Sweetpacks (and more) infection, persistent registry key

[erebusmaster]

Hello forums, 

 

I am a trial user of Malware Bytes Anti-Malware battling a handful of unwanted programs. A few years ago, my computer was the victim of a browser hijack and trojan from a company called "Sweetpacks". We successfully removed the trojan with Microsoft Security Essentials and fixed the damage to Chrome, but Internet Explorer still makes me extremely uncomfortable. A few days ago, I noticed the presence of Sweetpacks Internet Explorer Toolbar in my program list from a few years ago. Fearing we missed something, I ran multiple virus scans with no yield. After this, I attempted to uninstall this program, but gave the Sweetpacks uninstall the administrator password! (It did uninstall the program, but I'm unsure what else it may have done! This was extremely foolish of me.) I downloaded MalwareBytes and it picked up a plethora of garbage, ranging from Arcade Giant to Conduit to multiple other disgusting programs.

 

There were also a huge amount of Sweetpacks files scattered throughout the registry and burrowed deep into multiple user's browser toolbars and extensions. Through the use of MalwareBytes, all of these items were quarantined and deleted. One however, is being detected by the threat scan after every restart. This Registry Key: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNETEXPLORER\SEARCHSCOPES\{EEE6C36... is being detected once with every scan. I don't understand the registry enough to know what this means!

 

Why might this object be getting flagged with every scan? Why does it persist/get recreated upon each restart? Should I be worried about other unwanted programs returning on my computer? 

 

Additionally, can I trust that Microsoft Security Essentials is actually not locating any threats? Should it have found anything associated with these unwanted programs?

 

Thanks so very much for your assistance,

Johnathan 

 

[Maniac]

Hello Johnathan and ! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

This is not a real threat, that is why named potentially unwanted program, but it is something should be removed.

Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

[erebusmaster]

My apologies! I should have updated or removed this thread, as I was able to navigate to the unwanted registry key from the administrator account and delete it directly there. Since then, MalwareBytes hasn't found any malware on the system!  

 

I apologize for wasting your time!

 

Thanks so much for your willingness to assist me in this issue,

 

Johnathan

 

[Maniac]

Thanks for letting us know, Johnathan!

Keep your system clean with these tips:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing!

[AdvancedSetup]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.