• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
darksilvertears

WtoolsA and Wsup viruses, need help pleeeeeease!

6 posts in this topic

it seems i have some kind of spyware, there is something on my computer everytime i boot up which is called Wtoolsa and i know it should not be there. there is also another program called "Wsup". these have been on my pc since my friend used my internet and downloaded all this crap...ive tried EVERTHING this past week...i have used hijackthis.exe, adaware, and spybot but none of them have worked. i can not end the task or close it. i have not found much information on the viruses. i have tried deleting "win tools" from the registry, but to no avail. it doesn't not appear in the add\remove programs. when i delete the wtoolsa folder and its contents, it reaapears on the next boot.

 

now i figure the files must be in a library somewhere on my computer and check to restart it after its been deleted, and i just cant get rid of this pest. since it may be significant, i am running windows 98 and internet explorer on my computer. the virus is causing CRAZY popups and makes the internet shut down about every 3 minutes. also, it downloads things by itself such as casino.net programs, etc. as i said, ive used spybot and adware and hijackthis, they have removed other spyware from my computer, but they arent working with wtoolsa or wsup.

 

if anyone can please help me, im pretty desperate.

 

-(A)manda

Share this post


Link to post
Share on other sites

It would help more if I could see your HiJackthis log, but for now do this:

First open Task Manager (Ctrl+Alt+Delete)close as many of the Wintools processes that you can see listed such as:

WToolsA.exe

WToolsS.exe

WSup.exe

 

Then go to Add/Remove Programs and remove Wintools.

 

Reboot into Safemode this way:

Turn on the computer

Immediately begin tapping the <F8> key.

Use the arrow keys to highlight Safe Mode and press the <Enter> key.

 

Search for these and delete them if they still exist:

C:\WINDOWS\System32\SWin32.dll

C:\Program Files\Common Files\WinTools\WToolsA.exe

C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

C:\Program Files\Common Files\WinTools\WToolsA.exe

Reboot normally.

 

Run Adaware and Spybot.

 

Then do an online virus scan: Housecall: http://www.trendmicro.com/en/home/us/enterprise.htm

 

Reboot normally.

Please post a HijackThis log (that's a StartupList). After Scan, the Scan button changes to Save Log. Click that, save it somewhere. Do Ctrl-A to Select all, and then copy and paste it here.

 

We will let you know what to fix with HJT.

Edited by Bugbatter

Share this post


Link to post
Share on other sites

thank you! it actually worked! when you told me what to do, i didnt think it would as it was very similar to what i'd tried before. but when i ran safemode this time i checked for all those files you gave me...it was swin32.dll that i had missed, because i deleted it and upon rebooting wtoolsa and wsup have not returned! ive been online for about 20 minutes now and havent gotten not one single popup, nor have i been thrown off. i just hope im not getting too excited only to find it back tomorrow...

 

thank you SO much for your help. i feel so...relieved that its fixed finally. :D

Share this post


Link to post
Share on other sites

Glad to hear that it worked. You are very welcome.

 

If you are running XP or WinMe, flush your System Restore:

(Using XP, you must be logged in as Administrator to do this.)

Go to Start>Run and type msconfig Press enter.

When msconfig opens, click the Launch System Restore Button.

On the next page, click the System Restore Settings Link on the left.

Check the box labeled Turn Off System Restore.

 

Reboot. Go back in and turn System Restore back on. A new Restore Point will be created.

 

Here is my standard list of prevention tips:

1. Visit Windows Update:

Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.

Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

 

2. Adjust your security settings for ActiveX:

Go to Internet Options/Security/Internet, press 'default level', then OK.

Now press "Custom Level."

In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

 

3. Download and install the following free programs:

a. SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html

b. SpywareGuard: http://www.javacoolsoftware.com/spywareguard.html

Periodically check for updates.

 

4. Keep your antivirus software and firewall software up to date.

Note: Zone Alarm Firewall (Zone Labs)http://www.zonelabs.com/store/content/home.jsp is free.

 

5. Install Spyware Detection and Removal Programs:

You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.

a. AdAware: http://www.lavasoft.de/software/adaware/

b. SpyBot S&D: http://security.kolla.de/index.php?lang=en&page=download

Check for updates in Adaware frequently as they sometimes can update daily.

I would check for updates in SpyBot once a week or so.

I scan with each at least weekly.

 

I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

Edited by Bugbatter

Share this post


Link to post
Share on other sites

Glad we could help!

 

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0