|Scammers have set up an exact copy of the download page for Googles Toolbar plug-in in an attempt to lure users to download Trojan backdoor (W32.Ranky.FW), Surfcontrol reports.
Some versions of the scam even spoof the correct Google Toolbar web address for Internet Explorer, using Googles own redirection service in an attempt to hide the real, non-Google address.
W32.Ranky.FW is designed to turn your PC into a bot zombie, and is spread by asking recipients of a spam email to follow an embedded link. The spam email appears to come from Google which is more likely to convince recipients to follow the link.
The version detected by the Surfcontrol fails because of poor programming, but it remains a proof-of-concept in how to attack users using a simple combination of convincing elements.
It highlights the importance of having anti-phishing warning popups integrated in browsers. What bother's me is that they (or such similar schemes) can use AdWords, for example, to advertise on reputable sites and get large number of people infected in a short time.
My father incidentally downloaded the fake google toolbar which was slowing down the PC and it was really hard to notice it. I was trying to remove a program from the Add/REmove Programs section in the Control Panel and I saw the Google Toolbar for Internet Explorer which I tought I removed a week ago was there. And it's logo was not the famous google toolbar logo, it was the ie7 logo. The file size was 25,55 MB (approx) and I wanted to re-remove it. But whenever I tried to remove it, nothing was happening, just a ghost dialog box was flashing and disappearing less than a second. I couldnot remove it no matter what I tried. Kaspersky didnot detect it.
On the other hand, this trojan backdoor was recording all the e-mail addresses in the browser history and adding them to some spam lists and and all ma family started to get spam mails. And when we visit a website, it automatically clicks on the google ads, so we get millions of pop-up boxes and sites. Actually, the official google toolbar does the same thing but little bit innocently, it records our internet logs, and thus they define a google ad strategy according to these ratings. But it doesnot send spam mails and doesnot click on links automatically. Anyway, Here I will try to explain what I've done and cleaned it.
*First, restart your pc and open with the Secure Mode.
*Then logon to the Administrator.
*Then START - RUN - REGEDIT. (Be careful, if youre an advanced user you know the importance of the regedit, but if youre new to this, be really careful or call someone who does know about it.)
*CTRL+f to find a key. Type "google toolbar", "googletoolbar", "gtoolbar" and "googletoolbar1.dll" and delete all the records. When it finds a record, right click on it and delete, and again press CTRL+f to find new results. Do this for each entry untill you get the message saying it's done.
*If you can; delete the "google toolbar folder" on the left side of the pane.
This will solve the problem I hope. If you have msxml3.dll problems and MSN problems such as ERROR 800401f3, let me know.