Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: "WEB CAKE 3.0" infection - HELP

01 Aug 2013   #1

Windows 7 x64 Professional (SP1)
 
 
"WEB CAKE 3.0" infection - HELP

Hi

HELP! I have been infected by "WEB CAKE 3.0".

BACKGROUND
I am running Windows7 x64 on 8GB of RAM, and 256GB of SSD.
I am using Microsoft Security Essentials for virus protection.
I am pretty much a newbie.

THE STORY SO FAR:
1. I found it in Control Panel > Programs and Features, and because I didn't recognize it I tried to uninstall it.
I have no idea how or when it got there.
2. But it wouldn't uninstall.
3. So then following a thead on WEB CAKE 3.0 - It crashes Internet Explorer regularly - Microsoft Community I used regedit to search for "WEB CAKE", "WEBCAKE" and just "CAKE" as well as "Tarma" and I deleted any line in my registry that had any such reference. There were about 30 of these
4. Then I used "Everything" (desktop search" to find and delete any file with "cake" in the name - there were about 5 of these.
5. I then following the advice on answers.microsoft.com installed "SpyHunter 4" and ran a fast scan.
This found about 66 items under the following headings:
- Babylon Search
- Hola Search
- Advert
- Adware Helpers
- Adware.WebCake
- Atlas DMT
- DoubleClick
- Media
However I then discovered that SpyHunter 4 is not free so I stopped.

What should I do next?
Many thanks

J

My System SpecsSystem Spec
.

01 Aug 2013   #2

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

Spy Hunter 4 has a rouge background & is probably using scare tactics to get you to pony up $$$$$. I would uninstall it & go with something known to be legit, such as Malwarebytes. It is free, or you have the option to pay for it which enables other features. However the free version is more then adequate.

When you have done a full system scan with Malwarebytes, it will present a window of infections it found (if any). Make sure to check the boxes of all listed malware & quarantine it.

This link will show you various methods to remove the infection.

How to remove WebCake virus (Uninstall Guide)

In addition, you may want to run Adwcleaner.

AdwCleaner Download

You may or may not have these viruses, but I wouldn't trust Spy Hunter. Run a scan with the above listed tools & post back with the results.

Also, run a scan with TDSSKiller to confirm you do not have a rootkit. Malware is known to introduce other malware/viruses to a system.

After all this is done, run a full system scan with MSE to be sure nothing is leftover. Run Malwarebytes regularly. Unless you have the paid version, you will need to manually update the definitions.
My System SpecsSystem Spec
01 Aug 2013   #3

Windows 7 x64 Professional (SP1)
 
 

Hi

Okay I just ran MalwareBytes here are the results:

>>>>>

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free anti-malware download

Database version: v2013.08.01.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Alec :: ALEC09 [limited]

01/08/2013 17:44:09
mbam-log-2013-08-01 (17-44-09).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 501884
Time elapsed: 23 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

>>>>>


OJK, I then ran AdwCleaner and here are its results:


>>>
# AdwCleaner v2.306 - Logfile created 08/01/2013 at 18:15:40
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (64 bits)
# User : Alec - ALEC09
# Boot Mode : Normal
# Running from : C:\Users\Alec\Downloads\AdwCleaner (1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\obg07pq8.default\prefs.js

[OK] File is clean.

File : C:\Users\Alec\AppData\Roaming\Mozilla\Firefox\Profiles\xy2jf0dy.default-1375366487036\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Alec\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.15.1748.0

File : C:\Users\Alec\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4278 octets] - [01/11/2012 22:32:42]
AdwCleaner[R2].txt - [1830 octets] - [01/08/2013 16:13:12]
AdwCleaner[R3].txt - [1890 octets] - [01/08/2013 16:15:41]
AdwCleaner[R4].txt - [1752 octets] - [01/08/2013 16:21:58]
AdwCleaner[R5].txt - [1662 octets] - [01/08/2013 18:15:40]
AdwCleaner[S2].txt - [4264 octets] - [01/11/2012 22:42:54]
AdwCleaner[S3].txt - [1960 octets] - [01/08/2013 16:16:31]
AdwCleaner[S4].txt - [1816 octets] - [01/08/2013 16:22:34]

########## EOF - C:\AdwCleaner[R5].txt - [1902 octets] ##########

>>>>>

Do you have any idea what these are?

> Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
> Key Found : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
> Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

Also, I just ran TDSSKiller which found nothing.
My System SpecsSystem Spec
.


01 Aug 2013   #4

Windows 7 Ultimate Retail Box (64-bit installed) + Service Pack 1
 
 

Welcome to sevenforums!

MSE is not a good enough anti-virus solution on it's own, I don't recommend it to anyone for that purpose.

avtest.org will enlighten you on the major products available, MSE is rated dead last overall.

I suggest exploring other browsers to use as well, all should import IE's bookmarks and all cost nothing.

Firefox, Opera, Maxthon, Chrome, Safari, and Pale Moon (Firefox based), to name a few.
My System SpecsSystem Spec
01 Aug 2013   #5

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

Download Junkware Removal Toolkit

Click here Junkware Removal Tool to download

Drag the JRT.exe from the Downloads folder to your Desktop

Right click JRT.exe and choose

Once done upload the JRT.txt file

Download HitManPro

64-Bit Version OS HitmanPro_x64

32-Bit Version OS HitmanPro

Save to the Desktop

Right click on HitmanPro.exe and choose

When HitmanPro opens up click on Settings uncheck Scan for tracking cookies . Click on OK . Then click on the Next button

Click on No, I only want to perform a one-time scan to check this computer on the Setup page . Click Next once done .

Let it scan the PC once its done Click Next

Click Activate free license to start the free 30 days trial and remove all the malicious files from your computer then click Next

Upload the log . Locate in C:\ ProgramData\Hitman Pro\Logs
My System SpecsSystem Spec
01 Aug 2013   #6

Windows 7 x64 Professional (SP1)
 
 

> Welcome to sevenforums!
Thanks

> MSE is not a good enough anti-virus solution on it's own, I don't recommend it to anyone for that purpose.
Oh-oh. But I thought it was bad to run too AV solutions at once.
So should I uninstall MSE completely?

> avtest.org will enlighten you on the major products available, MSE is rated dead last overall.
BitDefender Internet Security gets good marks on avtest.org. Should I buy that?
At 44.95 (per year?) it's at the very top end of what I'd be prepared to spend.
What are your personal recommendations?

Comodo: Internet Security Premium scores even better but nothing of that name seems to exist on comodo.com. There is something called "Comodo Internet Security Complete 2013" for $39.99 which is certainly cheaper than BidDefender if it does the same thing.

In the past, my main issue with AV software is that they all seem to slow the computer up really badly.

> I suggest exploring other browsers to use as well, all should import IE's bookmarks and all cost nothing.
> Firefox, Opera, Maxthon, Chrome, Safari, and Pale Moon (Firefox based), to name a few.
Unfortunately I cant abandon the major browsers completely because I am a webmaster and necessarily HAVE to test sites using popular software including MSIE. I already use Chrome, Safair, Firefox and Opera.

Meanwhile how can I make sure I'm not still infected?
My System SpecsSystem Spec
01 Aug 2013   #7

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

You don't want to run more than two real time protection antivirus . MSE is OK for a free antivirus .

If you want to purchase an Antivirus . BitDefender would be one of the choices .

I'd stay far from Norton products and McAfee products .
My System SpecsSystem Spec
01 Aug 2013   #8

Windows 7 x64 Professional (SP1)
 
 

I have recently run JRT and HitmanPr but I'll do so again now.

OK here is my JRT.txt file:

>>>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Windows 7 Professional x64
Ran by Alec on 01/08/2013 at 20:11:21.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/08/2013 at 20:15:15.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

>>>

Here is "HitmanPro_20130801_2042.log":


>>>

Code:
HitmanPro 3.7.7.202
www.hitmanpro.com

   Computer name . . . . : XXXX09
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : xxxx09\Xxxx
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-08-01 20:35:01
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 18s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 0

   Objects scanned . . . : 1,659,792
   Files scanned . . . . : 46,281
   Remnants scanned  . . : 467,751 files / 1,145,760 keys
My System SpecsSystem Spec
01 Aug 2013   #9

Windows 7 x64 Professional (SP1)
 
 

I profoundly disapprove of SpyHunter because it is not building trust before demanding money. Nonetheless it is worrying that when I run it, it is still finding various problems. Fewer problems than before, including fewer Web Cake problems, but still various problems... (!)

"WEB CAKE 3.0" infection - HELP-delme_spy_hunter.gif

Now what?


My System SpecsSystem Spec
01 Aug 2013   #10

Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
 
 

<==== Download Link


<==== Download Link

Click on one of the links above that goes with your Windows 7 bit versions

Save to the Desktop.

Close all windows and browsers

Right click on and choose

Press: SCAN

provide the RKreport.txt (Mode: Scan) in your reply.
My System SpecsSystem Spec
Reply

 "WEB CAKE 3.0" infection - HELP




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:46 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33