Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: "WEB CAKE 3.0" infection - HELP


02 Aug 2013   #31

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

You could also run

SystemCheck

Click here SecurityCheck to Download

Place the file onto your desktop

Right-click the SecurityCheck choose

Press any key to continue

Once the scan is done . It will open up a text file copy and paste the text

Press Ctrl and A to select All of the text
Press Ctrl and C to copy the selected text
In your reply click on the message box and press Ctrl and V to Paste


My System SpecsSystem Spec
.

02 Aug 2013   #32

Windows 7 x64 Professional (SP1)
 
 

Wait, wait, wait. OK I have now uninstalled Microsoft Security Essential and installed BitDefender Internet Security (Build 17.15.0.682) trial version. And when I ran it, it found "138 threats".

"WEB CAKE 3.0" infection - HELP-delme_bitdefender02.gif
"WEB CAKE 3.0" infection - HELP-delme_bitdefender03.gif

BitDefender Log File.docx

It seems that it doesnt like the zip file attachments in my email archives. Are they likely to be dangerous - should I delete all .zip files?


My System SpecsSystem Spec
02 Aug 2013   #33

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

I can't view the log I'm on an iPad .
My System SpecsSystem Spec
.


02 Aug 2013   #34

Windows 7 x64 Professional (SP1)
 
 

OK I ran DDS.
attach.txt
dds.txt


Also SystemCheck / SecurityCheck done:
Results of screen317's Security Check version 0.99.71
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Bitdefender Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 11.8.800.94
Adobe Reader XI
Mozilla Firefox (22.0)
Google Chrome 28.0.1500.72
Google Chrome 28.0.1500.95
````````Process Check: objlist.exe by Laurent````````
Bitdefender Bitdefender vsserv.exe
Bitdefender Bitdefender updatesrv.exe
Bitdefender Bitdefender bdagent.exe
Bitdefender Bitdefender pmbxag.exe
Bitdefender Bitdefender antispam32 bdapppassmgr.exe
Bitdefender Bitdefender seccenter.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


And now... ?


My System SpecsSystem Spec
02 Aug 2013   #35

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Upload the two logs .
My System SpecsSystem Spec
02 Aug 2013   #36
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

...
My System SpecsSystem Spec
03 Aug 2013   #37

Windows 7 x64 Professional (SP1)
 
 

Done.

Btw I just read (inside it) that attach.txt should be zipped which I have done too.

dds.txt

attach.zip


What next?


My System SpecsSystem Spec
03 Aug 2013   #38
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Download CKScanner by askey127 from HERE
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File. It will appear that CKS isn't doing anything...it is, so just be patient!
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
My System SpecsSystem Spec
03 Aug 2013   #39

Windows 7 x64 Professional (SP1)
 
 

CKScanner 2.3 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\adobe\adobe dreamweaver cs5\configuration\taglibraries\html\keygen.vtm
scanner sequence 3.AP.11.IPCPCN
----- EOF -----
My System SpecsSystem Spec
04 Aug 2013   #40

Windows 7 x64 Professional (SP1)
 
 

Damn. I just ran Spybot Seach & Destroy and discovered that WebCake is back >:^[
I couldnt would out how to make SpyBot destroy that registry entry. The strange thing is that the On Demand scanner lists the various things listed and it has a small grey tick-box beside each one, (and then a green tick), however none of the boxes are 'tickable'. And the Fix Selected button at the bottom of the page is greyed out too.
So in the end I deleted it for myself manually using RegEdit.


Search results from Spybot - Search & Destroy

04/08/2013 01:32:52
Scan took 00:18:26.
11 items found.

WebCake.BHO: [SBI $8048C96E] Interface (Registry Key, nothing done)
HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-163801654-3582672073-2290200179-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-163801654-3582672073-2290200179-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id

Cache: [SBI $49804B54] Browser: Cache (2) (Browser: Cache, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (3) (Browser: Cookie, nothing done)



--- Spybot - Search & Destroy version: 2.1.18.131 DLL (build: 20130516) ---

2013-05-16 blindman.exe (2.1.18.151)
2013-05-16 explorer.exe (2.1.18.177)
2013-05-16 SDBootCD.exe (2.1.18.109)
2013-05-16 SDCleaner.exe (2.1.18.110)
2013-05-16 SDDelFile.exe (2.1.18.94)
2013-06-18 SDDisableProxy.exe
2013-05-16 SDFiles.exe (2.1.18.135)
2013-03-20 SDFileScanHelper.exe (2.1.16.1)
2013-05-16 SDFSSvc.exe (2.1.18.208)
2013-05-16 SDHookHelper.exe (2.1.18.2)
2013-05-16 SDHookInst32.exe (2.1.18.2)
2013-05-16 SDHookInst64.exe (2.1.18.2)
2013-05-16 SDImmunize.exe (2.1.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-05-16 SDOnAccess.exe (2.1.18.4)
2013-05-16 SDPESetup.exe (2.1.18.3)
2013-05-16 SDPEStart.exe (2.1.18.86)
2013-05-16 SDPhoneScan.exe (2.1.18.28)
2013-05-16 SDPRE.exe (2.1.18.22)
2013-05-16 SDPrepPos.exe (2.1.18.10)
2013-05-16 SDQuarantine.exe (2.1.18.103)
2013-05-16 SDRootAlyzer.exe (2.1.18.116)
2013-05-16 SDSBIEdit.exe (2.1.18.39)
2013-05-16 SDScan.exe (2.1.18.177)
2013-05-16 SDScript.exe (2.1.18.53)
2013-05-16 SDSettings.exe (2.1.18.136)
2013-05-16 SDShell.exe (2.1.18.2)
2013-05-16 SDShred.exe (2.1.18.107)
2013-05-16 SDSysRepair.exe (2.1.18.101)
2013-05-16 SDTools.exe (2.1.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-05-16 SDUpdate.exe (2.1.18.91)
2013-05-16 SDUpdSvc.exe (2.1.18.76)
2013-07-10 SDWelcome.exe (2.1.21.129)
2013-05-15 SDWSCSvc.exe (2.1.18.2)
2013-06-19 spybotsd2-translation-frx.exe
2013-08-04 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDAV.dll
2013-05-16 SDECon32.dll (2.1.18.113)
2013-05-16 SDECon64.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-05-16 SDFileScanLibrary.dll (2.1.18.12)
2013-05-16 SDHook32.dll (2.1.18.2)
2013-05-16 SDHook64.dll (2.1.18.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2013-05-16 Tools.dll (2.1.18.36)
2012-12-18 Includes\Adware.sbi (*)
2013-07-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-07-31 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-07-30 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-06-19 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-05-13 Includes\TrojansC-02.sbi (*)
2013-07-31 Includes\TrojansC-03.sbi (*)
2013-03-14 Includes\TrojansC-04.sbi (*)
2013-05-08 Includes\TrojansC-05.sbi (*)
2013-04-19 Includes\TrojansC.sbi (*)

What next?
My System SpecsSystem Spec
Reply

 "WEB CAKE 3.0" infection - HELP




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:35 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33