Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Testing my first post - is it Juno's fault?


  • Please log in to reply
15 replies to this topic

#1 Kat

Kat

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 03 January 2005 - 12:49 PM

Newbie here, not sure where to post question:
Juno is our ISP. Lately, Spybot has been catching ISTBar Slotch and I've taken to running a Bot-check after every log-on/off. Our home page is Juno's. After cleaning up all of Spybot "catches", then restarting the computer and automatically going to Juno's Home Page upon startup, I ran another Bot-Check...and there it is again...ISTBar Slotch.

So, question is: Is this Juno's "fault"? Are they allowing this nasty stuff - or do they even know about it - do I e-holler at them/advise them? Or is it even related to Juno itself?

Thanks!

BC AdBot (Login to Remove)

 


#2 cowsgonemadd3

cowsgonemadd3

    Feed me some spyware!


  • Banned
  • 4,557 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 03 January 2005 - 01:49 PM

My advice use google.com as your homepage search engine.

If you dont have it till you go to juno it sounds like it juno's fault........

Im really unsure thouhg.

I think you should post a Hijackthis log to be safe. I know spyware can do this.

Do you know how to post a hijackthis log?

If not go to the Hijackthis logs and analysis forum and view the Tutorial and how to post a log.

Thanks

#3 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:03:10 PM

Posted 03 January 2005 - 04:07 PM

It's definitely a Hijacker.
http://www3.ca.com/securityadvisor/pest/br...=I&cat=Hijacker

ISTbar.Slotch

Overview

Category
  Hijacker :  Any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower.


Origins
 
Group
  Integrated Search Technologies

Others By This Group
  ISTbar· ISTbar.AUpdate· ISTbar.CSearch· ISTbar.MCInstL· ISTbar.MSCache· ISTbar.XXXToolbar· Slotch.com· ToolbarCash.com· TrojanDownloader.Win32.IstBar.aj· TrojanDownloader.Win32.IstBar.ap· TrojanDownloader.Win32.IstBar.bm· TrojanDownloader.Win32.IstBar.bp· TrojanDownloader.Win32.Istbar.bu· TrojanDownloader.Win32.Istbar.dh· TrojanDownloader.Win32.Istbar.dr· TrojanDownloader.Win32.IstBar.i· XXXToolBar· XXXToolBar.com·

Date of Origin
  October, 2004

Operation

Browser Performance
  Likely to slow performance of Internet Explorer.


As cows said, you should submit a HJT log, to the HJT forum.

Download the latest version of HijackThis (HJT), from here.

Put HijackThis in a Permanent folder:
Click My Computer / C: / File / New / Folder / name the folder; HijackThis
Put HijackThis.exe, in this folder.
This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work.

Read the pinned post in the HJT forum, here

Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
Please, be patient, these people are volunteers. They will help you out, as soon as possible.

Edited by tg1911, 03 January 2005 - 04:13 PM.

MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#4 cowsgonemadd3

cowsgonemadd3

    Feed me some spyware!


  • Banned
  • 4,557 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 03 January 2005 - 07:02 PM

Thanks TG!

I was too lazy to look up what the thing was I was short on time but I was pretty sure it was spyware!

#5 Kat

Kat
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 03 January 2005 - 10:28 PM

Thanks, TG. I realize that ISTBarSlotch is a hijacker. And Spybot is doing its thing, in removing it. But it keeps coming back via Juno (I think). Do I need to download and run HJT and post a log in order to determine for sure if Juno is the perpetrator?
...Kat

#6 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:03:10 PM

Posted 03 January 2005 - 11:03 PM

Go ahead and post a HJT log in the Hjt Forum.

As far as if a HJT log will tell you if it is Juno, or not, I don't know. I don't have the training our HJT Team does.
You could call Juno and talk to them about it, also.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#7 EdBee

EdBee

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 04 January 2005 - 12:08 PM

The ISTBAR itself is beong removed by SPYBOT, but there is no doubt a small executable program that is hiding in your system and reinstalling it for you. That is how Highjackers work. You should follow the advise and submit a HJT log--the Hijacking .exe file should be easy to find. :thumbsup:
EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS

#8 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:04:10 PM

Posted 04 January 2005 - 12:28 PM

Whats your OS Kat? If its XP you need to turn off system restore to be rid of that nasty. Don't think it would be Juno.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#9 Kat

Kat
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 06 January 2005 - 02:17 PM

Leurgy & EdBee, I'm going to take your advice and do the HJT thing. I'm running Windows XP/Home; haven't done the Service Pack 2 install. Leurgy, please explain "turn off system restore". I note that Spybot can only clean up 3 of the 5 probs that ISTBar.Slotch delivers upon us every time we log on; we have to go thru a restart to get the last 2 cleaned up every time.
Meanwhile, here's what Juno tells me:"Please note that Juno is not associated with these programs. The problem that appears on your computer, is a result of conflict between these third-party programs and Juno. We are currently working on updates that will prevent this type of behavior and resolve the issue." Do you think this just means that they're trying to figure out a way to "immunize" against the prob...that their software really DOES allow it to happen in the first place? Thanks folks. What a wonder, this website!

#10 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:04:10 PM

Posted 06 January 2005 - 02:24 PM

...please explain "turn off system restore".


Turn Off= Disable Make sure that you enable it right after. :thumbsup:

Windows XP System Restore Guide Tutorial


You should post a HJT Log first then take it from there.

Edited by scarlett, 06 January 2005 - 02:34 PM.

Posted Image

#11 Leurgy

Leurgy

    Voted most likely


  • Members
  • 3,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:04:10 PM

Posted 06 January 2005 - 06:01 PM

Great link Scarlett, saves a lot of typing. Both my fingers are getting blisters.

I note that Spybot can only clean up 3 of the 5 probs that ISTBar.Slotch delivers upon us every time we log on; we have to go thru a restart to get the last 2 cleaned up every time.


Spybot can only remove 3 because the other 2 are "running processes". When you reboot Spybot removes them before they can run again. So, turn off System Restore, run Spybot, AdAware, anti-virus, everything you can think of. Reboot, do another check, turn on System restore. That will clean up a lot off problems. This is when you should post a HJT log as it makes the job easier for the people that give advice there.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool


#12 JEservices

JEservices

    helping hand


  • Members
  • 1,700 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:03:10 PM

Posted 06 January 2005 - 07:05 PM

Allow me a few moments to maybe expain why it is not Juno's fault.

Juno is an ISP. This means they provide the means for your computer to get on the internet. Once you are on, things beyond their control can (and often will) happen. They will not be held responsible for things installing on your computer.

It is like blaming your landlord for something happening to your home from someone you invited in. Yes, it is more complicated that that when talking about computers and installation of programs, but the basis is the same. There can be times that you did not know that you allowed an application to install on your computer. These malicious files are known as spyware, and even viruses could fall into this category. Some can be worse then others. Similarily, some are harder to get rid of then others.

I am not sure if this clears anything up, but felt that you needed to know.
We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn.

#13 Kat

Kat
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 07 January 2005 - 05:35 PM

Grrrrrrrrrrrr....hate to even ask, but y'all have been so helpful. Today I posted my first HJT log to the proper board, thanks to TG1911's instructions above. Messing around later, I found a couple of program items that could be that nasty ISTBar.Slotch. So, wanted to add screen shots to my HJT forum post. I have the screen shots but how the heck do you post them? I read the tutorial and it says I should link them to Bleeping via an URL to a free pik-hosting site. Yet, I see actual screen shots, right here on this Testing board. What's a girl to do? Advice?

#14 Scarlett

Scarlett

    Bleeping Diva


  • Members
  • 7,479 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:As always I'm beside myself ;)
  • Local time:04:10 PM

Posted 07 January 2005 - 05:38 PM

How To:

(Step One) If you want to take a snapshot of your desktop, just hit print screen button on your keyboard.
Then open paint.
Then hit ctrl+v.
This also works with Infran View ( A great little free image viewer and converter. I might add.)
Then click >file>save as>In drop down choose type. >jpeg, .gif>
Then clear box and type in choice of name. ( So you be able to find it easier in next step.)

(Step Two) After you have your screenshot you need to "host" the picture somewhere. I use and recommend Photo Bucket Free and easy to use.
Sign up, log-in, click on the "browse" button.
Find your screenshot and then click "submit".
Your picture will upload and you will see it right there.
There will be 3 links under your picture.
Use "URL" to post a link to the picture.

Then copy and paste the link to your post.

If you ever delete the pic. from your photo hosting site. It will no longer show in your post.

In Photo Bucket. Using the first link "URL" will save the bandwidth of this site. And I'm sure that Grinler will apprieciate that fact.

Edited by scarlett, 07 January 2005 - 06:16 PM.

Posted Image

#15 Kat

Kat
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 07 January 2005 - 10:43 PM

Scarlett...still Grrrrr'ing......have my screen shots all set up on Photobucket, thanks to your instructions.
Trying to post: Do I just select http, then paste in the URL of the photo from the PBucket site? After that, what do I do about the popup that asks for the web page? And should I just see the URL pasted in and not the actual photo of the screen?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users