SweetIM Description

SweetIM Screenshot 1SweetIM is an emoticon plugin for Internet Explorer. Although SweetIM does provide some of the emoticon features that SweetIM claims to have, SweetIM also contains numerous characteristics that are less desirable than smiley faces. SweetIM (search.sweetim.com) may look like a harmless smiley-enabler, but there’s a multitude of functions beneath SweetIM’s smile that make it worth avoiding whenever possible. Due to the breadth and invasiveness of its hidden functions, SweetIM may be detected as either adware or spyware by anti-malware scanners. As a silver lining, however, many symptoms of infection by SweetIM are very easy to notice, such as:
  • Blocked web browsers that are incompatible with SweetIM, such as Chrome or Firefox.
  • Poor performance in Internet Explorer, which is the one browser that SweetIM, as a BHO, is designed to function within.
  • The presence of additional toolbars that are related to SweetIM’s malicious search engines or other forms of harmful content.
  • Browser hijacks, such as changes to your homepage settings or redirects to malicious sites like search.sweetim.com.

Because SweetIM installs a wide range of different components on your PC, you should never try to delete SweetIM in the same way that you’d remove a normal plugin – and, in fact, SweetIM has explicitly avoided any inclusion of a normal removal process via Control Panel, in any case.

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

A combination of anti-malware software and standard anti-malware techniques (such as booting into Safe Mode) are recommended to delete SweetIM for good.

The Bitter Aftertaste of SweetIM

Even if you feel that you’ve gotten rid of SweetIM, some of SweetIM’s less visible functions than the ones listed above may also cause continuing problems for your computer or other computers until they’re resolved. After removing SweetIM, you may want to consider altering important security information and double checking your security settings.

SweetIM is marketed at its own site and at download sites that offer poor security, but can also be bundled with unrelated programs. Pay attention to unusual offers during installation procedures to avoid a SweetIM installation slipping through the door when you intend to install something else.


MalSign.BitCocktail.0E0 [AVG]a variant of Win32/Toolbar.BitCocktail.B [ESET-NOD32]Win32.Troj.Generic.a.(kcloud) [Kingsoft]BitCocktail [Sophos]PUP.Optional.SweetPacks.A [Malwarebytes]Trojan.Win32.A.Agent.188760 [ViRobot]Adware.SweetIM.2 [DrWeb]TROJ_SPNR.16AM12 [TrendMicro]TrojWare.Win32.PkdKrap.Gx [Comodo]Win32:Downloader-MOM [Trj] [Avast]

More aliases (119)

SweetIM Automatic Detection Tool (Recommended)

Is your PC infected with SweetIM? To safely & quickly detect SweetIM we highly recommend you run the malware scanner listed below.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
  • The following files were created in the system:
    # File Name Detection Count
    1 %WINDIR%\ SysWOW64\ mjcm\ dnkt.exe 9,048
    2 %PROGRAMFILES%\ SweetIM\ Toolbars\ Internet Explorer\ mgToolbarIE.dll 1,897
    3 %PROGRAMFILES%\ Updater By SweetPacks\ ExtensionUpdaterService.exe 1,546
    4 %PROGRAMFILES%\ SweetIM\ Toolbars\ Internet Explorer\ mgHelper.dll 1,052
    5 %PROGRAMFILES%\ SweetIM\ Messenger\ SweetIM.exe 422
    7 %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Start Menu\Programs\free-for-download bundle 256
    8 %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\free-for-download bundle 253
    9 %USERPROFILE%\Microsoft\Windows\Start Menu\Programs\free-for-download bundle 250
    10 %PROGRAMFILES%\ Updater By SweetPacks\ Extension32.dll 183
    11 C:\Program Files\Macrogaming\ N/A
    12 C:\Program Files\Macrogaming\SweetIMBarForIE\ N/A
    13 C:\Program Files\Macrogaming\SweetIMBarForIE\affid.dat N/A
    14 C:\Program Files\Macrogaming\SweetIMBarForIE\basis.xml N/A
    15 C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\ N/A
    16 C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\cd2005c66fba47ff715ecc444d3bc1fb.xml N/A
    17 C:\Program Files\Macrogaming\SweetIMBarForIE\Games_23x18.bmp N/A
    18 C:\Program Files\Macrogaming\SweetIMBarForIE\Greetingcards_23x18.bmp N/A
    19 C:\Program Files\Macrogaming\SweetIMBarForIE\Mobile_23x18.bmp N/A
    20 C:\Program Files\Macrogaming\SweetIMBarForIE\SmileySmile.bmp N/A
    21 C:\Program Files\Macrogaming\SweetIMBarForIE\SmileyWink.bmp N/A
    22 C:\Program Files\Macrogaming\SweetIMBarForIE\sweetimicons.bmp N/A
    23 C:\Program Files\Macrogaming\SweetIMBarForIE\Thumbs.db N/A
    24 C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.crc N/A
    25 C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll N/A
    26 C:\Program Files\Macrogaming\SweetIMBarForIE\version.txt N/A

    More files

Registry Modifications

Tutorial: To edit and delete registry entries manually, read the tutorial on how to remove malicious registry entries.

Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
  • The following newly produced Registry Values are:
    HKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}free-for-download bundleSweetIM Bundle by SweetPacks{2F603A45-D956-496B-81B5-50D782424976}{B85C4CB2-B352-4BD8-818C-BCE353599107}{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}HKEY..\..\..\..{RegistryKeys}SOFTWARE\Classes\Extension.ExtensionHelperObject.1SOFTWARE\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4DSOFTWARE\Classes\Installer\Products\4340C4778499EED41AE496DC3D613EC6SOFTWARE\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4DSOFTWARE\Classes\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}SOFTWARE\Classes\SWEETIE.IEToolbarSOFTWARE\Classes\SWEETIE.IEToolbar.1SOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHookSOFTWARE\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1SOFTWARE\Classes\Toolbar3.SWEETIESOFTWARE\Classes\Toolbar3.SWEETIE.1Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Software\Microsoft\Internet Explorer\Stats\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exeSoftware\Microsoft\Windows\CurrentVersion\Ext\Settings\{7D4F1959-3F72-49D5-8E59-F02F8AA6815D}SOFTWARE\Mozilla\Firefox\Extensions, value: {8E9E3331-D360-4f87-8803-52DE43566502}Software\Mozilla\Firefox\Extensions, value: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D}Software\SweetIMSOFTWARE\Updater By SweetPacksSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID, value: {EEE6C35B-6118-11DC-9C72-001320C79847}SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions, value: {8E9E3331-D360-4f87-8803-52DE43566502}Software\Wow6432Node\Mozilla\Firefox\Extensions, value: {7D4F1959-3F72-49d5-8E59-F02F8AA6815D}SOFTWARE\Wow6432Node\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekknSWEETIE.IEToolbarSWEETIE.IEToolbar.1Toolbar3.SWEETIEToolbar3.SWEETIE.1
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path} {DEDAF650-12B8-48F5-A843-BBA100716106}{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}{EEE6C359-6118-11DC-9C72-001320C79847}{EEE6C35E-6118-11DC-9C72-001320C79847}{8E9E3331-D360-4f87-8803-52DE43566502}{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}{82AC53B4-164C-4B07-A016-437A8388B81A}{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}{EEE6C35D-6118-11DC-9C72-001320C79847}
Posted: January 17, 2012 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Threat Metric
Threat Level: 2/10
Detection Count: 922,534

Leave a Reply

What is 3 + 2 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)