Jump to content


WtoolsA and Wsup viruses, need help pleeeeeease!

  • This topic is locked This topic is locked
5 replies to this topic

#1 darksilvertears



  • New Member
  • Pip
  • 4 posts

Posted 11 July 2004 - 07:16 AM

it seems i have some kind of spyware, there is something on my computer everytime i boot up which is called Wtoolsa and i know it should not be there. there is also another program called "Wsup". these have been on my pc since my friend used my internet and downloaded all this crap...ive tried EVERTHING this past week...i have used hijackthis.exe, adaware, and spybot but none of them have worked. i can not end the task or close it. i have not found much information on the viruses. i have tried deleting "win tools" from the registry, but to no avail. it doesn't not appear in the add\remove programs. when i delete the wtoolsa folder and its contents, it reaapears on the next boot.

now i figure the files must be in a library somewhere on my computer and check to restart it after its been deleted, and i just cant get rid of this pest. since it may be significant, i am running windows 98 and internet explorer on my computer. the virus is causing CRAZY popups and makes the internet shut down about every 3 minutes. also, it downloads things by itself such as casino.net programs, etc. as i said, ive used spybot and adware and hijackthis, they have removed other spyware from my computer, but they arent working with wtoolsa or wsup.

if anyone can please help me, im pretty desperate.


#2 darksilvertears



  • New Member
  • Pip
  • 4 posts

Posted 11 July 2004 - 10:24 AM


#3 Bugbatter


    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 11 July 2004 - 11:23 AM

It would help more if I could see your HiJackthis log, but for now do this:
First open Task Manager (Ctrl+Alt+Delete)close as many of the Wintools processes that you can see listed such as:

Then go to Add/Remove Programs and remove Wintools.

Reboot into Safemode this way:
Turn on the computer
Immediately begin tapping the <F8> key.
Use the arrow keys to highlight Safe Mode and press the <Enter> key.

Search for these and delete them if they still exist:
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
Reboot normally.

Run Adaware and Spybot.

Then do an online virus scan: Housecall: http://www.trendmicr.../enterprise.htm

Reboot normally.
Please post a HijackThis log (that's a StartupList). After Scan, the Scan button changes to Save Log. Click that, save it somewhere. Do Ctrl-A to Select all, and then copy and paste it here.

We will let you know what to fix with HJT.

Edited by Bugbatter, 11 July 2004 - 11:26 AM.

Microsoft MVP - Consumer Security

#4 darksilvertears



  • New Member
  • Pip
  • 4 posts

Posted 11 July 2004 - 02:16 PM

thank you! it actually worked! when you told me what to do, i didnt think it would as it was very similar to what i'd tried before. but when i ran safemode this time i checked for all those files you gave me...it was swin32.dll that i had missed, because i deleted it and upon rebooting wtoolsa and wsup have not returned! ive been online for about 20 minutes now and havent gotten not one single popup, nor have i been thrown off. i just hope im not getting too excited only to find it back tomorrow...

thank you SO much for your help. i feel so...relieved that its fixed finally. :D

#5 Bugbatter


    Forum Deity

  • Trusted Advisor
  • PipPipPipPipPip
  • 939 posts

Posted 11 July 2004 - 05:53 PM

Glad to hear that it worked. You are very welcome.

If you are running XP or WinMe, flush your System Restore:
(Using XP, you must be logged in as Administrator to do this.)
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.

Reboot. Go back in and turn System Restore back on. A new Restore Point will be created.

Here is my standard list of prevention tips:
1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update: http://v4.windowsupd.../en/default.asp

2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

3. Download and install the following free programs:
a. SpywareBlaster: http://www.javacools...areblaster.html
b. SpywareGuard: http://www.javacools...ywareguard.html
Periodically check for updates.

4. Keep your antivirus software and firewall software up to date.
Note: Zone Alarm Firewall (Zone Labs)http://www.zonelabs....ontent/home.jsp is free.

5. Install Spyware Detection and Removal Programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
a. AdAware: http://www.lavasoft....ftware/adaware/
b. SpyBot S&D: http://security.koll...n&page=download
Check for updates in Adaware frequently as they sometimes can update daily.
I would check for updates in SpyBot once a week or so.
I scan with each at least weekly.

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Edited by Bugbatter, 11 July 2004 - 06:16 PM.

Microsoft MVP - Consumer Security

#6 dave38


    Devout Murphyite!

  • Retired Staff
  • PipPipPipPipPip
  • 8,508 posts

Posted 03 August 2004 - 02:22 PM

Glad we could help!

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!