How to Remove Web Car - the Money Making Malware - Explanation + Removal
I decided to document my recent encounter with a very interesting virus that I found. Beware, this post lacks the juicy screenshot proof that you may be here to look for. When I realized what this malware was doing I went on a crazy rampage to get it out of my system so the following screenshots are not real but are an accurate depiction of what I've seen this malware do. I will try my best to get the malware again and have real screenshots sooner or later.
We're all into torrents, that's a given fact that no one would own up to, one way or another, everyone has downloaded paid programs via torrents. Some of these torrents have "crack" exes that don't really crack anything but will definitely install a virus that will not really harm anything on your pc but it will definitely show elements of privacy invasion. Let's get started with this damn thing already.
It's a virus that starts up whenever you boot your PC, without your knowledge through the use of browser plugins such as chrome. After it's in your system, it's really hard to remove it, mostly because every time you end it's tasks through the windows task manager it will run again and again, it does-not stop. It will only show up as a Google Chrome Process that won't end.
This malware does interferes with the webpages that you are browsing, whether it's your Secure Google Searches, Paypal Account, e-banking stuff or just normal blog reading, it does post-processing for all the pages that you are viewing and includes ads of it's own to your pages, for example;
This is exactly what you'll be seeing in your search results if you are infected with the Web Car Malware, it keeps adding it's own ads into every page that you visit and for google it has a special trick, it shows ads in the form of search results, for other pages that you visit you'll probably see AliExpress ads at the bottom of your browser, these ads will try to force their way into every page you view.
Any program that interferes with your browsing and/or internet activities without your knowledge and consent is dangerous, even though I'm sure these guys aren't stealing your credit card numbers or bank information, they're just trying to make money off of the pages that you view and the ads you click or the things you purchase off of AliExpress. It still is not recommended to have something interfere with your activities in such a manner.
Well...it's simple really, 80% of the ads you view after you're infected with Web Car will be theirs and won't belong to the website owners that you are viewing. This is a great way to make alot of money via affiliate networks or CPC/CPM networks without doing anywork. Well there is SOME work involved you gotta know C++ and system level coding to keep this thing running on the client's pc, then you gotta keep uploading more "cracks" for games and applications constantly to keep growing your userbase, this is kinda tiresome but there is no maintenance involved, 90% of the users that are infected will never find this article or even notice the slight change in their browsing activities.
Overall, this idea to make fast money is pretty good, since it's not harming anyone really, everything that could happen is assumptions, what they ARE doing is just showing you their own ads, their daily revenue from such exploits would be really nice since expanding their user-base is a non-expensive option.
Right after starting your pc
- Press CTRL+SHIFT+ESC
- See if some chrome tasks are autorunning or not
If they are, try shutting them all down, do they start back up? You got web car.
-End Task on all running plugins
If they start back up again - you got web car-Open your extensions area
-Now match the installed extensions with what is running on chrome (SHIFT+ESC)
if a plugin is running on chrome yet you can't find it in the extensions area, you got web car.
At the moment the only cleaner tool that recognizes Webcar is Malwarebytes. You gotta download their cleaner and let it do it's thing.
I removed malwarebytes shortly after it removed webcar.