BleepingComputer.com: Testing my first post - is it Juno's fault?

Newbie here, not sure where to post question:
Juno is our ISP. Lately, Spybot has been catching ISTBar Slotch and I've taken to running a Bot-check after every log-on/off. Our home page is Juno's. After cleaning up all of Spybot "catches", then restarting the computer and automatically going to Juno's Home Page upon startup, I ran another Bot-Check...and there it is again...ISTBar Slotch.

So, question is: Is this Juno's "fault"? Are they allowing this nasty stuff - or do they even know about it - do I e-holler at them/advise them? Or is it even related to Juno itself?

Thanks!

My advice use google.com as your homepage search engine.

If you dont have it till you go to juno it sounds like it juno's fault........

Im really unsure thouhg.

I think you should post a Hijackthis log to be safe. I know spyware can do this.

Do you know how to post a hijackthis log?

If not go to the Hijackthis logs and analysis forum and view the Tutorial and how to post a log.

Thanks

It's definitely a Hijacker.
http://www3.ca.com/securityadvisor/pest/br...=I&cat=Hijacker

Quote

As cows said, you should submit a HJT log, to the HJT forum.

Download the latest version of HijackThis (HJT), from here.

Put HijackThis in a Permanent folder:
Click My Computer / C: / File / New / Folder / name the folder; HijackThis
Put HijackThis.exe, in this folder.
This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.

Read the pinned post in the HJT forum, here

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.

This post has been edited by tg1911: 03 January 2005 - 04:13 PM

Thanks TG!

I was too lazy to look up what the thing was I was short on time but I was pretty sure it was spyware!

Thanks, TG. I realize that ISTBarSlotch is a hijacker. And Spybot is doing its thing, in removing it. But it keeps coming back via Juno (I think). Do I need to download and run HJT and post a log in order to determine for sure if Juno is the perpetrator?
...Kat

Go ahead and post a HJT log in the Hjt Forum.

As far as if a HJT log will tell you if it is Juno, or not, I don't know. I don't have the training our HJT Team does.
You could call Juno and talk to them about it, also.

The ISTBAR itself is beong removed by SPYBOT, but there is no doubt a small executable program that is hiding in your system and reinstalling it for you. That is how Highjackers work. You should follow the advise and submit a HJT log--the Hijacking .exe file should be easy to find.

Whats your OS Kat? If its XP you need to turn off system restore to be rid of that nasty. Don't think it would be Juno.

Leurgy & EdBee, I'm going to take your advice and do the HJT thing. I'm running Windows XP/Home; haven't done the Service Pack 2 install. Leurgy, please explain "turn off system restore". I note that Spybot can only clean up 3 of the 5 probs that ISTBar.Slotch delivers upon us every time we log on; we have to go thru a restart to get the last 2 cleaned up every time.
Meanwhile, here's what Juno tells me:"Please note that Juno is not associated with these programs. The problem that appears on your computer, is a result of conflict between these third-party programs and Juno. We are currently working on updates that will prevent this type of behavior and resolve the issue." Do you think this just means that they're trying to figure out a way to "immunize" against the prob...that their software really DOES allow it to happen in the first place? Thanks folks. What a wonder, this website!

Quote

Turn Off= Disable Make sure that you enable it right after.

Windows XP System Restore Guide Tutorial


You should post a HJT Log first then take it from there.

This post has been edited by scarlett: 06 January 2005 - 02:34 PM

Great link Scarlett, saves a lot of typing. Both my fingers are getting blisters.

Quote

Spybot can only remove 3 because the other 2 are "running processes". When you reboot Spybot removes them before they can run again. So, turn off System Restore, run Spybot, AdAware, anti-virus, everything you can think of. Reboot, do another check, turn on System restore. That will clean up a lot off problems. This is when you should post a HJT log as it makes the job easier for the people that give advice there.

Allow me a few moments to maybe expain why it is not Juno's fault.

Juno is an ISP. This means they provide the means for your computer to get on the internet. Once you are on, things beyond their control can (and often will) happen. They will not be held responsible for things installing on your computer.

It is like blaming your landlord for something happening to your home from someone you invited in. Yes, it is more complicated that that when talking about computers and installation of programs, but the basis is the same. There can be times that you did not know that you allowed an application to install on your computer. These malicious files are known as spyware, and even viruses could fall into this category. Some can be worse then others. Similarily, some are harder to get rid of then others.

I am not sure if this clears anything up, but felt that you needed to know.

Grrrrrrrrrrrr....hate to even ask, but y'all have been so helpful. Today I posted my first HJT log to the proper board, thanks to TG1911's instructions above. Messing around later, I found a couple of program items that could be that nasty ISTBar.Slotch. So, wanted to add screen shots to my HJT forum post. I have the screen shots but how the heck do you post them? I read the tutorial and it says I should link them to Bleeping via an URL to a free pik-hosting site. Yet, I see actual screen shots, right here on this Testing board. What's a girl to do? Advice?

How To:

(Step One) If you want to take a snapshot of your desktop, just hit print screen button on your keyboard.
Then open paint.
Then hit ctrl+v.
This also works with Infran View ( A great little free image viewer and converter. I might add.)
Then click >file>save as>In drop down choose type. >jpeg, .gif>
Then clear box and type in choice of name. ( So you be able to find it easier in next step.)

(Step Two) After you have your screenshot you need to "host" the picture somewhere. I use and recommend Photo Bucket Free and easy to use.
Sign up, log-in, click on the "browse" button.
Find your screenshot and then click "submit".
Your picture will upload and you will see it right there.
There will be 3 links under your picture.
Use "URL" to post a link to the picture.

Then copy and paste the link to your post.

If you ever delete the pic. from your photo hosting site. It will no longer show in your post.

In Photo Bucket. Using the first link "URL" will save the bandwidth of this site. And I'm sure that Grinler will apprieciate that fact.

This post has been edited by scarlett: 07 January 2005 - 06:16 PM

Scarlett...still Grrrrr'ing......have my screen shots all set up on Photobucket, thanks to your instructions.
Trying to post: Do I just select http, then paste in the URL of the photo from the PBucket site? After that, what do I do about the popup that asks for the web page? And should I just see the URL pasted in and not the actual photo of the screen?