Pando Media Booster Warning

February 24, 2014

Community, General, LOTRO

Virus-Alert-500x416Back in the day (AKA before Steam) we had to download the LOTRO install program through the Pando Media Booster application. Other game systems used it in the past as well. Typically you would use it to download your game or patch and then forget about it. That’s why I thought this warning deserved a post even though I shared it across all our social networks.

First you should know that PMB no longer exists. They shut down last summer so if you’ve recently installed LOTRO or installed through Steam this should not affect you. You may want to check just in case though in case you have it sitting dormant in the background that you’ve forgotten about.

According to Reddit user object404, Pando is popping up as having an update and this update contains the Sweet Page browser hijacker virus.

Having downloaded the LOTRO standalone installer some time ago when it still used the Pando Media Booster downloader, it stuck around my system long after Turbine stopped using it as Pando had already apparently shut down on August 31, 2013.

Having forgotten about Pando having shut down, it launched a pop-up today informing me that a new PMB update was available and asked if I would like to install it.

As soon as I clicked yes, it installed the Sweet Page browser hijacker virus, the WPM service that seems to re-install it and 2 more pieces of insidious software that I hopefully was able to prevent from installing when I saw some suspicious install messages.

I got hit though, and Chrome, Firefox and IE’s home pages and new tab default pages had been changed to Sweet Page’s, all shortcuts to the 3 browsers had been modified that they would launch Sweet Page’s home page upon launch, etc.

If you did get hit by this, here’s a link that will help you remove Sweet Page’s install: http://www.antivirus-blog.com/removal-guides/sweet-page-removal/

Read the full reddit post here.

Special thank you to @ellohir on twitter for alerting us to this.

, , ,
Avatar of Goldenstar

About Goldenstar

Goldenstar's primary happiness in games is anything that involves festivals, parties, cosmetics and pie. If there's any time after those things to kill bad guys, so be it.

View all posts by Goldenstar

6 Responses to “Pando Media Booster Warning”

  1. Joe Says:

    Thanks for the heads up! This popped up on my computer this morning and I started to install it, but then it bugged out and didn’t seem to complete. I’ll have to check more closely tonight.

    Reply

  2. Erin Says:

    Thanks, it just started popping up about every 10 or 15 minutes on my computer. I have had LOTRO on my computer for about 3 years and didn’t know that they had used something like that to update. Thankfully, I declined every time, so I didn’t get the Sweetpage virus, but this helped me know what to look for to uninstall it. The pop-up was getting really annoying.

    Reply

  3. Frizwin Says:

    I wanted to give you a belated thanks for the warning and the links. This popped up on my computer and my daughter’s. We uninstalled Pando and the pop up stopped. So glad it didn’t auto-install!

    Reply

Trackbacks/Pingbacks

  1. RunicPortal » Pando Media Booster 'update' is actually a browser hijack - February 24, 2014

    […] Via: CTSM […]

  2. Casual Gamers Syndicate - February 24, 2014

    […] Via: CTSM […]

  3. Uninstall Pando Media Booster. | MMO Fallout - February 27, 2014

    […] (Source: CSTM) […]

Leave a Reply