Ok. So I am infected. It is just this one ad for "Deep Registery Cleaning" junk. Spybot can't get it because it says the file is in use. So I go to Safe Mode and delete the file which is C:Program Files/ISTsvc and delete that folder. However, when I log back in and re-boot it not there, Open IE and surf and it suddenly is back! How do I kill this rat bast@rd?

Thanks.

While FT search is still down, Google is always up :
http://sarc.com/avcenter/venc/data/adware.istbar.html

Thanks. However, the autodetection tool says I am not infected, which I am and I tried doing the manual thing and Symantec does not find anything and I deleted the stuff out of the registry and it still comes back! Agggg....

Some spywares have two or more executable components that talk to one another and detect and regenerate themselves if one component is deleted. Others have file names which are constantly changing. Vendors of anti-spyware programs are constantly trying to reverse-engineer and identify fixes. All I can tell you is use more than one dedicated spyware elimination program. Microsoft/Giant (free beta from microsoft.com) is pretty good. Etrust Pest Patrol ($30 from ca.com) is also pretty good.

Try AVG free.
I had a pest like this, running as a startup service on my mother in laws computer. I just had her send me the drive.

anyway, you DEFINITLY want to start in safe mode. Get the AVG stuff downloaded, and then installed. I would recommend NO email install, it takes a bit of setup to get right.

Start in SAFE and run the updater, then run it on the system in SAFE and it will find it.

As well, take a look at what the services running are, I found a bunch like smsss.exe, and msa.exe and another one. Do a quick google search and you will see which ones should be deleted.

Delete them and their registry run commands., If you are not happy with registry editing, don't worry about it. Just do a find, delelte the ones that are viruses, hit F3 find again, delete, keep doing that.

Run the AVG again, let it do its thing. Most likely, it will restart.

then, start up again in SAFE mode again and see what AVG and adaware say, no viruses, I think you are clean.

Restart, run in normal mode and check it out again. It is a LOT of do once, do again, do a third time and continue to delete.

Those buggers can wreck havoc.

If you have something in MEMORY, none of these will get it, and you will have to boot with a disc of Norton or MCaffee or something other and run their services at boot.

Cleaning up that particular one is discussed here: http://castlecops.com/check104218previous.html

And here also: http://forums.spywareinfo.com/index....8608&hl=ISTsvc

Have you tried the MS Spyware? I had been running adaware, MS found 9 others that adaware didn't.

I use four products to search for nasty spyware: Ad-aware, Spybot, Spy Sweeper, and Spyware Doctor. PC Mag just gave a second Editors Choice to Webroot's Spy Sweeper in the Feb. 22, 2005 issue. It got everything they threw at it except one, which Spybot caught. The Internet Explorer shields that come with the full version are very good. I pretty much use Firefox 1.0 for nearly all my surfing, but it's nice to know that Spy Sweeper has IE covered when I do have to use that piece of junk.

I think one has to use a minimum of two programs to catch spyware on a computer and they still might miss one or two. I'd use three to four.

CompUSA had Spy Sweeper on sale for $19.99 instead of $29.99 this week. If you go and buy it, look for the packages that say "Copyright 2002-2004" and have the PC Mag Editors Choice September 7, 2004 logo on the front. The CD for the latest version, 3.5, is in there. The older packages have older versions that you have to update via the Web. A hassle IMHO.