Wintools

[Guest]

It appears have a bunch of WinTool files as hidden and read only. How can I
get rid of them?

 

[Anonymous Bob]

It appears have a bunch of WinTool files as hidden and read only. How can I
get rid of them?

Grunt,
You have a nasty one there. Here's the best link I could find to get rid of
your problem:
http://www.doxdesk.com/parasite/HuntBar.html

If you're not comfortable with that procedure go here:
http://spywarewarrior.com/sww-help.htm#infested

Bob Vanderveen

 

[Guest]

Grunt,
You have a nasty one there. Here's the best link I could find to get rid of
your problem:
http://www.doxdesk.com/parasite/HuntBar.html

If you're not comfortable with that procedure go here:
http://spywarewarrior.com/sww-help.htm#infested

Bob Vanderveen


Thanks Bob! My problem was solved after I used SpyCatcher!

However, the AntiSpyware program that I have with Comcast still states I
have the IBIS Tool Bar. Since SpyCatcher found and quarantined WinTools, I
have a feeling the Comcast program is a false positive result. Again, thanks
for your help.

Grunt

 

[Randy Knobloch]

It appears have a bunch of WinTool files as hidden and read only. How can I
get rid of them?

This Parasite recipe works;
(http://aumha.net/viewtopic.php?t=5673)

If you require assistance -
Register here: (http://aumha.net/profile.php?mode=register)
Once you have received your confirmation email, you may post
a query here, for assistance: (http://aumha.net/viewforum.php?f=28)

Silj

--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
_________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address
is invalid that we may all benefit.

 

[Anonymous Bob]

However, the AntiSpyware program that I have with Comcast still states I
have the IBIS Tool Bar. Since SpyCatcher found and quarantined WinTools, I
have a feeling the Comcast program is a false positive result. Again, thanks
for your help.

Grunt,

You may not be ahead of the game as yet. SpyCatcher isn't a well known
program. Eric Howes reported that it gave two false positives on his system,
but he hasn't (as yet) added to his rouges list. There's a report at
dslreports that SpyCatcher includes two rootkit protected files as per
F-Secure Blacklight.

The report you see from your Comcast provided software may be due to that
program checking the quarantine folder in SpyCatcher. You may be able to
exclude that folder.

Here are the related links:
http://www.spywarewarrior.com/viewtopic.php?t=4269&sid=74282d3b619b53980b1e4a03129c2ae4
http://www.dslreports.com/forum/remark,14863451
http://www.f-secure.com/blacklight/

There's also RootKit Revealer from sysinternals:
http://www.sysinternals.com/Utilities/RootkitRevealer.html

Respectfully,
Bob Vanderveen

 

[Guest]

I've tried Microsoft Antispyware, Spybot, and spycatcher. Spycatcher says
its gone, but Microsoft says its still there, and the directory is definately
still there (common Files\wintools) and can't be deleted. Likewise there are
still many entries in teh registry containing "wintools" that can't be
removed
(HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WINTOOLSSVC;
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WINTOOLSSVC;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000)

Any ideas on what to try next?

Thanks

 

[Randy Knobloch]

:

Any ideas on what to try next?

Try this parasite fighting recipe;
<http://aumha.net/viewtopic.php?t=5673>

Silj

--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
_________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address
is invalid that we may all benefit.