Have spent a full day this week tracking down and getting rid of some crap one of my users got while watching videos online. I wanted to document where I found help for this as it may help others and I don’t want to forget what I did.
The problem was that everytime my user (let’s call him John) went to the internet. . he could get a site, but if he tried to click on a second link, he was directed to a bogus website that told him he needed to install the ie-av program. John had Norton, so I ran that and it found nothing out of the ordinary, so I then did a quick install of Ad-Aware and Spybot. They found lots of things, but didn’t really help my problem much. So it was off to Google and a search for IE-AV which led me to a great site where there was ample information and instructions. NOTE: I found the comments at the end of this blog most helpful in getting this off John’s PC.
It turns out, that all I really needed to do was uninstall the .dll files that had been dumped in the WINDOWS\System32 directory. Now, an interesting if not disturbing sidenote is that, when I went into the \WINDOWS directory and the \System32 directory it popped up IE and the same annoying site. For me, I had three files (g2tool.dll, gtool~1.dll and Gtool.dll) that I needed to delete, and I did have to go into Safe Mode to delete one of them. A reboot and all was good.
I still want to rebuild that computer, as I am not at all convinced it is “clean” but for now, John is happy and thinks I do great work. . .today a Hero. . .tomorrow? Who knows?
