Crouching virus, hidden customer service rep
February 28, 2006 6:01 PM Subscribe
Is there a customer service telephone number for Microsoft's antispyware products?
when I run the "quick scan" it always finds an "ist.ist" toolbar, extreme risk, redirector thing and offers to remove it. I agree to the remove and the program seems to remove it but it is found again on the next scan. The item is the last remnant of a paralizing infection that took all three days of a $50 super-dooper service session with SBC DSL customer service, at the end of which I was told to download the MSN stuff because it's better than theirs. Remaining symptoms: A: e-mail reply function does't work. B: SBC DSL popup blocker says "disabled" during login but popups are mostly blocked anyway. C: I always hear a little "pop" noise when I sign on (before connecting to internet.) D: I swear, a couple of times when the speaker volume happened to be near max when I signed on I briefly heard the sound of a little buzzing fly.
when I run the "quick scan" it always finds an "ist.ist" toolbar, extreme risk, redirector thing and offers to remove it. I agree to the remove and the program seems to remove it but it is found again on the next scan. The item is the last remnant of a paralizing infection that took all three days of a $50 super-dooper service session with SBC DSL customer service, at the end of which I was told to download the MSN stuff because it's better than theirs. Remaining symptoms: A: e-mail reply function does't work. B: SBC DSL popup blocker says "disabled" during login but popups are mostly blocked anyway. C: I always hear a little "pop" noise when I sign on (before connecting to internet.) D: I swear, a couple of times when the speaker volume happened to be near max when I signed on I briefly heard the sound of a little buzzing fly.
I had an MBR virus years ago which exhibited similar behavior to what you are experiencing. It was a stealthy little bastard -- one which I and others were never able to fully disable. It lead to wiping the drive clean -- including the MBR -- and rebuilding a new C: drive.
posted by ericb at 6:35 PM on February 28, 2006
posted by ericb at 6:35 PM on February 28, 2006
Best answer: BTW -- from Microsoft's website:
posted by ericb at 7:25 PM on February 28, 2006
"If you need more help with virus-related issues, contact Microsoft Product Support Services.If you are using Microsoft Defender, it is still in beta and I wonder if it is not yet fully supported by customer support.
For support within the United States and Canada, call toll-free (866) PCSAFETY (727-2338)."
posted by ericb at 7:25 PM on February 28, 2006
Wipe absolutely everything and reinstall from scratch, applying major security patches and anti-virus/spyware before connecting to the 'net, and please pay someone if you're not confident about doing that properly.
Once a PC's got multiple or stubborn infections you shouldn't carry on using it, you have to assume it can't be trusted. There are way too many compromised Windows boxes out there and it's not only the owners that suffer, they get used to attack web sites and launch other hack attempts.
posted by malevolent at 11:00 PM on February 28, 2006
Once a PC's got multiple or stubborn infections you shouldn't carry on using it, you have to assume it can't be trusted. There are way too many compromised Windows boxes out there and it's not only the owners that suffer, they get used to attack web sites and launch other hack attempts.
posted by malevolent at 11:00 PM on February 28, 2006
Best answer: Have you tried following the IST company instructions for removal of the IST toolbar? Use the manual steps they list if you do; I wouldn't trust the other two methods of running their own programs to get rid of their own spyware programs.
Should that not work, if you know how and/or are comfortable doing it, did you try looking in the registry for unauthorized start-up programs? A lot of malware loads there. With proper care, registry editing need not be the horrible ordeal that it is often claimed to be. If you do try, you might want to do it while booted in Safe Mode, since some nasties can load in memory and keep reinserting themselves in the registry as you edit it. I've seen it happen; it can be amusing the first time the spyware fights back. Then it quickly becomes seriously annoying. On the small chance you have one, there are also guaranteed MBR virus kill techniques, although which you might use depends on the operating system you're running under.
I've said it before, but I'll repeat myself: People tend to be too willing to reinstall everything after an infection. With proper planning and knowledge, you can almost always eradicate malware, spyware, viruses, or other infections without full reinstalls. As always, though, you have to balance the time to snuff out the bad guys against your time and pain to do a full reinstall. For a lot of people, it is going to be easier, quicker, or cheaper to do the full reinstall. It may well be easier for you too. On the other hand, I've cleared, I dunno, a couple dozen infested machines of malware crap -- the record so far is one with over 60 spyware and viruses -- and never had to do a full opsys reinstall.
Standing AskMeta Win-computer operating problem offer #101: you can e-mail me if you believe a few interactive IM suggestions might help.
posted by mdevore at 11:50 PM on February 28, 2006
Should that not work, if you know how and/or are comfortable doing it, did you try looking in the registry for unauthorized start-up programs? A lot of malware loads there. With proper care, registry editing need not be the horrible ordeal that it is often claimed to be. If you do try, you might want to do it while booted in Safe Mode, since some nasties can load in memory and keep reinserting themselves in the registry as you edit it. I've seen it happen; it can be amusing the first time the spyware fights back. Then it quickly becomes seriously annoying. On the small chance you have one, there are also guaranteed MBR virus kill techniques, although which you might use depends on the operating system you're running under.
I've said it before, but I'll repeat myself: People tend to be too willing to reinstall everything after an infection. With proper planning and knowledge, you can almost always eradicate malware, spyware, viruses, or other infections without full reinstalls. As always, though, you have to balance the time to snuff out the bad guys against your time and pain to do a full reinstall. For a lot of people, it is going to be easier, quicker, or cheaper to do the full reinstall. It may well be easier for you too. On the other hand, I've cleared, I dunno, a couple dozen infested machines of malware crap -- the record so far is one with over 60 spyware and viruses -- and never had to do a full opsys reinstall.
Standing AskMeta Win-computer operating problem offer #101: you can e-mail me if you believe a few interactive IM suggestions might help.
posted by mdevore at 11:50 PM on February 28, 2006
It's probably being replaced by System Restore. Turn that off, set it to zero, then clean the crud and reboot. Once rebooted, check it again. If clean, turn your System Restore back on.
posted by kc0dxh at 9:09 AM on March 1, 2006
posted by kc0dxh at 9:09 AM on March 1, 2006
Response by poster: system restore was turned off during above described efforts.
posted by longsleeves at 8:35 PM on March 1, 2006
posted by longsleeves at 8:35 PM on March 1, 2006
This thread is closed to new comments.
posted by ericb at 6:29 PM on February 28, 2006