How do you get rid of it? I've did everything they said to do on Norton Antivirus web site but can't get rid of it... I think Norton sucks!

Tiger,

What Trojan horse are you infected with?

PN

http://securityresponse.symantec.com/avcenter/vinfodb.html

It scans as Download trojan...

Have you tried scanning your PC with another anti-virus such as AVG, or doing an online virus scan to see if the results are any different?

PN

http://www.grisoft.com/us/us_404.php

http://housecall.antivirus.com/housecall/start_corp.asp

Tigger:

If you really have a trojan horse on your PC, you should consider disconnecting from the internet and then, save all of your important files and reformat your hard drive. Maybe another member has another suggestion on how to deal with this trojan horse.

PN

Originally posted by TIGGER74:

How do you get rid of it? I've did everything they said to do on Norton Antivirus web site but can't get rid of it... I think Norton sucks!
Have you tried Spybot Search & Destroy?

Hey PN,

i ran house call scan and found

TROJ ISTAR.A C:\_RESTORE\ARCHIVE\FS120...
TROJ STARTPAGE.Q C:\_RESTORE\ARCHIVE\FS135...
TROJ STARTPAGE.Q \FS135
TROJ STARTPAGE.Q \FS135
TROJ STARTPAGE.Q \FS135
TROJ ISTARB C:\PROGRAMFILES\ISTsvc\ISTsvc

any ideas pn or anyone else?

tigger i agree norton sucks

The files in _RESTORE you can just delete... info on removing Startpage.Q can be found here (http://vil.nai.com/vil/content/v_100442.htm)... the ISTARB you may be able to delete, too.

-Steven

Originally posted by TIGGER74:

It scans as Download trojan... Can you give the full path to the file it says is infected?

-Steven

Originally posted by CLC379:

Hey PN,

i ran house call scan and found

TROJ ISTAR.A C:\_RESTORE\ARCHIVE\FS120...
TROJ STARTPAGE.Q C:\_RESTORE\ARCHIVE\FS135...
TROJ STARTPAGE.Q \FS135
TROJ STARTPAGE.Q \FS135
TROJ STARTPAGE.Q \FS135
TROJ ISTARB C:\PROGRAMFILES\ISTsvc\ISTsvc

any ideas pn or anyone else?

tigger i agree norton sucks
well, Norton claims that Norton anti-virus "will" get rid of istsvc.exe, which happens to be an adware. In which case Spybot should get rid of it as well.

I have found following solution; --

Partially removed via add/remove programs (MS AUpdate and ISTbar). Use AdAware and/or Spybot to help with the cleanup.

You can also clean up the registry:

HKEY_CURRENT_USERS\Software\Microsoft\Windows\Curr entVersion\Run (AutoUpdater entry for 'aupdate.exe' programme or "1stService")

HKEY_CLASSES_ROOT\CSLID\{69550BE2-9A78-11D2-BA91-00600827878D}

HKEY_CURRENT_USER\Software\1STbar

HKEY_CURRENT_USER\Software\IST\

HKEY_CLASSES_ROOT\Pugi.PugiObj

HKEY_CLASSES_ROOT\Pugi.PugiObj.1

HKEY_CLASSES_ROOT\1STactivex.Installer.1\

HKEY_CLASSES_ROOT\1STactivex.Installer\

Search engine hijackings - you may also need to delete the following registry keys as per the advice in Microsoft's knowledge base article:

http://support.microsoft.com/default.aspx?scid=KB;EN-US;q323869


HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

Delete the following files if they exist: aupdate_uninstall.exe; aupdate.trk; aupdate.conf; aupdate.exe; istbar.dll; istsvc.exe, istactivex.dll, 1STactivex.dll, 1stactivex.inf,

From PC World

Trojan Remover v4.7.4

Concerned about Trojan horses, those viruses hiding behind innocent-looking programs? With this utility, you can scan your PC for Trojan horses, checking all files when you boot up. If Trojan Remover finds a Trojan horse, it removes the offending equine and repairs the modified system files and Registry for you. You can also run scans from within Windows Explorer, performing them on files, directories, or an entire drive. You can then get details on the virus in the integrated database, which contains information on a massive herd of over 5000 Trojan horses.

http://www.pcworld.com/downloads/file_description/0,fid,8171,00.asp

PN