Solved Webcake Adware/whole computer infected

Hewlett-packard / G72
June 6, 2013 at 23:08:17
Specs: Windows 7 home prem, 64 bit, core i3-350/4g ddr3
Hi Tom and company!!

You guys were so helpful with a horrid virus I had years ago (Beast I think it was) that when my friends laptop was handed to me horribly infected after about 12 hours I discovered hundreds of adware/spyware/toobare programs, I decided to come here to ask for some help. My first discovery was that his browser was grinding to a halt, constant timeouts, shockwave crashing etc. Well I was just about to close browser (chrome) and Zone Alarm (just had him install that the other day) popped up a warning that "Tidy2.exe (or very similar) wants to access the internet. Well I knew that had to be bogus so I denied it and dug it up and manually deleted it. Decided I better run some tools and see what was up. Ran Avast, found nothing, ran Malware bytes, again nothing. thought this was weird cause I know SOMETHING is on there, go digging thru the processes and I find an entry I dont know, WebCake.exe *32, try to shut it down , wont let me, head to services , nothing there, pop up the administrator services button (he uses windows 7) and find Webcake updater, disable it, still wont let me delete the exe*32 file. Manually go find the file (this took forever) and in the process discover some unerving things. apparently he has had this virus since early april on his computer and its been busily downloading other things, One thing it has done is created another administrator account, the normal one is just (computer name/administrator) the new one is (computer name/administators) and this new admin name has taken ownership of all kinds of files on computer, and blocked regular admin from accessing them. I cant give his admin account permission to do much of anything. searched out webcake online on MY comp, was suggested to get "spyhunter" so I did, ran it, it found 523 threats, but wont remove them unless he buys it (we are just two stuggling guys, we simply havent got money to buy a strong AV or spyware program at the moment), so I have been trying to manually dig up the found viruses, but none of them are removable since the whole OS has basically been hijacked. after finally managing to get rid of a couple of toolbar programs that were hiding I ran avast again , MB again, both still nothing, just now did reboot and boot scan (its running as we speak) and avast actually has found one thing so far (moved it to chest) called win32: DomaIQ-J [PuP] . still running may find more, but hoping I can get some advice/help since none of the standard tricks are working. Thanks ahead of time, I have always recommended this site since I got help from you in 08 with the virus I had on my old comp, and since then because of your advice, ive stayed virus free for 5 years now, got a bit of adware a couple of times, but was detected and gone faster than it could cause a problem because your advice has kept my comps pretty secure!!! hope to hear from you soon!!! Thanks a ton, Kundalimon

It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.


See More: Webcake Adware/whole computer infected

Report •

✔ Best Answer
June 7, 2013 at 16:18:50
Hi kundalimon,
There may be an unwanted rootkit installed. I too disagree with a reformat or setting the PC back to factory state. You can send a complaint to Justin Weber, he is the person to contact on computing.net to iron things out and keep things on a steady keel ;-)

You can try these 3 free progs and run them in the EXACT order listed and do NOT reboot untill after the last scan...
1- rkill.exe
http://www.technibble.com/rkill-rep...
2- tdss killer
http://www.bleepingcomputer.com/dow...
3- malwarebytes
http://www.filehippo.com/download_m...

If that doesn't solve the problem, try it again, ONLY this time in safe mode and fix all it finds.

Two other progs that work really great are
1- Trojan remover
http://www.simplysup.com/tremover/d...
2- HitMan Pro
http://www.surfright.nl/en/downloads/
Run them till they run clean, let us know how things are going.

All the above are free fully working trials. I would also suggest that your friend stays with Avast Free, I install that on 95% of the repairs I do.

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds



#1
June 7, 2013 at 04:27:43
With an infection (or several infections) as severe as that, it's usually the best policy to do a factory recovery as per the laptop manufacturer's instructions.

Then your friend needs to buy and install some decent online security software (firewall & antivirus package) because he/she can't have been using anything effective or it wouldn't have become so badly infected in the first place.


Report •

#2
June 7, 2013 at 05:04:36
1. Its my understanding and experience that factory resets do very little to absolutely nothing to get rid of trojans and serious malware.
2. As per my post, my friend simply doesn't have the fininacial resources at the moment to just buy a decent AV program, for at least a couple of weeks., thats why I came to Tom, The viral infection he/they helped me with before was absolutely horrid, took 4 days of back and forth with the site, but he got it figured out.
Pretty sure I got rid of the root of the problem now, but need help with further clean up and restoration of windows settings and user control. Hoping there is a pattern of scans and removal I can do to further free things up.

It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.


Report •

#3
June 7, 2013 at 05:52:16
"Its my understanding and experience that factory resets do very little to absolutely nothing to get rid of trojans and serious malware"

Then your understanding is wrong, my friend. A Factory Recovery (it's incorrect to call it a "reset" even though many people use that term) will overwrite and destroy all the data that currently exists on the system partition, then creates a new, clean Windows partition.

Indeed, on some laptops, notable those made by Toshiba, Factory Recovery overwrites and destroys data on all the partitions on the hard drive, and creates new, clean partitions.

If your friend cannot afford to buy some decent security software then it's pointless trying to clean it up anyway unless he doesn't intend to connect it to the internet.
Otherwise it will become infected again within hours if not minutes of it being online.


Report •

Related Solutions

#4
June 7, 2013 at 06:20:04
well, i have used nothing but free av software my whole life (ive had a computer in my home since 1981), and ive only ever had one serious viral infection ever....my old craptastic dual core xp running desktop that im on now runs just fine and I never have problems. He just had nothing in place for prevention except a free copy of avast, which hasnt gotten definitions for the webcake, which seems to be a new (first reports in US and Thailand in mid april) malware with many variants. however, as I am obviously wasting my time, I will go seek help elsewhere, the one time I had a virus on my system this site was amazingly helpful, and I know there is a procedure for finding and removing this corruption, based on the order of scans and removal. I live my life day to day online (im a paraplegic) and have never in my life had to buy security software, and I surf the web prolifically, and just use a combination of zone alarm (free) , AVG (free), and Malware bytes, as running apps, with CCcleaner, hijack this, and spybot search and destroy for backups in case of malware/trojans. His problem was that he got this trojan in april and doesnt know enough himself to realize he was infected, so its had two months+ to go get more malware and viruses. Its actually running nicely right now, but I know these settings need to be fixed on it and im sure there is more mal/adware on it, but ive gotten rid of the trojan that started it all, and ZA is stopping other stuff from running, ive fixed his webrowser search engines and such. but its all good, I wont waste your time anymore , this used to be a site for people to come who couldnt afford to take a comp to a tech to fix something like this. If he could buy a brand new piece of expensive software he could easily just pay a few more dollars and have it cleaned by geeksquad at best buy. so I will respectfully disagree with your assesment, tech or not. thanks for the time you did spend to merely post a couple of condescending remarks. Thanks though, at least I only wasted a few hours here. I will just call HP this morning and get a tech to talk me through it. I am not a tech but I am also not an idiot, speaking to me as though I were isnt just pointless in the context of the conversation, but downright rude and insulting. You take care.

It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.


Report •

#5
June 7, 2013 at 16:18:50
✔ Best Answer
Hi kundalimon,
There may be an unwanted rootkit installed. I too disagree with a reformat or setting the PC back to factory state. You can send a complaint to Justin Weber, he is the person to contact on computing.net to iron things out and keep things on a steady keel ;-)

You can try these 3 free progs and run them in the EXACT order listed and do NOT reboot untill after the last scan...
1- rkill.exe
http://www.technibble.com/rkill-rep...
2- tdss killer
http://www.bleepingcomputer.com/dow...
3- malwarebytes
http://www.filehippo.com/download_m...

If that doesn't solve the problem, try it again, ONLY this time in safe mode and fix all it finds.

Two other progs that work really great are
1- Trojan remover
http://www.simplysup.com/tremover/d...
2- HitMan Pro
http://www.surfright.nl/en/downloads/
Run them till they run clean, let us know how things are going.

All the above are free fully working trials. I would also suggest that your friend stays with Avast Free, I install that on 95% of the repairs I do.

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#6
June 7, 2013 at 18:26:07
THANK YOU!!! I totally appreciate your reply. I think we finally have it fixed, HP helped talk us thru removal and resetting his settings and deleting the extra admin account the virus had created and hidden. but I am thoroughly thankful for you responding, I only ever had to use this site for assistance once before and it was so helpful and educational I have never needed help again till now, and not for my own computer. I have recommended this site to any and all I have known over the last 5 years since then just because of how helpful and patient the people here were, and understanding that I simply couldnt afford to pay to fix my computer. This guy posts up all this condescending crap toward me about how its not even worth it to help blah blah, dude, if he had money to buy a good av I wouldnt have bothered anyone. Anyone coming here for advice probably is trying to avoid having to spend money by fixing a problem themselves, a statement like that was just condescending and arrogant. Irked me to no end. thanks for the helpful advice, we are currently reinstalling and setting up his stuff again as we did have to delete a bunch of programs and reinstall just in case of corruption. once again thanks for the GOOD ADVICE, which is what I actually came here for, not to be told "your a dumbass, go spend money and get paid av service" like I dont know whats up. I have had a computer since before people could go to store and buy them (my moms bf when I was a kid was a computer developer and electronics engineer for apple) so I am pretty well taken care of most of the time for knowledge, guy just irked me talking to me like that, without even just common courtesy. thanks for noticing and responding, wont bother writing and creating drama for him, just glad to know everyone on here hasn't become like that!!! take care, thanks again

It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.


Report •

#7
June 7, 2013 at 23:32:56
You are very welcome, drop in again any time and some of us will hopefully get you headed in the right direction. Have a GREAT weekend!

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#8
June 7, 2013 at 23:35:07
you too my friend!! thanks!!

It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.


Report •

#9
June 8, 2013 at 04:06:59
My remarks were in no way condescending. I simply advised you to perform a factory recovery, a process which is guaranteed to leave you with a clean system although you strangely seem to believe that isn't possible.

And it's a lot easier to do that than dealing with the infections.

I'm glad you seem to have won the day thanks to your persistence, but I don't accept that my responses were in any way "condescending". I just suggested an alternative method of dealing with the problem of severe and widespread system infections.

I didn't get my Computing.net merit badges by treating people with contempt or looking down upon them with condescending remarks.


Report •

#10
June 8, 2013 at 05:40:00
I won the day as you put it, not because of persistance, once I felt you had been snide toward my need for assistance I simply went somewhere else and got someone to talk me thru the process of finding and getting rid of the problems (took all of an hour once we had the ear of someone willing to help). Your comments may not have been intentionally arrogant, but thats exactly how they came off to me (and others). You completely ignored my statements on several facts, and simply talked to me like I was an idiot, when anyone, based on my first post, can see that while I may not be a "tech" im obviously not a complete idiot when it comes to computers and problems. I am fairly sure I was probably using a computer long before you were , however, I havent made a career of it so you are the people I come to when I need help. Even in my very first post I explained my friend didnt have money for a new av program, if he had I wouldnt have been bothering you in the first place. You didnt "simply advise me to do a factory recovery (god forbid I should call it a reset)" , you simply had to add that helping me was pointless if he couldnt afford a decent AV. Funny, the tech who actually DID get on here and help agreed that a recovery was probably uneccessary and unlikely for solution. Also slightly amusing, he recommeded the very same AV that my friend was using when he got infected. As an aside, and for edification, The original virus piggybacked into his system thru a piece of 3rd party software that runs some addons for a game (World of Warcraft) that my friend plays called Curse Cient. Once in it immediately began writing backups of itself in all partiions of the drive and multiple variants of its name (DomaIQ-j, DomaIQ-e, etc) These were the trojans, then it went to work downloading several malware variants, the worst of which were Tidy2 network and Webcake (it was tidy 2 that gave it all away, he complained to me his comp was running weird and slow so I told him to put Zone Alarm on to see what all was trying to access the net and sure enough, thats the one that ZA alarmed on within a minute or two of turning on ZA). Note im just mentioning all these things as informational help for you in the near future, as I expect you will see more of this webcake program as a problem, it seems to be spreading and is fairly new (being reported in two countries so far starting in april of this year). I am not a troll or an , and am very appreciative of the help I get from people, but I do get very offended when I feel someone is speaking to me in an impolite, discourteous, or downright rude manner. I have never paid for an av service in my life as I mentioned before, and I never have problems (im sure mostly because I am an experienced user and keep away from suspicious things on the web) unless I let other people on my comp, which is pretty much never anymore lol. So to say, even after I have said I only use free av myself, that there was no point in helping someone who couldnt BUY an av program, was effectively saying that im a dumbass since I dont use a paid av service.
As I said, that might not be how you meant it, but it sure is how it came off on this end. I am sure you got your medals for being helpful and informative to people, I probably took your attitude and statements in the wrong manner based on thier shortness and curt content. I am sure you have technical knowledge and skills far beyond mine (thats why I came here in the first place) , but to totally blow off offering me any advice beyond "do a factory recovery" all while adding in your opinion that its not even worth it to help someone who cant buy a paid AV program/subscrption sure didnt seem helpful, friendly, or even polite.
"If your friend cannot afford to buy some decent security software then it's pointless trying to clean it up anyway unless he doesn't intend to connect it to the internet.
Otherwise it will become infected again within hours if not minutes of it being online"
Simply untrue, and thats actually the statement that really irked me, as it flies in the face of my lifelong experience that what is needed to avoid, detect, and get rid of infections has less to do with having a cure all AV program, than with just being a smart user, paying attention to your computers operating state (speed while browsing, spikes in processor use for no reason etc), and having several varied utilities handy to quickly dig things up when something seems wrong. My friend simply didnt have that knowledge, and as I never really have problems like that on MY computers anymore, I came here to get some updated ideas/recommendations for how to get rid of it for him.His computer is now up and running, his FREE av is working great, all malware and trojans gone, and he now has some utilities in place so that this doesnt happen to him anymore, and I have given him good advice about safer browsing practices and what to pay attention for as far as response from his computer. I wish you the best of luck and hope you take this for what it was meant, an explanation of why I felt you were being rude and condescending.
Kundalimon

It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.


Report •

#11
June 8, 2013 at 13:21:25
And it's a lot easier to do that than dealing with the infections.
I tend to disagree with that statement, the security section is all about HELPING people remove infections, that's why they offer this volunteer advice to help people do just that. No volunteer knows how much information or programs that are on a posters PC and whether they have backups...etc.

Many of the companies such as Dell, etc use a reformat or a re-install as a cop-out because they do not want to be bothered with virus removal and sadly they never tell people to back up all of their important docs, pics, etc and the consumer is left with an empty PC which is WRONG. That is why many people frequent these forums...to find help and try to remove the problems they find.

The way merit badges are achieved is by answering loads of questions....it doesn't pertain to whether the member answers them correctly or not, for example....awhile back a member just answered different posts by saying "that was a really good answer (something to that manner) " and his/her ranking shot up each time they said that.

Possibly, the 'Best Answers' gives a better meaning into the merit points as it shows that the member is actually earning merit points.

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#12
June 8, 2013 at 13:42:49
Man-Thank you for understanding that. Thats exactly why I came here. My friends big thing is creating graphic art, so was trying to save his files without saving the virus lol. but its fixed now and running fine, I agree with the corporate cop out option too, they take no responsibility for selling you a secure product, and thats just not fair, I feel its effectively false advertising. anyway, thanks again XpUser4Real.
.

It is compassion rather than the principle of justice which can guard us against being unjust to our fellow man.


Report •

#13
June 8, 2013 at 22:47:51
You are very welcome and it's great that you helped your friend regain his computer without losing files, etc! That is what computing.net is all about!

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#14
June 11, 2013 at 07:04:09
If you keep a clean system backup there is no need to deal with multiple infections. Just restore from your backup image and in maybe 30 minutes your system is restored clean again. And all without asking for help from anyone.

Or you can do it the hard way and not bother keeping system backups at all.
Fine, you are one of those people, far be it from me to lecture you.


Report •

Ask Question