Wintools

[The Theo]

Each time i run ms antispyware i get the same result:
Wintools (trojan)
Then ms removes it from my comp. and say it has been
removed , but it didn't
Is here a solution for?
(tried to remove it in regedit but it can't be opened
Thanks Theo

 

[plun]

The Theo submitted this idea :

Each time i run ms antispyware i get the same result:
Wintools (trojan)
Then ms removes it from my comp. and say it has been
removed , but it didn't
Is here a solution for?
(tried to remove it in regedit but it can't be opened
Thanks Theo

Hi

Have you done any scans in safe mode ?

Also get this tools, Spybot and Lavasofts Adaware

http://www.windowsmarketplace.com/results.aspx?bCatId=327

 

[Andre Da Costa]

How To Remove Wintools info at
http://forum.aumha.org/viewtopic.php?t=5673

Here is some information to additional removal instructions:
wintools.exe
http://www.iamnotageek.com/a/wintools.exe.php

Ib
s Toolbar Removal
http://www.iamnotageek.com/a/370-p1.php

Some of this does not apply if you have Windows XP SP2. If you do not have
SP2, get it

First. Make sure of these settings and nothing will install without you
answering YES. (Except what may install as part of some other software.)
Don't click YES if you don't know/trust the source.

Start | Settings | Control Panel | Internet Options | Advanced tab |
Make sure both of these are NOT checked.

 Enable Install On Demand (Internet Explorer)
[[Specifies to automatically download and install Internet Explorer
components if a Web page needs them in order to display the page properly or
perform a particular task.]]

 Enable Install On Demand (Other)
[[Specifies to automatically download and install Web components if a Web
page needs them in order to display the page properly or perform a
particular task.]]

Apply | OK

 Enable Install On Demand (Other)
Is part of the driveby downloading of unwanted programs. i.e. Scumware or
whatever will install w/o you even being aware of it.
=====

Second. If you need a scan right now.

Follow the instructions!
THE PARASITE FIGHT QUICK FIX PROTOCOL
http://aumha.org/a/quickfix.php

 

[Menno Hershberger]

http://www.iamnotageek.com/a/wintools.exe.php

Followed that link and was presented with all kinds of popup ads! The kind
that underlines various words and pops up a ballon when you pass over them.
Not very good advertising for a site that is supposed to be helping you get
rid of that kind of stuff!
Does it in IE and Firefox too.
Maybe I've got a bug, but the code has to be on their page regardless.

 

[AndyManc]

Wintools can be a nightmare to remove because there are
three executables running at startup including one hidden
one and one running as a Windows service. These processes
interact to stop each other from being killed, preventing
removal of the software.



Try this fix by symantec for this

http://securityresponse.symantec.com/avcenter/FxWebsch.exe


Save to desktop.open and run a scan (also run this fix
tool in safe mode)


Check Add/remove screen for these and remove if found:

Toolbar
WinTools
WebOffer
Web Search Toolbar
Win-Tools Easy Installer


Manual Removal : (If you need to remove the manually copt
this to notepad and save it so you can still use it in
safe mode)


WinTools cannot be removed in normal mode because of each
of the three processes, plus a BHO, keep each other alive
when you try to stop them. So you will need to use Safe
Mode.

To get to Safe Mode, press the F8 key just as Windows is
about to boot. keep tapping F8 as the machine boots until
the menu appears.


Open the registry

click Start, choose Run, enter

regedit

and find the key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on.

Select the subkey 'Run' and delete the

'WinTools' entry on the right. If there is still
a 'TB_setup' or 'TBPS' entry here, delete that too.


Next, select the subkey 'Explorer\Browser Helper
Objects', delete the whole subkey with the name

{87766247-311C-43B4-8499-3D5FEC94A183}


find the key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and
delete the WinToolsSvc subkey.

To clean up, delete

WinTools

in the Software subkey of both HKEY_LOCAL_MACHINE and
HKEY_CURRENT_USER.

you can also delete the keys inside
HKEY_CLASSES_ROOT\CLSID with numbers

{26E8361F-BCE7-4F75-A347-98C88B418322} and
{87067F04-DE4C-4688-BC3C-4FCF39D609E7}

Inside HKEY_CLASSES_ROOT\PROTOCOLS, the Name-Space
Handler\res\WToolsB.ResProtocol key can also go.

Next, open

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\Installer\UserData and delete the

'AUI' and 'STO' subkeys, and the 'TUID' entry if found





Reboot normally.




Open a DOS command prompt window

(from Start->Programs->Accessories), and enter the
following commands.

First Copy & Paste the first line in and press enter
then copy and paste the other lines in pressing enter
after each one the second part is one command from regsvr
to .dll"



cd "%WinDir%\System"


regsvr32 /u "\Program Files\Common
Files\WinTools\WToolsB.dll"



regsvr32 /u "\Program Files\Common
Files\WinTools\btiein.dll"



regsvr32 /u "\Program Files\Toolbar\toolbar.dll"



File deletion


Having done this you can reboot the machine and delete
the HuntBar files. Open the 'Common Files' folder inside
Program Files. delete 'WinTools'.


Go back to the Program Files folder and delete

Toolbar

Other traces

You can also open 'Downloaded Program Files' in the
Windows folder and delete the entry

{8A05273A-2EA5-42DE-AA75-59EA7D9D50D7}
{59450DB0-341D-4436-B380-B8377D8B6796}
{D6E66235-7AA6-44ED-A06C-6F2033B1D993}
{26E8361F-BCE7-4F75-A347-98C88B418322}

if you received HuntBar through a drive-by download.


Finally reset your search and home pages back to normal
(Tools->Internet Options->Programs->Reset Web Settings).




All the Best

Andy