How do I delete or Remove an IE 10 Add On

Malwarebytes Antimalware will remove it.

More: < http://forums.anvisoft.com/viewtopic-57-5029-0.html > or

< http://www.pcrisk.com/removal-guides/7201-remove-webcake-pop-up-ads >

You could also try adwcleaner: < http://www.bleepingcomputer.com/download/adwcleaner/ >

No, I have tried Malwarebytes and ComboFix and Adwcleaner

However, if I look into the Add Ons for IE 10 it still shows WebCake available waiting to go if I Enable it...

I cant understand why there is no "Remove" option within IE 10 to get rid of any rogue Add Ons ?

Hi  comfortjeanius,

I have not tried HitManPro or TDSKILLER so I will have a go with those also....

thanks

If the problem happened recently, a quick solution is to restore your system to  few days ago. Worth trying.

(Does webcake show up in installed programs?)

I think it was around 2 weeks ago it must have happened.

It did show up in installed programs, I uninstalled it, but it reappeared in installed programs. I then uninstalled it again but got the message that it is not installed do I want to remove it from the list which I did. it no longer shows up...

Now, rescan with MBAM. Also follow instructions (how to remove add ons) in the links I provided earlier.

Also do you:

(1) not recognize any program in the installed program list?; if so uninstall it (in case of a mistaken removal, you could install it again).

(2) not recognize any programs in the start-up program list (msconfig or CCleaner)?; if so disable them from starting.

(3) Restart.

If you already performed Malewarebytes scan process try scanning with HitmanPro, I think once finish it will prompt for a restart, then if there still some residual files move to TDSKiller.

Don't believe it's a rootkit issue, but no harm doing more scans.

-or-

Try this link

http://killpcthreat.wordpress.com/2013/05/25/kill-webcake-adware-how-to-completely-removed-webcake-adware-from-pc/

this will download spyhunter


Plus have instruction on removing Webcake

Just to get my head around this,

1 ) An "Add on" program running inside Internet Explorer is exactly the same as a normal installed program ?

2) The "normal" way to remove an "Add On" program from Internet Explorer would be to use the Add/Remove Programs in the Control Panel. After that it should be removed from Internet Explorer Add ons list ?

3) Internet Explorer does not have a facility where you can simply delete or remove any "Add On" programs, it only offers the options to "Disable it temporarily" ?

comfortjeanius,

Are you sure about that webpage you posted ?....

...the download link directs you to a website called goo.gl/eeohc  ?

Yes, the link works correctly here.  Surely, then, your computer is seriously infected in addition to the add-on problem.

Start with a scan with a rescue disk (e.g. bitdefender):

< http://www.bitdefender.com/support/how-to-create-a-bitdefender-rescue-cd-627.html >

Or:

< http://www.trendsecure.com/Info/Rescue_Disk/html/download.html >

Also:
 
Scan with TDSSKiller: < http://www.bleepingcomputer.com/download/tdsskiller/ > and

< http://www.malwarebytes.org/products/mbar/ >

Hi aadih,

No, the killpcthreat link itself resolves OK (no redirecting going on) but I was worried that the button to click to dowlnload spyhunter sends you to goo.gl/eeohc which looks suspicious can you check that is the same for you also ?

I believe I got the infection by following a link on a legitimate website forum to download the VLC media player. It added this webcake to the payload.

FYI: Yes, ls21gce, the spyhunter download link works okay.

Yes the  link redirects me to the same location; plus I was able to download the spyhunter application.

I have now run all of the tools on my PC and none of them have detected any threat.

If I look into The IE10 Add Ons, I see the following:-

Name     WebCake    Publisher  Web Cake    Status   Disabled    Architecture  32-bit

If I then click on more information I am told this is WebCakeIEClient.dll and it is in C:\Program Files (x86)\WebCake

If I look at that directory I see:-

21/05/2013  23:42           220,672 OptChrome.exe
21/05/2013  23:41           465,408 sqlite3.exe
21/05/2013  23:41            23,552 WebCakeDesktop.Updater.exe
21/05/2013  23:42           197,912 WebCakeIEClient.dll
24/05/2013  15:56             3,033 WebCakeLayers.crx


Seems like none of the standard tools even notice it is there..

They notice it, but, perhaps, do not see it as malware.

Uninstall the program (or better, use Revo uninstaller free to do so).

Installed Revo Uninstaller but it doesn't see the WebCake application as installed.

It did show a process called Webcakedesktop.exe which I stopped. This was executed from a directory called  C:\Users\Dell\AppData\Roaming\WebCake

I have manually deleted all components apart from the Webcakedesktop.exe  which wont let me because it says it is open in Webcake Desktop Updater.

Can you not remove it from safe mode?  Try.

Or better still, safe mode with command prompt.  Navigate to the directory where the file resides (using CD command). Then DEL <file name >.

Yes, I have deleted the thing in Safe mode and have also deleted all of the files under the Program Files (x86)/WebCake directory. So there are no more obvious programs left.

If I go to the IE10 "Add Ons" and select "Currently Loaded Add Ons", WebCake is still shown as disabled.

Also if I select "All Add Ons" then additionally displayed is WebCake API  which is disabled.

I don't think I can get it any cleaner than this without an "Add Ons" virus remover..!

When you go to Tools -----> Manage Add-on ,  when you go to the Webcake add-on can you right-click select properties and then click remove?

@ls21gce,

I would prefer you to run OTL.

OTL by OldTimer is a flexible, multipurpose, diagnostic, and malware removal tool. It's useful for identifying changes made to a system by spyware, malware and other unwanted programs. It creates detailed reports of registry and file settings, and also includes advanced tools and scripting ability for manual removing malware.

Download:
http://oldtimer.geekstogo.com/OTL/OTL.exe

Alternate downloads and locations:

Sometimes malware will block OTL.exe by name, or all executables. In that case try one of these alternatives.
OTL.com: http://oldtimer.geekstogo.com/OTL.com
OTL.scr: http://oldtimer.geekstogo.com/OTL.scr

Mirrors:
OTL.com: http://www.itxassociates.com/OT-Tools/OTL.com
OTL.scr: http://www.itxassociates.com/OT-Tools/OTL.scr
OTL.exe: http://www.itxassociates.com/OT-Tools/OTL.exe

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Thanks,
Sudeep

Hi comfortjeanius, the remove button is inactive

Now running OTL by oldtimer. I pressed the "Run Scan" option so it may take a while...

Hi Sudeep,

Is there a particular part of this report you would like me to post as I am not keen to post the complete contents of these reports onto an open forum and I haven't paid the premium to make it private !

Here is a way to remove add-ons ToolbarCop this will take care of the delete button being greyed out.  Plus here the link to removing add-ons:


ToolbarCop

http://www.mydigitallife.info/how-to-uninstall-delete-and-remove-ie-add-ons-or-extensions-permanently/

Instructions for ToobarCop

http://www.mydigitallife.info/download-toolbarcop-to-remove-unwanted-ie-browser-toolbars-helper-objects-and-extensions/

I read the readme.txt and is states that it has been tested with Windows 98 and Windows XP environments. Should work in Windows ME/2000, but I test in Windows 7 with internet explorer 10

This might succor you in removing the webcake addon.  Post back with results.

It is extremely necessary to get the original logs of the OTL reports, otherwise it would be difficult to provide the solution based on it.

Sudeep

Hi Sudeep,

Can I send it to you as a private email as I don't want to post that kind of information on the open internet.

Hi Comfort,

I installed the Toolbarcop tool. it shows the following:-

----------------------------------------
WebCake
BHO
{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
C:\Program Files (x86)\WebCake\WebCakeIEClient.dll
Enabled
All Users


Suggesting it is Enabled although IE10 says it is disabled...

I ran the Delete Option but got: -

Run Time Error '5' Invalid Procedure Call or Argument.....

Could you open the registry editor

windows key + r
type regedit
Click on edit
Click Find....
Input this {2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Lets see if it can find the registry entry

Plus navigate
C:\Program Files (x86)\WebCake\WebCakeIEClient.dll
Delete the WebCake Folder and its' content

Lets see if this work and Post back

>>Hi Sudeep,

>>Can I send it to you as a private email as I don't want to post that kind of information on >>the open internet.

Yes, you could, please find my email in my profile.

Sudeep

Had a bit of a setback... Seems that one of the registry/clean-ups must have affected my wireless printer setup and I lost the ability to print despite re-installing the drivers.

Anyway, I had to do a system restore back to a couple of days ago and that reset the printer so all is working OK on that.

Back to webcake.....

I did the following...

1 - Ran Msconfig to stop the Webcake Updater from starting up as this prevents taking further action.
2 - Stopped the Webcake Service from running.
3 - Delete all the Webcake software from Users/<PCName>/Appdata/Roaming/Webcake
4 - Delete all the Webcake software from C:\Program Files (x86)\Webcake
5 - Look into IE10 Add Ons and note the Class ID for the two Webcake Add ons
6 - Run Regedit and search for the Class ID Keys and delete all references.

Re-boot and now there is no mention of Webcake in the IE10 Add Ons

I have run the Adwcleaner and the Malwarebytes and both report clean.

The only remaining problem is that there are still a number of references in the registry to Webcake showing dll info etc...

As I have pushed my luck already deleting keys out of the registry like a madman with no idea what the implications may be, I cant face rolling the dice again so decided to stick.

I am hoping that this should suffice unless there is a "registry cleaner" that can clean up after me...

Ccleaner plus you should backup the registry before making changes.

Try Registrar Registry Manager to search for Webcake (left side window) and delete all entries it finds from the right-side window.  If there are not too many entries, you could delete them one by one using Regedit.

Of course, you must make a system restore point before changing any entry in the registry.