Re: WToolsA / WToolsS

[jpc <jeempc () sbcglobal net>]

Allan wrote:

> Anyone here have any experience with WToolsA and/or WToolsS ?
>
> I noticed, in the RUN folder on a WXP PC, an entry involving WinTools. Deleted the entry. Closed the RUN folder, opened 
> it again and the entry was right back there.
>
> Didn't surprise me when I deleted the WinTools folder on the PC and got an "access denied" error, stating that the 
> program / folder contents were in use.
>
> Nor did it surprise me when I did Ctrl-Alt-Del and went to the Processes tab, that I saw WToolsA running.  When I tried to 
> "End Process", it came right back up.  Same with WToolsS.
>
> Anyone know of any effective tools for removing it ?
>
> Farz I know, it's ad/spyware but even the latest of Ad-Aware and SpyBot didn't even notice / remove the problem.
>
> Allan Smith, NCAA, NDAA
>
>  
It is actually running as a service. Go to services.msc and disable it. 
The find the program folder, I think it's in common files and deny 
everyone access. Then get rid of the registry files.
Reboot. Give the administrator write permissions to the folder and 
delete it.
Jeem

>  


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------