Adware.Istbar

Version imprimable

Mis à jour : February 13, 2007 11:33:50 AM
Type : Adware
Version : n/a
Editeur : Integrated Search Technologies
Impact des risques : Medium
Noms de fichiers : IstBar_DH.dll istbar.dll istbarcm.dll istdownload.exe cmctl.dll istbarcm.dll ysbactivex.dll
Systèmes affectés : Windows

Comportement


Adware.Istbar is an adware component, which does one or more of the following:

  • Installs an Internet Explorer toolbar
  • Acts as a Home page and search hijacker
  • Pops up advertisements, often pornographic in nature


Symptômes


  • Presence of the file: C:\Program Files\ISTsvc\ISTsvc.exe.

  • The files are detected as Adware.Istbar.


Transmission


Various distribution channels exist. For example, Adware.Istbar can be downloaded and installed from affiliate sites that may be typically pornographic in nature.

Dates de la protection antivirus

  • Version initiale des définitions Rapid Release October 02, 2014 révision 022
  • Dernière version des définitions Rapid Release April 18, 2018 révision 034
  • Version initiale des définitions Daily Certified September 22, 2003 révision 003
  • Dernière version des définitions Daily Certified April 19, 2018 révision 001
  • Date de la version initiale des définitions Weekly Certified September 24, 2003

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Mis à jour : February 13, 2007 11:33:50 AM
Type : Adware
Version : n/a
Editeur : Integrated Search Technologies
Impact des risques : Medium
Noms de fichiers : IstBar_DH.dll istbar.dll istbarcm.dll istdownload.exe cmctl.dll istbarcm.dll ysbactivex.dll
Systèmes affectés : Windows


Note: Detections dated March 3rd, 2005 or earlier may detect this adware as Adware.Istbar!Dl.

When Adware.Istbar is installed, it does the following:

  1. May create some of the following folders and files :

    • %ProgramFiles%\ISTsvc\ISTsvc.exe
    • %ProgramFiles%\SideFind\sfbho.dll
    • %ProgramFiles%\SideFind\sidefind.dll
    • %ProgramFiles%\SideFind\sfex001
    • %ProgramFiles%\SideFind\update\sidefind.exe
    • %ProgramFiles%\YourSiteBar\ysb.dll
    • %ProgramFiles%\YourSiteBar\imagemap_normal.bmp
    • %ProgramFiles%\YourSiteBar\version.txt
    • %ProgramFiles%\YourSiteBar\yoursitebar.xml
    • %System%\gjefpet.exe
    • %Windir% \Downloaded Program Files\ysbactivex.dll
    • %Windir% \[random ASCII characters].exe
    • %UserProfile%\Local Settings\Temp\[random ASCII characters].exe
    • %UserProfile%\Favorites\Fun & Games, drops numerous link files in this folder
    • %UserProfile%\Favorites\Going Places, drops numerous link files in this folder
    • %UserProfile%\Favorites\Living, drops numerous link files in this folder
    • %UserProfile%\Favorites\Shop, drops numerous link files in this folder
    • %UserProfile%\Favorites\Technology, drops numerous link files in this folder

      Notes:
    • %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.
    • %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\Winnt (Windows NT/2000).
    • %UserProfile% is a variable that refers to the current user's profile folder. By default, this is C:\Documents and Settings\[Current User] (Windows NT/2000/XP).

  2. Adds the values:

    "IST Service" = "C:\Program Files\ISTsvc\ISTsvc.exe"
    "[5 random ASCII characters]"  = "[path to adware]"

    to the registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    so that the Adware runs when you start Windows.

  3. Adds the value:

    "SearchAssistant" = "[Web site on the couldnotfind.com domain]"

    to the subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search

    so that searches are redirected to the couldnotfind.com domain.

  4. Creates some of the following registry keys:

    HKEY_LOCAL_MACHINE\Software\ISTsvc
    HKEY_LOCAL_MACHINE\Software\ISTbar
    HKEY_LOCAL_MACHINE\Software\Sidefind
    HKEY_LOCAL_MACHINE\Software\YourSiteBar
    HKEY_LOCAL_MACHINE\Software\Microsoft\Sidefind
    HKEY_LOCAL_MACHINE\Software\Microsoft\DownloadManager
    HKEY_CURRENT_USER\Software\IST
    HKEY_CURRENT_USER\Software\ISTbar
    HKEY_CLASSES_ROOT\ISTbar.BarObj
    HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper
    HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1
    HKEY_CLASSES_ROOT\SideFind.Finder
    HKEY_CLASSES_ROOT\SideFind.Finder.1
    HKEY_CLASSES_ROOT\Pugi.PugiObj.1
    HKEY_CLASSES_ROOT\Pugi.PugiObj
    HKEY_CLASSES_ROOT\YSBactivex.Installer.1
    HKEY_CLASSES_ROOT\YSBactivex.Installer
    HKEY_CLASSES_ROOT\Ysb.YsbObj
    HKEY_CLASSES_ROOT\Ysb.YsbObj.1
    HKEY_CLASSES_ROOT\ISTactivex.Installer
    HKEY_CLASSES_ROOT\ISTactivex.Installer.1
    HKEY_CLASSES_ROOT\ISTactivex.Installer.2
    HKEY_CLASSES_ROOT\TestContentMatchControl1.ContentMatchTag
    HKEY_CLASSES_ROOT\TestContentMatchControl1.ContentMatchTag.1
    HKEY_CLASSES_ROOT\ISTx.Installer
    HKEY_CLASSES_ROOT\ISTx.Installer.2
    HKEY_CLASSES_ROOT\CLSID\{FAA356E4-D317-42A6-AB41-A3021C6E7D52}
    HKEY_CLASSES_ROOT\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
    HKEY_CLASSES_ROOT\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
    HKEY_CLASSES_ROOT\CLSID\{5F1ABCDB-A875-46c1-8345-B72A4567E486}
    HKEY_CLASSES_ROOT\CLSID\{771A1334-6B08-4a6b-AEDC-CF994BA2CEBE}
    HKEY_CLASSES_ROOT\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
    HKEY_CLASSES_ROOT\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}
    HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}
    HKEY_CLASSES_ROOT\CLSID\{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}
    HKEY_CLASSES_ROOT\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A}
    HKEY_CLASSES_ROOT\CLSID\{7C559105-9ECF-42b8-B3F7-832E75EDD959}
    HKEY_CLASSES_ROOT\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F}
    HKEY_CLASSES_ROOT\Interface\{DC065FA6-08F9-4C50-99DC-275D16CFC5BD}
    HKEY_CLASSES_ROOT\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543}
    HKEY_CLASSES_ROOT\Interface\{BF06DA8E-2BEB-4816-9BBD-F7625246E245}
    HKEY_CLASSES_ROOT\Interface\{7B9A715E-9D87-4C21-BF9E-F914F2FA953F}
    HKEY_CLASSES_ROOT\Interface\{90CE74CC-788A-4A00-B38D-CBCA08CC9E8F}
    HKEY_CLASSES_ROOT\Interface\{EAF2CCEE-21A1-4203-9F36-4929FD104D43}
    HKEY_CLASSES_ROOT\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}
    HKEY_CLASSES_ROOT\Interface\{9388907F-82F5-434D-A941-BB802C6DD7C1}
    HKEY_CLASSES_ROOT\Interface\{0E704BA4-C517-4BE7-A1CD-C3FFDA1E1FFE}
    HKEY_CLASSES_ROOT\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}
    HKEY_CLASSES_ROOT\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}
    HKEY_CLASSES_ROOT\TypeLib\{E9A5B71C-093B-4F34-AF07-34FCA89BA0DF}
    HKEY_CLASSES_ROOT\TypeLib\{8C752C5E-3C10-4076-AF0A-FFC69FA20D1B}
    HKEY_CLASSES_ROOT\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}
    HKEY_CLASSES_ROOT\TypeLib\{89A10D64-83BF-41A4-86A3-7AAF1F8F3D1B}
    HKEY_CLASSES_ROOT\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}
    HKEY_CLASSES_ROOT\TypeLib\{DB447818-96B4-40DF-8A55-720DA496F514}
    HKEY_CLASSES_ROOT\TypeLib\{CC257918-F435-4A33-8231-2B8195990CCA}
    HKEY_CLASSES_ROOT\TypeLib\{6D3F5DE4-E980-4407-A10F-9AC771ABAAE6}
    HKEY_CLASSES_ROOT\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}
    HKEY_CLASSES_ROOT\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}
    HKEY_CLASSES_ROOT\Component Categories\{00021494-0000-0000-C000-000000000046}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbarISTbar
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/ISTactivex.dll

  5. Adds the following values:

    "Bandrest" = "Never"
    "Search Bar" = "[Web site on the couldnotfind.com domain]"
    "Search Page" = "[Web site on the couldnotfind.com domain]"
    "Search Page_bak" = "[Web site on the microsoft.com domain]"
    "Start Page" = "[Web site on the slotch.com domain]"
    "Start Page_bak" = "file:/ //C:/WINNT/Web/Start.htm"
    "Use Search Assistant" = "no"

    to the subkey:

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

    to redirect the start page and search pages.

  6. Adds the following values:

    "Bandrest" = "Never"

    to the subkey:

    HKEY_LOCAl_MACHINE\Software\Microsoft\Internet Explorer\Main

  7. May install a toolbar for Internet Explorer or display pop-ups windows displaying pornographic images.

  8. Allows third-party adware and spyware installations to run on the computer.


Mis à jour : February 13, 2007 11:33:50 AM
Type : Adware
Version : n/a
Editeur : Integrated Search Technologies
Impact des risques : Medium
Noms de fichiers : IstBar_DH.dll istbar.dll istbarcm.dll istdownload.exe cmctl.dll istbarcm.dll ysbactivex.dll
Systèmes affectés : Windows


Note: Removing this adware component from the system will likely cause the program that installed it to not function as intended. The uninstaller generally identifies the programs that will not work after uninstallation.

Removal using the Adware.Istbar Removal Tool
Symantec Security Response has developed a removal tool for Adware.Istbar. Use this removal tool first, as it is the easiest way to remove this threat.

The tool can be found here:
http://securityresponse.symantec.com/avcenter/FxIstbar.exe

The current version of the tool is version 1.0.7. It will have a digital signature timestamp of 23 November 2004 04:45:25 AM PST

Notes:

  • The date and time displayed will be adjusted to your time zone, if your computer is not set to the Pacific time zone.
  • The removal tool may terminate Internet Explorer and Windows Explorer. It is recommended that users save their work and log out of these programs before running the removal tool.
  • The removal tool will not delete some harmless Temporary Internet files, which Adware.Istbar created, in C:\Documents and Setings\Administrator\Local Settings\Temporary Internet Files. These can be manually deleted using the following steps:
    1. Start Internet Explorer.
    2. Click Tools > Internet Options.
    3. In the Temporary Internet Files section, then click the Delete Files button.
    4. Check Delete all offline content, and then click OK.
  • The Removal tool will not reset any changes made to settings in Internet Explorer. To restore default settings in Internet Explorer it is necessary to perform the following actions:
    a. Click Start > Settings > Control Panel
    b. Select Internet Options
    c. Select the Programs tab
    d. Click Reset Web Settings
    e. Click OK
    f. Exit Control Panel

Manual Removal Instructions
  1. Update the virus definitions.
  2. Restart in Safe mode.
  3. Run a full system scan and delete all the files detected as Adware.Istbar.
  4. Delete the value that was added to the registry.
  5. Restore default settings in Internet Explorer
For specific details on each of these steps, read the following instructions.

1. Updating the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
  • Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
  • Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

    The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.


2. Restarting the computer in Safe mode
Shut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode or VGA mode. For instructions, read the document, "How to start the computer in Safe Mode ."


3. Scanning for and deleting the infected files
  1. Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
  2. Run a full system scan.
  3. If any files are detected as infected with Adware.Istbar, click Delete.


4. Deleting the value from the registry
Important: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry ," for instructions.
  1. Click Start > Run.
  2. Type regedit > OK.

  3. Navigate to the key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

  4. In the right pane, delete the values if they exist:

    "IST Service" = "C:\Program Files\ISTsvc\ISTsvc.exe"
    "[5 random ASCII characters]"  = "[path to adware]"

  5. Navigate to the key:

    HKEY_LOCAl_MACHINE\Software\Microsoft\Internet Explorer\Main

  6. In the right pane, delete the value if it exists:

    "Bandrest" = "Never"

  7. Navigate to and delete the following keys if the exist:

    HKEY_LOCAL_MACHINE\Software\ISTsvc
    HKEY_LOCAL_MACHINE\Software\ISTbar
    HKEY_LOCAL_MACHINE\Software\Sidefind
    HKEY_LOCAL_MACHINE\Software\YourSiteBar
    HKEY_LOCAL_MACHINE\Software\Microsoft\Sidefind
    HKEY_LOCAL_MACHINE\Software\Microsoft\DownloadManager
    HKEY_CURRENT_USER\Software\IST
    HKEY_CURRENT_USER\Software\ISTbar
    HKEY_CLASSES_ROOT\ISTbar.BarObj
    HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper
    HKEY_CLASSES_ROOT\BrowserHelperObject.BAHelper.1
    HKEY_CLASSES_ROOT\SideFind.Finder
    HKEY_CLASSES_ROOT\SideFind.Finder.1
    HKEY_CLASSES_ROOT\Pugi.PugiObj.1
    HKEY_CLASSES_ROOT\Pugi.PugiObj
    HKEY_CLASSES_ROOT\YSBactivex.Installer.1
    HKEY_CLASSES_ROOT\YSBactivex.Installer
    HKEY_CLASSES_ROOT\Ysb.YsbObj
    HKEY_CLASSES_ROOT\Ysb.YsbObj.1
    HKEY_CLASSES_ROOT\ISTactivex.Installer
    HKEY_CLASSES_ROOT\ISTactivex.Installer.1
    HKEY_CLASSES_ROOT\ISTactivex.Installer.2
    HKEY_CLASSES_ROOT\TestContentMatchControl1.ContentMatchTag
    HKEY_CLASSES_ROOT\TestContentMatchControl1.ContentMatchTag.1
    HKEY_CLASSES_ROOT\ISTx.Installer
    HKEY_CLASSES_ROOT\ISTx.Installer.2
    HKEY_CLASSES_ROOT\CLSID\{FAA356E4-D317-42A6-AB41-A3021C6E7D52}
    HKEY_CLASSES_ROOT\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
    HKEY_CLASSES_ROOT\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
    HKEY_CLASSES_ROOT\CLSID\{5F1ABCDB-A875-46c1-8345-B72A4567E486}
    HKEY_CLASSES_ROOT\CLSID\{771A1334-6B08-4a6b-AEDC-CF994BA2CEBE}
    HKEY_CLASSES_ROOT\CLSID\{42F2C9BA-614F-47c0-B3E3-ECFD34EED658}
    HKEY_CLASSES_ROOT\CLSID\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}
    HKEY_CLASSES_ROOT\CLSID\{386A771C-E96A-421f-8BA7-32F1B706892F}
    HKEY_CLASSES_ROOT\CLSID\{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}
    HKEY_CLASSES_ROOT\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A}
    HKEY_CLASSES_ROOT\CLSID\{7C559105-9ECF-42b8-B3F7-832E75EDD959}
    HKEY_CLASSES_ROOT\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F}
    HKEY_CLASSES_ROOT\Interface\{DC065FA6-08F9-4C50-99DC-275D16CFC5BD}
    HKEY_CLASSES_ROOT\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543}
    HKEY_CLASSES_ROOT\Interface\{BF06DA8E-2BEB-4816-9BBD-F7625246E245}
    HKEY_CLASSES_ROOT\Interface\{7B9A715E-9D87-4C21-BF9E-F914F2FA953F}
    HKEY_CLASSES_ROOT\Interface\{90CE74CC-788A-4A00-B38D-CBCA08CC9E8F}
    HKEY_CLASSES_ROOT\Interface\{EAF2CCEE-21A1-4203-9F36-4929FD104D43}
    HKEY_CLASSES_ROOT\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}
    HKEY_CLASSES_ROOT\Interface\{9388907F-82F5-434D-A941-BB802C6DD7C1}
    HKEY_CLASSES_ROOT\Interface\{0E704BA4-C517-4BE7-A1CD-C3FFDA1E1FFE}
    HKEY_CLASSES_ROOT\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8}
    HKEY_CLASSES_ROOT\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542}
    HKEY_CLASSES_ROOT\TypeLib\{E9A5B71C-093B-4F34-AF07-34FCA89BA0DF}
    HKEY_CLASSES_ROOT\TypeLib\{8C752C5E-3C10-4076-AF0A-FFC69FA20D1B}
    HKEY_CLASSES_ROOT\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671}
    HKEY_CLASSES_ROOT\TypeLib\{89A10D64-83BF-41A4-86A3-7AAF1F8F3D1B}
    HKEY_CLASSES_ROOT\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA}
    HKEY_CLASSES_ROOT\TypeLib\{DB447818-96B4-40DF-8A55-720DA496F514}
    HKEY_CLASSES_ROOT\TypeLib\{CC257918-F435-4A33-8231-2B8195990CCA}
    HKEY_CLASSES_ROOT\TypeLib\{6D3F5DE4-E980-4407-A10F-9AC771ABAAE6}
    HKEY_CLASSES_ROOT\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429}
    HKEY_CLASSES_ROOT\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44}
    HKEY_CLASSES_ROOT\Component Categories\{00021494-0000-0000-C000-000000000046}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbar
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbarISTbar
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\contentmatch.net
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959}
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/ISTactivex.dll

  8. Exit the Registry Editor.

5. To restore default settings in Internet Explorer
    a. Click Start > Settings > Control Panel
    b. Select Internet Options
    c. Select the Programs tab
    d. Click Reset Web Settings
    e. Click OK
    f. Exit Control Panel


6. To delete other files that this Adware uses
    Using Windows Explorer, browse to and delete the following folders if they exist:

    • %ProgramFiles%\ISTsvc
    • %ProgramFiles%\Istbar
    • %ProgramFiles%\SideFind
    • %UserProfile%\Favorites\Fun & Games
    • %UserProfile%\Favorites\Going Places
    • %UserProfile%\Favorites\Living
    • %UserProfile%\Favorites\Shop
    • %UserProfile%\Favorites\Technology.