• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0

how I removed PGate

5 posts in this topic

I found Pgate on my home PC (WinXP). I searched for quite a while and found many threads on various sites trying to remove it using at least 4 programs each (such as Ad aware) but seemed to fall short of complete removal. I played around and here is how I wiped it clean (no apps needed):


There are 5 areas I found where is presents itself, 1) the registry 2) add/remove programs 3) services 4) c:\program files\common files\wintools 5) task manager


Here is the main problem I saw. When you delete the registry settings or the wintools folder, the entries/files reappear. When you kill its processes in task manager (wtoolss.exe, wtoolsa.exe or wsup.exe) they immediately reappear. I am not sure why.


Here are the successful steps:

1) on the infected PC, go to services and disable the one called something like "Win Tools for Internet Explorer" (don't bother trying to actually stop the service. reboot the machine.

2) share with full control the program files folder on the infected PC. from another PC (called PC2 from now on) map a drive or browse to that share. (this is to make steps 4-6 easier, but you may be able to do them from just the infected PC)

3) on PC2, browse to the wintools folder so you can see the files (wtools.exe, wtoolsa.exe, etc)


[timing for the next 3 steps is very important-do them in rapid succession]

4) on infected PC, open task manager. kill the processes (all wtools?.exe such as wtoolsa.exe, wsup.exe) using the "end process tree" option.

5)begin your shut down process on the infected PC. just as you confirm okay to shut down, immediately perform step 6 from PC2

6)select all files in the wintoools folder and delete them

7)let the infected PC reboot


so, what this should do is delete the files and kill the processes. I think you have roughly 5-10 seconds before the files get regenerated, so deleting them immediately prior to shutting down the PC worked for me.


8)upon reboot, check your processes in task manager. you should not see any running called wtoolsa.exe, wtoolss.exe or wsup.exe. If you do, you should repeat or vary steps 2-7

9) open your registry editor and search for all references to pgate, wtools, wintools, or wsup.exe. Delete every key and folder that you find that is a direct match. there may be 2-3 folders which you will not be able to delete. that did not seem to be a problem for me though.

10)After deleting your reg settings, reboot again and verify once more that those programs (mentioned in step 8) are not running and that the wintools folder is still empty. If empty, delete the wintools folder and the "uninstall" web link (can't recall the name) in the common files folder.

11) verify in add/remove programs that there are no entries for PGate or WinTools for Internet Explorer.


This should do it. good luck.


BTW, if the PGate author(s) happens to catch this post, you left a trail...

Share this post

Link to post
Share on other sites

This did not work directly but eventually it did as follows.


First I ran the program from that link.


Then I went to ad-remove programs and clicked remove for this uninstaller. It asked me if I wanted to uninstall the malware. You have to answer NO twice to continue, if I recall correctly.


It ran a long while then I had to reboot. Seems to have worked!


Note I believe I picked up this nasty by going here and clicking on one of the FAQ links on the left: http://www.dailymp3.com/splitter.html


I'm thankful I found this thread. Thanks!



Click to visit Kallen Web Design!



Had you seen this ?




Could be a trojan - but seems to work.



Edited by auctionhugh

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0