Follow:

 

Adware:Win32/WebCake


Microsoft security software detects and removes this unwanted software.

This adware program shows ads as you browse the web.

You can see examples of these ads on the Technical information tab.

It can be downloaded from the program's website or bundled with some third-party software installation programs, like SoftwareBundler:Win32/Cakeport.

Find out more about how and why we identify unwanted software.



What to do now

This program poses a high threat to your PC.

Remove programs

You might need to manually remove this program:

The entry for this program may be called "WebCake".

If an uninstaller is not available, does not work properly, or you do not want to use it, you can use the following free tools to detect and remove this program and other unwanted software from your PC:

You should also run a full scan. A full scan might find other, hidden threats.

Remove browser add-ons

You might need to remove add-ons from your browser:

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Threat behavior

Installation

The installer for Adware:Win32/WebCake creates a folder named one of the following in %ProgramFiles% and %APPDATA%:

  • Betcat
  • Tepfel
  • Movdap
  • WebCake
  • Web Cake

It may then install the following files there:

  • dat\Desktop.OS.dll
  • dat\Dora.dat
  • dat\Maintain.dat
  • dat\Paladin.dat
  • dat\Phoenix.dat
  • OptChrome.exe
  • optimizer.exe
  • PlugIns.cache
  • sqlite3.exe
  • WebCakeDesktop.exe
  • WebCakeDesktop.Updater.exe
  • WebCakeDesktop.Updater.InstallState
  • WebCakeIEClient.dll
  • WebCakeLayers.crx

It changes the following registry entry to ensure that it runs whenever you start your PC:

In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Sets value: "WebCake Desktop"
With data: "<program path and file name>"

It also changes a number of registry entries to set up a service, called "WebCake Desktop Updater". This service tries to update the program every time you start your PC.

It adds itself as two Internet Explorer add-ons with the names "WebCake" and "WebCake API". In Chrome, it installs itself as an extension with the name "Web Cake". In Firefox, it installs itself as an add-on with the name "WebCake".

The program creates an installation entry in the Programs and Features section of the Control Panel. Running this uninstaller may remove some or all of the files related to Adware:Win32/WebCake from your PC.

If the uninstaller does not work, please see the What to do now section on the Summary tab for instructions on how to remove the add-ons.

Adware:Win32/WebCake can be installed from the program's website or it may be bundled with some third-party software installation programs, like SoftwareBundler:Win32/Cakeport.

Behavior

Once installed, Adware:Win32/WebCake displays ads to you as you browse the Internet, as in the following examples:

Analysis by Geoff McDonald


Symptoms

You might see extra offers or ads like:

 


Prevention


Alert level: High
First detected by definition: 1.155.655.0
Latest detected by definition: 1.177.1340.0 and higher
First detected on: Jul 24, 2013
This entry was first published on: Jul 24, 2013
This entry was updated on: Aug 22, 2014

This threat is also detected as:
  • Web Cake (other)