istsvc.exe

[Dave]

Does anyone know what istsvc.exe is? It's on my girlfriend's computer and I want to get rid of it. It was found with Ad-aware SE Personal but Ad-aware couldn't delete it. I tried deleting it manually but I got an error message saying "Cannot delete istsvc: It is being used by another person or program. Close any programs that might be using the file and try again." I rebooted in Safe Mode, deleted it and emptied the Recycle Bin. When I rebooted again in normal mode, it had returned.

I checked the Processes in Task Manager and it is running in there too. I checked the Services in Control Panel/Administrative Tools and looked at the properties of all 79 but couldn't find istsvc.exe amongst them. I also searched for it in the registry and found nothing. Yet it reappears at startup, which to me would suggest that it runs automatically at startup. She is using Windows XP, and I want to get rid of it for her but I'm well and truly stumped on this one.

I looked for istsvc.exe on Google, but all the (few) sites it found had people in similar situations downloading various programs like Hijack This etc. But I don't want to download programs to get rid of it, 'cause downloading a program is probably how it got on here in the first place. There must be a way to remove it and stop it from regenerating itself at startup manually, right?

If anyone can help me, I'll be very grateful. Thanks to anyone who can.

[Edit] Sorry, I must have typed the name wrong in the registry editor 'cause I tried again and I found the following:

[Alan]

"istsvc.exe" is part of ISTbar. This Internet Explorer add-in is spyware and a homepage and search page hijacker.
ISTbar may also install other parasites including TinyBar, ToolbarCrash, SearchbarCrash, RapidBlaster and Download Plus.
If you don't recall downloading ISTbar, it may have found it's way on your system by using an ActiveX control to silently install on your system by simply visiting a website. This is most common with adult content websites.
You should remove it by making sure your antivirus definitions are up to date, then start the pc in safe mode and scan. You need to delete the registry key:
Click Start > Run.
Type regedit > OK.
Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
In the right pane, delete the value:

"IST Service" = "C:\Program Files\ISTsvc\ISTsvc.exe"
Navigate to and delete the key:

HKEY_LOCAL_MACHINE\Software\ISTsvc

[cumlaude]

I have the same problem on my computer.I followed the instructions above,but still every time I restart my computer its there!
I have also tried various programs,still would really appreciate it if you can recommend some more that would hopefully work.
already thanks

[Alan]

Cumlaude, what operating system have you got?
Have you checked for spyware with any antispy programs?

[cumlaude]

Windows 98.
Yes,Hijack This,Search&Destory,Spy Sweeper,Adaware...

[Alan]

OK, click on this download then run the removal tool. Let us know how you get on.

Does SpySweeper not pick it up?

[cumlaude]

does find it.but can not delete.I am trying the other one.

[cumlaude]

it says Istsvc was not find on my system?!

[Alan]

You said SpySweeper detects but cannot remove it. Does it say why it cannot remove it and are sure its the same variant of spyware listed below?
Try starting your machine in 'Safe Mode' then running Spy Sweeper.
Let us know how you get on.

[Rob]

Post from cumlaude

Error on posting

=========================================


following the instructions given at the very begining in safe mode seems to have worked.no other spyware I have downloaded worked.I hope it doest reoccur.thanks very much for your help.

[smarties]

I have followed the same procedure except that I was not in safe mode. If I delete it in the registry. A few minutes after, it comes back.

My computer is configured with a dual boot with Window ME and Windows 2000 on 2 separate partitions. The first partition with Window ME (drive c: ) is formatted FAT32. The second partition with Window 2000 is formatted NTFS. This way, Window ME doesn't see the drive D. Anyway, the problem with istsvc.exe is with Windows ME. When booting I press F8 and it goes in a menu where I can select "safe mode" but it keeps booting in normal mode anyway. Any suggestion?

The softwares I'm using are:
- Ad-aware from Lavasoft (detects and removes istsvc but it keeps coming back)
- Zone Alarm (stops istsvc.exe accessing the Internet)
- Norton Antivirus 2002 (doesn't detect any virus)

[smarties]

I finally got rid of it. I updated my antivirus tonight and the latest update was able to find it and put it in quarantine. I ran Ad-Aware to remove what ever was there and then reboot. No more spyware.

[Rob]

Thanks for the update.

[smarties]

The infected file that the antivirus found last night was ndrjksuv.exe. I don't know if that a useful file or if it was the virus file itself.

[Daniel]

Although I've not posted in this thread, I am happy for you that you managed to get rid of that IST, and I am glad and would like to thank you for posting how you manages to get rid of IST. This is going to be really helpful for all those users with the same problem, coming in the future to ask how to remove it.

Feel free to post any other questions and problems you encounter on your system. We'll try to do our best and solve it.

Thanks again,

Daniel