Saturday, July 02, 2005

Adware & Malware Indentifier Index: Letter I.

The following is an in-progress index of some of the more common malware toolbars/browser helper objects, and associated files, at large on the Internet. It links, when possible, to detail pages including vendor uninstall pages and freeware or trialware removal tools. No commercial removal software is cited. Only auxiliary information for manual removal is provided. It will be regularly updated with new information as it comes available. Revision dates will be listed in parenthesis next to the revised/updated item.

The information in the Adware & Malware Indentifier Index is the result of thousands of web searches. It can not, however, possibly be complete. The subject is vast and constantly changing. Moreover, vendor uninstall tools and other freeware removal tools do not necessarily remove all of an infection from your computer. Vendor uninstall tools, for instance, may silently leave cookies or other tracking software installed. It is suggestible to follow up a removal with one or more adware scans and/or to do an inspection using a HijackThis log. The information on the page is not guaranteed correct and any use you may choose to make of it is entirely at your own risk.

If you are seeking information on generic winREG.lowzones.f, Virtual Grub Street's "How to Remove ISearchTech.SindFind" page, which was the number one listing for most lowzones.f keywords, until 12/03/06, when it was removed from search engine coverage, two days after the rush began (mostly in Western Europe) for lowzones.f information, you can find it >>> here.

If you wish to go directly to VGS's new "How to Remove Trojan.winreg.LowZones.f" page, click >>> here.

Should you be looking for neither, please feel free to continue.

Ibis Toolbar

  • Executable Files: wintools.exe; wsup.exe; wtoolsa.exe.
  • Dynamic Link Libraries: common.dll; toolbar.dll.
  • Directory/Search Page:
  • Uninstall page URL:
  • Related Articles: Important Removal Tool Note.
  • Notes: This malware is related to HuntBar and WinTools. "toolbar.dll" and "common.dll" are names used for legitimate and malware BHOs. They are not necessarily indicative of a particular BHO. See: How to Remove Ibis Toolbar.


  • Executable Files: aaa.exe; bbb.exe; iagold.exe; msudpb.exe ; py.exe; zzb.exe.
  • Dynamic Link Libraries: ieloader.dll; msudpb.dll.
  • Directory/Search Page:
  • Uninstall page URL:
  • Related Articles: Important Removal Tool Note.
  • Notes: Added by TrojanDownloader.Small.RR. Installs TrojanDialer.Freeload, which, according to Symantec, "is an ActiveX component that can be used by Web pages to download dialer programs. The dialer program may be used to access premium-rate services including pornographic and astrological services." See: How to Remove IELoader.



  • Associated Worms/Trojans:
Downloader.Dyfica.3.L (Grisoft ); Troj/LowZone-AL [a.k.a. Downloader-QG; QLowZones-26; Trojan.WinREG.LowZones.f ]; Troj/SideFind-A; TR/Spy.Shutcom; TrojanDownloader:Win32/IstBar.EO; W32/Istbar.O@dl.
  • Executable Files: sfexd001.exe; sidefind.exe; sidefind[1].exe; istrecover[1].exe; sskc.exe; ISTsvc.exe.
  • Dynamic Link Libraries: sfbho.dll; sidefind.dll.
  • Directory/Search Page:
  • Uninstall page URL:
  • Related Articles: How to Remove YourSiteBar; ISearchTech.SideFind Update (08-27-05); How to Remove ISTBar; How to Remove Trojan.winreg.LowZones.f; Important Removal Tool Note.
  • Notes: Click this link for instructions on >>> How to remove generic / stand-alone versions of Trojan.winREG.LowZones.f.
  • Variations on this infection are also known as Troj/SideFind-A [Sophos], ADW_SideFind-A [TrendMicro] and ADW_sideFind-C [TrendMicro]. This group of trojan downloaded side bars may be identified by one of the following values being detected in the HKEY_USERS section of the registry: {8CBA1B49-8144-4721-A7B1-64C578C9EED7}; {10E42047-DEB9-4535-A118-B3F6EC39B807}. See: How to Remove ISearchTech.SideFind.
  • ISearchTech.YSB, YourSiteBar

    ISTBar, SideFind.

    • Associated Worms/Trojans:
    • Executable Files:
    gjefpet.exe; istdownload.exe; istrecover.exe; istsvc.exe; juhpad.exe; sfsetup.exe; sidefind.exe; srchupdt.exe.
  • Dynamic Link Libraries: cmctl.dll; istactivex.dll; istbar.dll; istbarcm.dll; istbar_dh.dll; mscache.dll; sfbho.dll; sidefind.dll; sidefind13.dll; srchfst.dll; ysb.dll; ysbactivex.dll.
  • Directory/Search Page:
  • Uninstall page URL:
  • Related Articles: How to Remove YourSiteBar; How to Remove ISearchTech.SideFind; ISearchTech.SideFind Update (08-27-05); Important Removal Tool Note.
  • Notes: According to the Spyware Information Center, this infection is also known as: Adware/SearchFast [Panda], Adware/SideFind [Panda], Spyware/ISTbar [Panda], Trojan Horse [Panda], TrojanDownloader.Win32.Istbar.eo, TrojanDownloader.Win32.IstBar.gen [Kaspersky]. This infection is spread by stealth downloads, generally from game and porn sites. Numerous variants are at large and some may not be removable by the removal tool referenced on this page. All variants use a corresponding variant of the TrojanDownloader.Win32.IstBar. ISTBar may download various other parasites while installed. These items may have to be removed separately. See: How to Remove ISTBar.
  • No comments: