */

/* You can stop here if you do not understand the following steps */

/* The following step involves editing registers, please STOP if you do not understand */

/* Or find someone who knows */

/* BACKGROUND - how this virus works
Note that some varient is harder than each other. I am talking the hardest one in here. */

/* ISTSVC has a host program (mother) in your windows directory. Same as your istsvc, the mother log up in your computer during startup. */

/* That is why you cannot remove it, even with some commerical software and removing all ISTSVC registers. You kill the son but not the mother*/

/* The mother is still not be able to be removed by any commerical anti-virus software in know so far. So if you do not want all the fuss, stop at Step 1 and wait for commerical guys to fix it. They should do it as they got paid for that*/

/* I have a lot of fund tackling this virus and if you think you want your system really clean. Go ahead with the following steps, at your own risk */

Step 2 - fix the regsiters
2.1 BACKUP your registers.
2.2 Find "ISTSVC" and remove all registers with ISTSVC attached to it.
2.3 Reboot

/* this step will let you know if "mother" exist in your machine. If you can find registers with ISTSVC on your next boot. Bingo, you have the mother program in your computer. */

/* Several names have been report so far, pdlluldv.exe, oaxit.exe, systvc.exe.... and people releasing this virus can us any name and size */

Step 3 - Where is the MOTHER, what is her name?

3.1 Use commerical software such as "Startup Machanic" (after Step 2) to find the MOTHER program. Last version of startup machanic work with 90% of the varient I found so far. JUMP TO STEP 4.
3.2 - If "startup machanic " cannot identify it, or you cannot download "startup machanic". Continous
3.3 Reboot, go to your windows directory (usually C:WINDOWS ) and search "*.exe".
3.4 From your search result, try to rename it one by one, if the file CAN be renamed, they are NOT the mother virus. Rename it back before you forget the real file name.
3.5 Now you should have more than one .exe file you cannot rename. If not, jump to my conclusion section.
3.6 Reboot and enter safe mode, rename the suspected mother virus. If you are smart, you should be able to start with the file with some unusual file names.
3.7 Peform STEP 2 above. If you sucessfully removed the mother virus, you will not find the register istsvc after a normal reboot.

/*I use "Startup machanic" becuase it is fast, some other software can identify it too.*/

STEP 4 -
4.1 Remove the virus, some older version of the "mother" let you just delete it, but some tougher version only allow you to remove the file in safe mode.
4.2 Remove all registers with "ISTSVC" found.

CONCLUSION
That is all folks. That is a battle between good and evil. The above work for all the varients I know so far.

In fact, in there web site, the offer a solution to remove the virus from your computer (in very small prints). But it is a matter of "Do you trust the bad guys to clean up for you?". Anyway, some people does report some sucess with it.

Most important, please use less energy, you are using my children's resource. So please turn off the switch, drive less. Be smart and green.

Ha ha.. I actully got it, I think. There is another file that needs to be removed.. it is pdluldv.exe .. it is in teh Windows folder. There is an entery of it in the Registry as well. After i deleted that file (end the process first) then ended the istsvc.exe process, and boom! deleted the istsvc folder.

You can search Ad-Aware 6.0 or Spybot: Search and Destroy on Google. These two actually get rid of the spyware.

I found a good solution for istsvc. If you have Win95, 98, or 2000 (i don't know if it would work on 2000), hold SHIFT as you start up to go into Safe Mode. When you are there, open notepad, drag istsvc.exe into it, and a bunch of computer language will come up. Just select a bunch of the text (it doesnt matter how much you select, even deleting one letter will mess it up). when some letters are gone, close notepad and it will ask you to save. Click yes, and istsvc is gone. Since it is already there, another istsvc may not come.
You can also do this in windows xp. To get in safe mode in xp, click start, run, and type MSCONFIG. Under the BOOT.INI tab, check the SAFEBOOT box. When you restart you will be in safe mode. To return to normal, run msconfig again in safe mode and uncheck SAFEBOOT. Windows xp will start normally.

i removed both reg entries lucamjk and istsvc,but am still unable to delete the prog folder without rebooting.and when i connect to the internet it comes back.

I have this file istsvc.exe on my computer. i detected it through spysweeper (a spyware detecting software) and it was unable to remove this file. I tried deleting it but obviously it didnt work. pleases coul you mail me telling me how to remove this file. Also my internet explorer recently stopped functioning. Do you think this is related to the virus?
may13_friday_88@hotmail.com

It's in the registry, type in regedit, then in HKEY_USERS search and find lucamjk.exe, delete that from your registry

I coudnt find a file lucamjk.exe on my hard drive. DOes anyone have any sugestions? Please email me if you know how to get rid of istsvc

Arkadygr@aol.com

Indeed.. i removed it several times.. and tried killing the process - it just comes back. What is lucamjk.exe?

you can remove istsvc as many times as you like. Unless you get rid of lucamjk.exe it'll just come back.