Need help with start sweetpack virus

Hi, I just found out my computer had the start sweetpack virus redirect, and I’m not quite sure how to go about removing it. I checked some forums, and they said that antivirus are unable to remove it, and that manual deletion would be bad if I didn’t know what I was doing and not a clean removal… I’m on my phone right now, and keeping my computer off…

Hi sweetpack is a PUP and not a virus as such

Could you follow the steps here please http://forum.avast.com/index.php?topic=53253.0
And attach the logs in this thread

My OTL extras.txt log disappeared… I think I saw it earlier, right after I completed the scan, but I can’t find it with the OTL.txt log… should I do that scan again ?

You may need to reset your Chrome homepage manually

Once this has run could you let me know how the computer is behaving

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
SRV:64bit: - [2013/02/28 13:37:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
O2:64bit: - BHO: (Updater By SweetPacks) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll ()
O2 - BHO: (Updater By SweetPacks) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()
[2013/05/22 10:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks
[2013/05/22 10:05:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp
[2013/05/22 10:05:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC
[2013/05/20 11:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Before I run the fix just to double check, do I need to click on “scan all users”, “LOP check” and “Purity Check” or is that only for scanning ?

That is only for the scanning runs :slight_smile:

OTL crashed when I tried posting fix… I had to manually restart by holding shut down button when OTL closed, because chrome wouldn’t open, and computer wouldn’t log off… Should I try again ? Or do the scan ? And I need to go to school now, so I won’t be back for about 4 hours… Sorry for the inconvenience!

It is no inconvenience, could you run a fresh OTL scan please so that I can see what it removed

Here’s the OTL scan, but I’m still not getting a “extras.txt”, I’m not sure why…

the extra log is only created at first OTL run, that log is only extra tech info of your computer and usually not needed

is your problem gone?

essexboy will be back later today and will remove the tools used when all is OK

Wow, I just realized that I’m not getting weird redirects anymore :slight_smile: I checked chrome, firefox, and IE and I didn’t see anything strange, but I did have to change the “on startup” in chrome settings from open new tab page to Google homepage and the default search engine back to chrome.

However, I looked into my C:\Program Files, and I still see the “Updater by SweetPacks” folder… I’m pretty sure it was because the last OTL crashed (Not Responding) in the middle of running…

When essexboy returns, he’ll have a look at your new OTL log, and recommend any next steps that may or may not be needed. He’ll probably remove that folder for you.

OK lets try a slightly different format

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
SRV:64bit: - [2013/02/28 13:37:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
O2:64bit: - BHO: (Updater By SweetPacks) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll ()

:Files
C:\Program Files\Updater By SweetPacks

:Commands
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Okay, Here’s the quick scan.

Looks like it is history now … Any sign of it at all ?

I was looking at your intial OTL fix, and are the files:

C:\Windows\SysWow64\jmdp
C:\Windows\SysWow64\ARFC
C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

supposed to be inside my desktop? Like I looked inside the jmdp folder, and I see a file name SweetNT.crx… Apart from that, I stopped seeing signs from it since the first OTL fix…

They can be deleted manually, I thought they had gone :-[

Okay, I deleted them. Is my computer okay now ? Oh yeah, am I supposed to be seeing a lot of desktop.ini temp files ? They’re like everywhere… On my desktop, in my favorites/music/documents/etc… I don’t think they were there before…

They are system files and will be rehidden when we clean up

Subject to no further problems :slight_smile:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL AdwCleaner and press uninstall

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
When it pops up at the first prompt select OK after it has done some calculations the tabs will appear
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button

https://dl.dropbox.com/u/73555776/disc%20clean.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave: