Back in the day (AKA before Steam) we had to download the LOTRO install program through the Pando Media Booster application. Other game systems used it in the past as well. Typically you would use it to download your game or patch and then forget about it. That’s why I thought this warning deserved a post even though I shared it across all our social networks.
First you should know that PMB no longer exists. They shut down last summer so if you’ve recently installed LOTRO or installed through Steam this should not affect you. You may want to check just in case though in case you have it sitting dormant in the background that you’ve forgotten about.
According to Reddit user object404, Pando is popping up as having an update and this update contains the Sweet Page browser hijacker virus.
Having downloaded the LOTRO standalone installer some time ago when it still used the Pando Media Booster downloader, it stuck around my system long after Turbine stopped using it as Pando had already apparently shut down on August 31, 2013.
Having forgotten about Pando having shut down, it launched a pop-up today informing me that a new PMB update was available and asked if I would like to install it.
As soon as I clicked yes, it installed the Sweet Page browser hijacker virus, the WPM service that seems to re-install it and 2 more pieces of insidious software that I hopefully was able to prevent from installing when I saw some suspicious install messages.
I got hit though, and Chrome, Firefox and IE’s home pages and new tab default pages had been changed to Sweet Page’s, all shortcuts to the 3 browsers had been modified that they would launch Sweet Page’s home page upon launch, etc.
If you did get hit by this, here’s a link that will help you remove Sweet Page’s install: http://www.antivirus-blog.com/removal-guides/sweet-page-removal/
Special thank you to @ellohir on twitter for alerting us to this.