Google toolbar trojan?

  Babou 17:07 05 Dec 07
Locked

I'm running Vista, with AVG as anti-virus, plus the Windows Defender and firewall. Today I got the little Vista message saying a program wanted to display a message. I clicked to show the message and the whole screen was taken up with what appeared to be a bogus IE window (on a fake blue background) wanting me to click OK to download a Google toolbar update. I did ctrl/alt/delete, intending to start Task Manager to see what was running this app, but the log-in screen didn't show the usual menu.

On going back to the desktop from the log-in screen the "message" had gone, so I start Task Manager and waited for the Vista box to reappear, which it did. I clicked to show the message ... and couldn't access Task Manager while it was showing!

I've tried rebooting but this message - though *sort of* blocked by Vista - keeps coming back. (The drop-down "more info" tab refers to IE - says it's incompatible. I can't remember the exact message ... something to do with ieframe.dll?) I've started an AVG scan. It'll take a few hours though and I'm at work now.

I've searched the net but only found a reference to an email trojan that involves a bogus Google toolbar update.

Has anyone seen anything like this? Is it a trojan? How do I get rid of it?

  Technotiger 17:13 05 Dec 07

Hi, you could try a System Restore back to before this happened.

  Babou 18:48 05 Dec 07

Yep, I could try that ... I was just hoping there was an easier way. I have the feeling a system restore would take me back to a load of other niggles.

Thanks...

  €dstowe 18:52 05 Dec 07

Restore from your system backup (which I hope you have)?

  mfletch 19:02 05 Dec 07

Hi,

Use SAS Superantispyware check for any update and then run it in safe mode,

Use the free one/ click here



Google tool bar info/
click here

mfletch

  Babou 19:38 05 Dec 07

Thanks all! Yes, I have a restore point - just didn't really want to have to do that. I haven't done it in Vista, but in XP it led to a world of pain.

I'll try SAS Superantispyware...

  Babou 13:55 06 Dec 07

OK I ran SAS, which found gazillions of trackers etc (well, a few hundred). But as soon as I rebooted the damned message was back!

So after uninstalling Google toolbar just to be on the safe side, I clicked the OK button on the message (it went to what seemed to be the real Google toolbar download page) and ran SAS again. It didn't find anything at all and the message hasn't come back.

I suspect it was genuine - the "bogus" appearance might just be Vista's way of displaying it safely. If so - HOW ANNOYING! I like Vista but at times it seems overly paranoid, a loony with a tinfoil hat. Should have one of these built in: click here

This thread is now locked and can not be replied to.

Intel Coffee Lake 8th-gen Core processors release date rumours

1995-2015: How technology has changed the world in 20 years

Apple MacBook Pro with Touch Bar review

Best iPhone games 2017 | Best iPad games 2017: 162 fantastic iOS games that you need to play right…