bobquasit: (Default)
bobquasit ([personal profile] bobquasit) wrote2012-11-30 01:33 pm
Entry tags:

How to kill the SweetIM infection

I don't know if anyone else is likely to end up fighting the SweetIM malware infection, but if you do, it's a real bitch. I had to clean it out of my mother-in-law's desktop recently, and it was NOT fun. On the off chance that you have to deal with it some day, here's how I killed it.

First, I installed Malwarebytes and ran scans. I had to run separate scans for every account on the system.

This was a Windows XP system, by the way, and it had some decent antivirus stuff installed. My best guess is that the infection was picked up from a free game site, by the way. Remember, always browse wisely!

Anyway, after I used Malwarebytes to get rid of the infection in all of the accounts, I still had to go into each browser (Firefox and Internet Explorer) and fix them; SweetIM had changed the home page and default search engine in each one. I changed the homepages from the SweetIM homepage, (a sure source of infection), and changed the search engine from the SweetIM search tool, which also comes with free infections.

Even so, I ended up having to completely reset Firefox on her primary account. SweetIM is a hellishly stubborn infection.

And after all that, I happened to notice that there was still a link on the desktop of one of the accounts to something called "search the web". Which, when I checked the properties, turned out to be - you guessed it - another SweetIM infection point.

These people are evil, evil, evil. I'm tempted to call for the death penalty for malware writers.

After that I did some housekeeping, including updating Firefox and installing Chrome, and now the system looks fine. But man, what a nasty piece of malware! Killing it took about two to two-and-a-half hours of my time. If there was justice in this world, I would be able to collect payment for that time out of the hide of the SweetIM people.

Plus damages. Lots of damages.