 Testing my first post - is it Juno's fault? |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
When posting your problem, do not run and post a ComboFix logs. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.
To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.
  |
 Jan 3 2005, 12:49 PM
Post
#1
|
|
 Member  Group: Members Posts: 87 Joined: 3-January 05 Member No.: 8,497  |
Juno is our ISP. Lately, Spybot has been catching ISTBar Slotch and I've taken to running a Bot-check after every log-on/off. Our home page is Juno's. After cleaning up all of Spybot "catches", then restarting the computer and automatically going to Juno's Home Page upon startup, I ran another Bot-Check...and there it is again...ISTBar Slotch. So, question is: Is this Juno's "fault"? Are they allowing this nasty stuff - or do they even know about it - do I e-holler at them/advise them? Or is it even related to Juno itself? Thanks! |
 |
 
|
|
Jan 3 2005, 01:49 PM
Post
#2
|
|
 Feed me some spyware!  Group: Banned Posts: 4,557 Joined: 18-July 04 From: USA Ware Shoals SC Member No.: 1,500 |
My advice use google.com as your homepage search engine.
If you dont have it till you go to juno it sounds like it juno's fault........ Im really unsure thouhg. I think you should post a Hijackthis log to be safe. I know spyware can do this. Do you know how to post a hijackthis log? If not go to the Hijackthis logs and analysis forum and view the Tutorial and how to post a log. Thanks |
|
|
|
|
Jan 3 2005, 04:07 PM
Post
#3
|
|
 SPAM Magnet Group: Site Admin Posts: 14,424 Joined: 6-May 04 From: SW Louisiana Member No.: 363 |
It's definitely a Hijacker.
http://www3.ca.com/securityadvisor/pest/br...=I&cat=Hijacker QUOTE ISTbar.Slotch Overview Category Hijacker : Any software that resets your browser's settings to point to other sites. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Origins Group Integrated Search Technologies Others By This Group ISTbar· ISTbar.AUpdate· ISTbar.CSearch· ISTbar.MCInstL· ISTbar.MSCache· ISTbar.XXXToolbar· Slotch.com· ToolbarCash.com· TrojanDownloader.Win32.IstBar.aj· TrojanDownloader.Win32.IstBar.ap· TrojanDownloader.Win32.IstBar.bm· TrojanDownloader.Win32.IstBar.bp· TrojanDownloader.Win32.Istbar.bu· TrojanDownloader.Win32.Istbar.dh· TrojanDownloader.Win32.Istbar.dr· TrojanDownloader.Win32.IstBar.i· XXXToolBar· XXXToolBar.com· Date of Origin October, 2004 Operation Browser Performance Likely to slow performance of Internet Explorer. As cows said, you should submit a HJT log, to the HJT forum. Download the latest version of HijackThis (HJT), from here. Put HijackThis in a Permanent folder: Click My Computer / C: / File / New / Folder / name the folder; HijackThis Put HijackThis.exe, in this folder. This is a mandatory step, for the backup and restore functions, of HijackThis, to be able to work. Read the pinned post in the HJT forum, here Then, run a log, and post it in the HJT forum, at this link. Do not, fix anything, yet. A member, of the HJT Team, will help you out. Please, be patient, these people are volunteers. They will help you out, as soon as possible. This post has been edited by tg1911: Jan 3 2005, 04:13 PM -------------------- I love being married.
It's so great to find that one special person you want to annoy, for the rest of your life. |
|
|
|
|
Jan 3 2005, 07:02 PM
Post
#4
|
|
|
Feed me some spyware! Group: Banned Posts: 4,557 Joined: 18-July 04 From: USA Ware Shoals SC Member No.: 1,500 |
Thanks TG!
I was too lazy to look up what the thing was I was short on time but I was pretty sure it was spyware! |
|
|
|
|
Jan 3 2005, 10:28 PM
Post
#5
|
|
|
Member Group: Members Posts: 87 Joined: 3-January 05 Member No.: 8,497 |
Thanks, TG. I realize that ISTBarSlotch is a hijacker. And Spybot is doing its thing, in removing it. But it keeps coming back via Juno (I think). Do I need to download and run HJT and post a log in order to determine for sure if Juno is the perpetrator?
...Kat |
|
|
|
|
Jan 3 2005, 11:03 PM
Post
#6
|
|
|
SPAM Magnet Group: Site Admin Posts: 14,424 Joined: 6-May 04 From: SW Louisiana Member No.: 363 |
Go ahead and post a HJT log in the Hjt Forum.
As far as if a HJT log will tell you if it is Juno, or not, I don't know. I don't have the training our HJT Team does. You could call Juno and talk to them about it, also. -------------------- I love being married.
It's so great to find that one special person you want to annoy, for the rest of your life. |
|
|
|
|
Jan 4 2005, 12:08 PM
Post
#7
|
|
 Forum Regular Group: Members Posts: 208 Joined: 13-July 04 Member No.: 1,385 |
The ISTBAR itself is beong removed by SPYBOT, but there is no doubt a small executable program that is hiding in your system and reinstalling it for you. That is how Highjackers work. You should follow the advise and submit a HJT log--the Hijacking .exe file should be easy to find.
-------------------- EDBEE from NMUSA- RENOWNED MALWARE FIGHTER AND SWORN ENEMY OF ALL INTERNET HIJACKERS
|
|
|
|
|
Jan 4 2005, 12:28 PM
Post
#8
|
|
 Voted most likely Group: Members Posts: 3,677 Joined: 19-September 04 From: Collingwood, Ontario, Canada Member No.: 2,883 |
Whats your OS Kat? If its XP you need to turn off system restore to be rid of that nasty. Don't think it would be Juno.
-------------------- **** We use our powers for good, not evil **** When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo |
|
|
|
|
Jan 6 2005, 02:17 PM
Post
#9
|
|
|
Member Group: Members Posts: 87 Joined: 3-January 05 Member No.: 8,497 |
Leurgy & EdBee, I'm going to take your advice and do the HJT thing. I'm running Windows XP/Home; haven't done the Service Pack 2 install. Leurgy, please explain "turn off system restore". I note that Spybot can only clean up 3 of the 5 probs that ISTBar.Slotch delivers upon us every time we log on; we have to go thru a restart to get the last 2 cleaned up every time.
Meanwhile, here's what Juno tells me:"Please note that Juno is not associated with these programs. The problem that appears on your computer, is a result of conflict between these third-party programs and Juno. We are currently working on updates that will prevent this type of behavior and resolve the issue." Do you think this just means that they're trying to figure out a way to "immunize" against the prob...that their software really DOES allow it to happen in the first place? Thanks folks. What a wonder, this website! |
|
|
|
|
Jan 6 2005, 02:24 PM
Post
#10
|
|
 Bleeping GloDiva Group: Members Posts: 7,479 Joined: 25-April 04 From: As always I'm beside myself ;) Member No.: 228 |
QUOTE ...please explain "turn off system restore". Turn Off= Disable Make sure that you enable it right after.  Windows XP System Restore Guide Tutorial You should post a HJT Log first then take it from there. This post has been edited by scarlett: Jan 6 2005, 02:34 PM --------------------  |
|
|
|
|
Jan 6 2005, 06:01 PM
Post
#11
|
|
|
Voted most likely Group: Members Posts: 3,677 Joined: 19-September 04 From: Collingwood, Ontario, Canada Member No.: 2,883 |
Great link Scarlett, saves a lot of typing. Both my fingers are getting blisters.
QUOTE I note that Spybot can only clean up 3 of the 5 probs that ISTBar.Slotch delivers upon us every time we log on; we have to go thru a restart to get the last 2 cleaned up every time. Spybot can only remove 3 because the other 2 are "running processes". When you reboot Spybot removes them before they can run again. So, turn off System Restore, run Spybot, AdAware, anti-virus, everything you can think of. Reboot, do another check, turn on System restore. That will clean up a lot off problems. This is when you should post a HJT log as it makes the job easier for the people that give advice there. -------------------- **** We use our powers for good, not evil **** When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo |
|
|
|
|
Jan 6 2005, 07:05 PM
Post
#12
|
|
 helping hand Group: Members Posts: 1,700 Joined: 14-April 04 From: Texas Member No.: 150 |
Allow me a few moments to maybe expain why it is not Juno's fault.
Juno is an ISP. This means they provide the means for your computer to get on the internet. Once you are on, things beyond their control can (and often will) happen. They will not be held responsible for things installing on your computer. It is like blaming your landlord for something happening to your home from someone you invited in. Yes, it is more complicated that that when talking about computers and installation of programs, but the basis is the same. There can be times that you did not know that you allowed an application to install on your computer. These malicious files are known as spyware, and even viruses could fall into this category. Some can be worse then others. Similarily, some are harder to get rid of then others. I am not sure if this clears anything up, but felt that you needed to know. -------------------- We are all curious like a cat. We wonder, we ask, we learn.
Please post back when a suggestion works, so that others may learn. |
|
|
|
|
Jan 7 2005, 05:35 PM
Post
#13
|
|
|
Member Group: Members Posts: 87 Joined: 3-January 05 Member No.: 8,497 |
Grrrrrrrrrrrr....hate to even ask, but y'all have been so helpful. Today I posted my first HJT log to the proper board, thanks to TG1911's instructions above. Messing around later, I found a couple of program items that could be that nasty ISTBar.Slotch. So, wanted to add screen shots to my HJT forum post. I have the screen shots but how the heck do you post them? I read the tutorial and it says I should link them to Bleeping via an URL to a free pik-hosting site. Yet, I see actual screen shots, right here on this Testing board. What's a girl to do? Advice?
|
|
|
|
|
Jan 7 2005, 05:38 PM
Post
#14
|
|
|
Bleeping GloDiva Group: Members Posts: 7,479 Joined: 25-April 04 From: As always I'm beside myself ;) Member No.: 228 |
How To:
(Step One) If you want to take a snapshot of your desktop, just hit print screen button on your keyboard. Then open paint. Then hit ctrl+v. This also works with Infran View ( A great little free image viewer and converter. I might add.) Then click >file>save as>In drop down choose type. >jpeg, .gif> Then clear box and type in choice of name. ( So you be able to find it easier in next step.) (Step Two) After you have your screenshot you need to "host" the picture somewhere. I use and recommend Photo Bucket Free and easy to use. Sign up, log-in, click on the "browse" button. Find your screenshot and then click "submit". Your picture will upload and you will see it right there. There will be 3 links under your picture. Use "URL" to post a link to the picture. Then copy and paste the link to your post. If you ever delete the pic. from your photo hosting site. It will no longer show in your post. In Photo Bucket. Using the first link "URL" will save the bandwidth of this site. And I'm sure that Grinler will apprieciate that fact. This post has been edited by scarlett: Jan 7 2005, 06:16 PM -------------------- |
|
|
|
|
Jan 7 2005, 10:43 PM
Post
#15
|
|
|
Member Group: Members Posts: 87 Joined: 3-January 05 Member No.: 8,497 |
Scarlett...still Grrrrr'ing......have my screen shots all set up on Photobucket, thanks to your instructions.
Trying to post: Do I just select http, then paste in the URL of the photo from the PBucket site? After that, what do I do about the popup that asks for the web page? And should I just see the URL pasted in and not the actual photo of the screen? |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 7th January 2009 - 05:49 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.