"WEB CAKE 3.0" infection - HELP

Jacee · 05 Aug 2013

No multiple instructions here .... I need to see this log!! (pulling out the 'Big" guns, now)

Download Combofix from any of the links below, and save it to your desktop.<--Important
Link 1
Link 2
Link 3

Click on this link Here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
Next: Disconnect from the internet. If you are on Cable or DSL, unplug your computer from the modem.
Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.
This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

Double click combofix.exe and follow the prompts.
When finished, it will produce a log for you.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall
Please be patient while the scan runs, at times it may appear to stall.
When finished and after reboot (in case it asks to reboot), it should open a log, combofix.txt.
Post this log in your next reply
After rebooting ensure your Security applications have been re-enabled.

In your next reply post:
ComboFix.txt
***A guide and tutorial on "How to use Combofix" can be found here:
ComboFix: A guide and tutorial on using ComboFix

IF CF won't run:
During the download, rename Combofix.exe to sVchost.exe

ship691 · 06 Aug 2013

Can we assume this PC is clean?
I'm going to HAVE to start using this PC to earn my living...

Now what?

ship691 · 06 Aug 2013

Done.
i.e. I have downloaded combofix.exe. I have stopped realtime protection by MSE. I have switched off the Windows 7 firewall. I have run combofix. Results here:

log.txt

And I have turned on MSE and window firewall again.

So what next?

Jacee · 06 Aug 2013

Okay, I can see you've run Combofix twice. Is this the same version you downloaded and used on 2012-11-06?

Jacee · 06 Aug 2013

If this is an older version of Combofix that you used, please delete it, then download the latest version from my link above .... CF is always being updated!

You need to totally uninstall:
Norton:
Download and run the Norton Removal Tool to uninstall your Norton product
*Norton AntiVirus, Norton Internet Security, or Norton 360
Using the "SymNRT" utility (Norton Removal Tool)

Anvisoft Anvisoft FAQS | Anvisoft

HitmanPro Hitman Pro Uninstall Tips-How to Fully Remove It?_removetips.com – Remove Programs Tips

BitDefender:
http://www.bitdefender.com/support/How-to-uninstall-BitDefender-333.html
*http://www.bitdefender.com/uninstall

Run TFC again, reboot.

Now give me a fresh Combofix log.

ship691 · 06 Aug 2013

No I downloaded the latest version of combofix.

ship691 · 06 Aug 2013

Sorry, but no I have no idea what norton utility I installed and immediately uninstalled.
On that Norton link, Norton say that they refuse to just supply you with a link to the Norton Removal Tool. Apparently you have to contact their technical support... AAAAAAAAAAARRRRRRRRRRRGGGGGGGGGGHHHHHHH!

I have to say I am getting utterly hacked off with this process. Why in G*d's name is it so hard to uninstall software.

more shortly

NORTON
It turns out that the information on the page you linked for me was lying - I did not have to contact their tecnnical support. Instead I found the FTP you supplied. So I have run SymNRT as requested.

ANVISOFT
I had already uninstalled Anvisoft, and as a result, none of the mechanisms for fully uninstalling it worked . Out of desperation I re-installed in completely and then uninstalled it from the menu items in the All Program menu that they supply rather than using the Control Panel. However this failed to remove the listing in the All Programs menu. And I can see that the following directory still exists:
"C:\Program Files (x86)\Anvisoft\Anvi Smart Defender"

HitmanPro
I this was already deleted. But I have deleted all files on my PC with "hitman" in their names. I have deleted all entries in my registry too with that name in it.

BitDefender
I ran the uninstall utility.

TFC
Ran that too, then rebooted.

Now what next?

Jacee · 06 Aug 2013

Anvisoft removal
Through the uninstall tool:

1. Open windowsstart menu, click all programs and select Anvisoft.

2. Single click on Anvisoft to reveal Anvi Smart Defender.

3. Single click on Anvi Smart Defender to reveal its submenu.

4. click Uninstall and follow the steps provided.

5. Wait for the uninstallation process to complete.

You don't have to restart the computer after the uninstallation.

Next, go to C:\ProgramFiles\
And delete these folders
Norton
Anvisoft
HitmanPro
Bitdefender
Enigma Software Group

Reboot, run the newest version of Combofix and post the text log.

ship691 · 06 Aug 2013

Done.

log.txt

What next?

ship691 · 06 Aug 2013

Btw, when this is all over - what am I now working forward towards as a normal set of tools?
I mean

1. I dont mind spending 40 or even £50 (max) on antiviral software if it is significantly better than the free stuff.

2. Should I have something running all the time to stop malware as well as some AV software?

3. What else should I do by way of maintenance say once per week?

4. How often should all updates and scans be run? Every night at 4AM?