 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Forum / Windows Me / Networking / May 2004system and network problems (windows ME)
during start up the following dialogue box appears and can't be deleted: "wtoolsa has caused an error in kernel32.dll...." I can no longer access the internet and the computer will not shut down other than by turning off the power. other than that everything else seems to be working. help!!! wtoolsa.exe is malware and appears to be a new member of the IBIS Toolbar family (http://www.pestpatrol.com/PestInfo/i/ibis_toolbar.asp) or even a variant of the CoolWebSearch parasite. It certainly doesn't form a part of the Win Me operating system. One install mechanism it uses is if you choose to install the toolbar from xxx.websearch.com Boot to Safe Mode, open MSConfig (Start, Run, enter MSConfig in the box and click OK), open the Startup tab and uncheck the entry being used to launch wstoolsa.exe, possibly labelled something like WinTools as well as any entries referring to wtoolsb.dll, wsup.exe and tb_setup.exe. Browse to and delete the contents of your C:\Windows\Temp folder and also clear you Temporary Internet Files (Internet Options | General | Delete Files and ensure that you check the box "Delete all offline content", then click OK and Apply. Now check Add/Remove Programs and uninstall any entry for WinTools. You should also delete the entire Wintools folder which is probably located as a sub-folder in C:\Program Files\Common Files or alternatively in C:\Windows\System. Check for and delete all copies of wtoolsa.exe, wtoolsb.dll, wsup.exe and tb_setup.exe. Now reboot back into Normal Mode and check your system for commercial parasites. This might be a good time to download yourself a copy of the free Ad-Aware 6.0 from Lavasoft (http://www.lavasoftusa.com/software/adaware/) and also SpyBot (http://www.safer-networking.org/) and scan your system for and remove all unwanted parasites, adware and spyware that might be hiding on your PC. I would suggest you download and run merijn's CWShredder which targets the CoolWebSearch parasite. CWShredder can be downloaded from (http://www.zerosrealm.com/downloads/CWShredder.zip or http://www.spywareinfo.com/~merijn/files/cwshredder.zip). Details of the many forms of the CoolWebSearch hijacker can be found at http://www.spywareinfo.com/~merijn/cwschronicles.html and also http://www.pestpatrol.com/pestinfo/c/cws.asp. If you continue to have problems download a copy of HijackThis from http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called hijackthis on C: and copy the file you downloaded to that folder. Close as many applications as you can including all instances of Internet Explorer and then run hijackthis.exe and post back the log, provided that it isn't too long, to this thread, otherwise to the HijackThis Forum at http://www.spywareinfo.com/forums/ and hopefully this will enable someone to identify the cause of your problem. Entries in the HiJackThis log to remove include: R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe Finally to prevent reinfection download and use SpywareBlaster (http://www.wilderssecurity.net/spywareblaster.html) which can inocualte your PC against infection by many parasites and using Tools | Custom Blocking add the following: Item Name - WinTools CLSID - {87766247-311C-43B4-8499-3D5FEC94A183} --? Mike Maltby MS-MVP mcmaltby@hotmail.com > during start up the following dialogue box appears and > can't be deleted: [quoted text clipped - 4 lines] > not shut down other than by turning off the power. other > than that everything else seems to be working. help!!! > during start up the following dialogue box appears and > can't be deleted: [quoted text clipped - 4 lines] > not shut down other than by turning off the power. other > than that everything else seems to be working. help!!! (courtesy of Mike Maltby, MVP) wtoolsa.exe is malware and appears to be a new member of the IBIS Toolbar family (http://www.pestpatrol.com/PestInfo/i/ibis_toolbar.asp) or even a variant of the CoolWebSearch parasite. It certainly doesn't form a part of the Win Me operating system. One install mechanism it uses is if you choose to install the toolbar from xxx.websearch.com Boot to Safe Mode, open MSConfig (Start, Run, enter MSConfig in the box and click OK), open the Startup tab and uncheck the entry being used to launch wstoolsa.exe, possibly labelled something like WinTools as well as any entries referring to wtoolsb.dll, wsup.exe and tb_setup.exe. Browse to and delete the contents of your C:\Windows\Temp folder and also clear you Temporary Internet Files (Internet Options | General | Delete Files and ensure that you check the box "Delete all offline content", then click OK and Apply. Now check Add/Remove Programs and uninstall any entry for WinTools. You should also delete the entire Wintools folder which is probably located as a sub-folder in C:\Program Files\Common Files or alternatively in C:\Windows\System. Check for and delete all copies of wtoolsa.exe, wtoolsb.dll, wsup.exe and tb_setup.exe. Now reboot back into Normal Mode and check your system for commercial parasites. This might be a good time to download yourself a copy of the free Ad-Aware 6.0 from Lavasoft (http://www.lavasoftusa.com/software/adaware/) and also SpyBot (http://www.safer-networking.org/) and scan your system for and remove all unwanted parasites, adware and spyware that might be hiding on your PC. I would suggest you download and run merijn's CWShredder which targets the CoolWebSearch parasite. CWShredder can be downloaded from (http://www.zerosrealm.com/downloads/CWShredder.zip or http://www.spywareinfo.com/~merijn/files/cwshredder.zip). Details of the many forms of the CoolWebSearch hijacker can be found at http://www.spywareinfo.com/~merijn/cwschronicles.html and also http://www.pestpatrol.com/pestinfo/c/cws.asp. If you continue to have problems download a copy of HijackThis from http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called hijackthis on C: and copy the file you downloaded to that folder. Close as many applications as you can including all instances of Internet Explorer and then run hijackthis.exe and post back the log, provided that it isn't too long, to this thread, otherwise to the HijackThis Forum at http://www.spywareinfo.com/forums/ and hopefully this will enable someone to identify the cause of your problem. Possible entries in the HiJackThis log to remove include: O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwe....0.0.5.cab  SignatureMike Maltby MS-MVP mcmaltby@hotmail.com |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.