Wintools removal

Discussion in 'spyware news and general information' started by Pieter_Arntz, Jul 29, 2004.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Apr 27, 2002
    Removal procedure for Windows 2000 and XP where it will run as a service.

    1. Halt & Disable the WinTools service:
    From a Run box, launch SERVICES.MSC.
    Right-click on the WinTools for IE service and take Properties. Click the Stop button. Set Startup Type to Disabled.

    Reboot, preferably into safe mode and

    2. Kill the Registry Key:
    Using RegEdit, navigate to:
    Expand the "Services" key in the left pane. Delete the WinTools (or similarly named) key.

    3. Delete the WinTools Program File:
    Delete this folder:
    C:\Program Files\Common Files\WinTools

    At one or more additional points you may have to reboot to take a step. After the above is done, HijackThis may still show some WinTools or WTools entries, which should be removed.

    Possible entries in a log:

    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183}- C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\COMMON~1\WINTOOLS\BTIEIN.DLL

    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
    O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsS.exe
    O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsS.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WSup.exe
    O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WSup.exe

    Credits to fellow MVP Mike Burgess (aka Winhelp2002)
Thread Status:
Not open for further replies.