Jump to content


Photo

Wtoolsa, Wsup (Search Toolbar) - Newbie ?'s


  • Please log in to reply
9 replies to this topic

#1 ScaredNoviceGirl

ScaredNoviceGirl

    Member

  • New Member
  • Pip
  • 4 posts

Posted 24 May 2004 - 10:21 PM

Hello. This is my first post. I’m new and scared and don’t know what to do. I don’t know if this is the right place to post this message or not

Some program has installed itself on my computer without my consent. I don’t know what it is. It appears to be an internet Search Toolbar. It shows up every time I get on the internet. When I do a CTR-ALT-DEL, I see the following entries: Wtoolsa and Wsup. What is this??? What does it do? Is it very dangerous?

I’ve read the FAQ, and I see that a person is supposed to download, install and run Ad-aware, Spybot S&D, and HijackThis before posting to the forum where a person requests assistance to get rid of spyware.

The trouble is, I don’t know how to download and install those programs. (I’m not very computer savvy.) May I ask what may seem like some "dumb" questions, please?

First of all, I should probably tell you for your info that my computer is Windows ME, and I am running Norton Antivirus (Norton Systemworks 2001) and ZoneAlarm (free version).

Here are my questions:

Since I have Windows ME, should I try doing a "System Restore" first? I’ve never done this before. Would this work to get rid of/disable the malware program? If I do a System Restore, will it rename the malware programs file names so that the spyware removal programs won’t be able to find and remove/fix them?

I’ve heard that a person is supposed to "close all programs" when a person is downloading/installing a program from the internet. I’m confused. Does this mean that when I go to download programs (like Ad-Aware, Spybot), that I should close Norton Antivirus and ZoneAlarm when *downloading* the programs? Or when installing the programs? Or both??? (Won’t Norton Antivirus and ZoneAlarm try to stop a person from downloading programs from the internet?)

I have other questions, but this post is getting long, so I will end this post here. I’m sorry that I am so unknowledgable about computers and have to ask these dumb questions, but I hope that someone will please be patient with me and help me to figure out what do about this.

Thank you very much.

Sincerely,

ScaredNoviceGirl

#2 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 25 May 2004 - 12:31 AM

Hi ScaredNoviceGirl.

Don't do anything to your PC just yet. Please do this.

Download 'Hijack This!'. http://www.spywarein.../HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log as a text file, Ctrl-A to Select All, and copy its contents into a new topic in the Malware Removal Forum.

http://www.spywarein...hp?showforum=18

Most of what it lists will be harmless or even essential, so don't fix anything yet. Someone will have a look at it as soon as they can (theres a lot of people to help). If you don't have a reply to it in a day or so add a reply yourself with 'bump' in it to move it back to the top of the list. I'd look at it but I'm away for the next week.

The programs you mentioned sound like wintools - it can be cleared. :)

The spyware might be in system restore as well, depending on when it got on your pc, so don't do anthing with it. For info on how system restore works click here.

You don't need to close all programs to download. The only reason to do that is to free up the memory that the computer is using at the time to speed up the process a bit. Your Anti virus and firewall are two programs you want on when you're on the internet. Norton merely scans files for a virus and zonealarm will stop most hidden nasties getting in or out. You do close all programs to install another program - just to avoid a possible confilct during the install.

No question is dumb.
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#3 ScaredNoviceGirl

ScaredNoviceGirl

    Member

  • New Member
  • Pip
  • 4 posts

Posted 25 May 2004 - 02:47 AM

Hi ScaredNoviceGirl.

Don't do anything to your PC just yet. Please do this.

Download 'Hijack This!'. http://www.spywarein.../HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log as a text file, Ctrl-A to Select All, and copy its contents into a new topic in the Malware Removal Forum.

http://www.spywarein...hp?showforum=18

Most of what it lists will be harmless or even essential, so don't fix anything yet. Someone will have a look at it as soon as they can (theres a lot of people to help). If you don't have a reply to it in a day or so add a reply yourself with 'bump' in it to move it back to the top of the list. I'd look at it but I'm away for the next week.

The programs you mentioned sound like wintools - it can be cleared. :)

..... <snip> ...

No question is dumb.


Hello Scoff, thank you so very much for your reply. I especially appreciate you saying that "No question is dumb". :-)

You wrote that you will be gone this week, so you might not see this - but I hope that either you or someone else will reply - because I have another question before I try to do anything.

You wrote that I should download, install and run HiJackThis, do a scan, save log as a text file, and then copy the contents into a new topic in the Malware Removal Forum.

I'd be glad to do this, but I am not sure how to save log as a text file. Is that something a person does in Microsoft Word? Or Notepad or WordPad? (I know how to use Microsoft Word to copy and paste, but I am not familiar with Notepad or WordPad.) What should I do to save the log as a text file?

Also, before I post my Hijack log to the Malware Removal forum, I'm wondering, should I try to download, install and run Ad-Aware and Spybot S&D first? (The reason I ask is because I read the FAQ, and I'm kind of afraid - would people get mad at me if I don't do those things first?)

I must admit that I am really nervous about trying to download, install and run those programs, since I don't feel like I know enough about what I am doing - but I will try to do those things first (Ad-Aware and Spybot) if that is what I'm supposed to do. *** Question: Should I do those things first?

I just want to be careful that I am doing the right thing here in the forums, so I thought I'd better ask first.

Oh, also, thanks for the link that you posted about System Restore. I didn't do a System Restore - I haven't done *anything* to my computer yet. I read that the System Restore only saves the restore points for a certain length of time. This "Wintools" malware search toolbar (or whatever it is called) installed itself on my computer 5 days ago, on May 20th. I don't know if this info is useful for you to know in order to help me, but I thought I should mention it.

Also, may I ask - what is this "Wintools" thing? How dangerous is it? Is it simply a nuisance (like adware) or is it a more major concern (like a phone dialer, or something that would try to get credit card/identify theft info)?

Thanks everyone for your patience and for trying to help me. I sure do appreciate it. I'll wait for a reply to this before I try to do anything.

Sincerely,

ScaredNoviceGirl

#4 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 25 May 2004 - 03:51 AM

No problem. It might be easier to print this all out when you come to do it. Its easier than reading off the screen.

It would indeed help to run both ad-aware and spybot search and destroy, thats something you'd be asked to do while your log is being fixed. If you want to do it - do it before you post your log in the malware forum, otherwise whoever cleans your log will have to manually check all the entries that ad-aware and spybot will already have removed.

Don't worry about downloading Spybot, Adaware or HijackThis - they're safe.

The procedure you should follow.

Download Spybot Search and Destroy from here. Download Adaware from here.

Install Spybot, open it. Its just been upgraded to version 1.3 and is a little different. From memory it will ask if you want to install teatimer (a new feature) - its ok to say yes. then you'll get some first time use instructions to read. After that, Click the Search & Destroy icon in the left pane, then the Check for problems button. When the scan completes, make sure all the items in RED are ticked, then click the Fix Selected Problems button.

Reboot your computer

Install Ad-aware, launch it and configure it as follows. Screenshot instructions are here if needed.

First in the main window look in the bottom right corner and click on Check for updates now and download the latest reference files.

Make sure the following settings are made and on ------- ON = GREEN

From main window : Click Start then Activate in-depth scan (recommended)

Click Use custom scanning options then click Customize and have these options selected: Under Drives and Folders put a check by Scan within archives and below that under Memory and Registry put a check by all the options there.

Now click on the Tweak button in that same window. Under Scanning Engine select Unload recognized processes during scanning and under Cleaning Engine select Let windows remove files in use at next reboot.

Click Proceed to save your settings. Now to scan just click the Next button.

When the scan is finished mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

Reboot your computer.

In windows explorer click on file > new > folder and save it in the c: drive, call it HJT.

Download Hijack this from the link and save it to the folder you just created. In the windows explorer HJT folder, double click on Hijackthis.exe Hit scan. When the scan button changes to save log, you hit that, a window will pop up with hijackthis.log as the saved file name. Just hit the save button and the saved text file will pop up in front of you. Thats everything done. This will be saved automatically in notepad and will be saved in the directory that hijack this is in.

While that log is open press ctrl+a to select all and paste it into your new topic as outlined before in the malware forum. It will be shown as having no replies, thats why someone will look at it and not assume I'm doing it as they would if they looked in this forum and saw that I have replied to you in this thread. You can bump it back to the top of the list as described before if theres no replies after 12-24hrs. I'll check in a week when I'm back from my hols to make sure you've been fixed up.

Huntbar/wintools is an adware nusiance, it provides an internet search tool bar that gives its own results. I think it might also falsify google etc results with its own.

If you're still unsure on how to use any of the programs - post a question.

If dumb questions were a problem here I would have been booted out a long time ago. ;)

Edited by Scoff, 25 May 2004 - 03:52 AM.

Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#5 ScaredNoviceGirl

ScaredNoviceGirl

    Member

  • New Member
  • Pip
  • 4 posts

Posted 27 May 2004 - 08:58 PM

bump

Please note: The person who was helping me (Scoff) is not here this week, according to what he said in his post. (He was very nice and patient and helpful.) But I am stuck and need someone to answer a few questions, please, until he returns and can help me again. Thanks!

I'm sorry - I feel really dumb - but I don't know how to download programs from the internet (like Ad-aware, Spybot S&D, or HijackThis).

I need help, please.

I have spent practically all of my time the last two days trying to search the internet, these forums, and computer books trying find info to learn how to download programs. I didn't want to post this before this because I felt so dumb and afraid to say "I'm sorry, I don't even know how to download a program from the internet". I thought I could figure it out, but I have to admit I'm stuck and don't know what to do.

I do know *where* to download the programs (Ad-aware, Spybot S&D, HijackThis) from - I have the links to them.
And I know that when a person goes to the website to download a program, a person clicks on the "download" link/button.
I also know that when a person *downloads* a program that you don't have to close your other programs (like Norton Antivirus & ZoneAlarm) down first. (That a person only needs to "close programs" when you *install* them. That's what Scoff told me, fortunately. I was confused about that before.)

But what I don't know is:

When I click on the "download link/button", what will happen? What should I do?

Will the programs (Ad-aware, Spybot S&D) ask me where I want to install the program - like to my desktop?

Will the programs (Ad-aware, Spybot S&D) be a zip file?
(I don't have any zip/unzip program on my computer - should I try to download and install WinZip? If so, how do I use that?)

Or will the program be an .exe program?
If it's an .exe program, will it self-install itself automatically when I download it?
If it tries to self-install itself automatically when I download it, won't I have to try to close programs, like my Norton Antivirus and ZoneAlarm? (Wouldn't this leave me unprotected while I'm on the internet then?)

Is it possible for me to download the programs (Ad-aware & Spybot S&D) to someplace I could easily find, like my desktop - but not install them yet?

And then wait until after I have had a chance to get off the internet, and unplug my cable modem (I have Comcast cable internet) - before I try to install the programs - so I don't get infected with any other spyware first?

I have some other questions I want to ask about how to install the programs, but I've just ask these questions about how to download the programs first, and take it one step at a time. <Whew!>

I'm sorry I have to ask these dumb questions. Thanks everyone for your patience. I really appreciate it.

Sincerely,

ScaredNoviceGirl

#6 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 31 May 2004 - 10:00 PM

HI Scarednovicegirl

Back to civilisation...

Its easier to do all of the same tasks in one go, download all programs then install them rather than download one, install it, get back on the internet, download another etc. HJT, Spybot and Ad-aware are all .exe so they don't need unzipped. The exe won't install until you tell it to. It would be a good idea to get winzip as its handy but not vital right now.

When you hit the link to get to the spybot site, scroll down the page until you can see Spybot Search and Destroy at the top of the programs listing. Press the blue 'download now' on the right, this takes you to a page listing sites you can download from. Choose a site (download.com should be fine) and hit the blue 'download now' button next to it. When the new page loads hit the green download button on the left. A box will pop up asking you where you want to save it. Its best to make a folder called 'my programs' or similar and save them into that. Otherwise you may confuse the icons to install the downloaded programs with the icons to use the programs that Spybot and ad-aware will add to the desktop after installation. HJT you need to make a folder for and move HJT into it before using the program as described earlier.

For ad-aware, click the link, in the first paragraph at the top of the page click the red coloured word freeware* it will take you to the bottom of the page where the download.com logo is, click that and it will take you to the download location. Hit the green download button on the left as before.....

The HJT link will bring the popup 'save' box automatically.

In windows explorer, if you can see all 3 programs in 'my programs' and you're happy, close your internet connection and double click on the .exe to install ad-aware and follow the prompts given to you during the install and then the setup instructions i listed before before running the scan. Then do the same for spybot. Screenshot instructions not included before for spybot are here

Then you can run HijackThis and post the log.

Any trouble - keep asking.

Edited by Scoff, 01 June 2004 - 12:27 AM.

Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#7 ScaredNoviceGirl

ScaredNoviceGirl

    Member

  • New Member
  • Pip
  • 4 posts

Posted 07 June 2004 - 02:52 AM

Scoff, thank you so much for your help and your patience.

I really appreciate your detailed, step-by-step instructions. (That is just what I need. :-)

Well - finally! - I downloaded Ad-aware, Spybot S&D, and HijackThis. (It took me a long time to get around to doing it - reason why was combination of fear, procrastination, being busy with other essential things I had to get done, and the fact I stopped smoking this week and therefore my nerves have been on edge.)

So far I have only downloaded the programs, I haven't installed or run the programs yet.

I have a question I'd like to ask before I run the programs, please.

I'm wondering, before I run these programs, - to be on the safe side, in case something went wrong or anything - would it be a good idea for me to create a "startup disk"? And would it be a good idea for me to make a "backup of the registry'? (I don't mean using WinME system restore - instead I mean the kind where a person clicks "Start", "Run", types scanregw, click OK, when prompted to back up the registry, click "yes".)

I hope these don't sound like dumb questions, but I am very afraid of messing around with my registry (in case I accidently do something wrong). And I had always read that before a person does any changes to their registry that they should always back up the registry (in case something goes wrong and they have to restore it). And I'd always read that if a person's computer would not work any other way that they should use a startup disk to get it started.

So, what do you think? Before running these programs: Should I make a startup disk? Should I back up the registry?

Another question: When I install and run these programs (Ad-aware, Spybot, HijackThis) - should I do that in "Safe Mode"? Would that be advisable, or not?

I hope you don't mind me asking these questions. I am just trying to be very careful, because my computer is very important to me, I use it for essential tasks I need to do daily.

Thanks, very much. I hope things are going well for you, Scoff - it sure is nice of you to try to help me with this.

Best wishes,

ScaredNoviceGirl

#8 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 07 June 2004 - 06:24 AM

A startup disk is a must have anyway. You can find instructions on creating one here. There is a function for it in windows ME in add/remove programs.

http://www.computerhope.com/boot.htm

Spybot will make a backup of the registry for you when you install it. The window to do that will pop up when you run it for the first time. You can install the programs in normal mode, no need to boot into safe mode.

Good work - keep off the fags! :zipped:
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky

#9 normajean999

normajean999

    Member

  • New Member
  • Pip
  • 1 posts

Posted 23 June 2004 - 09:57 PM

I have been following this thread, and I just had a question. I too got the wtoolsa crap, and let's just say I know enough about computers to be dangerous. I did try spybot S&D but it didn't remove it. So impatient me, just deleted the wintools folder in current user and local machine of the regedit. It all seems to be fine now, but before doing that I had kept unchecking the wtoolsa instances appearing on the startup tab of msconfig. It got up to 4 of them before I did the regedit and removed it. So now I still have 2 unchecked instances on the startup tab. Do you think this is gone for good now, or should I try something else to make sure. I don't know why that and other programs I have uninstalled still appear in there. Thanks in advance to anyone who takes the time to answer.

Normajean

Edited by normajean999, 23 June 2004 - 10:12 PM.


#10 Scoff

Scoff

    SWI Junkie

  • Retired Staff
  • PipPipPipPip
  • 294 posts

Posted 25 June 2004 - 07:08 PM

Normajean

We try to discourage posting requests in topics started by other people, particularly in the Malware removal forum. Amongst other things, It can mean that you and the original poster can go unanswered. You're much more likley to get an answer in your own thread.

If you're having trouble with programs not uninstalling properly and leaving debris in the registry, post a logfile in the PC Troubleshooting forum and I'll keep an eye out for it. This is because depending onwhich OS you have wintools will do different things and we should be able to see it in the log. If you're on XP its probably registered itself as a service.

Download 'Hijack This!'. http://www.spywarein.../HijackThis.exe
Save it in a convenient permanent folder such as C:\HJT\, double click HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into a new topic in PC Troubleshooting.
Regards
Scoff

We've heard that a million monkeys at a million keyboards could produce the complete works of Shakespeare; now, thanks to the Internet, we know that is not true. - Robert Wilensky




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button