Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: "WEB CAKE 3.0" infection - HELP

01 Aug 2013   #11
ship691

Windows 7 x64 Professional (SP1)
 
 

OK I tried a scan with RogueKiller. Although it didnt produce a file called RKreport.txt, after the scan ran, under the registry tab it seemed to find a few things, which were by default ticked. So I clicked "Delete", and then "Report" which produced this text:

RogueKiller V8.6.4 _x64_ [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : Forum
Website : RogueKiller download
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Xxxx [Admin rights]
Mode : Remove -- Date : 08/01/2013 21:34:39
| ARK || FAK || MBR |

Bad processes : 0

Registry Entries : 11
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The system cannot find the file specified.
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Scheduled tasks : 0

Startup Entries : 0

Web browsers : 0

Particular Files / Folders:

Driver : [NOT LOADED 0x0]

External Hives:

Infection :

HOSTS File:
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
192.168.111.249 auctionairsvr


MBR Check:

+++++ PhysicalDrive0: INTEL SSDSA2CW300G3 ATA Device +++++
--- User ---
[MBR] 6a915b1c608c67ddad89ce3b86333bff
[BSP] 7fe233195ddbffa0f47d27f8b707cb38 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 286066 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08012013_213439.txt >>
RKreport[0]_S_08012013_212857.txt


So I then ran a SECOND scan, and this time the report didnt find much:

MBR Check:

+++++ PhysicalDrive0: INTEL SSDSA2CW300G3 ATA Device +++++
--- User ---
[MBR] 6a915b1c608c67ddad89ce3b86333bff
[BSP] 7fe233195ddbffa0f47d27f8b707cb38 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 286066 Mo
User = LL1 ... OK!
User = LL2 ... OK!

>>>

Meanwhile SpyHunter 4 is still finding 21 Threats (and counting) including Web Cake... This may of course be a false alarm but it is worrying.

Now what?


My System SpecsSystem Spec
.
01 Aug 2013   #12
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Run Farbar Recovery Scan Tool


64-Bit Version OS Farbar Recovery Scan Tool x64 <===== Download Link

Drag the FRST64.exe from the Downloads folder to your Desktop

Right click on FRST64.exe and choose

When the tool opens click Yes on the disclaimer window .

Press Scan button.

FRST will let you know when the scan is complete and has written the FRST.txt to file

Note   Note
The first time Farbar Recovery Scan Tool is run, it makes also another log Addition.txt


Please upload both logs in your reply.(FRST.txt and Addition.txt)

FRST.txt and Addition.txt will be on the Desktop

How To Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .
My System SpecsSystem Spec
01 Aug 2013   #13
ship691

Windows 7 x64 Professional (SP1)
 
 

Done.

FRST.txt

Addition.txt

Now what?


My System SpecsSystem Spec
.

01 Aug 2013   #14
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Run Malwarebytes

Download Link MalwareBytes

When the installation is done uncheck Enable free trial of Malwarebytes (see image below )



Update the definitions and do a full scan

On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

On
Hold down Control and click on ESET Online Scanner to open ESET OnlineScan in a new window
Click the button
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.


On or
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Right click on choose on your desktop
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.
My System SpecsSystem Spec
02 Aug 2013   #15
ship691

Windows 7 x64 Professional (SP1)
 
 

I have already run all these in the last couple of days but here goes, I shall run them again...


1. Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.02.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Xxxx :: XXXX09 [administrator]

02/08/2013 08:35:49
mbam-log-2013-08-02 (08-35-49).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 504004
Time elapsed: 24 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


2. ESET online scanner - on MSIE
4 threats found and deleted.

ESETscan.txt


3. ESET on Chrome found nothing. There was no option to export anything when the scan finished.&quot;WEB CAKE 3.0&quot; infection - HELP-delme_eset.gif

Now what?


My System SpecsSystem Spec
02 Aug 2013   #16
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 

If nothing is showing up, you may have successfully removed the virus. It looks like some changes were made to your files, such as task manager disabled (virus/malware behavior). Run a SFC to see if any files need repairing. Be sure to run it 3X as SFC doesn't always catch everything the 1st or 2nd time around. The tutorial for this procedure is here:

SFC /SCANNOW Command - System File Checker

Also, d/l & run TFC to make sure everything is cleaned out.

http://www.bleepingcomputer.com/download/tfc/

Quote:
TFC. or Temp File Cleaner, is a small utility that will clean out all the folders on your computer that house temporary files. The temp folders that TFC will clean are the Java, Windows Temp Folder, and the Internet Explorer, Opera, Chrome, and Safari caches. This tool will clean the folders for all accounts on the computer including the Administrator, NetworkService, and LocalService accounts.
Quote   Quote: Originally Posted by ship691 View Post
I profoundly disapprove of SpyHunter because it is not building trust before demanding money.
ANY program that finds a bunch of viruses/malware on your PC & then wants payment before cleaning it should be deleted immediately. There are plenty of free, legitimate programs that will do the job & do not demand money to clean your PC.
My System SpecsSystem Spec
02 Aug 2013   #17
ship691

Windows 7 x64 Professional (SP1)
 
 

I rand SFC /SCANNOW three times but it said it found nothing each time.
I also ran TFC

Getting user folders.

Stopping running processes.

Emptying Temp folders.

>>>
User: admin
->Temp folder emptied: 943695 bytes
->Temporary Internet Files folder emptied: 88618 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes

User: Xxxx
->Temp folder emptied: 145488167 bytes
->Temporary Internet Files folder emptied: 33052103 bytes
->Java cache emptied: 900939 bytes
->FireFox cache emptied: 22796966 bytes
->Google Chrome cache emptied: 124978374 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 58233 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: fbwuser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Flash cache emptied: 2840 bytes

User: Guest
->Temp folder emptied: 50175 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 190411 bytes
%systemroot%\System32 .tmp files removed: 9267880 bytes
%systemroot%\System32 (64bit) .tmp files removed: 11056128 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25852 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 111519 bytes

Emptying RecycleBin. Do not interrupt.

RecycleBin emptied: 9819944 bytes
Process complete!

Total Files Cleaned = 342.00 mb
>>>

Now what?
My System SpecsSystem Spec
02 Aug 2013   #18
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Lets see something

In

Click arrow on the right of search box;
Do the following: on IE8-9 choose Manage Search providers, on ie7 click change search defaults;
Remove WebCake from the list.

In

Enter “about:config” in url bar. This will open settings page;
Type “Keyword.url” in the search box. Right click it & reset it; ( also search WebCake )
Type “browser.search.defaultengine” in the search box. Right click it & reset it;
Type “browser.search.selectedengine” in the search box. Right click it & reset it;
Search for ‘browser.newtab.url’. Right-click and reset. This will make sure that the search page won’t launch on each new tab.

In

Click 3 horizontal lines icon on browser toolbar;
Select Settings;
Select Basics ->Manage Search engines;
Remove unnecessary search engines from list;
Go back to settings. On Startup choose open blank page ( you can remove undesired pages from the set pages link too).
My System SpecsSystem Spec
02 Aug 2013   #19
ship691

Windows 7 x64 Professional (SP1)
 
 

Do I need to be in Safe Mode for all this stuff?

Fwiw, my screen just went black - but it's a hot day an my PC may have over heated, I'm not sure. So I'm writing this on my laptop (XP) and letting the Win7 PC cool down for a few minutes.

Update:
Okay I've done all that. None of them were still talking about Web Cake (probably because I had already changed them back previously)

Now what?
My System SpecsSystem Spec
02 Aug 2013   #20
VistaKing

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

No it doesn't have to be on Safe Mode . Might want to get a can of air spray and spray the vents on the laptop .
My System SpecsSystem Spec
Reply

 "WEB CAKE 3.0" infection - HELP




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
"access denied" when using "assoc" and "ftype" from cmdline?
I tried to associate the file extension .txt to a new editor program with the well known cmdline programs ASSOC and FTYPE. No, assigning them through WinExplorer menu does not work. But this is another problem which should not discussed here. When I type now one of the following...
General Discussion
Kyboard deos not respond to the keys: "e", "d", "c" and "3"
Example sentence: vrytim I prss ths kys, nothing happns. Now I'm writing with my on-sreen keyboard. I'm clueless when it comes to computer stuff. How do I fix this? Is this a software problem, or a hardware problem?Help is much appreciated!
Hardware & Devices
Changing the "minimize" "maximize" and "close" buttons of a theme
Ok so I'm using a custom visual style made by another user however I don't really like the buttons used that I mentioned above. The creator states it is acceptable to change the theme to however you like as long as you don't redistribute it anywhere. Ok so I opened up the .msstyles file (using...
Customization
BSOD every few hours: mostly "STOP: 0x00000F4", "c00021a" & "c0000135"
Hi everyone! Yesterday my HP laptop (Windows 7) started getting BSOD with various types of errors (mostly "STOP: 0x00000F4", "STOP: 0x0000007A", "c00021a" and one "missing %hs, c0000135"). Most of the time it restarts without any issues and works fine right after the BSOD and then an hour or two...
BSOD Help and Support
Need to add "TASKBARS" (MSese for "Launchpads", "Docks" NOT "Toolbars"
My office just upgraded, and I can no longer use Windows XP. On this system, I was able to add a separate taskbar to facilitate quick access to commonly-browsed folder locations on our vast network, and another one expedited the launching of useful programs and lists. Each task on each taskbar...
General Discussion
Remaking "My Music", "My Pictures", "My Videos" folders
hi, OK, this is a weird one. I wanted to move the "My Music", "My Pictures", "My Videos" folders to another HDD. I moved the "My Documents" Folder to this HDD without a problem but the others I accidentally set the whole HDD as the folder (if that makes sense). So now the music, videos and...
Customization


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 19:01.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App