Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Nasty Little Virus

  • Please log in to reply
3 replies to this topic

#1 theJazzman


  • Members
  • 5 posts
  • Local time:05:20 PM

Posted 27 November 2005 - 12:45 PM

Hello, My Wife seems to have encountered a nasty little virus associated with istsvc trojan.
I managed to remove this with symantec's tool.
however, it has other problems.
It originally came with McAfee's onlline virus program but she never registered or updated it.
Since we have SBC/Yahoo, I've been trying to install and use their virus software.
The problem is I can't remove the McAfee program It won't auto-uninstall and this virus prevents access to the taskmanager (among numerous other things)
I've tried booting to safe mode changing file attributes to unhide everything and running a third party virus
program to uninstall it but it reports it can't find anything.
it won't run regedit.exe or anything allowing me access to the registry.
some of the things I've seen include Pokapoka79.exe, ypager.exe.dll, eetu.exe.dll, campanion.exe.dll, folders include surfaccuracy, Igetnet, 180 searchassistant programs on the C: drive
When I tried to get updates from Microsoft I got messages saying the ActiveX control was off, instructions to turn them on don't work or are disabled for sbc/yahoo browser I use.

What to do?

BC AdBot (Login to Remove)


#2 tg1911


    Lord Spam Magnet

  • Members
  • 19,274 posts
  • Gender:Male
  • Location:SW Louisiana
  • Local time:04:20 PM

Posted 27 November 2005 - 02:05 PM

I suggest you post a HijackThis log for examination.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully.

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.

Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 theJazzman

  • Topic Starter

  • Members
  • 5 posts
  • Local time:05:20 PM

Posted 27 November 2005 - 03:23 PM

Thanks for the response.
I've been busy in the meantime by running ewido which deleted some 670 Virul & spyware items.
This has been a great improvement in itself and I am now continueing the battle by rescanning with ewido
which I plan to follow with your suggestion of a hijack this log.
There is still a lot to do here.
Pokapoka79, numerous instances of prosite finder, among others are still running.
I'm not using this machine to access the web right now and it is constantly reporting the lack of access.
I may try microsoft update since I know this machine hasn't been updated since purchased about 2 years ago.

wish me luck!

#4 KoanYorel


    Bleepin' Conundrum

  • Members
  • 19,461 posts
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:06:20 PM

Posted 28 November 2005 - 01:26 AM

I've removed your HJT log post from this thread since you have posted properly in the HJT Log Forum.

Please be patient and wait for a response to that post from an HJT Tech and only post replies there for such.

The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users