These are Netz-Trends‘ experiences when downloading two well-known duplicate file finders, one of them starting with ‘tot…’, the other one with ‘all…’. In this article, we explain how to remove sweet-page.com.
First things first: sweet.page.com is considered to be a browser hijacker which basically ‘kidnaps’ browsers everybody uses to access the internet. It is currently not clear whether the alleged ‘search engine’ sweet-page.com attaches itself automatically to free or maybe even fee-based downloadable software or whether the affected programmes actively promote sweet-page.com’s download. Some bloggers describe the following: Once sweet-page.com has been installed it will automatically open every time you open the browser.
Sweet-page.com itself is not malicious. In fact, there are countless other programmes that use a similar method and also change settings on the user’s computer or in programmes. However, what a lot of users reporting to Netz-Trends find malicious regarding sweet-page.com is that the programme sneaks into the download of other software and adds Windows shortcuts to the desktop and to the Start Menu – and, as previously mentioned, changes settings in internet browsers (please use our comment feature to leave your comment and recommend us in Facebook or google+).
According to our experiences, this programme seems to exploit a security loophole in Google Chrome, for example. Even if we changed the home page of our browser in the settings and deleted sweet-page.com, the website would be back as our home page with the next start of Google Chrome.
Contrary to other search engines, the alleged search engine Sweet-page.com cannot be deleted normally in Google Chrome – the X is missing.
We had similar experiences with Internet Explorer. It was only in Mozilla Firefox that we managed to delete the annoying sweet-page.com quite easily through changing the browser’s home page. If you enter a search term into the alleged search engine sweet-page.com you get automatically redirected to search.yahoo.com.
However, we find it hard to understand that Yahoo would voluntarily cooperate with software like this. It is much more likely that sweet-page.com earns some money through users clicking on one of the displayed advertisements. In these advertisements, sweet-page.com mixes noticeably respectable and well-known brands (Google, YouTube, Facebook, ebay) and little known or unknown brands – probably with the aim that the user will click on little known or unknown brands (see picture at the top of the article).
The following brands were shown during the Netz-Trends tests (see picture): Facebook, Google, YouTube, Prime Slots, ebay, Casino Club, FlirtFair, eDates, Anno Online, Big Farm, Empire, War Thunder, Merkur Spiele!, S.K.I.L.L., Battlefield Heroes.
We assume that sweet-page.com finances itself through advertisement and sponsored links in its search results but also through the displayed website ads.
It is also safe to assume that the search terms entered by the users (or customers) from each search request are collected by sweet-page.com. Sweet-page.com’s partners are most likely cooperating with the website in order to artificially increase a website’s ranking in the search results – you could name this Black Hat SEO.
Technically speaking, sweet-page.com is not a virus but a PUP (PARC Universal Packet Protocol) or a potentially unwanted programme. However, it does show quite a few malicious features, for example its rootkit abilities. Through these abilities, sweet-page.com can dig deeply into the operating system – amongst others through browser hijacking.
The programme can only be deleted if the user is experienced. Netz-Trends tested if uninstalling the browser Google Chrome would do the job. However, even after a complete deinstallation and a subsequent re-installation of Google Chrome, sweet-page.com was back as a search engine that could not be uninstalled in Google Chrome. At the end of the day, though, this is a security loophole, so Google Chrome’s mistake, which the programmers of sweet-page.com are exploiting.
It seems that sweet-page.com changes the loading time of Internet Explorer, for example, or activates a blocking feature in Firefox which will block rivaling software. This is made possible through a feature that inhibits certain changes in Mozilla’s settings and therefore bypasses the browser’s content security policy.
Up until now, we have had the experience that sweet-page.com can also not be uninstalled through ‘Uninstall a program’ since there is no programme with the name ‘sweet-page.com.’ The browser hijacker sweet-page.com can also not be deleted or uninstalled by uninstalling or deleting the programme through which the user caught sweet-page.com. What are left are laborious manual counter measures.
As a general rule: when installing free or fee-based software, you should always make sure that additional programmes are not installed. Software installation packages often have an optional installation of additional programmes – like sweet-page.com which is actually a browser hijacker.
Additional software can be displayed quite obviously as an additional installation option. Through piggy-back installation, it can also be installed secretly as the desired programme is being installed. The tests by Netz-Trends seem to confirm that the latter is what happened in the case of sweet-page.com: during the installation of programmes that can find and eliminate duplicate files on the computer, sweet-page.com was installed piggy-back.
As a general rule, you should always use ‘custom installation’ – even if (as software providers like to point out) a custom installation is not recommended. However, if you are custom installing a programme you have a higher chance of being able to actively deselect or delete unwanted additional programmes.
As a general rule: anything on the internet, that neither you nor your friends don’t know, should be accessed with caution or ignored from the start and not be installed. It goes without saying that you should not install software that you don’t trust. In case of doubt, rely on your gut instincts.
Please note: Even antivirus software like Antivir did not protect against sweet-page.com during the test. We have observed that the Antivir software which costs about 20 Euros did not prevent the installation of sweet-page.com even though Antivir checked the duplicate file software before the installation.
There are several possibilities how to delete the browser hijacker sweet-page.com from your Internet Explorer, Mozilla Firefox or Google Chrome. Make sure you follow the steps in the correct order.
Step 1: Install one of the following programmes for the removal of unwanted software: either adwcleaner_3.016, junkware Removal Tool (download via Internet Explorer or Mozilla Firefox), Malwarebytes Anti-Malware or HitmanPro.
According to our experience up to now, the programme sweet-page.com can in some cases only be removed using various anti-junkware programmes. You might have to make a few attempts. It is very important that you share your experiences with our readers and that you leave comments at the end of this test. After you ran any of these programmes, it is very important that the computer is shut down and rebooted completely. Only then you can judge whether sweet-page.com has been successfully removed.
At first, please try to remove sweet-page.com using adwcleaner_3.016 (tool will automatically download, click on the button at the bottom left or right). As with all anti-virus or malware programmes, please close all open programmes and internet browsers before you start the programme. Then double-click on the icon of AdwCleaner. The process will then start.
As an alternative, you can also try one of the programmes listed above or maybe even the ‘Junkware Removal Tool’ – however, our users don’t seem to have been successful using this tool. Attention: the programme Junkware Removal Tool automatically starts downloading. You only need to confirm, usually bottom left or right, that you would like to install it. As soon as you have downloaded Junkware Removal Tool, double-click on the JRT.exe icon. Confirm the Windows prompt that you would like to execute Junkware Removal Tool.
Junkware Removel Tool: Please do not ignore what’s written in white but read very carefully what to do.
Junkware Removal Tool will now start. During the prompt you need to press any key to start the scan for sweet-page.com. This can take up to ten minutes so please be patient. The duration of the scan depends on how fast your system is.
Once Junkware Removal Tool has finished the scan it will create a protocol with all the malicious files and registry keys that have been removed from your computer. If sweet-page.com is still present on your computer please try one of the other programmes – for example AdwCleaner, Malwarebytes Anti-Malware or HitmanPro.
If the programme sweet-page.com is nesting in the browser icon of Mozilla Firefox, Google Chrome or Internet Explorer on the desktop for example, right-click the relevant browser icon. A menu will open. Click on the menu item “Properties” and a pop up window will open.
You can also try to remove sweet-page.com by right-clicking on the affected browser icon on your desktop.
It is possible that the locations in the line "Target" or "Start in" do not contain the following links: "C:Program Files (x86)Mozilla Firefoxfirefox.exe" (in "Target") or “C:Program Files (x86)Mozilla Firefox” (in “Start in”). Instead, these lines will display a sweet-page.com link such as the following: http://www.sweet-page.com/?type=hp&ts=1388870471&from=cor&uid=ST320LT020-9YG142_W049S93XXXXXW049S93X.
If this is the case, simply delete the sweet-page.com link and paste the links described above into the respective lines. Click “OK” at the bottom of the pop up window. This will solve the problem of having sweet-page.com hijack the icon. (Please note: this will only work if you have installed Firefox on drive C.)
Sweet-page.com is registered in the US at GoDaddy.com, LLC (registrar). If you would like to let off some steam you can send the complaint at the end of the text to the following two complaints centres: email@example.com and firstname.lastname@example.org. The same text should be sent to the official US American registry office: http://www.icann.org/en/resources/compliance/complaints/whois/inaccuracy-form
"The website sweet-page.com seems to be a virus or an unwanted program. I was not aware of its download. Now that website opens whenever I start Google Chrome or Internet Explorer, even Mozilla Firefox. I was able to delete it in Mozilla Firefox, but was unable to delete it in Google Chrome or Internet Explorer. www.sweet-page.com seems to exploit a security loophole in those browsers and is now permanently set to be the home page of those browsers. I ask you kindly to take actions against sweet-page.com. As far as I know sweet-page.com is installed piggy-back as a plugin through some free software tools."