Sneaky Spyware Alert - Fake Google Toolbars!!!
January 25th, 2007 by Jeff Kee| - Related Posts - |
So my friend who doesn’t know shit all about computers has been getting a weird symptom where he would enter searches on his Google toolbar, and the results would take him elsewhere, to some suspicious commercial website! So I started investigating. I’m not an expert on Spyware and such but I know enough to sorta hack them out.
During the process, I tried uninstalling the Google toolbar first. And here is a screenshot I took from his computer. He runs Windows XP SP2, Just like myself.
Note that the size of thetoolbar is 29.24 MB, which sounds abnormal to me, and the logo was something different! So I removed it, and went through a bunch of other cleaning procedures and the symptoms stopped.
Nonetheless I decided to investigate further, by installing a Google Toolbar from google.com - to ensure it is authentic. So, here’s the screencap from the Add or Remove Programs screen from my computer.
Only 5.03 MBs, and the logo is simply the Internet Explorer symbol.
The difference in the logo design is something I can understand - it could have changed. BUT. The size of the software cannot be that much different, really. A version upgrade of some sort would have resulted in a couple hundred Kilobytes at the most.
So there. In case you were not aware of it before, there is a FAKE version of the Google Toolbar running around the internet bringing you commercial advertisement pages on your search results!
RSS ME!!!
Wow. That is sneaky… I had similar symptoms withotu the tool bar at one point.. atho they were not from the actual google links, but every time i search google, it would open a new popup window with shit on it.
In my case, even the Google search thing on the top-right corner on IE 7 was doing it.. I still haven’t gotten rid of it yet. Can’t figure out how…Any ideas jeff?
Do a google search for the string Hijacker.. sounds like one of those. It literally hijacks your search results and takes you elsewhere to a paid sponser’s site which you don’t want to visit at all.
I’ve found some really good forums where other guys can help you fix these things… they ask you to post a hijackThis log, which shows al the running processes and what not. Based on that they give you a diagnosis… it’s really handy. I dont have the URL off the top of my head but i’ll try to find it for you.
Dear Jeff, I ended up with this fake google toolbar thru Microsoft somehow. I couldn’t play a DVD one night. I was told since I was running Windows XP I needed to upgrade my Windows Media Player to the new Windows Media Player 11, So I did, then I was told I needed to download a new Decoder program? which was not actually a MS program but was taken there thru WMP11. After downloading I had nothing but problems. Still can’t get rid of it.. Just the Good Google toolbar gets deleted.
I have Norton Antivirus 2007. What do we pay for these things for? My daughter was conned into pay another $30.00 to upgrade her McIvie sp? AntiVirus program after Microsoft?? sent her a message that if she didn’t upgrade she would end up with this program also.
I downloaded Spybot and and another Antispyware-Antiadware program and have been working on deleting it (gtb) for days… Help!!
It’s often better to look up the symptoms on Google, and there are tech forums where people deal specifically with the specified spyware. And they can, based on a system scan that you can send them (of the running processes log and what not) provide you with specific instructions on how to remove them.
Removing some malicious spyware involves modifying the registry, deleting specific files in specific locations, booting up in safe mode, etc. and it can be quite a hassle.
There are a lot of new spyware mechanisms coming up that Norton or McAffee cannot detect or intercept. I’d say you are getting your money’s worth - without them you would be 10 times more exposed to spyware and what not - it’s like a low immune system. A good immune system is strong but still imperfect…
Another good solution to be to convert to a Mac, if you’re comfortable with the interface!