• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Kudos0

Webcake 3.0 malware.

Recently one of my computers has been having searches highjacked by delta search.

So I did a full virus scan with Norton Internet security and it didn't find anything.

I then downloaded the free version of Malwarebytes and it found 56 malicious items

As well as delta-search it found something called webcake 3.0

I did a web search and found this http://virusremovalstation.blogspot.co.uk/2013/08/is-web-cake-30-malware-how-to-remove.html

This website claims that webcake steals bank details.

So my question is Why the hell didn't Norton stop this from getting on the system and why doesn't Norton pick it up when doing virus scans?

I'm actually disgusted that an anti-virus I paid for allowed something as bad as this to get on the computer.  If you pay for anti-virus you expect it to do it's job. Clearly Norton has failed.

So what is going on?

Why can't Norton detect this Malware?

Replies

Kudos0

Re: Webcake 3.0 malware.

According to some searchs I've done, Symantec picks this up as Yontoo. Not sure this helps you at all, but I thought I'd throw it out there.

Kudos0

Re: Webcake 3.0 malware.

Web Cake is an tool bar extension. It could be installed accidentally while browing the web. This can be found mostly in Google Chrome Extension.

Kenyunizke
Kudos0

Re: Webcake 3.0 malware.


Gorg wrote:

According to some searchs I've done, Symantec picks this up as Yontoo. Not sure this helps you at all, but I thought I'd throw it out there.


Clearly it doesn't

I've now totally uninstalled Norton and the first thing I did was switch on and run Windows defender and that also detected webcake.

I now no longer trust Norton with my security and will be removing it from all my computers.

If a paid for anti-virus can't protect me from this I might as well install a free one like Microsoft Securty Essentials.

The annoying thing is that when I first installed Norton it removed malwarebytes pro. Now if it had left malwarebytes alone then I probably wouldn't have got infected.

Kudos2

Re: Webcake 3.0 malware.


Malacath wrote:

I've now totally uninstalled Norton and the first thing I did was switch on and run Windows defender and that also detected webcake. 

The annoying thing is that when I first installed Norton it removed malwarebytes pro. Now if it had left malwarebytes alone then I probably wouldn't have got infected.


Hi Malacath:

You can see from the number of posts in FattiesGoneWild's thread here that many Norton users were upset about Symantec's decision to block Malwarebytes Anti-Malware (MBAM) in NIS v. 20.3.0.36.  Symantec eventually reversed that decision and released a v. 20.4.0.40 patch that removed that block (see Tony Weiss's here).

Before making any final decision about removing your Norton software, you should read David Lipman's post here in the MBAM forum about the difference between malware and viruses and why MBAM is designed to provide an additional layer of protection to the real-time protection provided by a robust anti-virus program.  Most of the MBAM detections I've seen on my own system were orphaned registry entries and PUPs (potentially unwanted programs) that were left behind after I uninstalled an unwanted browser toolbar.

Webcake is classfied by Symantec as a potentially unwanted app with a low risk impact that displays unwanted advertisements (see here for more info) and detection has been provided in Norton products since 08-Aug-2013.

-----------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 24.0 * IE 9.0 * NIS 2013 v. 20.4.0.40 * MBAM PRO 1.75.0.1300
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Kudos1

Re: Webcake 3.0 malware.

Here is some info on Webcake 3.0.  http://virusremovalstation.blogspot.ca/2013/08/is-web-cake-30-malware-how-to-remove.html

As noted, the software in itself is not malicious and will not harm your syste,sowould come under the heading of PUP (Potentially Unwanted Program). It will not harm your system itself, but is very annoying. This is why Norton does not catch and eliminate it. Believe it or not, some users actually want browser 'enhancements' that offer suggestions when they visit web pages. These PUPs are usually always accepted by the user as a add on to a legitimate download. It may not be obvious at the time, but you did allow it.

Norton focuses on malware that will damage your system. No one security softare can protect you from 100% of malware 100% of the time.

Some are harder to remove than others and you might want to go to one of the free malware removal sites below.

http://www.bleepingcomputer.com/
http://www.geekstogo.com/forum/
http://www.cybertechhelp.com/forums/
http://forums.whatthetech.com/


Things happen. Export/Backup your Identity Safe data.
Kudos1

Re: Webcake 3.0 malware.

"about the difference between malware and viruses"

Viruses are Malware  so there is no difference.

Malware, short for malicious software, is software used or programmed by attackers to disrupt computer operation, gather sensitive information, or gain access to private computer systems

Malware includes viruses, ransomware, worms, trojans, rootkits(including Bootkits), keyloggers, dialers, spyware, adware, Bad BHOs, rogues (fakeAV's)


Of Note though some Spyware and Keyloggers are known as good, so not detected, and PUP's (PUA's) some are OK as some users want them but some do push the limit or go over the line at times. Security Companies have differences for where is that line. Some of the problems with PUP's does not occur until a user has too many installed to run on startup that use .dll's services or explorer (Not IE).
I actually remember one user complaining because Norton was detecting what I consider a PUP's but the user was

complaining because they wanted the program. some weeks ago now

Quads

Kudos0

Re: Webcake 3.0 malware.


Malacath wrote:
I did a web search and found this http://virusremovalstation.blogspot.co.uk/2013/08/is-web-cake-30-malware-how-to-remove.html .  This website claims that webcake steals bank details.Quads wrote:
Viruses are Malware so there is no difference.

... and not all malware is a virus.

This is a quote from the website Malacath referred to:

"Usually, the Web Cake 3.0 will use system vulnerabilities and security exploits so that to invade innocent computers without your permission or knowledge. Moreover, Web Cake 3.0 steals your personal and financial information and sends it the cyber crooks for they illegal purposes."

I can't speak for Malacath, but if I thought I had malware on my system that was able to steal my banking passwords, that it wasn't detected by my NIS anti-virus protection, and that it could have been detected by MBAM but wasn't because NIS uninstalled MBAM from my system, I'd be pretty peeved too.

I think the issue here is whether NIS missed detecting a high-risk info stealer. I don't believe that's the case, and I hope that we've put Malacath's mind to rest that their system security was not severely compromised when NIS failed to flag a low-risk potentially unwanted program/app (PUP/PUA) like WebCake.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 24.0 * IE 9.0 * NIS 2013 v. 20.4.0.40 * MBAM PRO 1.75.0.1300
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Kudos0

Re: Webcake 3.0 malware.


Malacath wrote:

This website claims that webcake steals bank details.


Hi Malacath:

Further to the link you provided for the VirusRemovalStation blog, I did a bit of digging and it appears this blog is run by a company called Tee Support Tech Support.  The reason they provide this type of false information is to scam you into paying $69.95 for their one-time virus removal assistance that you can receive for free from any of the reputable malware removal sites that peterweb provided links to in post # 6.

I've even heard of people who clicked on the "Remove It Now!" button from one of these so-called "tech support" sites like Tee Support and actually ended up downloading more malware to their system.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 24.0 * IE 9.0 * NIS 2013 v. 20.4.0.40 * MBAM PRO 1.75.0.1300
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Kudos0

Re: Webcake 3.0 malware.

This is what was said 

"Before making any final decision about removing your Norton software, you should read David Lipman's post here in the MBAM forum about the difference between malware and viruses"

 

 

... and not all malware is a virus.

 


Not all Malware is a Virus, but all Viruses are Malware,  But there is no difference between Malware and Viruses,  as Viruses are malware.

Hmmm  what is the difference between a Dog and a Poodle??    Dog = Malware. Virus = Poodle,  Nothing  a Poodle is a bred (Type) of dog,  Same as  Virus is a type of malware.

So difference between Malware and Viruses and Malware is NOTHING!!!!!  

If someone said the difference between Viruses and Ransomware,   Yeah, right, as that is 2 different types of Malware.

Quads

Kudos0

Re: Webcake 3.0 malware.


lmacri wrote:

Malacath wrote:
I did a web search and found this http://virusremovalstation.blogspot.co.uk/2013/08/is-web-cake-30-malware-how-to-remove.html .  This website claims that webcake steals bank details.Quads wrote:
Viruses are Malware so there is no difference.

... and not all malware is a virus.

This is a quote from the website Malacath referred to:

"Usually, the Web Cake 3.0 will use system vulnerabilities and security exploits so that to invade innocent computers without your permission or knowledge. Moreover, Web Cake 3.0 steals your personal and financial information and sends it the cyber crooks for they illegal purposes."

I can't speak for Malacath, but if I thought I had malware on my system that was able to steal my banking passwords, that it wasn't detected by my NIS anti-virus protection, and that it could have been detected by MBAM but wasn't because NIS uninstalled MBAM from my system, I'd be pretty peeved too.

I think the issue here is whether NIS missed detecting a high-risk info stealer. I don't believe that's the case, and I hope that we've put Malacath's mind to rest that their system security was not severely compromised when NIS failed to flag a low-risk potentially unwanted program/app (PUP/PUA) like WebCake.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 24.0 * IE 9.0 * NIS 2013 v. 20.4.0.40 * MBAM PRO 1.75.0.1300
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS


I am relieved to know that webcake doesn't steel bank details like it's said on that website.

But yes I am annoyed that Norton removed malwarebytes pro. As that would have protected me.

Trouble is this webcake seemed to have added other browser hijackers to the system as well like delta search, babylon toolbar and something else I can't remember the name of. Norton didn't block these either.

Norton shouldn't claim to be an unwanted program blocker in the windows action centre if it's not going to block unwanted programs and it certainly shouldn't have uninstalled the one program that wound have prevented these PUP malware from getting on my system in the first place.

They were a nightmare to get rid of as they kept coming back due to the fact that whenever I opened the webbrowser an extension in firefox would reinstall them. It only after uninstalling Norton and switching on Windows defender that I was able to work out that an extension was doing the reinstalling.

Kudos1

Re: Webcake 3.0 malware.


Malacath wrote:
But yes I am annoyed that Norton removed malwarebytes pro. As that would have protected me.

 Hi Malacath:

If you decide to keep NIS as your primary anti-virus software, you can keep MBAM PRO installed on your system as long as you disable the real-time protection in MBAM PRO.  Having two or more anti-malware programs monitoring your system in real-time wastes system resources and can actually decrease your system security.  If malware ever attempted to infect your system and both programs simultaneously attempted to block the malware, the conflict could compromise your real-time protection and allow the malware to infect your system.

I've had NIS and MBAM PRO installed on my PC for several years now.  I always have real-time protection disabled in MBAM PRO and use MBAM PRO for the occasional on-demand full system scan.  I've also scheduled a MBAM Quick Scan to run daily (Settings | Scheduler Settings | Add) with the options Wake computer from sleep to perform task and Save log file regardless of user settings both enabled.  This way if any low-risk malware was missed by NIS, it would likely be detected during my daily MBAM Quick Scan.

You can also schedule MBAM PRO to run updates to automatically keep your protection up-to-date.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 24.0 * IE 9.0 * NIS 2013 v. 20.4.0.40 * MBAM PRO 1.75.0.1300
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Kudos0

Re: Webcake 3.0 malware.

Thanks.

Ive decided not to go back to norton. I feel safer having both real time protection of mbam running as well as anti virus and ive checked and both windows defender on win 8 and mse on win 7 can work side by side with mbam pro without impacting performance. All I need to do is add exclusions for mbam in the anti virus settings.

I would rather the likes of delta search and webcake didnt get on my system at all because by time an ondemand scan finds it its too late

Kudos0

Re: Webcake 3.0 malware.


Malacath wrote:

...All I need to do is add exclusions for mbam in the anti virus settings.


Hi Malacath:

However you decide to proceed is entirely up to you.  There's a FAQ thread here in the MBAM forum listing recommended MBAM exclusions for popular anti-virus software like McAfee, Norton, Microsoft Security Essentials, etc. if you haven't already seen it.

------------
MS Windows Vista Home Premium 32-bit SP2 * Firefox 24.0 * IE 9.0 * NIS 2013 v. 20.4.0.40 * MBAM PRO 1.75.0.1300
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

Replies are locked for this thread.