How the fvxk do i get rid of wintools??

[Anubis]

somehow this got on a comp at home, i got a call from, my mom saying she opened up the internet and there wes latin porn there

1/2 luvkily my brother is now home from school however hes an ass so getting him to help is annoying, anyway i got him to install and run kaspersky cause norton sucks ass, it found like 18 trojans, kas removed all but 1 of them, he also adawared and spybotted got rid of whatever was there

however its not totally fixed the 1 thing remaining is some wintools.f thing, and nothing will remove it

i google for it and found a page that said it was a browser hijack as I expected, saidd to run hijack this in safe mode

however the computer WILL NOT boot in safe mode, my brother let it try for at least 1/2 a day aad it did nothing

comp is running win 2K sp4 its a AMD 800, he tried removeing what it said to from hijack this not in safe mode however the thing just comes back

anyone know how to get rid of this eaisily without haveing to be in safe mode??

before anyone says just format and reinstall, im gonna tell you I would just do this however im not home and neither is a windows CD of anykind, and even if they were matt wouldent do it cause hes a lazy bastard

 

[mechBgon]

1) is Kaspersky set up to update From Internet, Extended Databases? If not, have him change that like shown on this page.

2) try a 30-day trial of Webroot Spysweeper and also try Microsoft AntiSpyware Beta.

3) if you think he can handle this, have him do what I've got suggested in this text file, because McAfee does recognize WinTools and if the scanner is run as shown, it will take a crack at it.


Bummer that it won't start in Safe Mode, that does complexificate things

 

[Anubis]

thanks dude i knew you woudl know what to do, you always do

however where is this from internet extended databases option, i dont see it and didnt see it ast time you said to check that

and ill have him do num 3 he can handle it, hes just pain in the ass

 

[John]

Originally posted by: Anubis
however where is this from internet extended databases option, i dont see it and didnt see it ast time you said to check that

Kaspersky Antivirus trialware & configuration

 

[FeuerFrei]

I had to get Wtools off a Windows 2000 machine. Search for keywords in the registry and delete any keys you find related to wintools. Also before you delete anything in the registry look for file paths which will let you know what to delete on your hard drive. Have to root around a bit but it can be done.
I found the helpful info below on a website.

Nightmarish set of tasks and services which form part of a Trojan horse virus which has been infecting large amounts of users since May 2004. ?Wtoolsa has caused an error in Kernel32? is the most common complaint, along with 100% CPU utilization, and extremely sluggish Internet access as a result of these tasks continually communicating, or attempting to communicate, with some server out on the Internet. While we are not sure how users get infected, most users we have come across also used KaZaA or some other file sharing program. At the time of writing, 28-May-2004, this Trojan is not detected by most antivirus software. All the files, except for TB_SETUP, are installed in the C:\Program Files\Common Files\ WinTools folder. This has made many users think that the culprits were the people from WinTools.net but that is absolutely not the case.

Recommendation :
You need to get rid of this software, quickly ! Do as follows (print this before you start) :

1) Restart your PC into Safe Mode (earlier versions of this virus could be removed without this step, but the current versions need to be removed while in Safe Mode). To boot your PC into Safe Mode repeatedly hit F8 after turning your PC ON from cold till you get a menu where one of the options is Safe Mode.

2) Start The Ultimate Troubleshooter in Safe Mode.

3) On the Tasks tab of TUT terminate each of the following tasks if present : TB_Setup, WinTools, Wsup, WtoolsA, WtoolsS.

4) If you are on Windows 2000/XP/2003, switch over to the Services tab and stop the following service if found (and if it is running) : WinTools for IE service (also listed as WToolsS). Next, set the Startup Mode of this service to Disabled.

5) Switch over to the Startups tab, right-click on each of the following startup entries, if present, and run the Delete from the hard disk the file that this startup points to menu option : TB_Setup, WinTools, Wsup, WToolsA, WToolsS.

6) Next, on the same tab delete every startup entry associated with any of these programs : TB_Setup, WinTools, Wsup, WToolsA, WToolsS.

7) Restart your PC into Normal Mode and go and delete the WinTools folder in C:\Program Files\Common Files.

8) Manually update your antivirus software and run a full virus scan of your PC.

9) Go to ?Add/Remove Programs? in the Control Panel and remove WinTools Easy Installer and WinTools for Internet Explorer 2. If Windows tells you that the software has already been deleted and would you like to remove the entry from ?Add/Remove Programs?, answer Yes.

10) Finally, download SpyBot from our Downloads library, install it and run a full inspection and cleanup of your PC.

 

[FeuerFrei]

FYI, The Ultimate Troubleshooter mentioned in step 2 is a utility offered by the website this info originates from. It's not free.

edit: Oops, meant to edit the above post to add this.

 

[Anubis]

Originally posted by: John

Originally posted by: Anubis
however where is this from internet extended databases option, i dont see it and didnt see it ast time you said to check that

Kaspersky Antivirus trialware & configuration

yea im running a different version of kas and mine looks different, im on Kas personal pro 5.0.20

and im running that McAfee scan that mechBgon suggested ill find out if it worked tomorrow

 

[mechBgon]

Also have him right-click My Computer, choose Manage, and go down to Services. If WinTools is in there, have him stop & disable it.

 

[KLin]

I usually remove wintools through add/remove programs and that works. The problem is it can download other spyware crap that you have to use Hijackthis, ad-aware, and other little fixes to get rid of them. Look2me is especially heinous.

 

[onza]

SAFEMODE

run a scan on safemode.. i had some serious issues and when not in safemode.. it was hell.. but after i booted into SM, all is well.

 

[Anubis]

Originally posted by: onza
SAFEMODE

run a scan on safemode.. i had some serious issues and when not in safemode.. it was hell.. but after i booted into SM, all is well.

that makes 2 of you that apperently DONT know how to read

as i said in the first post in all caps as well THE COMP WILL NOT BOOT IN SAFE MODE

 

[onza]

oops!

/exit