Google toolbar trojan?

  Babou 17:07 05 Dec 2007

I'm running Vista, with AVG as anti-virus, plus the Windows Defender and firewall. Today I got the little Vista message saying a program wanted to display a message. I clicked to show the message and the whole screen was taken up with what appeared to be a bogus IE window (on a fake blue background) wanting me to click OK to download a Google toolbar update. I did ctrl/alt/delete, intending to start Task Manager to see what was running this app, but the log-in screen didn't show the usual menu.

On going back to the desktop from the log-in screen the "message" had gone, so I start Task Manager and waited for the Vista box to reappear, which it did. I clicked to show the message ... and couldn't access Task Manager while it was showing!

I've tried rebooting but this message - though *sort of* blocked by Vista - keeps coming back. (The drop-down "more info" tab refers to IE - says it's incompatible. I can't remember the exact message ... something to do with ieframe.dll?) I've started an AVG scan. It'll take a few hours though and I'm at work now.

I've searched the net but only found a reference to an email trojan that involves a bogus Google toolbar update.

Has anyone seen anything like this? Is it a trojan? How do I get rid of it?

  Technotiger 17:13 05 Dec 2007

Hi, you could try a System Restore back to before this happened.

  Babou 18:48 05 Dec 2007

Yep, I could try that ... I was just hoping there was an easier way. I have the feeling a system restore would take me back to a load of other niggles.


  €dstowe 18:52 05 Dec 2007

Restore from your system backup (which I hope you have)?

  mfletch 19:02 05 Dec 2007


Use SAS Superantispyware check for any update and then run it in safe mode,

Use the free one/ click here

Google tool bar info/
click here


  Babou 19:38 05 Dec 2007

Thanks all! Yes, I have a restore point - just didn't really want to have to do that. I haven't done it in Vista, but in XP it led to a world of pain.

I'll try SAS Superantispyware...

  Babou 13:55 06 Dec 2007

OK I ran SAS, which found gazillions of trackers etc (well, a few hundred). But as soon as I rebooted the damned message was back!

So after uninstalling Google toolbar just to be on the safe side, I clicked the OK button on the message (it went to what seemed to be the real Google toolbar download page) and ran SAS again. It didn't find anything at all and the message hasn't come back.

I suspect it was genuine - the "bogus" appearance might just be Vista's way of displaying it safely. If so - HOW ANNOYING! I like Vista but at times it seems overly paranoid, a loony with a tinfoil hat. Should have one of these built in: click here

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Dell XPS 13 9370 (2018) review

The art of 'British' pulp fiction

Best password managers for Mac

TV & streaming : comment regarder le Tournoi des Six Nations 2018 ?