Trojan.Downloader.js.istbar.j (need help removing this and others)

Hello
I am having some serious problems with my pc. I was out of town for a week and it seems my sister decided to do so downloading. It is running extremely slow, with a boot time of about 5-7 mins. I read the following thread http://forums.majorgeeks.com/showthread.php?t=35407 and complete every step up to creating a HiJack log. I also did the addition scans. I am posting my logs from Kaspersky and bitdefender. Briefly, i did three scans of Kaspersky, with the first two showing the same and the third being different (prior to the third, I delete my other user accounts). I did web searches for this particular trojan but was unsuccessful in finding out how to remove it. I did find this http://www.sophos.com/virusinfo/analyses/trojcodebasek.html which list an alias for it. As you will see there are other infections, but I was unable to remove them. I read that a variant of this trojan can effect TCP/IP settings, which may be one of the reasons, I am also experiencing poor download speeds (see my previous thread http://forums.majorgeeks.com/showthread.php?t=73927 ). Can anyone help me out. I am a my wits' end with this, especially when I have just recently fix two other computers with spyware on it, but cannot fix my own.

 

Post a HijackThis log as an attachment.

 

Thanks a lot here is the HiJack log and a log from a scan with ewido

 

Scan with HijackThis and fix the following:

Please download Spy Sweeper

• Click the link above to download the program.
• Install it. Once the program is installed, it will open.
• It will prompt you to update to the latest definitions, click Yes.
• Once the definitions are installed, click Options on the left side.
• Click the Sweep Options tab.
• Under What to Sweep please put a check next to the following:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
• Click Sweep Now on the left side.
• Click the Start button.
• When it's done scanning, click the Next button.
• Make sure everything has a check next to it, then click the Next button.
• It will remove all of the items found.
• Click Session Log in the upper right corner, copy everything in that window.
• Click the Summary tab and click Finish.
• Paste the contents of the session log you copied into notepad and save it as spysweeper.txt and attach it to your next post along with a fresh HJT log.

 

Here is the log from spysweeper and hijack. Just an update....it is still very slow.....thanks again

 

Download this trial version of Ewido Security Suite

• Install ewido security suite
• Launch ewido, there should be an icon on your desktop double-click it.
• The program will have a window come up. One of the buttons on the left is to Update. Click the Update button.and then Start the Update. The update will start and a progress bar will show the updates being installed.
• After it completes the update, click the Scanner button

Now exit Ewido. Now print the below instructions or save them locally because I want you do have no browsers opened and also have no connection to the internet (unplug your cable) while doing the below.

Okay, reboot into safe mode and follow the steps below. (If you have any problems at all trying to get into safe mode to complete these steps, just run them in normal boot mode and make sure you tell me when you come back.)

Open up Ewido and do the following:

• Click on Scanner
• Then click Settings
• Under What to Scan? Select Scan every file
• Then click OK
• Click on Complete System Scan and the scan will start.
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files that are infected. Leave the defaults selections (to Remove and backup) and click OK. To save yourself some time, you can select Perform action with all infections and then click OK. With the option to scan every file, a lot of cookies will be removed.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop or anyplace you will be able to find it to upload here.

Reboot into normal mode and reconnect to the internet.

Come back here and post the Ewido Scan Report along with a fresh HJT log.

 

Here is the ewido log and new hijack log

 

Thing is your logs aren't showing anything that would explain why your system is running slow.

Please run Panda Online Scan. After the scan attach the log to your next post. Also please follow the below:

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.

Now come back here and post all three logs as attachments

 

here are the logs. Panda did not find anything, therefore, there was no log. PC is still running slow. I remember you helped me before. It is runnign slower than it was last time. I remember after all the scans it was running better, but currently, there has been no improvement. Thanks again for the help.

 

Update to the Panda Scan....While scanning, it was scanning C:\WINDOWS\explorer.exe for some time. In fact, I stopped the scan because I thought it crashed. I redid it and the same thing, but it eventually continue to scan other files.

 

Download
- Pocket Killbox

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click OK.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Post the Panda Scan log.

 

I did all of the following. However, Panda Scan did not have an option for a log. I scanned twice and did not see a log. On both scan, nothing was found.

 

Run CCleaner before doing the below.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

I have WinPfind on my pc already. Here is the problem. Everytime I start it, it never finish scanning. I have an attachment of how far it got. At that point I get an error message saying "Invalid data point for " and that's it. Also, I am hearing somethin in my pc everytime I run it, not your typical booting sound. Should I run WinPFind in safe or normal mode. I am getting the error message in Safe mode.

 

Also, after the error message the busy light stops blinking. I know before you start the scan it says as long as the light is blinking, it is still working.

 

Run WinPFind in Normal Mode.

 

I am still having a problem with WinPFind. I am still getting the error message in Normal mode. Here is what I have so far. I will uninstall and reinstall and see if it works.

 

Delete the following:

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.rrr.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SAM.rrr.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.rrr.LOG
​

Please go to this link http://www.f-secure.com/blacklight/cure.shtml and run the backlight scan.

 

I deleted the files. Blacklight scan did not find anything. I have a total of 40 processess. Should I list those?

 

Yes, please provide a list of your running processes.

 

The attachment has the processes. I closed a couple of programs, so now it's 36
Can a bum registry cause my pc to not function right? Also attached is a new HiJacklog

 

I see nothing out of the ordinary in your logs.

You can try using a registry cleaner to clean up any orphaned registry entries.

While looking at your running processes in the Task Manager what ones are taking the most CPU cycles? Also how much system memory do you have.

 

System Idle Process is taking 98-99...but about on a 10 second interval it is at 42 while the rest goes to the two microsoft processes for Microsoft Antispyware for about an half second and then returns to 99 for System Idle process. I have 256 MB of Ram, 80 Gigs hd, pentinum 4 2.40 GHz

 

That's normal for the System Idle Process, You can try disabling MS AntiSpyware and see what effect that has on system performance. You should really be using 512Mb or more of memory for XP; 256Mb will work fine, but you will find your available memory getting used up in a hurry.

 

So maybe I have a memory problem? Could that be the reason for the slow startup and slow performance of programs? By any chance would memory effect my connection to the internet with reference to downloading and uploadiing

 

Availabel memory will definitely effect sytem strat and program start times. The more memory available to the system, the more that can be run right from the system memory. Try shutting down stuff you don't need running and see what that does for your system performance.