ls21gce
asked on
How do I delete or Remove an IE 10 Add On
I am infected with this blasted WebCake add on which hijacks your browser.
I can Disable the Add On in IE 10 and that stops it however, the Add on is still displayed in IE10 and there seems to be no way to simply delete an Add On.
Thanks
I can Disable the Add On in IE 10 and that stops it however, the Add on is still displayed in IE10 and there seems to be no way to simply delete an Add On.
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No, I have tried Malwarebytes and ComboFix and Adwcleaner
However, if I look into the Add Ons for IE 10 it still shows WebCake available waiting to go if I Enable it...
I cant understand why there is no "Remove" option within IE 10 to get rid of any rogue Add Ons ?
However, if I look into the Add Ons for IE 10 it still shows WebCake available waiting to go if I Enable it...
I cant understand why there is no "Remove" option within IE 10 to get rid of any rogue Add Ons ?
ASKER
Hi comfortjeanius,
I have not tried HitManPro or TDSKILLER so I will have a go with those also....
thanks
I have not tried HitManPro or TDSKILLER so I will have a go with those also....
thanks
If the problem happened recently, a quick solution is to restore your system to few days ago. Worth trying.
(Does webcake show up in installed programs?)
(Does webcake show up in installed programs?)
ASKER
I think it was around 2 weeks ago it must have happened.
It did show up in installed programs, I uninstalled it, but it reappeared in installed programs. I then uninstalled it again but got the message that it is not installed do I want to remove it from the list which I did. it no longer shows up...
It did show up in installed programs, I uninstalled it, but it reappeared in installed programs. I then uninstalled it again but got the message that it is not installed do I want to remove it from the list which I did. it no longer shows up...
Now, rescan with MBAM. Also follow instructions (how to remove add ons) in the links I provided earlier.
Also do you:
(1) not recognize any program in the installed program list?; if so uninstall it (in case of a mistaken removal, you could install it again).
(2) not recognize any programs in the start-up program list (msconfig or CCleaner)?; if so disable them from starting.
(3) Restart.
Also do you:
(1) not recognize any program in the installed program list?; if so uninstall it (in case of a mistaken removal, you could install it again).
(2) not recognize any programs in the start-up program list (msconfig or CCleaner)?; if so disable them from starting.
(3) Restart.
If you already performed Malewarebytes scan process try scanning with HitmanPro, I think once finish it will prompt for a restart, then if there still some residual files move to TDSKiller.
Don't believe it's a rootkit issue, but no harm doing more scans.
-or-
Try this link
http://killpcthreat.wordpress.com/2013/05/25/kill-webcake-adware-how-to-completely-removed-webcake-adware-from-pc/
this will download spyhunter
Plus have instruction on removing Webcake
Try this link
http://killpcthreat.wordpress.com/2013/05/25/kill-webcake-adware-how-to-completely-removed-webcake-adware-from-pc/
this will download spyhunter
Plus have instruction on removing Webcake
ASKER
Just to get my head around this,
1 ) An "Add on" program running inside Internet Explorer is exactly the same as a normal installed program ?
2) The "normal" way to remove an "Add On" program from Internet Explorer would be to use the Add/Remove Programs in the Control Panel. After that it should be removed from Internet Explorer Add ons list ?
3) Internet Explorer does not have a facility where you can simply delete or remove any "Add On" programs, it only offers the options to "Disable it temporarily" ?
1 ) An "Add on" program running inside Internet Explorer is exactly the same as a normal installed program ?
2) The "normal" way to remove an "Add On" program from Internet Explorer would be to use the Add/Remove Programs in the Control Panel. After that it should be removed from Internet Explorer Add ons list ?
3) Internet Explorer does not have a facility where you can simply delete or remove any "Add On" programs, it only offers the options to "Disable it temporarily" ?
ASKER
comfortjeanius,
Are you sure about that webpage you posted ?....
...the download link directs you to a website called goo.gl/eeohc ?
Are you sure about that webpage you posted ?....
...the download link directs you to a website called goo.gl/eeohc ?
Yes, the link works correctly here. Surely, then, your computer is seriously infected in addition to the add-on problem.
Start with a scan with a rescue disk (e.g. bitdefender):
< http://www.bitdefender.com/support/how-to-create-a-bitdefender-rescue-cd-627.html >
Or:
< http://www.trendsecure.com/Info/Rescue_Disk/html/download.html >
Also:
Scan with TDSSKiller: < http://www.bleepingcomputer.com/download/tdsskiller/ > and
< http://www.malwarebytes.org/products/mbar/ >
Start with a scan with a rescue disk (e.g. bitdefender):
< http://www.bitdefender.com/support/how-to-create-a-bitdefender-rescue-cd-627.html >
Or:
< http://www.trendsecure.com/Info/Rescue_Disk/html/download.html >
Also:
Scan with TDSSKiller: < http://www.bleepingcomputer.com/download/tdsskiller/ > and
< http://www.malwarebytes.org/products/mbar/ >
ASKER
Hi aadih,
No, the killpcthreat link itself resolves OK (no redirecting going on) but I was worried that the button to click to dowlnload spyhunter sends you to goo.gl/eeohc which looks suspicious can you check that is the same for you also ?
I believe I got the infection by following a link on a legitimate website forum to download the VLC media player. It added this webcake to the payload.
No, the killpcthreat link itself resolves OK (no redirecting going on) but I was worried that the button to click to dowlnload spyhunter sends you to goo.gl/eeohc which looks suspicious can you check that is the same for you also ?
I believe I got the infection by following a link on a legitimate website forum to download the VLC media player. It added this webcake to the payload.
FYI: Yes, ls21gce, the spyhunter download link works okay.
Yes the link redirects me to the same location; plus I was able to download the spyhunter application.
ASKER
I have now run all of the tools on my PC and none of them have detected any threat.
If I look into The IE10 Add Ons, I see the following:-
Name WebCake Publisher Web Cake Status Disabled Architecture 32-bit
If I then click on more information I am told this is WebCakeIEClient.dll and it is in C:\Program Files (x86)\WebCake
If I look at that directory I see:-
21/05/2013 23:42 220,672 OptChrome.exe
21/05/2013 23:41 465,408 sqlite3.exe
21/05/2013 23:41 23,552 WebCakeDesktop.Updater.exe
21/05/2013 23:42 197,912 WebCakeIEClient.dll
24/05/2013 15:56 3,033 WebCakeLayers.crx
Seems like none of the standard tools even notice it is there..
If I look into The IE10 Add Ons, I see the following:-
Name WebCake Publisher Web Cake Status Disabled Architecture 32-bit
If I then click on more information I am told this is WebCakeIEClient.dll and it is in C:\Program Files (x86)\WebCake
If I look at that directory I see:-
21/05/2013 23:42 220,672 OptChrome.exe
21/05/2013 23:41 465,408 sqlite3.exe
21/05/2013 23:41 23,552 WebCakeDesktop.Updater.exe
21/05/2013 23:42 197,912 WebCakeIEClient.dll
24/05/2013 15:56 3,033 WebCakeLayers.crx
Seems like none of the standard tools even notice it is there..
They notice it, but, perhaps, do not see it as malware.
Uninstall the program (or better, use Revo uninstaller free to do so).
Uninstall the program (or better, use Revo uninstaller free to do so).
ASKER
Installed Revo Uninstaller but it doesn't see the WebCake application as installed.
It did show a process called Webcakedesktop.exe which I stopped. This was executed from a directory called C:\Users\Dell\AppData\Roam ing\WebCak e
I have manually deleted all components apart from the Webcakedesktop.exe which wont let me because it says it is open in Webcake Desktop Updater.
It did show a process called Webcakedesktop.exe which I stopped. This was executed from a directory called C:\Users\Dell\AppData\Roam
I have manually deleted all components apart from the Webcakedesktop.exe which wont let me because it says it is open in Webcake Desktop Updater.
Can you not remove it from safe mode? Try.
Or better still, safe mode with command prompt. Navigate to the directory where the file resides (using CD command). Then DEL <file name >.
Or better still, safe mode with command prompt. Navigate to the directory where the file resides (using CD command). Then DEL <file name >.
ASKER
Yes, I have deleted the thing in Safe mode and have also deleted all of the files under the Program Files (x86)/WebCake directory. So there are no more obvious programs left.
If I go to the IE10 "Add Ons" and select "Currently Loaded Add Ons", WebCake is still shown as disabled.
Also if I select "All Add Ons" then additionally displayed is WebCake API which is disabled.
I don't think I can get it any cleaner than this without an "Add Ons" virus remover..!
If I go to the IE10 "Add Ons" and select "Currently Loaded Add Ons", WebCake is still shown as disabled.
Also if I select "All Add Ons" then additionally displayed is WebCake API which is disabled.
I don't think I can get it any cleaner than this without an "Add Ons" virus remover..!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
When you go to Tools -----> Manage Add-on , when you go to the Webcake add-on can you right-click select properties and then click remove?
@ls21gce,
I would prefer you to run OTL.
OTL by OldTimer is a flexible, multipurpose, diagnostic, and malware removal tool. It's useful for identifying changes made to a system by spyware, malware and other unwanted programs. It creates detailed reports of registry and file settings, and also includes advanced tools and scripting ability for manual removing malware.
Download:
http://oldtimer.geekstogo.com/OTL/OTL.exe
Alternate downloads and locations:
Sometimes malware will block OTL.exe by name, or all executables. In that case try one of these alternatives.
OTL.com: http://oldtimer.geekstogo.com/OTL.com
OTL.scr: http://oldtimer.geekstogo.com/OTL.scr
Mirrors:
OTL.com: http://www.itxassociates.com/OT-Tools/OTL.com
OTL.scr: http://www.itxassociates.com/OT-Tools/OTL.scr
OTL.exe: http://www.itxassociates.com/OT-Tools/OTL.exe
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Thanks,
Sudeep
I would prefer you to run OTL.
OTL by OldTimer is a flexible, multipurpose, diagnostic, and malware removal tool. It's useful for identifying changes made to a system by spyware, malware and other unwanted programs. It creates detailed reports of registry and file settings, and also includes advanced tools and scripting ability for manual removing malware.
Download:
http://oldtimer.geekstogo.com/OTL/OTL.exe
Alternate downloads and locations:
Sometimes malware will block OTL.exe by name, or all executables. In that case try one of these alternatives.
OTL.com: http://oldtimer.geekstogo.com/OTL.com
OTL.scr: http://oldtimer.geekstogo.com/OTL.scr
Mirrors:
OTL.com: http://www.itxassociates.com/OT-Tools/OTL.com
OTL.scr: http://www.itxassociates.com/OT-Tools/OTL.scr
OTL.exe: http://www.itxassociates.com/OT-Tools/OTL.exe
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Thanks,
Sudeep
ASKER
Hi comfortjeanius, the remove button is inactive
ASKER
Now running OTL by oldtimer. I pressed the "Run Scan" option so it may take a while...
ASKER
Hi Sudeep,
Is there a particular part of this report you would like me to post as I am not keen to post the complete contents of these reports onto an open forum and I haven't paid the premium to make it private !
Is there a particular part of this report you would like me to post as I am not keen to post the complete contents of these reports onto an open forum and I haven't paid the premium to make it private !
Here is a way to remove add-ons ToolbarCop this will take care of the delete button being greyed out. Plus here the link to removing add-ons:
ToolbarCop
http://www.mydigitallife.info/how-to-uninstall-delete-and-remove-ie-add-ons-or-extensions-permanently/
Instructions for ToobarCop
http://www.mydigitallife.info/download-toolbarcop-to-remove-unwanted-ie-browser-toolbars-helper-objects-and-extensions/
This might succor you in removing the webcake addon. Post back with results.
ToolbarCop
http://www.mydigitallife.info/how-to-uninstall-delete-and-remove-ie-add-ons-or-extensions-permanently/
Instructions for ToobarCop
http://www.mydigitallife.info/download-toolbarcop-to-remove-unwanted-ie-browser-toolbars-helper-objects-and-extensions/
I read the readme.txt and is states that it has been tested with Windows 98 and Windows XP environments. Should work in Windows ME/2000, but I test in Windows 7 with internet explorer 10
This might succor you in removing the webcake addon. Post back with results.
It is extremely necessary to get the original logs of the OTL reports, otherwise it would be difficult to provide the solution based on it.
Sudeep
Sudeep
ASKER
Hi Sudeep,
Can I send it to you as a private email as I don't want to post that kind of information on the open internet.
Can I send it to you as a private email as I don't want to post that kind of information on the open internet.
ASKER
Hi Comfort,
I installed the Toolbarcop tool. it shows the following:-
-------------------------- ---------- ----
WebCake
BHO
{2A5A2A90-3B30-4E6E-A955-2 F232C6EF51 7}
C:\Program Files (x86)\WebCake\WebCakeIECli ent.dll
Enabled
All Users
Suggesting it is Enabled although IE10 says it is disabled...
I ran the Delete Option but got: -
Run Time Error '5' Invalid Procedure Call or Argument.....
I installed the Toolbarcop tool. it shows the following:-
--------------------------
WebCake
BHO
{2A5A2A90-3B30-4E6E-A955-2
C:\Program Files (x86)\WebCake\WebCakeIECli
Enabled
All Users
Suggesting it is Enabled although IE10 says it is disabled...
I ran the Delete Option but got: -
Run Time Error '5' Invalid Procedure Call or Argument.....
Could you open the registry editor
windows key + r
type regedit
Click on edit
Click Find....
Input this {2A5A2A90-3B30-4E6E-A955-2 F232C6EF51 7}
Lets see if it can find the registry entry
Plus navigate
C:\Program Files (x86)\WebCake\WebCakeIECli ent.dll
Delete the WebCake Folder and its' content
Lets see if this work and Post back
windows key + r
type regedit
Click on edit
Click Find....
Input this {2A5A2A90-3B30-4E6E-A955-2
Lets see if it can find the registry entry
Plus navigate
C:\Program Files (x86)\WebCake\WebCakeIECli
Delete the WebCake Folder and its' content
Lets see if this work and Post back
>>Hi Sudeep,
>>Can I send it to you as a private email as I don't want to post that kind of information on >>the open internet.
Yes, you could, please find my email in my profile.
Sudeep
>>Can I send it to you as a private email as I don't want to post that kind of information on >>the open internet.
Yes, you could, please find my email in my profile.
Sudeep
ASKER
Had a bit of a setback... Seems that one of the registry/clean-ups must have affected my wireless printer setup and I lost the ability to print despite re-installing the drivers.
Anyway, I had to do a system restore back to a couple of days ago and that reset the printer so all is working OK on that.
Back to webcake.....
I did the following...
1 - Ran Msconfig to stop the Webcake Updater from starting up as this prevents taking further action.
2 - Stopped the Webcake Service from running.
3 - Delete all the Webcake software from Users/<PCName>/Appdata/Roa ming/Webca ke
4 - Delete all the Webcake software from C:\Program Files (x86)\Webcake
5 - Look into IE10 Add Ons and note the Class ID for the two Webcake Add ons
6 - Run Regedit and search for the Class ID Keys and delete all references.
Re-boot and now there is no mention of Webcake in the IE10 Add Ons
I have run the Adwcleaner and the Malwarebytes and both report clean.
The only remaining problem is that there are still a number of references in the registry to Webcake showing dll info etc...
As I have pushed my luck already deleting keys out of the registry like a madman with no idea what the implications may be, I cant face rolling the dice again so decided to stick.
I am hoping that this should suffice unless there is a "registry cleaner" that can clean up after me...
Anyway, I had to do a system restore back to a couple of days ago and that reset the printer so all is working OK on that.
Back to webcake.....
I did the following...
1 - Ran Msconfig to stop the Webcake Updater from starting up as this prevents taking further action.
2 - Stopped the Webcake Service from running.
3 - Delete all the Webcake software from Users/<PCName>/Appdata/Roa
4 - Delete all the Webcake software from C:\Program Files (x86)\Webcake
5 - Look into IE10 Add Ons and note the Class ID for the two Webcake Add ons
6 - Run Regedit and search for the Class ID Keys and delete all references.
Re-boot and now there is no mention of Webcake in the IE10 Add Ons
I have run the Adwcleaner and the Malwarebytes and both report clean.
The only remaining problem is that there are still a number of references in the registry to Webcake showing dll info etc...
As I have pushed my luck already deleting keys out of the registry like a madman with no idea what the implications may be, I cant face rolling the dice again so decided to stick.
I am hoping that this should suffice unless there is a "registry cleaner" that can clean up after me...
Ccleaner plus you should backup the registry before making changes.
Try Registrar Registry Manager to search for Webcake (left side window) and delete all entries it finds from the right-side window. If there are not too many entries, you could delete them one by one using Regedit.
Of course, you must make a system restore point before changing any entry in the registry.
Of course, you must make a system restore point before changing any entry in the registry.
More: < http://forums.anvisoft.com/viewtopic-57-5029-0.html > or
< http://www.pcrisk.com/removal-guides/7201-remove-webcake-pop-up-ads >
You could also try adwcleaner: < http://www.bleepingcomputer.com/download/adwcleaner/ >