Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sweetpack/Advertisement Issue


  • Please log in to reply
5 replies to this topic

#1 user722east

user722east

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 26 March 2013 - 08:52 PM

Hi, a toolbar called ‘Sweetpacks’ has somehow been added to my internet browser. I believe it is causing adware to appear on my computer. Many times, when I click a link, I am redirected to advertisements. I frequently update and run Malwarebytes, no threats are found. There is no option to unistall the toolbar in Programs. Do you have any suggestions? I would greatly appreciate it.

 

Thank you!



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:27 PM

Posted 26 March 2013 - 09:03 PM

Welcome to the forum.

Which browser(s) do you use?

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 user722east

user722east
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 26 March 2013 - 09:42 PM

I typically use Mozilla FireFox.

 

 

 

 

Here is my AdwCleaner Log:

 

# AdwCleaner v2.115 - Logfile created 03/26/2013 at 22:21:51
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : marianne - WINDOWS7
# Boot Mode : Normal
# Running from : C:\Users\marianne \Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\marianne \AppData\Roaming\Mozilla\Firefox\Profiles\xyb4knpu.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Users\marianne \AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\marianne \Roaming\Mozilla\Firefox\Profiles\xyb4knpu.default\extensions\plugin@selectionlinks.com
Folder Deleted : C:\Users\marianne \AppData\Roaming\Mozilla\Firefox\Profiles\xyb4knpu.default\SweetPacksToolbarData

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\marianne \AppData\Roaming\Mozilla\Firefox\Profiles\xyb4knpu.default\prefs.js

C:\Users\marianne \AppData\Roaming\Mozilla\Firefox\Profiles\xyb4knpu.default\user.js ... Deleted !

Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");
Deleted : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");
Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1364349214544");
Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Deleted : user_pref("sweetim.toolbar.cargo", "3.5000006.10042");
Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");
Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");
Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");
Deleted : user_pref("sweetim.toolbar.defaultProvider", "bng");
Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.newtab.created", "true");
Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
Deleted : user_pref("sweetim.toolbar.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history", "unistall%20sweetpacks,google");
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{255FBF29-8DAD-11E2-AB08-E006E67EF8AA}");
Deleted : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?bar[...]
Deleted : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]
Deleted : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");
Deleted : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://start.sweetpacks.com/?barid=$toolbar_id;");
Deleted : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://toolbar.sweetpacks.com/uninstall");
Deleted : user_pref("sweetim.toolbar.version", "1.12.0.0");
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\marianne \AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9347 octets] - [26/03/2013 22:21:51]

########## EOF - C:\AdwCleaner[S1].txt - [9407 octets] ##########
 

 

 

 

 

 

 

Here is my JRT.txt Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Home Premium x64
Ran by marianne on Tue 03/26/2013 at 22:30:33.24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\marianne \AppData\Roaming\mozilla\firefox\profiles\xyb4knpu.default\extensions\LogMeInClient@logmein.com
Successfully deleted the following from C:\Users\marianne \AppData\Roaming\mozilla\firefox\profiles\xyb4knpu.default\prefs.js

user_pref("browser.newtabpage.blocked", "{\"KXIOaPyeUHhDhYzTMke7qg==\":1,\"1gZrAFgLSzKXfDhxtCt2jg==\":1,\"AWw7KVnnAtIPENreYSQFNw==\":1,\"ZP3pKVvRBf8lpDwS3gGl+w==\":1,\"U/f7uny
user_pref("extensions.crossrider.bic", "13c4f1f76fa993ea5ac3e8a44f9a199b");
user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://www.linkedin.com/redirec
user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://www.linkedin.com/red
Emptied folder: C:\Users\marianne \AppData\Roaming\mozilla\firefox\profiles\xyb4knpu.default\minidumps [11 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/26/2013 at 22:37:32.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:27 PM

Posted 27 March 2013 - 10:31 AM

If you still see "Sweetpack" in may be in your Add ons.

In FireFox it may be the Add ons/Plugins. First look for Sweetpack or SweetIm and disable. Or
Try disabling them one at a time and see which one was at fault.

How to disable extensions and plugins

Keeping your third-party plugins up to date


If it is your homepage...
Click the Firefox button at the top left corner of the page and choose Options.
In the Home Page URL box, enter the homepage you want to use instead of SweetPacks and then click OK.


Edited by boopme, 31 March 2014 - 09:11 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 user722east

user722east
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:27 PM

Posted 27 March 2013 - 06:09 PM

It's gone now, thank you!!



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,528 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:27 PM

Posted 27 March 2013 - 07:49 PM

You're welcome!

Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to StartBtn.gif > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
to remove all but the most recently created Restore Point.
  • Go to StartBtn.gif > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
  • Vista and Windows 7 users can refer to these links:

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users