Jump to content


Photo

Help!! Wsup, Wtools


  • This topic is locked This topic is locked
3 replies to this topic

#1 whitewolf3399

whitewolf3399

    Member

  • New Member
  • Pip
  • 2 posts

Posted 20 May 2004 - 02:10 PM

Ok, reasonable computer savvy and have managed to get through all of them till this one. Darn thing just won't go away. Scans with Trend Micro, SpyBot, Adaware etc... find the durned thing but won't seem to clean them except temporarily.

Log pasted.

Logfile of HijackThis v1.97.7
Scan saved at 3:07:52 PM, on 5/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSEC.EXE
C:\iFtpSvc\iFtpSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2003\tmproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe
C:\Program Files\Common files\WinTools\WToolsA.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common files\WinTools\WToolsS.exe
C:\Program Files\Common files\WinTools\WSup.exe
C:\Program Files\Opera7\opera.exe
C:\PMAIL\WINPM-32.EXE
C:\Program Files\Trillian\trillian.exe
C:\Hijack This\HijackThis.exe

O1 - Hosts: 207.36.196.189 ieautosearch
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2003\Pop3trap.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Removing the run for wtoolsa and it seems the running process detects this and reinstalls shortly after it's disabled or during the shutdown process. Terminating the process for wsup, or either of the wtools processes works, but they immediatley restart into a 'protected' mode that can't be shutdown. I'm about ready to pull my hair out and just reformat the blasted PC.

Any help appreciated!

~Tom

#2 Quinstar

Quinstar

    Advanced Member

  • Retired Staff
  • PipPipPip
  • 249 posts

Posted 20 May 2004 - 03:12 PM

Go to Add/remove software and uninstall winTools...

That should do it... :D
To help us keep this site running, all donations are welcome...
Thank you...
www.masfemi.be

#3 whitewolf3399

whitewolf3399

    Member

  • New Member
  • Pip
  • 2 posts

Posted 20 May 2004 - 05:35 PM

Argh!!!! I hate it when I miss something like that :p

#4 Quinstar

Quinstar

    Advanced Member

  • Retired Staff
  • PipPipPip
  • 249 posts

Posted 20 May 2004 - 06:34 PM

Better luck next time...
:lol:
To help us keep this site running, all donations are welcome...
Thank you...
www.masfemi.be




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button