Wintools removal

Discussion in 'spyware news and general information' started by Pieter_Arntz, Jul 29, 2004.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Apr 27, 2002
    Removal procedure for Windows 2000 and XP where it will run as a service.

    1. Halt & Disable the WinTools service:
    From a Run box, launch SERVICES.MSC.
    Right-click on the WinTools for IE service and take Properties. Click the Stop button. Set Startup Type to Disabled.

    Reboot, preferably into safe mode and

    2. Kill the Registry Key:
    Using RegEdit, navigate to:
    Expand the "Services" key in the left pane. Delete the WinTools (or similarly named) key.

    3. Delete the WinTools Program File:
    Delete this folder:
    C:\Program Files\Common Files\WinTools

    At one or more additional points you may have to reboot to take a step. After the above is done, HijackThis may still show some WinTools or WTools entries, which should be removed.

    Possible entries in a log:

    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183}- C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\COMMON~1\WINTOOLS\BTIEIN.DLL

    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
    O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsS.exe
    O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsS.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WSup.exe
    O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WSup.exe

    Credits to fellow MVP Mike Burgess (aka Winhelp2002)
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.