bobquasit: (Default)
[personal profile] bobquasit
I don't know if anyone else is likely to end up fighting the SweetIM malware infection, but if you do, it's a real bitch. I had to clean it out of my mother-in-law's desktop recently, and it was NOT fun. On the off chance that you have to deal with it some day, here's how I killed it.

First, I installed Malwarebytes and ran scans. I had to run separate scans for every account on the system.

This was a Windows XP system, by the way, and it had some decent antivirus stuff installed. My best guess is that the infection was picked up from a free game site, by the way. Remember, always browse wisely!

Anyway, after I used Malwarebytes to get rid of the infection in all of the accounts, I still had to go into each browser (Firefox and Internet Explorer) and fix them; SweetIM had changed the home page and default search engine in each one. I changed the homepages from the SweetIM homepage, (a sure source of infection), and changed the search engine from the SweetIM search tool, which also comes with free infections.

Even so, I ended up having to completely reset Firefox on her primary account. SweetIM is a hellishly stubborn infection.

And after all that, I happened to notice that there was still a link on the desktop of one of the accounts to something called "search the web". Which, when I checked the properties, turned out to be - you guessed it - another SweetIM infection point.

These people are evil, evil, evil. I'm tempted to call for the death penalty for malware writers.

After that I did some housekeeping, including updating Firefox and installing Chrome, and now the system looks fine. But man, what a nasty piece of malware! Killing it took about two to two-and-a-half hours of my time. If there was justice in this world, I would be able to collect payment for that time out of the hide of the SweetIM people.

Plus damages. Lots of damages.
From:
Anonymous( )Anonymous This account has disabled anonymous posting.
OpenID( )OpenID You can comment on this post while signed in with an account from many other sites, once you have confirmed your email address. Sign in using OpenID.
User
Account name:
Password:
If you don't have an account you can create one now.
Subject:
HTML doesn't work in the subject.

Message:

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.

July 2017

S M T W T F S
      1
2345678
9101112131415
1617181920 2122
23242526272829
3031     

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Oct. 17th, 2017 01:50 am
Powered by Dreamwidth Studios