wintoolsa.exe

[Shard92]

anyone know what this is and what it does. It's running in the background on a one of the computers here.

[hudsonsmith]

spyware

[NEPATEC]

wintoolsa.exe is a parasite. Get rid of it!

Any decent spyware remover should get rid of it for you, but I'd personally recommend Spybot Search & Destroy

Mike

[Shard92]

Yeah thanks. I did some searching and eventually found that out. I did run spybot and it didn't find it. Adaware found and removed some of it but not all. I finally had to remove it manually.

http://www.pchell.com/support/wintools.shtml

[Tekboy]

Yeah thanks. I did some searching and eventually found that out. I did run spybot and it didn't find it. Adaware found and removed some of it but not all. I finally had to remove it manually.

http://www.pchell.com/support/wintools.shtml

Lately, I have been using AdAware and Spybot, and despite the disclaimers, they do not seem to be bumping heads with each other. What one misses, the other seems to find. However, the latest detection rules update for Spybot 1.3 keeps giving me a bad checksum error when I try to download it.

[geoscomp]

Try downloading it from rootboxen.net rather than the european mirror

[ringdangdoo3]

Just a word of thanks to everyone how posted about this #*&%(#& piece of spyware/virus/malware.

I just spent the last 4 hours digging this piece of #&#& out of my system, and I would not have been successful without the advice and links provided.

I cannot begin to tell you how angry I am at the little pus-bucket script kiddie who wrote this thing just to get his jollies.

Anyways, Thanks again for the help.

**********************************************
* I am way beyond pissed...I am all the way to thoughtful... *
**********************************************

[NooNoo]

Just a word of thanks to everyone how posted about this #*&%(#& piece of spyware/virus/malware.

I just spent the last 4 hours digging this piece of #&#& out of my system, and I would not have been successful without the advice and links provided.

I cannot begin to tell you how angry I am at the little pus-bucket script kiddie who wrote this thing just to get his jollies.

Anyways, Thanks again for the help.

**********************************************
* I am way beyond pissed...I am all the way to thoughtful... *
**********************************************

ringdangdoo3 Welcome to Windrivers

Please don't surpress your feelings it makes it hard to understand the posts

Only 4 hours? you got off lightly Money making on the net at any cost I am afraid..

[ringdangdoo3]

I'll try to express my true feelings more in the future =)

well, it helps being a real-world application programmer who has to dig into the registry constantly =). That was how I knew something was up. when I first noticed my box wasn't behaving as it should, the first thing I did was open RegEdit, and checked out HKLM\Software\Microsoft\Windows\CurrentVersion\Run (there should be a speed-dial for that key =), and since I know what should be in that key, the moment I saw 3 strange entries, I knew my system was hosed.

For any other poor soul who is trying to remove this virus (and yes, do NOT delude yourself, it is a VIRUS, even if it isn't self-propagating, and even if the wonderful people at Symantec, McAfee, et al, don't have the slightest clue what you are talking about when you ask them what the hell "WinToolsA.exe" is), here is a list of the programs that helped me wash this piece of filth from my system:

Spybot - search and destroy
HijackThis
and most importantly
BCWipe

I highly recommend BCWipe, which is a low-level disk wiping program. Instead of using good old Winders Delete command (which does anything but), I used BCWipe to wipe the offending files with zeros and ones on the spot. This way I didn't have to futz with emptying the Recycle Bin and all that garbage. Also, BCWipe can wipe special files like the Swap file, the Recycle Bins, Temp Internet files (including that pesky index.dat file =). Sorry if I sound like an Infomercial, but if you are serious about getting crap like this off you system, you need to have this kind of utility.

One last word of encouragement if you are reading this while suffering from a WinToolsA or similar infection: You can do it. Be Brave, and dig into the Registry! These cockroaches are COUNTING on you to be too afraid of disturbing their haven there. Don't let them win. Good luck!

[paul_martin71]

I'll try to express my true feelings more in the future =)

well, it helps being a real-world application programmer who has to dig into the registry constantly =). That was how I knew something was up. when I first noticed my box wasn't behaving as it should, the first thing I did was open RegEdit, and checked out HKLM\Software\Microsoft\Windows\CurrentVersion\Run (there should be a speed-dial for that key =), and since I know what should be in that key, the moment I saw 3 strange entries, I knew my system was hosed.

For any other poor soul who is trying to remove this virus (and yes, do NOT delude yourself, it is a VIRUS, even if it isn't self-propagating, and even if the wonderful people at Symantec, McAfee, et al, don't have the slightest clue what you are talking about when you ask them what the hell "WinToolsA.exe" is), here is a list of the programs that helped me wash this piece of filth from my system:

Spybot - search and destroy
HijackThis
and most importantly
BCWipe

I highly recommend BCWipe, which is a low-level disk wiping program. Instead of using good old Winders Delete command (which does anything but), I used BCWipe to wipe the offending files with zeros and ones on the spot. This way I didn't have to futz with emptying the Recycle Bin and all that garbage. Also, BCWipe can wipe special files like the Swap file, the Recycle Bins, Temp Internet files (including that pesky index.dat file =). Sorry if I sound like an Infomercial, but if you are serious about getting crap like this off you system, you need to have this kind of utility.

One last word of encouragement if you are reading this while suffering from a WinToolsA or similar infection: You can do it. Be Brave, and dig into the Registry! These cockroaches are COUNTING on you to be too afraid of disturbing their haven there. Don't let them win. Good luck!

I am pleased to see that oyu have successfully dealt with this real pain in the ***, I wonder if you could offer some advise on the registry. I am an experienced PC user but have not fiddled with tehregistry much and want to sort out this sucker. I am going to run the other apps you recommended.

(p.s. I have wintoolsS.exe running as well is this bad too?).


Kind regards


Paul

[imaeditedbysowulo]

I am pleased to see that oyu have successfully dealt with this real pain in the ***, I wonder if you could offer some advise on the registry. I am an experienced PC user but have not fiddled with tehregistry much and want to sort out this sucker. I am going to run the other apps you recommended.

(p.s. I have wintoolsS.exe running as well is this bad too?).


Kind regards


Paul

Yup that's probably bad too. You might want to make your own thread to help expedite your fix.

I highly advise installing Mozilla Firefox as your Innernet Browser once you get the machine fixed. It's good for taking the frustration out of surfing the innernet.

[NooNoo]

I am pleased to see that oyu have successfully dealt with this real pain in the ***, I wonder if you could offer some advise on the registry. I am an experienced PC user but have not fiddled with tehregistry much and want to sort out this sucker. I am going to run the other apps you recommended.

(p.s. I have wintoolsS.exe running as well is this bad too?).


Kind regards


Paul

Anything wintools is bad!!
Registry is pretty simple - and just as simple to screwup royally.

First thing you do when opening regedit is file export and export the entire reg to the c: drive so you can get at it easily.

The next thing to know about is edit find.... much easier than wading through all those keys!

If you find something you don't want in the registry - export just that key and then delete it. If something goes wrong you can merge it back by double clicking the exported file.

here is the mskb description of the registy

Let us know if you have more questions.