Home Malware Programs Adware SweetIM

SweetIM

Posted: January 17, 2012

Threat Metric

Ranking: 1,361
Threat Level: 2/10
Infected PCs: 511,538
First Seen: May 3, 2010
Last Seen: October 17, 2023
OS(es) Affected: Windows

SweetIM Screenshot 1SweetIM is an emoticon plugin for Internet Explorer. Although SweetIM does provide some of the emoticon features that SweetIM claims to have, SweetIM also contains numerous characteristics that are less desirable than smiley faces. SweetIM (search.sweetim.com) may look like a harmless smiley-enabler, but there's a multitude of functions beneath SweetIM's smile that make it worth avoiding whenever possible. Due to the breadth and invasiveness of its hidden functions, SweetIM may be detected as either adware or spyware by anti-malware scanners. As a silver lining, however, many symptoms of infection by SweetIM are very easy to notice, such as:

  • Blocked web browsers that are incompatible with SweetIM, such as Chrome or Firefox.
  • Poor performance in Internet Explorer, which is the one browser that SweetIM, as a BHO, is designed to function within.
  • The presence of additional toolbars that are related to SweetIM's malicious search engines or other forms of harmful content.
  • Browser hijacks, such as changes to your homepage settings or redirects to malicious sites like search.sweetim.com.

Because SweetIM installs a wide range of different components on your PC, you should never try to delete SweetIM in the same way that you'd remove a normal plugin – and, in fact, SweetIM has explicitly avoided any inclusion of a normal removal process via Control Panel, in any case. A combination of anti-malware software and standard anti-malware techniques (such as booting into Safe Mode) are recommended to delete SweetIM for good.

The Bitter Aftertaste of SweetIM

Even if you feel that you've gotten rid of SweetIM, some of SweetIM's less visible functions than the ones listed above may also cause continuing problems for your computer or other computers until they're resolved. After removing SweetIM, you may want to consider altering important security information and double checking your security settings.

SweetIM is marketed at its own site and at download sites that offer poor security, but can also be bundled with unrelated programs. Pay attention to unusual offers during installation procedures to avoid a SweetIM installation slipping through the door when you intend to install something else.

Aliases

Sweetim.4FB [AVG]MalSign.BitCocktail.0E0 [AVG]BitCocktail [Sophos]Adware.SweetIM.2 [DrWeb]TROJ_SPNR.16AM12 [TrendMicro]TrojWare.Win32.PkdKrap.Gx [Comodo]Win32:Downloader-MOM [Trj] [Avast]a variant of Win32/Kryptik.ZBL [NOD32]Artemis!B35054C47844 [McAfee]BackDoor.Maxplus.470 [DrWeb]Gen:Variant.Graftor.12959 [BitDefender]a variant of Win32/Kryptik.ZCE [NOD32]Trojan/win32.agent.gen [Antiy-AVL]Heuristic.BehavesLike.Win32.ModifiedUPX.J!87 [McAfee-GW-Edition]GenericTRA-AC!1B37D00E7204 [McAfee]
More aliases (123)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%SYSTEMDRIVE%\AdwCleaner\Quarantine\v1\20201016.122001\11\mjcm\dnkt.exe#C1E705B306E2D6BE File name: dnkt.exe#C1E705B306E2D6BE
Size: 781.61 KB (781616 bytes)
MD5: b2cf341204e5ff0353f6421e2d3c8701
Detection count: 11,828
Mime Type: unknown/exe#C1E705B306E2D6BE
Path: %SYSTEMDRIVE%\AdwCleaner\Quarantine\v1\20201016.122001\11\mjcm\dnkt.exe#C1E705B306E2D6BE
Group: Malware file
Last Updated: July 30, 2023
C:\Windows\SysWOW64\mjcm\dnkt.exe File name: dnkt.exe
Size: 730.92 KB (730928 bytes)
MD5: ec9efec1ff13e36ab9ccfd0b44e29fd8
Detection count: 11,366
File type: Executable File
Mime Type: unknown/exe
Path: C:\Windows\SysWOW64\mjcm\dnkt.exe
Group: Malware file
Last Updated: September 21, 2023
D:\WINDOWS\system32\mjcm\dnkt.exe File name: dnkt.exe
Size: 640.3 KB (640304 bytes)
MD5: 7e7fdb89bbefacdc7427be389a041dad
Detection count: 11,062
File type: Executable File
Mime Type: unknown/exe
Path: D:\WINDOWS\system32\mjcm\dnkt.exe
Group: Malware file
Last Updated: August 12, 2021
C:\WINDOWS\System32\mjcm\dnkt.exe File name: dnkt.exe
Size: 730.92 KB (730928 bytes)
MD5: 64f276f23c20dc0902cca1d071a10949
Detection count: 10,628
File type: Executable File
Mime Type: unknown/exe
Path: C:\WINDOWS\System32\mjcm\dnkt.exe
Group: Malware file
Last Updated: June 4, 2023
C:\WINDOWS\SysWOW64\mjcm\dnkt.exe File name: dnkt.exe
Size: 781.61 KB (781616 bytes)
MD5: 4a7f002c3d01bb66c76b6dab3a54c940
Detection count: 9,172
File type: Executable File
Mime Type: unknown/exe
Path: C:\WINDOWS\SysWOW64\mjcm\dnkt.exe
Group: Malware file
Last Updated: November 30, 2022
C:\Windows\SysWOW64\mjcm\dnkt.exe File name: dnkt.exe
Size: 640.3 KB (640304 bytes)
MD5: 2f153dd300c4ce6c6fa3d84d098bebfd
Detection count: 6,120
File type: Executable File
Mime Type: unknown/exe
Path: C:\Windows\SysWOW64\mjcm\dnkt.exe
Group: Malware file
Last Updated: March 20, 2023
C:\Windows\System32\tprb\dnkt.exe File name: dnkt.exe
Size: 728.88 KB (728880 bytes)
MD5: 957ac23bf94b5b5a1696cc5100c4304c
Detection count: 5,668
File type: Executable File
Mime Type: unknown/exe
Path: C:\Windows\System32\tprb\dnkt.exe
Group: Malware file
Last Updated: July 26, 2023
C:\acroldr\AdwCleaner\FileQuarantine\C\WINDOWS\SysNative\tprb\dnkt.exe.vir File name: dnkt.exe.vir
Size: 741.16 KB (741168 bytes)
MD5: 1e1877ff0ece5d97b30c67470cea55ac
Detection count: 3,925
Mime Type: unknown/vir
Path: C:\acroldr\AdwCleaner\FileQuarantine\C\WINDOWS\SysNative\tprb\dnkt.exe.vir
Group: Malware file
Last Updated: March 19, 2023
C:\Windows\System32\tprb\dnkt.exe File name: dnkt.exe
Size: 729.39 KB (729392 bytes)
MD5: 73f975a767801dd15b628f7028de399f
Detection count: 3,450
File type: Executable File
Mime Type: unknown/exe
Path: C:\Windows\System32\tprb\dnkt.exe
Group: Malware file
Last Updated: March 20, 2023
C:\WINDOWS\System32\mjcm\dnkt.exe File name: dnkt.exe
Size: 730.92 KB (730928 bytes)
MD5: 78910809e847cfe519a1016caf068d7c
Detection count: 2,223
File type: Executable File
Mime Type: unknown/exe
Path: C:\WINDOWS\System32\mjcm\dnkt.exe
Group: Malware file
Last Updated: April 20, 2022
%WINDIR%\SysWOW64\mjcm\dnkt.exe File name: dnkt.exe
Size: 757.55 KB (757552 bytes)
MD5: a5c70ff9a98b04a12454679cce7c1c76
Detection count: 2,091
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\SysWOW64\mjcm
Group: Malware file
Last Updated: September 26, 2023
C:\Windows\System32\mjcm\dnkt.exe File name: dnkt.exe
Size: 781.61 KB (781616 bytes)
MD5: efc1b0ac878077b2d63160a0976c25aa
Detection count: 1,632
File type: Executable File
Mime Type: unknown/exe
Path: C:\Windows\System32\mjcm\dnkt.exe
Group: Malware file
Last Updated: June 14, 2022
C:\Windows\System32\tprb\dnkt.exe File name: dnkt.exe
Size: 889.13 KB (889136 bytes)
MD5: 931907b4eced283ce4e8af8f6ad7163c
Detection count: 1,286
File type: Executable File
Mime Type: unknown/exe
Path: C:\Windows\System32\tprb\dnkt.exe
Group: Malware file
Last Updated: September 26, 2023
%WINDIR%\System32\mjcm\dnkt.exe File name: dnkt.exe
Size: 640.3 KB (640304 bytes)
MD5: 8fec7ef6b8a65522f9472658d6c94d73
Detection count: 1,035
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\System32\mjcm
Group: Malware file
Last Updated: April 6, 2020
%WINDIR%\System32\tprb\dnkt.exe File name: dnkt.exe
Size: 921.39 KB (921392 bytes)
MD5: 5ed43ba4b76ff163f4ec75a9c4a97d32
Detection count: 909
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\System32\tprb
Group: Malware file
Last Updated: April 1, 2020
SweetNT.crx File name: SweetNT.crx
Size: 19.24 KB (19249 bytes)
MD5: 189bf5cb9190caef035e00ca521433fb
Detection count: 848
Mime Type: unknown/crx
Group: Malware file
Last Updated: September 21, 2023
%SYSTEMDRIVE%\Windows.old\Windows\System32\tprb\dnkt.exe File name: dnkt.exe
Size: 728.88 KB (728880 bytes)
MD5: 4fa0251259abc98a0d475983778c5514
Detection count: 712
File type: Executable File
Mime Type: unknown/exe
Path: %SYSTEMDRIVE%\Windows.old\Windows\System32\tprb\dnkt.exe
Group: Malware file
Last Updated: July 16, 2021
%WINDIR%\System32\tprb\dnkt.exe File name: dnkt.exe
Size: 729.39 KB (729392 bytes)
MD5: db0b26104bc04d2a89dcfdf126befe34
Detection count: 494
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\System32\tprb
Group: Malware file
Last Updated: August 30, 2020
%WINDIR%\System32\tprb\dnkt.exe File name: dnkt.exe
Size: 728.88 KB (728880 bytes)
MD5: 6e171f8d075f499d2e1ba6bdf3ffb584
Detection count: 274
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\System32\tprb
Group: Malware file
Last Updated: June 17, 2016
%PROGRAMFILES%\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File name: mgToolbarIE.dll
Size: 1.33 MB (1330480 bytes)
MD5: b77b048b498b0bc09621b63f0247c4c0
Detection count: 45
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\SweetIM\Toolbars\Internet Explorer
Group: Malware file
Last Updated: April 9, 2016
%WINDIR%\System32\tprb\dnkt.exe File name: dnkt.exe
Size: 921.39 KB (921392 bytes)
MD5: 89ac1db015062b37f97f175e69ec57ee
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\System32\tprb
Group: Malware file
Last Updated: June 17, 2016
%PROGRAMFILES%\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll File name: mgToolbarIE.dll
Size: 1.31 MB (1312560 bytes)
MD5: 33929d32afcb75b25c886c52947ab47e
Detection count: 5
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES%\SweetIM\Toolbars\Internet Explorer
Group: Malware file
Last Updated: April 9, 2016
C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\ File name: C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\
Group: Malware file
C:\Program Files\Macrogaming\SweetIMBarForIE\ File name: C:\Program Files\Macrogaming\SweetIMBarForIE\
Group: Malware file
C:\Program Files\Macrogaming\ File name: C:\Program Files\Macrogaming\
Group: Malware file
C:\Program Files\Macrogaming\SweetIMBarForIE\Games_23x18.bmp File name: C:\Program Files\Macrogaming\SweetIMBarForIE\Games_23x18.bmp
Mime Type: unknown/bmp
Group: Malware file
C:\Program Files\Macrogaming\SweetIMBarForIE\Mobile_23x18.bmp File name: C:\Program Files\Macrogaming\SweetIMBarForIE\Mobile_23x18.bmp
Mime Type: unknown/bmp
Group: Malware file
C:\Program Files\Macrogaming\SweetIMBarForIE\Greetingcards_23x18.bmp File name: C:\Program Files\Macrogaming\SweetIMBarForIE\Greetingcards_23x18.bmp
Mime Type: unknown/bmp
Group: Malware file
C:\Program Files\Macrogaming\SweetIMBarForIE\affid.dat File name: C:\Program Files\Macrogaming\SweetIMBarForIE\affid.dat
File type: Data file
Mime Type: unknown/dat
Group: Malware file
C:\Program Files\Macrogaming\SweetIMBarForIE\version.txt File name: C:\Program Files\Macrogaming\SweetIMBarForIE\version.txt
Mime Type: unknown/txt
Group: Malware file
C:\Program Files\Macrogaming\SweetIMBarForIE\SmileyWink.bmp File name: C:\Program Files\Macrogaming\SweetIMBarForIE\SmileyWink.bmp
Mime Type: unknown/bmp
Group: Malware file
C:\Program Files\Macrogaming\SweetIMBarForIE\sweetimicons.bmp File name: C:\Program Files\Macrogaming\SweetIMBarForIE\sweetimicons.bmp
Mime Type: unknown/bmp
Group: Malware file
C:\Program Files\Macrogaming\SweetIMBarForIE\Thumbs.db File name: C:\Program Files\Macrogaming\SweetIMBarForIE\Thumbs.db
Mime Type: unknown/db
Group: Malware file
C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.crc File name: C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.crc
Mime Type: unknown/crc
Group: Malware file
C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\cd2005c66fba47ff715ecc444d3bc1fb.xml File name: C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\cd2005c66fba47ff715ecc444d3bc1fb.xml
Mime Type: unknown/xml
Group: Malware file
C:\Program Files\Macrogaming\SweetIMBarForIE\basis.xml File name: C:\Program Files\Macrogaming\SweetIMBarForIE\basis.xml
Mime Type: unknown/xml
Group: Malware file
C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll File name: C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
C:\Program Files\Macrogaming\SweetIMBarForIE\SmileySmile.bmp File name: C:\Program Files\Macrogaming\SweetIMBarForIE\SmileySmile.bmp
Mime Type: unknown/bmp
Group: Malware file

More files

Registry Modifications

The following newly produced Registry Values are:

CLSID{1D5A4199-956E-49BC-B89F-6A35C57C0D13}{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}{82AC53B4-164C-4B07-A016-437A8388B81A}{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}{A439801C-961D-452C-AB42-7848E9CBD289}{A4A0CB15-8465-4F58-A7E5-73084EA2A064}{DEDAF650-12B8-48F5-A843-BBA100716106}{EEE6C358-6118-11DC-9C72-001320C79847}{EEE6C359-6118-11DC-9C72-001320C79847}{EEE6C35B-6118-11DC-9C72-001320C79847}{EEE6C35C-6118-11DC-9C72-001320C79847}{EEE6C35D-6118-11DC-9C72-001320C79847}{EEE6C35E-6118-11DC-9C72-001320C79847}{EEE6C35F-6118-11DC-9C72-001320C79847}{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}File name without pathBubble Hit by GamePacks.lnkContinue SweetIM Installation.lnksweetimsetup[1].7zRegexp file mask%TEMP%\[RANDOM CHARACTERS]sweetim[RANDOM CHARACTERS]HKEY..\..\..\..{RegistryKeys}SOFTWARE\Classes\Extension.ExtensionHelperObjectSOFTWARE\Classes\Extension.ExtensionHelperObject.1SOFTWARE\Classes\Installer\Features\4340C4778499EED41AE496DC3D613EC6SOFTWARE\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4DSOFTWARE\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4BSOFTWARE\Classes\Installer\Products\4340C4778499EED41AE496DC3D613EC6SOFTWARE\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4DSOFTWARE\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4BSOFTWARE\Classes\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}SOFTWARE\Classes\SWEETIE.IEToolbarSOFTWARE\Classes\SWEETIE.IEToolbar.1SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHookSOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1SOFTWARE\Classes\Toolbar3.SWEETIESOFTWARE\Classes\Toolbar3.SWEETIE.1SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Software\Microsoft\Internet Explorer\Stats\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BUNDLESWEETIMSETUP.EXESOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SWEETIMSETUP.EXESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exeSoftware\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}Software\Mozilla\Firefox\Extensions\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}SOFTWARE\Mozilla\Firefox\Extensions\{8E9E3331-D360-4f87-8803-52DE43566502}Software\SweetIMSOFTWARE\Updater By SweetPacksSOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EEE6C35B-6118-11DC-9C72-001320C79847}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}Software\Wow6432Node\Mozilla\Firefox\Extensions\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions\{8E9E3331-D360-4f87-8803-52DE43566502}SOFTWARE\Wow6432Node\SweetIMHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}Bubble Hit Bundle by SweetPacksBubble Hit by GamePacksfree-for-download bundleSweetIM Bundle by SweetPacks{2F603A45-D956-496B-81B5-50D782424976}{7683B745-6060-41FD-AA75-0BBB383FEAD4}{774C0434-9948-4DEE-A14E-69CDD316E36C}{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}{A0C9DF2B-89B5-4483-8983-18A68200F1B4}{B85C4CB2-B352-4BD8-818C-BCE353599107}{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}

Additional Information

The following directories were created:
%ALLUSERSPROFILE%\Application Data\SweetIM%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\free-for-download bundle%ALLUSERSPROFILE%\SweetIM%LOCALAPPDATA%\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}%PROGRAMFILES%\SweetIM%PROGRAMFILES%\sweetpacks bundle uninstaller%PROGRAMFILES(x86)%\SweetIM%PROGRAMFILES(x86)%\sweetpacks bundle uninstaller%ProgramFiles%\Updater By SweetPacks%ProgramFiles(x86)%\Updater By SweetPacks%UserProfile%\AppData\LocalLow\SweetIM%UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}%WINDIR%\SysWOW64\mjcm%WINDIR%\SysWOW64\tprb%WINDIR%\System32\mjcm%WINDIR%\System32\tprb
The following URL's were detected:
http://sweetpacks-search.com/

Related Posts

Loading...