Pieter_Arntz
July 29th, 2004, 08:38 AM
Removal procedure for Windows 2000 and XP where it will run as a service.
1. Halt & Disable the WinTools service:
From a Run box, launch SERVICES.MSC.
Right-click on the WinTools for IE service and take Properties. Click the Stop button. Set Startup Type to Disabled.
Reboot, preferably into safe mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406) and
2. Kill the Registry Key:
Using RegEdit, navigate to:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Expand the "Services" key in the left pane. Delete the WinTools (or similarly named) key.
3. Delete the WinTools Program File:
Delete this folder:
C:\Program Files\Common Files\WinTools
At one or more additional points you may have to reboot to take a step. After the above is done, HijackThis may still show some WinTools or WTools entries, which should be removed.
Possible entries in a log:
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183}- C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\COMMON~1\WINTOOLS\BTIEIN.DLL
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsS.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsS.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WSup.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WSup.exe
Credits to fellow MVP Mike Burgess (aka Winhelp2002)
1. Halt & Disable the WinTools service:
From a Run box, launch SERVICES.MSC.
Right-click on the WinTools for IE service and take Properties. Click the Stop button. Set Startup Type to Disabled.
Reboot, preferably into safe mode (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406) and
2. Kill the Registry Key:
Using RegEdit, navigate to:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
Expand the "Services" key in the left pane. Delete the WinTools (or similarly named) key.
3. Delete the WinTools Program File:
Delete this folder:
C:\Program Files\Common Files\WinTools
At one or more additional points you may have to reboot to take a step. After the above is done, HijackThis may still show some WinTools or WTools entries, which should be removed.
Possible entries in a log:
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183}- C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\COMMON~1\WINTOOLS\BTIEIN.DLL
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsS.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsS.exe
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WSup.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WSup.exe
Credits to fellow MVP Mike Burgess (aka Winhelp2002)