Malware hijacked my Google toolbar and killed search

Friday, 23 May 2008 | 809 readers so far

I normally don’t get infected with malware, spyware or viruses. I shouldn’t - I make my living keeping people’s computers and networks operating properly. However, there are exceptions to every rule.

Like DEA Agent Lee Paige, who shot himself in the foot while telling a class full of students how he was the only one in the room professional enough to handle a gun, I became the victim of my own overconfidence yesterday. We use Trend Micro’s OfficeScan corporate anti virus protection in our environment.

Anyhow, the long story short is that part of my job entails checking up on what our employees are doing on the Internet. I receive reports containing links every time someone attempts to surf somewhere our monitoring software thinks they shouldn’t be. Yesterday I clicked one of the links provided in the report and almost immediately realized I was in trouble. My computer began spewing popups left and right. I use Mozilla Firefox, which is generally not affected by spyware and malware, but in this case, both Internet Explorer and Mozilla Firefox were infected and hijacked. The popups were kind enough to inform me that my PC was infected and came with an entreaty to click various links where I would be able to install software to remove the infection - for a price. What sort of twisted human being writes code that blackmails a computer user? I’d love an opportunity to code that coder’s ass.

My first attempt to remedy the situation involved running a full virus scan using Trend Micro. Unfortunately, although Trend was able to detect several infected files, it was wholly inadequate at fixing the issue. Several reboots later, and after having also run the “grayware” detection provided by Trend, I decided I needed to bring in additional firepower.

Since my two main browsers were both incapacitated I used Apple’s Safari browser to begin Googling for a solution. I downloaded PC Tools Spyware Doctor and installed it. The full scan found several hundred nasties that all propagated from the single short sighted link click. After another several reboots, my browsers were no longer spewing popups at the rate of several hundred per hour. The spyware was still partially active on my system though. The Google toolbar in both Internet Explorer and Mozilla Firefox was disabled and IE was crashing repeatedly on launch.

Time to call in the big guns. Enter SmitFraudFix and Combofix. Both of these free products will remove spyware but they come with risks and are not as simple to use as commercially available tools. Combofix can potentially make a PC operating system unbootable and should be run as a last resort. In my case, it was the tool that made the difference - restoring my ability to use search features in both Mozilla Firefox and Internet Explorer 7.

Moving forward, I will be clicking those links in a virtual operating just in case.  We’ll also be reassessing our use of Trend Micro’s products and looking for possible alternatives.

Spread this meme:
  • del.icio.us
  • Slashdot
  • StumbleUpon
  • Technorati
  • Fark
  • SphereIt
  • Mixx
  • E-mail this story to a friend!
  • Google
  • Digg
  • Reddit

Tags: , , , , , , , , , , ,

The entry 'Malware hijacked my Google toolbar and killed search' was posted on May 23rd, 2008 at 10:45 am and is filed under Technology, Worst of Show. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Related posts:


6 Responses to “Malware hijacked my Google toolbar and killed search”


  1. 1    May 23rd, 2008 at 6:28 pm

    brian says:

    Did you get Toolbar working again? If not, you can try reinstalling the Toolbar 5 beta to see if that works: http://toolbar.google.com/t5

    Reply to this comment

  2. 2    May 23rd, 2008 at 7:17 pm

    Trevor says:

    Hi Brian,

    Yes, Google toolbar is working again in both of the affected browsers. Good workaround that you suggested though.

    Reply to this comment

  3. 3    May 27th, 2008 at 11:49 pm

    reasonablecitizen says:

    Hmmm, this sounds like what happened to me last week and this week. It started by turning off my Norton 360 and then warning me that I may be infected. Offers two choices and either choice will start it to download. The screen looked like Vista screen (rounded and pastel). The text looked unprofessional so I ‘x’d out of the window as fast as I could…multiple times until the download aborted. I did not get Norton back on until a reboot. I sent Norton an email last night and am waiting a reply.

    It was very fast but I did not lose anything (I think). I was very quick on the window closure, thank goodness.

    Reply to this comment

  4. 4    May 28th, 2008 at 9:52 am

    Trevor says:

    Norton 360 won’t even work properly on my computer. Their tech support is terrible. I have replaced the product with McAfee.

    Reply to this comment

  5. 5    May 29th, 2008 at 12:58 am

    kitanis says:

    I use AVG Professional myself.. I would not trust Norton if you paid me.. too many bad experiences in the military with it.. but their Ghost product is great.

    Reply to this comment

  6. 6    May 31st, 2008 at 3:48 pm

    grateful says:

    My husband got this same virus and has struggled for several days.  I found your blog this morning (after several unsuccessful cleaning attempts) and used combofix successfully also.  The link you provided was a really good walkthru and we are back up and running.  Thanks for posting your advice - it was right on.

    Reply to this comment

Don't be a dweeb. Speak up.

« Just shoot it in the head
DEA agent Lee Paige shooting himself in the leg »