Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.


CNET Support


Fellow members. "about:config" finds Sweet, and Conduit

Dec 17, 2013 8:03AM PST

The last few weeks seems to find Conduit and other items installing in spite of opting out. This is not a discussion so much about that but to see it others are seeing what I'm seeing.

-> Even after clean up with the guides to date, if I go to about:config in Firefox and Internet Explorer I find entries from Sweet and Conduit there.

1. Are you seeing this?
2. Anyone know which guide or tool cleans these?

Discussion is locked

- Collapse -
Clarification Request and conduit
Dec 29, 2013 2:39AM PST


For the past few days, I've been inundated with messages that pop up from conduit,, and Norton (which I don't use). Want to get rid of them! I have an HP Pavilion dv6-7020us with Windows 7. Are the solutions detailed later in this posting the best steps for me to follow?


- Collapse -
Dec 29, 2013 5:24AM PST

But my question is about what we find in about:config. I see open discussions about removing conduit. If you can't find those discussions, start a new post.

However can you answer my question?

- Collapse -
Dec 17, 2013 8:07AM PST

Too late for me to look tonight cos I'm on my Android but checking it out tomorrow on Win 7.


- Collapse -
I don't download much
Dec 17, 2013 8:27AM PST

but I looked and don't have anything....Digger

- Collapse -
Should be full of "things"
Dec 17, 2013 8:39AM PST

But more importantly is anything in bold (Firefox shows new/nonstock in bold) and then we can research what those are.

- Collapse -
I've Cleaned Up Three Or Four Machines Lately Using....
Dec 17, 2013 10:01AM PST
- Collapse -
Thanks Grif. However, look deeper, try about:config.
Dec 17, 2013 10:27AM PST

Why I went looking was that even after cleanup a few machines randomly went to other sites. So I started digging.

Thanks for the links, your continued good advice and hope you can find time to check it out.

- Collapse -
Next One I Clean Up, I'll Take A Look
Dec 17, 2013 12:39PM PST

At this point, they're all in the hands of their respective owners..

I just took a gander at "about:config" on a couple of computers here.. Nothing to report, but all these computers are clean.. I have a daughter who's machine has problems.. I'll take a look at it the next time I get a chance.

Take care.


- Collapse -
SweetPacks Removal
Jan 20, 2014 1:05AM PST

I don't have a proven solution per se, Bob, but I just wanted to confirm to you and Grif some things you may already know. I'm also including highlights of the steps I took to eradicate this issue from my system last year.

The same thing (a SweetPacks infection) occurred roughly a year or so ago. There was extensive discussion about it here in the forums because you (Bob) helped to track it back to a CNet/Downloads copy of VMWare Player (I think) that had recently been promoted.

I found the popular deinstallers and adware/malware eradicators could not completely remove SweetPacks. Even after things seemed all fixed, a couple weeks later I found remnants of SweetPacks trying to access the Internet, presumably to update or further-infect my system. I'll explain.

I had used Malwarebytes, AdwCleaner, and also Revo Uninstaller. Interestingly, SweetPacks had its own deinstaller, which I didn't trust, of course. However, even when using Revo, the SweetPacks deinstaller would pop-up and obscure the Revo window, thereby almost tricking the user into using the SweetPacks deinstaller instead of proceeding with using Revo. Was there any sense in trusting the SweetPacks deinstaller? I avoided it.

I had three browsers installed -- Firefox, IE, and Chrome -- and ALL were affected. To fix the browsers, I used their respective Options/Preference tools to remove the visible effects of SweetPacks (add-ons, home page, and default search site), but checking About:Config for Firefox revealed that remnants remained.

By the way, Bob, after taking your advice when this originally occurred, I've been using AdBlock and Web of Trust, both of which have effortlessly helped me to avoid getting into trouble again. Thank you very, VERY much!

After doing all of the above, all seemed okay. Then two weeks later a firewall warning indicated something called "ExtensionUpdaterService.exe" was trying to access the Internet. Checking online revealed this was associated with SweetPacks. This pressed my knowledge of safe PC usage, but I dared to look in my Registry. Other than a boot sector contamination or something being started by MSConfig, the Registry was the only other place I knew to check. Sure enough I found entries in the Registry, too, which spawned visits to a particular web address (which I don't recall). After manually removing all the SweetPacks entries from my Registry I could find,
fortunately my system was still in good working order. I've re-checked
several times and thankfully, Registry entries with "sweetim" and
"sweetpacks" have not reappeared.

I hope this helps, folks. All the best!

Tony M.

- Collapse -
Thanks for this.
Jan 20, 2014 1:21AM PST

Can you look in the about:config for items that are extra/changed? In Firefox they show in bold.

Not all are bad things but my question here was to collect more detail. It may be a question a little too deep for most but why I ask is so I can take this to someone for more investigation.

- Collapse -
Can't Distinguish Latest Changes From Old
Jan 20, 2014 2:40AM PST


Thanks for your message. I hope I haven't misunderstood your question.

Unless there's another trick I need to learn, I see no way to distinguish new/unwanted entries in About:Config from older/desired changes. Yes, you can sort on the Status column to distinguish default settings from the user set entries, but there aren't any dates, which I guess you already realized. In my case, I've been using the same Firefox profile for the last three computers (moving the profile to the new systems). In other words, if the About:Config settings are affected by a migrated profile, then my About:Config reflects more than a decade's worth of accumulated user set entries. About half of my entries are user set, by the way.

As I searched About:Config and my Registry for entries created by SweetIM/SweetPacks, I prayed they didn't try to obscure its entries by using weird/alternate entry names.

However, with the Registry changes SweetPacks made -- my memory and notes are less certain about this particular point -- in addition to the Registry entries with "sweet" included, the big hint came from the Zone Alarm notification I received. I didn't recognize the Web address being called for, but searching the Web showed the site was associated with SweetPacks. Thus, in addition to being suspicious about Registry entries including "sweet", I also searched my Registry for the Web address Zone Alarm alerted me to.

Ever since, I haven't recognized any odd, unexpected system behavior. To the best of my limited PC knowledge, it seems all remnants of that SweetPacks version have been eradicated.

I think I've told you all I know, but if I can help in any way, let me know. I HATE SweetPacks because thus far it's the first and only infection I've ever received/noticed in 20 years of PC usage.

Tony M.

- Collapse -
Thanks again.
Jan 20, 2014 2:48AM PST

I know this area is very deep and continue to do research on the side to see what else SweetPacks, Conduit and other nasty stuff is doing.

Again, thanks to all for the effort.

- Collapse -
SweetPacks -- I Forgot To Mention
Jan 20, 2014 7:18AM PST

I wish I knew a tenth as much as Bob knows. But I'm replying to add a little info that I overlooked.

Earlier I mentioned that an unfamiliar program on my computer was detected by Zone Alarm as trying to access the Internet. The executable was named "ExtensionUpdaterService.exe". I also said I didn't recognize the Web address being called for, but that's incorrect/backwards. Zone Alarm reported the executable that was trying to access the Internet, NOT the destination Web address.

Searching for that executable's file name (two weeks after thinking I had already eradicated my SweetPacks infection) is what led me to the lingering Registry entry, which by the way, did NOT have "sweet" in any part of the entry. That executable's file name also led be to identify the directory SweetPacks installed: "C:\Program Files\Updater By SweetPacks", which contains the 185 KB file named "ExtensionUpdaterService.exe". After detecting these, I immediately renamed the directory and the executable, and my system hasn't suffered in all this time, so I guess it's okay to permanently delete them.

And that's all I had to add. While highly savvy computer users may have already figured it out, I've coincidentally made the point that firewalls monitoring only incoming communications are not adequate, in my opinion. Without Zone Alarm catching this unexpected attempt to access the Internet, I most assuredly would have found myself at "square one" all over again. I guess casual computer users might hardly notice or care, but when my system does stuff I don't recognize and can't control, it feels just as scary as pressing my car's brake pedal all the way to the floor and not being able to stop.

Many, many thanks, Bob.

Tony M.

- Collapse -
Excellent Info
Jan 20, 2014 7:25AM PST

Thank You from someone that's not so savvy


- Collapse -
Thanks for the input on this.
Mar 14, 2014 1:07AM PDT

It appears that updates to the browsers help marginally.

Parting notes. Learn to have tools Grif and moderators here ready when you encounter these pests. Be ready to reset browsers and know how to set the home page too. Beef up your browser with at least Web Of Trust and AdBlock+.