討厭的istsvc病毒怎麼移都移不了?(10唷)

Question

討厭的istsvc病毒怎麼移都移不了?
用微軟ㄉ官網掃也說沒問題
用清廣告軟體掃.掃ㄉ到但清不掉
用終止"處理效能"還是會跑出來
找到他ㄉ路徑要刪他也無法刪
天阿..
陰魂不散
我在新增移除地方.有時他會短暫不見
但在去看他又出現ㄌ
請高人救我ㄅ

Answer 1

全文:
http://www.trendmicro.com/vinfo/zh-tw/virusencyclo/default5.asp?VName=TROJ_ISTBAR.DA


說明:
This Trojan installs itself as ISTSVC.EXE in its created folder, C:\Program Files\ISTsvc. It downloads and installs programs without the user consent.

This malware accesses the following URL:


http://www.sltch.com/ist/scripts/istsvc_ads_data.php
The script embedded in this URL triggers advertisements to be displayed. The domain host is a legitimate Internet search Web site however.

It runs on Windows 95, 98, ME, NT, 2000 and XP.

解決方案:
Identifying the Malware Program

To remove this malware, first identify the malware program.

Scan your system with your Trend Micro antivirus product.
NOTE all files detected as TROJ_ISTBAR.DA.
Trend Micro customers need to download the latest pattern file before scanning their system. Other Internet users may use Housecall, Trend Micro free online virus scanner.

Terminating the Malware Program

This procedure terminates the running malware process from memory. You will need the name(s) of the file(s) detected earlier.

Open Windows Task Manager.
On Windows 95/98/ME systems, press
CTRL+ALT+DELETE
On Windows NT/2000/XP systems, press
CTRL+SHIFT+ESC, then click the Processes tab.
In the list of running programs*, locate the malware file or files detected earlier.
Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.
Do the same for all detected malware files in the list of running processes.
To check if the malware process has been terminated, close Task Manager, and then open it again.
Close Task Manager.
*NOTE: On systems running Windows 95/98/ME, Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.

Deleting the Malware Files


Right-click Start then click Search?or Find?depending on your version of Windows.
In the Named input box, type:
istsvc.exe
In the Look In drop-down list, select the drive which contains Windows, then press Enter.
Once located, select the file then hit Delete.
Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing during startup.

To remove the malware autostart entries:

Open Registry Editor. To do this, click Start>Run, type Regedit, then press Enter.
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software
In the right panel, locate and delete the entry or entries:
STsvc?
In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run
In the right panel, locate and delete the entry or entries:
IST Service = "C:\Program Files\ISTsvc\istsvc.exe"
Close Registry Editor.
NOTE: If you were not able to terminate the malware process from memory as described in the previous procedure, restart your system.
Resetting Internet Explorer Homepage and Search Page

This procedure restores the Internet Explorer homepage and search page to the default settings.

Close all Internet Explorer windows.
Open Control Panel. Click Start>Settings>Control Panel.
Double-click the Internet Options icon.
In the Internet Properties window, click the Programs tab.
Click the eset Web Settings? button.
Select lso reset my home page.?Click Yes.
Click OK.
Additional Windows ME/XP Cleaning Instructions

Running Trend Micro Antivirus

Answer 2

http://housecall.trendmicro.com/housecall/start_corp.asp

Answer 3

開始功能表--執行--regedit
編輯--搜尋--istsvc.exe
找到的都殺掉
一直重複到找不到為止

動到登錄檔
事情可大可小
建議先用系統還原試試
因為登錄檔弄不好
小則驅動程式重來
大則整台無法進系統得殺掉重灌

要動登錄檔的話建議找看得懂的朋友在旁協助比較保險唷