Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Google Toolbar

  1. #1
    Member
    Join Date
    May 2008
    Posts
    60

    Default Google Toolbar

    Hello,

    I'm new to posting on spybot's forums but I have a problem I'd like your advice on. Yesterday I was informed by spybot that there was an attempt to change my registry keys. I clicked deny but it popped up again. I was attempting to open a link to a FAMILIAR website (this link is saved in my yahoo email). That was when I got the warning from spybot. Anyway, I denied it, then it came up and I accepted it. So when the new window opened my toolbar was different: the yahoo toolbar was gone, only the google toolbar was there. Moreover the drag down menus "File", "Edit", "Favorites" were not on my browser. The IE explorer icon was very large (I'm using IE 6 I do not wan to upgrade to IE 7). Then I closed the window and attempted to reopen it, the spybot warning came up again, I clicked accept and then saw the same window I had just mentioned above.

    I then clicked on the spybot icon on my desktop, it never opened. Instead I got a "beep" noise. I tried 3 more times to the same effect. I attempted to open a new window from "Start" but nothing happened. I thenclicked "Star" again to open my computer but nothing happened. I then manually turned my computer off then on again and the browser was showing the drag down menus BUT the google toolbar was the only toolbar showing. I clicked on view and then got the yahoo toolbar visible again.

    The same problem happened again today at ~ 6:15 PM (note this is about when it happened yesterday,too). I clicked on the link to the same site I had yesterday (a link I've clicked for many months now) and had the same problem mentioned above. This time, though, I just clicked restart for my computer. When I did so, I then accessed spybot and here I am at the forum asking for advice.

    This is no doubt google spywar. I do own a website and I rely on google analytics to track my site visitors. I have google adsense ads and Double Click which is an affiliate program owned by google also advertises on my site. I also use google email for certain things although I use yahoo for 85% of my email and searches.

    This is something that has just happened. I do know that spyware is prevalent and google has admitted to reading users' email. Also I am aware that adsense and DoubleClick do have tracking cookies installed on my computer. I also know that google, yahoo and MSN do offer users the option of making whichever of them you access to be your homepage. I used MSN as my default but two months ago I made yahoo my homepage.

    I am not very familiar with computers, I'm still learning. So many of the operations and lingo will be unfamiliar to me. But I am very convinced that google is attemptint to change my browser settings to remove the yahoo programs that I have installed.

    I ask for your advice and assistance.

    Thank you.

    Edit: I forgot to mention that when I experienced the problem today, I also got a low memory warning which is another indication that something was amiss.
    Last edited by computer_user; 2008-05-21 at 03:05.

  2. #2
    Member
    Join Date
    May 2008
    Posts
    60

    Default

    More information about my computer:

    1. I have the latests SP pack installed.
    2. I have Windows XP Professional
    3. McAfee 8.5.1 (?) whichever is the latest version of McAfee
    4. I have AVG free anti-virus software but it will expire at the end of the month
    5. Lavasoft for adware
    6. I do not have the admin password any longer, it's been misplaced.
    I just updated the latest version of Spybot.

  3. #3
    Member
    Join Date
    May 2008
    Posts
    60

    Default

    I also have Windows Defender.

  4. #4
    Member
    Join Date
    May 2008
    Posts
    60

    Default Question About Fake Browsers/Messages

    Hi,

    I have a question or two. Last Saturday evening I saw an IM MSN chat window invitation from a friend of mine. The friend was then offline by the time I had returned to my computer (my computer was turned on but the wcreen had gone dark because it had been idle for about 45 minutes or so). In the dialogue box was a link. I clicked on it but it just took me to advertising sites. I was puzzled so I sent an email to my friend including the link which was in the chat dialogue box which my friend had allegedly initiated. This morning my friend replied to my email saying that she had not sent me any link on the day in question.

    Well today, I turn on my computer and I have an offline message (this time via yahoo IM) from another friend. In this case it was pointing to a Chinese myspace type page. My computer does not have the translator installed so I have no way to know anything esp. since I've never seen nor visited that site before (my friend is Chinese, though). In light of the fact that my other friend (the one from which last saturday's link was not sent as she said it was not sent), I wonder if some spyware/malware/hacker could be at work.

    I say this also because yahoo mail is coming up with a lot of sign out errors of late-10 or so today-and has repeatedly asked me for my password. Yahoo is known for security but when I am involuntarily logged out of my own account and then must re-type my password just to get back in, only to have it happen a few moments later on the same account has me concerned. Just last week I was signing into google mail (gmail) and the prompt wanted me to confirm my password.

    Is it possible for hackers to impersonate my friends (or me for that matter), commandeering Instant Message accounts and sending fake IMs to people? If yes, how can I know when my friends are communicating with me as opposed to an impersonator? Also, could my browser have been compromised in some way? How can I know this? BTW, I am using IE 6, I know IE 7 is available but I prefer version 6. Months ago I had upgraded from IE 6 to IE 7 on my old computer but was having problems with malware/trojans eg Winfixer 2007 and with the help of a friend had to transfer everything to a new PC. He was using IE 6 and I decided to keep IE 6. I have Windows Defender and other anti-virus software on my computer in addition to spy-bot (as I mentioned in another thread on this forum). I've run spy-bot to check for any hackers but it hasn't turned up anything. But I don't know whetehr or not spy-bot can ferret out a hacker impersonating my friends on Instant Messenger (which is even worse than faking in regular email). What can be done?

    Thanks.
    Last edited by tashi; 2008-05-29 at 06:12. Reason: Merged two topics

  5. #5
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello,
    Quote Originally Posted by computer_user View Post
    More information about my computer:
    3. McAfee 8.5.1 (?) whichever is the latest version of McAfee
    4. I have AVG free anti-virus software but it will expire at the end of the month
    Rule of thumb is one Firewall/one resident Anti Virus to avoid conflicts and loss of program efficiency.
    Quote Originally Posted by computer_user View Post
    BTW, I am using IE 6, I know IE 7 is available but I prefer version 6. Months ago I had upgraded from IE 6 to IE 7 on my old computer but was having problems with malware/trojans eg Winfixer 2007 and with the help of a friend had to transfer everything to a new PC. He was using IE 6 and I decided to keep IE 6.
    IE7 is more secure than IE6.

    Quote Originally Posted by computer_user View Post
    Hi,
    Last Saturday evening I saw an IM MSN chat window invitation from a friend of mine. The friend was then offline by the time I had returned to my computer (my computer was turned on but the wcreen had gone dark because it had been idle for about 45 minutes or so). In the dialogue box was a link. I clicked on it but it just took me to advertising sites.
    I suspect the computer was already infected and clicking on a link in MSN the icing on the cake.

    Please follow the procedure in this link: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Then start your own thread in the Malware Removal Forum where a helper will advise you as soon as available.

    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  6. #6
    Senior Member honda12's Avatar
    Join Date
    Nov 2007
    Location
    UK
    Posts
    682

    Lightbulb Prevention Methods

    Quote Originally Posted by computer_user View Post
    Hi,
    I have a question or two. Last Saturday evening I saw an IM MSN chat window invitation from a friend of mine. The friend was then offline by the time I had returned to my computer (my computer was turned on but the wcreen had gone dark because it had been idle for about 45 minutes or so). In the dialogue box was a link. I clicked on it but it just took me to advertising sites. I was puzzled so I sent an email to my friend including the link which was in the chat dialogue box which my friend had allegedly initiated. This morning my friend replied to my email saying that she had not sent me any link on the day in question.

    Is it possible for hackers to impersonate my friends (or me for that matter), commandeering Instant Message accounts and sending fake IMs to people?
    The answer, unfortunately is yes - I have seen things like this before. It is not necessarily the hacker's impersonating your friends. What is most likely to be happening (especially because your friend was offline) is that they were infected with some kind of virus - These kinds of viruses send messages to all the people on the infected's contact list. People then click on the link (or download a file), get infected and without even knowing, start to send links and files to everyone on their contact lists - You can see how these things spread so quickly

    Anyway - to stop further infections I recommend you follow these steps:

    1. Secure your Instant Messengers


    For MSN Messenger (or now know as Windows Live Messenger):
    -First go to tools - options - file transfer - check "Automatically reject file transfers for known unsafe file types", un-check "automatically share backgrounds and accept shared backgrounds"

    (you could also disable links)

    For other messengers look for equivalent options!

    General:

    -Save all downloaded files to a certain folder, and if possible configure your anti-virus to scan that folder

    -And if you are slightly paranoid you can also download something like 'sandboxie' to further isolate downloaded files


    2. Common Sense! <----Most Important

    Your best defence against getting infected is to always ask: 'Where did you get that file from?' and simple questions like that. I rather ask a couple of questions (and look slightly paranoid! ) than be infected with malware and have to spend loads of time trying to get rid of it!

    Also, if you get a file request saying...

    REALLY COOL PICTURE!!! HAHA! LOOK AT THIS!!!.rar
    ...and the file extension is something other than a picture file - you know you should decline the request (zip files are used a lot by baddies because they can hide things in them - To see whats inside you have to open them ...by then it is too late!)


    Hope that helps,

    honda


    P.S. Remember - Use Your Common Sense!

  7. #7
    Senior Member honda12's Avatar
    Join Date
    Nov 2007
    Location
    UK
    Posts
    682

    Lightbulb More...

    oh yeah, forgot to mention:

    Im not too sure about 'tale-tale' signs, but if your friends sends you a link or file when he/she is offline - that would be suspicious!

    As for staying with IE6, I would definitely recommend you upgrade to either IE7 or a different browser

    From my ramble on how bad IE is (and how good Firefox is!)

    http://forums.spybot.info/showthread.php?t=21314

    Any browser has vulnerabilities, but since internet explorer 6 (and 7) were made by microsoft. And since microsoft's windows is the most popular operating system on the planet, internet explorer is the most popular browser on the planet. The more popular the browser, the more 'bad' people you will have to take advantage of it. So hackers and other 'bad' people take advantage of any vulnerabilities that internet explorer has because:
    1. microsoft is very slow to patch up their software to block known vulnerabilities
    2. Because it is so popular, they can take advantage of more people

    This applies to all browsers, including firefox. Except the difference between firefox and internet explorer is that Mozilla regularly updates and patches it's software (to block new vulnerabilities)> One example of this was when Mozilla updated firefox to 2.0.0.10. Within one day, they found major vulnerabilities, so the next day they released 2.0.0.11.

    Internet explorer hasn't been updated for years (until now). So the point is that internet explorer 6 is only good at blocking threats from years ago. 'bad' people have found new ways to hijack and do other mean stuff to people through their browsers. Internet explorer 6 has no defense against these new threats.
    If you don't like the look of IE7 - there is a website to make IE7 look like IE6: EnhanceIE


    List of good popular browsers:

    - Firefox
    - Opera

  8. #8
    Member
    Join Date
    May 2008
    Posts
    60

    Default

    Quote Originally Posted by tashi View Post
    Hello,


    Rule of thumb is one Firewall/one resident Anti Virus to avoid conflicts and loss of program efficiency.


    IE7 is more secure than IE6.


    I suspect the computer was already infected and clicking on a link in MSN the icing on the cake.

    Please follow the procedure in this link: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    Then start your own thread in the Malware Removal Forum where a helper will advise you as soon as available.

    Regards.

    So the FIRST thing I should do is get an HJT log by running Spybot-S&D in safe mode BEFORE posting in the malware forum?

  9. #9
    Member
    Join Date
    May 2008
    Posts
    60

    Default

    Quote Originally Posted by honda12 View Post
    The answer, unfortunately is yes - I have seen things like this before. It is not necessarily the hacker's impersonating your friends. What is most likely to be happening (especially because your friend was offline) is that they were infected with some kind of virus - These kinds of viruses send messages to all the people on the infected's contact list. People then click on the link (or download a file), get infected and without even knowing, start to send links and files to everyone on their contact lists - You can see how these things spread so quickly

    Anyway - to stop further infections I recommend you follow these steps:

    1. Secure your Instant Messengers


    For MSN Messenger (or now know as Windows Live Messenger):
    -First go to tools - options - file transfer - check "Automatically reject file transfers for known unsafe file types", un-check "automatically share backgrounds and accept shared backgrounds"

    (you could also disable links)

    For other messengers look for equivalent options!

    General:

    -Save all downloaded files to a certain folder, and if possible configure your anti-virus to scan that folder

    -And if you are slightly paranoid you can also download something like 'sandboxie' to further isolate downloaded files


    2. Common Sense! <----Most Important

    Your best defence against getting infected is to always ask: 'Where did you get that file from?' and simple questions like that. I rather ask a couple of questions (and look slightly paranoid! ) than be infected with malware and have to spend loads of time trying to get rid of it!

    Also, if you get a file request saying...



    ...and the file extension is something other than a picture file - you know you should decline the request (zip files are used a lot by baddies because they can hide things in them - To see whats inside you have to open them ...by then it is too late!)


    Hope that helps,

    honda


    P.S. Remember - Use Your Common Sense!

    You posted some useful advice, I will take it under advisement. Thank you.

  10. #10
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    Hello,

    Quote Originally Posted by computer_user View Post
    So the FIRST thing I should do is get an HJT log by running Spybot-S&D in safe mode BEFORE posting in the malware forum?
    Running Spybot-S&D in safe mode, when the operating system only loads the bare minimum of software that is required for the operating system to work, can allow Spybot-S&D to finish cleaning up items it has tried to remove.

    After booting back into Windows, (no longer in safe mode), then one runs a HJT scan to produce a log.

    Instructions for HJT here: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    If this is confusing skip the Spybot and Kaspersky scans, produce the HJT log and copy paste it into a new topic.

    It would be best to keep your on-line activity to a minimum for the duration.

    After a clean up, advice on how to stay clean will be given to you by the helper who assisted.

    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •