Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sweetpacks infection from YouTube download


  • Please log in to reply
8 replies to this topic

#1 HelpThisNewbie

HelpThisNewbie

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:30 PM

Posted 31 March 2013 - 09:25 AM

The other day, I was downloading "Cars," as offered by a YouTube member; Norton evaluated it as a SAFE download.  Almost immediately, Norton then warned me that it had stopped an intrusions coming FROM my own computer.

 

Since then, I've experienced the Sweetpacks redirect, but also my email account has been hacked and is actively sending out infected messages -- even to me.  I don't know if that means I have an additional virus to sweetpacks.

 

I located the download on my computer:

 

Dowloaded File Cars_2006_BDRip_H264_5.exe from thetorrn-tv.net

 

cars_2006_bdrip_h264_5.exe

 

Again, this scans clean with Norton products.  I downloaded NPE, but it slipped by that, too.  

 

I will appreciate any help.   :(



BC AdBot (Login to Remove)

 


#2 gregb204

gregb204

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 31 March 2013 - 09:40 AM

system restore  , Iobit uninstaller  http://www.iobit.com/advanceduninstaller.php  use power scan after that to remove traces.

 

good luck.



#3 gregb204

gregb204

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:30 PM

Posted 31 March 2013 - 09:50 AM

search the  fourum and found this method.. so just search and see post.

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.
 

 Please download Junkware Removal Tool to your desktop.■Shut down your protection software now to avoid potential conflicts.
■Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
■The tool will open and start scanning your system.


#4 HelpThisNewbie

HelpThisNewbie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:30 PM

Posted 31 March 2013 - 01:48 PM

Thanks, Greg.  I was afraid to follow the first post, but did try the second.  It looks as if this got most, but not all, of the sweetpacks files.

 

 

 

 

 

 

 

# AdwCleaner v2.115 - Logfile created 03/31/2013 at 13:15:18
# Updated 17/03/2013 by Xplode
# Operating system : Windows 8  (64 bits)
# User : Lee - RHONDALEE
# Boot Mode : Normal
# Running from : C:\Users\Lee\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Users\Lee\Desktop\TornTV.lnk
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Program Files (x86)\TornTV.com
Folder Deleted : C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Deleted : C:\Users\Lee\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211141126}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211141126}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021426.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021426.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021426.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021426.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211141126}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211141126}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211141126}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211141126}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211141126}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16519
 
[OK] Registry is clean.
 
-\\ Google Chrome v25.0.1364.172
 
File : C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [6057 octets] - [31/03/2013 13:15:18]
 
########## EOF - C:\AdwCleaner[S1].txt - [6117 octets] ##########
 
===============================================================================
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.8 (03.31.2013:1)
OS: Windows 8 x64
Ran by Lee on Sun 03/31/2013 at 13:32:03.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
~~~ Services
 
~~~ Registry Values
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Failed to delete: [Registry Key] hkey_local_machine\software\sweetim
 
 
~~~ Files
 
~~~ Folders
 
~~~ Event Viewer Logs were cleared
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/31/2013 at 13:38:47.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#5 HelpThisNewbie

HelpThisNewbie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:30 PM

Posted 31 March 2013 - 05:28 PM

There is an uninstall option for the Sweetpacks program, but I am afraid to use it.

 

I opened the individual folders for the program and found it is still active in Google Chrome and Firefox.

 

What to do? 

 

???



#6 HelpThisNewbie

HelpThisNewbie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:30 PM

Posted 31 March 2013 - 06:01 PM

I found a similar thread here: http:// www. bleepingcomputer. com/forums/t/490349/google-chrome-and-sweetpacks-tab/

 

I followed Gringo's instructions and ran Security Check, then AdwCleaner, then RogueKiller.  My computer was then apparently free of the program.

 

However, when I restarted the computer, "updater for sweetpacks" was back in my program list.  

 

It has an uninstall option, but I am afraid to use it because (naturally) it asks permission to make changes to the computer, and I am afraid it will do something entirely different than what I want.

 

What to do?

 

:(



#7 HelpThisNewbie

HelpThisNewbie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:30 PM

Posted 31 March 2013 - 06:18 PM

I take part of that back.  After I restarted, I discovered that the program's own uninstall feature had disappeared.  But when I tried to uninstall it via control panel, it wouldn't let me.  It would start, then stop with this error message:

 

  Runtime Error (at 58:667):

Could not proc.

 

 

???



#8 HelpThisNewbie

HelpThisNewbie
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:30 PM

Posted 02 April 2013 - 11:27 AM

Bump

 

Help?



#9 dalr21

dalr21

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ireland
  • Local time:08:30 PM

Posted 02 April 2013 - 11:37 AM

download revo uninstaller see if it picks it up and do an eset online scan






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users