Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anyone have aClean Removal of the Sweet Search Virus


  • Please log in to reply
11 replies to this topic

#1 Dazza

Dazza

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yandina Qld
  • Local time:10:57 PM

Posted 04 July 2013 - 04:33 PM

Hi to you all, :clapping: I have picked up a Browser hijacking Virus and I have down a MWMB's full Scan (1) removed and a Mc Vee full Scan (0) I have run Uninstall in CCleaner and though I had got it but this morning it had rejaced my New FF start Page (22) back to the earlier one (21) I googled for reniedes but all the replies are worse viruses and spam' to sell their removal tools (their outta be a Law) anyone who can help me please :) Dazza

Edit: Moved topic from Windows 8 to the more appropriate forum. ~ Animal

2013 DELL Inspiron 660, Intel 4 CPU - 2.4 GB, 512 Meg Ram, 64 bit / BEN-Q 21.5" Scr,

Windows 10, Weston 1000 T-byte HDD - Partitions -  G, -  H, - I, - J 

CCleaner, Kaspersky (Full Version) MWMByts Weekly


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:57 AM

Posted 04 July 2013 - 08:47 PM

SweetSearch is a Search Engine for Students.

It searches only the 35,000 Web sites that our staff of research experts and librarians and teachers have evaluated and approved when creating the content on findingDulcinea. We constantly evaluate our search results and "fine-tune" them, by increasing the ranking of Web sites from organizations such as the Library of Congress, the Smithsonian, PBS and university Web sites.

About SweetSearch

How to Remove a toolbar that has taken over your Firefox search or home page

To restore the default settings in FireFox and reset preferences, please refer to:If those steps did not help, then download and run AdwCleaner (follow these instructions) and the Junkware Removal Tool. These tools will look for known adware, junkware, toolbars, and browser helper objects. Keep in mind that some legitimate toolbars may also be detected and deleted so you may need to reinstall them.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Dazza

Dazza
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yandina Qld
  • Local time:10:57 PM

Posted 04 July 2013 - 11:12 PM

Thanks for relocating me :thumbup2:  I came back here move it. I that I tried all that (in your post) but I have  Start Search and  Qo6v viruses SS in internet exp (IEx) which I never use' and SS and Qo6v is also in Firefox my normal browser' its a mess. I had to use IEx to do this as my FF search does not. I was trying to find help and found a "reged repair"in another forum (somthing I understand nothing About) it was a was a reg repair for the Qov6 Virus NOT (SS ) which was what I found there SS?
I just went back to FF and the Qov6 Virus is running there too? I had to use IEx because FF serach is dead I did all the reinstakll stuff and it just keeps changing back to the FF-21 from the FF -22 which I updated last night so at the moment I have the 2 viruses on FF and SS one on IEx here are some of the regedits that I was looking at when I found all the SS entries! When you have a bit of time I would appreciate any help you can give me
I have Win 8 64 bit Libre Office CCleaner, McVee full, Dell Inspiron 660  Cheers  for Now Dasha

2013 DELL Inspiron 660, Intel 4 CPU - 2.4 GB, 512 Meg Ram, 64 bit / BEN-Q 21.5" Scr,

Windows 10, Weston 1000 T-byte HDD - Partitions -  G, -  H, - I, - J 

CCleaner, Kaspersky (Full Version) MWMByts Weekly


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:57 AM

Posted 04 July 2013 - 11:32 PM

Please do not post active links to malware or possible malware related sites to include links which may lead to sites where infections have been contracted and spread. I have removed the one(s) you posted so others do not accidentally click on them.

You did not mention having an issue with Qvo6 in your first post. To deal with that, please follow these instructions using the tools in the exact order specified in the removal guide.

How to Remove the Qvo6.com Browser Hijacker

You can post the logs back here when done.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Dazza

Dazza
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yandina Qld
  • Local time:10:57 PM

Posted 05 July 2013 - 04:25 PM

You did not mention having an issue with Qvo6 in your first post.

 

No I did'nt  mention Qov6 Virus Janitor!

In my first post I had not encountered Qov6 Virus it was when i tried to have a look at the "reg repair" in IExp after I found I could not use my FF browswer that I spotted it in one of the Search bars and Tabs of IEx. How ever it's not the main isssu Sweet Search  (SS)  my problem and the other may get flushed in the process I will do what you asked and come back here ASAP thanks Dasha :thumbup2:


Edited by Dazza, 05 July 2013 - 04:28 PM.

2013 DELL Inspiron 660, Intel 4 CPU - 2.4 GB, 512 Meg Ram, 64 bit / BEN-Q 21.5" Scr,

Windows 10, Weston 1000 T-byte HDD - Partitions -  G, -  H, - I, - J 

CCleaner, Kaspersky (Full Version) MWMByts Weekly


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:57 AM

Posted 05 July 2013 - 04:40 PM

Ok. Running RKill first, then immediately running AdwCleaner should be helpful for the tool to rid both of them.

Another thing you can try which may be easier for you is using System Restore to return to a previous state before the problems began.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Dazza

Dazza
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yandina Qld
  • Local time:10:57 PM

Posted 05 July 2013 - 09:54 PM

Thanks Janitor and quieteman7 :thumbup2:  It's all good so far. I also ran a Full scan on MWMB and all clear there. Thank you both for your help Guy's" you are greatly appreciated Cheers for now Dasha


2013 DELL Inspiron 660, Intel 4 CPU - 2.4 GB, 512 Meg Ram, 64 bit / BEN-Q 21.5" Scr,

Windows 10, Weston 1000 T-byte HDD - Partitions -  G, -  H, - I, - J 

CCleaner, Kaspersky (Full Version) MWMByts Weekly


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:57 AM

Posted 06 July 2013 - 07:02 AM


You're welcome.

:thumbup2: Tips to protect yourself against malware and reduce the potential for re-infection
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 MarkMoran

MarkMoran

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:57 AM

Posted 06 July 2013 - 11:32 AM

I am the publisher of SweetSearch.

 

Our search engine is a wholly legitimate tool that has been around for 4 years and has been used by 500,000 users per month without incident.

 

I can definitively state that we did not include any malicious mechanisms in our code, and indeed, the site is not even "downloadable." There is a simple browser add-on that we've used for three years, also without incident.

 

I am fairly certain the notion of a "SweetSearch.com virus" is a hoax spread by purveyors of so-called virus removal software. 

 

Can anyone point me to legitimate information that says otherwise?

 

Alternatively, can anyone tell me how this hoaxes get started?



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:57 AM

Posted 06 July 2013 - 03:26 PM

Hello MarkMoran

If you look at my first reply to Dazza in this topic you will note that I quoted your website and provided the link. Had I thought your site was nefarious I would not have provided a link for members to click on and go to.

The problem here is that Dazza does not know how SweetSearch was installed on his computer. When I checked through your site I found the page where you need to click the green add-on button to install. My problem is that after repeated searches I could not find any removal instructions from your site to provide to Dazza. Had I found them, I would have provided the link to those directions.

I am always leary of sites which do not provide removal instructions as all users should easily be able to find them and uninstall toolbars/add-ons if they do not want them anymore.

When Dazza advised he had the Qo6v hijacker I was more concerned with that and provided our removal instructions. As I found no instructions at your site, my instructions including using those same tools to remove SweetSearch since he previously advised he was unable to remove the add-on using the instructions I provided from Mozilla.
 

I am fairly certain the notion of a "SweetSearch.com virus" is a hoax spread by purveyors of so-called virus removal software....
Alternatively, can anyone tell me how this hoaxes get started?

I believe you answered your own question in the first sentence.

When searching for unfamiliar or unknown toolbars on the Internet, it is not unusual to find numerous hits from untrustworthy and scam sites which mis-classify detections or provide misleading information. This is deliberately done more as a scam to entice folks into buying an advertised fix or removal tool. In some cases if the fix is a free download, users may be enticed to download a malicious file or be redirected to a malicious web site.

A simple Google search from any user believing they have been infected with some type of virus yields results such as these. I would not provide any of those links to our members here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Dazza

Dazza
  • Topic Starter

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yandina Qld
  • Local time:10:57 PM

Posted 06 July 2013 - 05:55 PM

I am the publisher of SweetSearch.

 

Our search engine is a wholly legitimate tool that has been around for 4 years and has been used by 500,000 users per month without incident.

 

I can definitively state that we did not include any malicious mechanisms in our code, and indeed, the site is not even "downloadable." There is a simple browser add-on that we've used for three years, also without incident.

 

I am fairly certain the notion of a "SweetSearch.com virus" is a hoax spread by purveyors of so-called virus removal software. 

 

Can anyone point me to legitimate information that says otherwise?

 

Alternatively, can anyone tell me how this hoaxes get started?

Exuse me for butting in here Mr SweetPack "you give no name" Everthing that "Janitor" said is correct and if you could scroll back to an earlier post in this thread you will see where Janitor "questioned" me for not saying I had Qo6v virus in my 1 st post " and he was correct in doing so and i certainly do not see any malice toward you in that?  I found I was I was infected BY SweetSearch virus that had installed itself in EVERY registry in the same place and the same way as the Qo6v virus. Problem was SweetPack had shut-down my Firefox search Home Page so I went onto IEx and I was looking up a way of cleaning the Registry there with a method used to remove the Qo6v virus" but all the infected Registry entries I found (about 20) on my Computer were of the "SweetPack virus" same everything" so when I came back here to update to Janitor I pasted all the Registry fixes I had found at <Hkey-user-soft-Iex-searchBar= > for Qo6v in my Post not realising that I was posting "Live links"and Janitor quiet rightfiully had no choice but to removed them. Had they still been there' you would understand better what I am talkng about! This is how I explained to Janitor what had I done and why Janitor again correctly said "you never mentioned the Qo6v virus in your first post" if you go back up this page SweetPack you will see, exactly what I said' and what Janitor said. He she" was not being ambiguiouse,  critcal or judgmental toward you, however if you are legit I can promise you that if it aint you doing this SweetPack thing you do need to find out PDQ who is and what is this SweetPack virus" because SweetPack is a :"Hijack virus" and its every bit as nasty as the Qo6v virus's, as matter of fact it copies the same Modus operandi of the  Qo6v virus.

 

Please scroll up and follow the whole thread if you are genuine I suggest you apologise to the "Janitor" and find out how why and a reason PDQ as I read a line somwhere from a group of Uni student's proudly claiming "ownership for the SweetPack cape! If it's any help PM me and I will give you the link to the "registry repair I found that your SweetPack installed in my computer only instead of the "Qo6v virus" I mentioned Qo6v because there was some there anyway I hope that clears it all for everyone. again Thanks Janitor and quieteman7 Cheers for now Dasha


2013 DELL Inspiron 660, Intel 4 CPU - 2.4 GB, 512 Meg Ram, 64 bit / BEN-Q 21.5" Scr,

Windows 10, Weston 1000 T-byte HDD - Partitions -  G, -  H, - I, - J 

CCleaner, Kaspersky (Full Version) MWMByts Weekly


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:57 AM

Posted 07 July 2013 - 04:34 PM

Browser Hijack Blaster was an old tool created by Javacool (Brightfort) in 2003. It was discontinued when Javacool replaced it with SpywareGuard...now an outdated tool as well. If you're using another security program (i.e. SUPERAntispyware (Home Page Protection), Norton Home Page Protection, Browser Sentinel, Spy Sweeper, WinPatrol, etc) that monitors attempted changes to your browser settings, then SpywareGuard will not be of much use. Even Javacool has admitted that SpywareGuard is essentially redundant to many other security tools currently available and it is now listed as temporarily unavailable for download.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users