How do I get rid of Trojan horse Downloader.Istbar.4.G. AVG says it is located in C:\WINDOWS\Downloaded Program Files\IST activex.dll. I have searched for that file and cannot find it. I also have Trojan horse Downloader.Istbar.4.H that AVG has found in C:\System Volume Information\_restore{8268BFE6-44BD-4B25-BOF7-CE65B3815CC9}\RP64\A0003683.EXE and I cannot find that file also. I am kinda slow at this PC stuff so be easy on me please.

Try this:

Remove Trojan horse Downloader.Istbar.4.H this way:

*Close all programs.

*Turn off System Restore

*Run AVG Complete Scan

*Turn on System Restore.

If you can't find Trojan horse Downloader.Istbar.4.G, AVG may have moved it to the Virus Vault. Check the Virus Vault.

Thank You very much. It worked. This is a very useful site. Glad I had found it. Thank's again.

Glad we could help!

hi, how do i turn off system restore?????

How to disable System Restore

Disabling Windows XP AutoRestore feature
http://www.europe.f-secure.com/v-descs/sfc_dis1.shtml
In Windows Millenium there was a new feature introduced called System Restore. The new Windows XP has this feature. It creates backup copies of the essential system files so they can be restored if they get corrupted. Sometimes this makes disinfection difficult as backup files can get infected and copied to System Restore folder by Windows. Then after disinfection Windows will copy the infected file back over the clean ones.

System Restore feature can be disabled using the following steps:

1. Select Start/My Computer.
2. Click on "View system information".
3. Select the tab "System Restore".
4. Check the "Turn off System Restore on all drives" checkbox and click "Apply" button.
5. The program asks if you want to turn off System Restore. Click "Yes" button.
6. "Drive settings" has now turned to grey. Click "OK" button.
7. Windows XP System Restore feature is now disabled.

The System Restore feature can be enabled again with the same steps. At step 4. you have to uncheck the Turn Off System Restore on All Drives checkbox.

..............................
Disabling System Restore on Windows ME
http://www.europe.f-secure.com/v-descs/sfc_dis.shtml
In Windows Millenium there was a new feature introduced called System Restore. Windows ME creates backup copies of the essential system files so they can be restored if they get corrupted. Sometimes this makes the disinfection difficult since the backup files can get infected. In those cases Windows will copy the infected file in the place of the clean one.

This feature can be disabled with the following steps

1. Right-click on the My Computer icon and select Properties
2. In the System Properties windows select the Performance tab
3. Click on File System... button
4. In the Filesystem Properties window select the Troubleshooting tab
5. Check the Disable System Restore checkbox
6. Click Apply button
7. Close the windows using the Close button
8. Click Yes when prompted for reboot

The System Restore feature can be enabled again with the same steps. At step 5. you have to uncheck the Disable System Restore checkbox.

k027, I followed your steps and it found the virus but it can't do anything about it... When I click details, it says virus not found.

I am assuming from reading other posts that this affects Windows Media Player?

Thanks for you help!


*edit* Also, is this related to a process called (named) dafogjo.exe? I keep closing it, but it reopens itself, I believe it is triggered when IE is opened.

KRRCubed,

In order to help you we need a HiJackThis log.

You will be posting the HiJackThis log in the HiJackThis forum: /f67-Trend_Micro_HijackThis_Logs.html

Read the HJT forum posting rules: /postt8864.html

Download HiJackThis from : /downloads-cat-14.html

Create a folder and unzip the HiJackThis download to the folder. Do not unzip the HiJackThis download to your Desktop or the Temp folder - it won't work.

Doubleclick "HijackThis.exe". First, update HiJackThis by pressing the "Config" button, then press "Misc Tools", followed by "Check for update online". If you downloaded an updated HJT, click "Yes" at the "Open the file?" prompt. If you did not update, press the "Back" button .

Press "Scan".

When the scan is finished, use "Save Log" button and save the log as a text file. Its best to save your text file in the same folder as where you put HiJackThis.

DO NOT FIX ANYTHING YOURSELF UNTIL INSTRUCTED TO DO SO ONLY BY A CCSP EXPERT. MOST OF THE HJT LOG ENTRIES ARE NEEDED TO RUN YOUR COMPUTER. REMOVING THE NEEDED ENTRIES CAN CAUSE SERIOUS DAMAGE TO YOUR COMPUTER.

Post your log in the HiJackThis forum : /f67-Trend_Micro_HijackThis_Logs.html. Click "NewTopic" and simply copy/paste the HJT log into the textbox. Include the information requested in the HJT forum posting rules: /postt8864.html

Make sure your HJT log is posted only in the HiJackThis forum: /f67-Trend_Micro_HijackThis_Logs.html.

Thanks a lot, I've done as you said, the post can be found here:

/p245261-HiJackThis_Report_from_Trojan_Issues.html#245261

Thanks again!



K3

_______________________________________
NOTE FROM FORUM HOSTS: This thread is now closed. Should you need it reopened, please PM a Host/mod. Everyone else having a similar issue, please launch a new topic for yourselves. Thank you.