Hi Doug
If MS fails in safe mode make sure you have removed all
registry entries.
This spyware is related to Wintools & Lycos SideSearch so
also check your system for thess incase its Helping it
reappear (Typically Wintools is in the Windows/Common
Files Folder) And sidesearch can be found on the
Add/Remove screen.Wintools is difficult to kill but can
explain more if its found ive listed a couple of its
registry values and location just so you can check while
removing the SEP values.
First enable Hidden Files and Folders
Enable viewing of hidden files and folders and
extensions; Start Windows Explorer and click on
your main hard drive, usually c:\. Then select Tools from
the top of Windows Explorer and then Folder Options. Go
to the View tab. Scroll down to the folder icon that says
Hidden files and folders and check show hidden files and
folders. Also, right below it, uncheck the hide file
extensions for known types.
Registry Values Connected to SEP & Wintools
Start your computer in safe mode. (Tapping F8 on reboot)
Start the registry editor.
This is done by clicking Start then Run.
Type regedit and click OK.
Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \
CurrentVersion \ Run'
In the right pane, delete the value called 'WinTools', if
it exists. Delete all these if found !!
Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Classes \ CLSID \
{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}'
Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Microsoft \ Windows
\ CurrentVersion \ Explorer\Browser Helper Objects \
{C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}'
Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet
Explorer \ Toolbar'
In the right pane, delete the value called {C5183ABC-EB6E-
4E05-B8C9-500A16B6CF94},
Exit the registry editor.
Restart your computer.
Start Windows Explorer and delete:
C:\Program Files\SEP\ (Any Files or Folders Found)
C:\Program Files\Common files\WinTools folder (If present)
Also do a search with hidden files enabled for:
TB_setup & TBPS
If Wintools is present resetting or cleaning your hosts
file may be needed:
You can do this manually if you know about the hosts file
Windows 95/98/Me c:\windows\hosts
Windows NT/2000/XP Pro c:\winnt\system32
\drivers\etc\hosts
Windows XP Home c:\windows\system32\drivers\etc\hosts
or if you are not sure about it just download and run
this small program which will reset your hosts file to
the Microsoft default setting:
http://members.aol.com/toadbee/hoster.zip
Press 'Restore Original Hosts' and press 'OK'
Exit Program.
Next: Delete Temp Internet files :
Open a internet browser window, click Tools then Internet
Options.
Click on the Delete Cookies and the Delete Files buttons,
then click OK and close the browser window.
Next: Delete Windows Temporary Files - (start,run then
type %temp% delete all files you can in this folder
The Windows temporary directory (usually located at
C:\windows\temp).
Thats It mate Good Luck
Andy
