Tuesday, April 8, 2014

Attacked by Sweet-Page.com Browser Hijacker! How to Remove?

Sweet-Page.com Problems

I've read something about sweet-page.com being a result of having some sort of spyware in my PC.
Besides the fact that sweet-page.com is my homepage now, and I can't rid of it, some words in texts turn into popups with ads, and my chrome extension list features stuff named "IcoValiad 5.3", "ssavvianigitoyou 2.1", "RightSurf 1.0.0" and "New Tab Search 0.5" (at least those are the ones I'm suspicious about)

Microsoft Security Essentials found nothing with Fast Scan, and Complete Scan is running right now.”

I somehow acquired the "Sweetpacks" toolbar/bundle mess today and spent 3 hours trying to remove it - no luck. It takes over your Toolbar, and even blocks legitimate search answers for serious attempts to remove it. Went into "Add/Remove Programs", I can see the various things added today – DomaIQ, IE Toolbar 4.7, VAF Player, etc. Tried to "uninstall" but either they won't OR I get the ‘An unidentified program wants access to your computer Allow or Cancel’.”

All in all, sweet-page.com manages to do the following things to plague victims:
  • sweet-page.com hijacks default homepage, search engine and new tabs.
  • sweet-page.com triggers additional ads, extensions and web applications.
  • sweet-page.com is capable of dodging removal by anti-virus programs.

Other Dangers from Sweet-Page.com

Sweet-Page.com is technically a traffic exchanging site that helps to intercept traffic for higher ranking without fair competition. BHO, Applet, ActiveX and Script technologies are detected to be employed by the browser hijacker to manipulate DNS setting without being picked up. Backdoor program is also written into the application for later inspection, easy visit and improvement.

As Sweet-Page.com access many more sites and bundle with many programs, it is easily targeted by other infections for rapid propagation. Once the backdoor program is attacked, BHO, Applet, ActiveX and Script technologies will alleviate installation and help to track down online whereabouts for confidential information such as log-in credentials and bank card details; and backdoor program will be utilized maliciously to allow unsolicited access unknown third-party for direct control.

At the very least, bringing in additional web application would consume limited internal resource and increase the probability of getting error messages due to incompatibility and conflict among installed programs. If you are NOT a high-techie and would like to flush this crap, you are welcome to get specialized technical help by contacting a recommended PC Security Center; otherwise, follow the below steps to help yourself.
live chat to get expert help in removing Sweet-Page.com

Step1. Remove the extensions created on the day when Sweet-Page.com was firstly detected.

Internet Explorer
Tools > Manage add-ons > ‘Toolbars and Extensions’ > remove Sweet-Page.com's extension > ‘Search Providers’ > remove Sweet-Page.com's extension.

Mozilla Firefox
Tools > Options > ‘Extension’ > remove Sweet-Page.com's extension > ‘Plugins’ panel > remove Sweet-Page.com's extension.

Google Chrome
Spanner icon > "Tools" > ‘Extensions’ > remove Sweet-Page.com's extension.

Opera menu > Extensions > Manage Extensions > remove Sweet-Page.com's extension.

Safari Menu > Preferences > extensions tab > remove Sweet-Page.com's extension.

Step2. Restore the homepage from Sweet-Page.com.

Internet Explorer
‘Search Providers’ > select desirable search engine > press “Set as Default” button.

Mozilla Firefox
Options > General tab > "homepage" > type your desirable URL.

Google Chrome
Spanner icon > "Settings" > Search section > click dropdown menu to select desired search engine.

Opera menu > Settings > Preference > General tab > "Home Page" > set your desirable homepage.

Safari Menu > Preferences > General tab > Default Search Engine > set desirable search engine.

Step3.  remove items generated by Sweet-Page.com in Database.

  1. Access Database with “regedit” typed in Run box (enabled by Win+R key combination).
  2. Access the below given entries to find and remove keys related to Sweet-Page.com:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\[the browser that has Sweet-Page.com]
HKEY_CURRENT_USER\ Microsoft\[the browser that has Sweet-Page.com]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{random number}

Mac OS X
  1. Navigate to the below places to remove Sweet-Page.com.
/Safari/ Preferences/extensions/
/Safari/Help/Installed Plug/Ins & list
/Library/Internet Plug-Ins/
~/Library (in home folder)/Internet Plug-Ins/.

Step4. modify host file to remove Sweet-Page.com.

Win+R key combination > type CMD > hit Enter key > type "ping Sweet-Page.com" > Enter key > note down the IP address for Sweet-Page.com > navigate to C:\WINDOWS\system32\drivers\etc > click open Hosts file > paste the IP address to the last line > save file.

Mac OS X
Finder launchpad icon > Utilities > Terminal > type "ping Sweet-Page.com" > Enter/Return key > note down the IP address for Sweet-Page.com > shift+command+g key combination > type “etc” (/private/etc/hosts) > Enter/Return key > click open Hosts file > paste the IP address to the last line > save it to modify host file.

Though Sweet-Page.com has been acting maliciously and incurring many more troubles to both browser and computer, it is not technically virus. Due to the troubles such applications trigger, technicians would like to create a word – browser hijacker for them that do not have virulent attribute code (the major ground for anti-virus programs to catch/pick up infections).
live chat to get expert help in removing Sweet-Page.com


Browser Hijacker – Wikipedia

Sweet-pages.com Redirect Removal, How to Remove Browser Hijack Virus

No comments: