"WEB CAKE 3.0" infection - HELP

Run Farbar Recovery Scan Tool


64-Bit Version OS Farbar Recovery Scan Tool x64 <===== Download Link

Drag the FRST64.exe from the Downloads folder to your Desktop

Right click on FRST64.exe and choose

When the tool opens click Yes on the disclaimer window .

Press Scan button.

FRST will let you know when the scan is complete and has written the FRST.txt to file

   Note

The first time Farbar Recovery Scan Tool is run, it makes also another log Addition.txt

Please upload both logs in your reply.(FRST.txt and Addition.txt)

FRST.txt and Addition.txt will be on the Desktop

How To Upload a File
Click on the Go Advanced button under the Message box . Scroll down to Additional Options then click on Manage Attachments in the Attach Files sections . Click the Browse button locate the file then click on the Open button . In the Upload File from your Computer section click on the Upload button . Wait until it finishes uploading then close the window . Then click Submit Reply .

Run Malwarebytes

Download Link MalwareBytes

When the installation is done uncheck Enable free trial of Malwarebytes (see image below )



Update the definitions and do a full scan

On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

On
Hold down Control and click on ESET Online Scanner to open ESET OnlineScan in a new window
Click the button
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
° Scan potentially unwanted applications
° Scan for potentially unsafe applications
° Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.


On or
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Right click on choose on your desktop
Check YES, I accept the Terms of Use.
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
° Scan potentially unwanted applications
° Scan for potentially unsafe applications
° Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

I have already run all these in the last couple of days but here goes, I shall run them again...


1. Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.02.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Xxxx :: XXXX09 [administrator]

02/08/2013 08:35:49
mbam-log-2013-08-02 (08-35-49).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 504004
Time elapsed: 24 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


2. ESET online scanner - on MSIE
4 threats found and deleted.

ESETscan.txt


3. ESET on Chrome found nothing. There was no option to export anything when the scan finished.

Now what?

If nothing is showing up, you may have successfully removed the virus. It looks like some changes were made to your files, such as task manager disabled (virus/malware behavior). Run a SFC to see if any files need repairing. Be sure to run it 3X as SFC doesn't always catch everything the 1st or 2nd time around. The tutorial for this procedure is here:

SFC /SCANNOW Command - System File Checker

Also, d/l & run TFC to make sure everything is cleaned out.

http://www.bleepingcomputer.com/download/tfc/

TFC. or Temp File Cleaner, is a small utility that will clean out all the folders on your computer that house temporary files. The temp folders that TFC will clean are the Java, Windows Temp Folder, and the Internet Explorer, Opera, Chrome, and Safari caches. This tool will clean the folders for all accounts on the computer including the Administrator, NetworkService, and LocalService accounts.

ship691 said:

I profoundly disapprove of SpyHunter because it is not building trust before demanding money.

ANY program that finds a bunch of viruses/malware on your PC & then wants payment before cleaning it should be deleted immediately. There are plenty of free, legitimate programs that will do the job & do not demand money to clean your PC.

Lets see something

In

Click arrow on the right of search box;
Do the following: on IE8-9 choose Manage Search providers, on ie7 click change search defaults;
Remove WebCake from the list.

In

Enter “about:config” in url bar. This will open settings page;
Type “Keyword.url” in the search box. Right click it & reset it; ( also search WebCake )
Type “browser.search.defaultengine” in the search box. Right click it & reset it;
Type “browser.search.selectedengine” in the search box. Right click it & reset it;
Search for ‘browser.newtab.url’. Right-click and reset. This will make sure that the search page won’t launch on each new tab.

In

Click 3 horizontal lines icon on browser toolbar;
Select Settings;
Select Basics ->Manage Search engines;
Remove unnecessary search engines from list;
Go back to settings. On Startup choose open blank page ( you can remove undesired pages from the set pages link too).

Do I need to be in Safe Mode for all this stuff?

Fwiw, my screen just went black - but it's a hot day an my PC may have over heated, I'm not sure. So I'm writing this on my laptop (XP) and letting the Win7 PC cool down for a few minutes.

Update:
Okay I've done all that. None of them were still talking about Web Cake (probably because I had already changed them back previously)

Now what?

No it doesn't have to be on Safe Mode . Might want to get a can of air spray and spray the vents on the laptop .