G
Guest
Is there a way to remove BTIEIN spyware.
MS Anti Spyware is hanging when scanning BTIEIN registry
entry.
MS Anti Spyware is hanging when scanning BTIEIN registry
entry.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
A
Andre Da Costa
Send a suspected spyware report from the Tools Menu, restart in safe mode,
open Microsoft AntiSpyware, on the scan page choose scan options > full
system scan (check boxes below) and click "Run Scan Now"
Restart in Safe Mode instructions:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx
If those don't work, here is some additional information from eTrust:
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076514
http://www3.ca.com/securityadvisor/pest/Pest.aspx?id=453077909
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
open Microsoft AntiSpyware, on the scan page choose scan options > full
system scan (check boxes below) and click "Run Scan Now"
Restart in Safe Mode instructions:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx
If those don't work, here is some additional information from eTrust:
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453076514
http://www3.ca.com/securityadvisor/pest/Pest.aspx?id=453077909
--
Andre
Extended64 | http://www.extended64.com
Blog | http://www.extended64.com/blogs/andre
http://spaces.msn.com/members/adacosta
FAQ for MS AntiSpy http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm
A
AndyManchesta
Try this fix too by symantec for this
http://securityresponse.symantec.com/avcenter/FxWebsch.exe
Save to desktop.open and run a scan (also run this fix
tool in safe mode reboot and keep tapping F8 untill you
see the option page,then choose safe mode)
Run the above remover & MS Antispy in safe mode .
Check Add/remove screen for these and remove if found:
Toolbar
WinTools
WebOffer
Web Search Toolbar
Win-Tools Easy Installer
Manual Removal :
(If you need to remove this manually copy
this to notepad and save it so you can still use it in
safe mode)
WinTools cannot be removed in normal mode because of each
of the three processes, plus a BHO, keep each other alive
when you try to stop them. So you will need to use Safe
Mode.
To get to Safe Mode, press the F8 key just as Windows is
about to boot. keep tapping F8 as the machine boots until
the menu appears.
Open the registry
click Start, choose Run, enter
regedit
and find the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on.
Select the subkey 'Run' and delete the
'WinTools'
'TB_setup'
'TBPS' entry on the right if any exist
Next, select the subkey 'Explorer\Browser Helper
Objects', delete the subkey with the name
{87766247-311C-43B4-8499-3D5FEC94A183}
find the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and
delete the WinToolsSvc subkey.
To clean up, delete
WinTools
in the Software subkey of both HKEY_LOCAL_MACHINE and
HKEY_CURRENT_USER.
you can also delete the keys inside
HKEY_CLASSES_ROOT\CLSID with numbers
{26E8361F-BCE7-4F75-A347-98C88B418322} and
{87067F04-DE4C-4688-BC3C-4FCF39D609E7}
Inside HKEY_CLASSES_ROOT\PROTOCOLS, the Name-Space
Handler\res\WToolsB.ResProtocol key can also go.
Next, open
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\Installer\UserData and delete the
'AUI'
'STO'
'TUID' entries if found
Reboot normally.
Open a DOS command prompt window
(from Start->Run>and Type cmd ), and enter the
following commands.
First Copy & Paste the first line in and press enter
then copy and paste the other lines in pressing enter
after each one the second part is one command from regsvr
to .dll"
cd "%WinDir%\System"
regsvr32 /u "\Program Files\Common
Files\WinTools\WToolsB.dll"
regsvr32 /u "\Program Files\Common
Files\WinTools\btiein.dll"
regsvr32 /u "\Program Files\Toolbar\toolbar.dll"
File deletion
Having done this you can reboot the machine and delete
the files. Open the 'Common Files' folder inside
Program Files. delete 'WinTools'.
Go back to the Program Files folder and delete
Toolbar
Other traces
You can also open 'Downloaded Program Files' in the
Windows folder and delete the entries
{8A05273A-2EA5-42DE-AA75-59EA7D9D50D7}
{59450DB0-341D-4436-B380-B8377D8B6796}
{D6E66235-7AA6-44ED-A06C-6F2033B1D993}
{26E8361F-BCE7-4F75-A347-98C88B418322}
if found.
Finally reset your search and home pages back to normal
(Tools->Internet Options->Programs->Reset Web Settings).
All The Best
Andy
http://securityresponse.symantec.com/avcenter/FxWebsch.exe
Save to desktop.open and run a scan (also run this fix
tool in safe mode reboot and keep tapping F8 untill you
see the option page,then choose safe mode)
Run the above remover & MS Antispy in safe mode .
Check Add/remove screen for these and remove if found:
Toolbar
WinTools
WebOffer
Web Search Toolbar
Win-Tools Easy Installer
Manual Removal :
(If you need to remove this manually copy
this to notepad and save it so you can still use it in
safe mode)
WinTools cannot be removed in normal mode because of each
of the three processes, plus a BHO, keep each other alive
when you try to stop them. So you will need to use Safe
Mode.
To get to Safe Mode, press the F8 key just as Windows is
about to boot. keep tapping F8 as the machine boots until
the menu appears.
Open the registry
click Start, choose Run, enter
regedit
and find the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on.
Select the subkey 'Run' and delete the
'WinTools'
'TB_setup'
'TBPS' entry on the right if any exist
Next, select the subkey 'Explorer\Browser Helper
Objects', delete the subkey with the name
{87766247-311C-43B4-8499-3D5FEC94A183}
find the key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and
delete the WinToolsSvc subkey.
To clean up, delete
WinTools
in the Software subkey of both HKEY_LOCAL_MACHINE and
HKEY_CURRENT_USER.
you can also delete the keys inside
HKEY_CLASSES_ROOT\CLSID with numbers
{26E8361F-BCE7-4F75-A347-98C88B418322} and
{87067F04-DE4C-4688-BC3C-4FCF39D609E7}
Inside HKEY_CLASSES_ROOT\PROTOCOLS, the Name-Space
Handler\res\WToolsB.ResProtocol key can also go.
Next, open
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\Installer\UserData and delete the
'AUI'
'STO'
'TUID' entries if found
Reboot normally.
Open a DOS command prompt window
(from Start->Run>and Type cmd ), and enter the
following commands.
First Copy & Paste the first line in and press enter
then copy and paste the other lines in pressing enter
after each one the second part is one command from regsvr
to .dll"
cd "%WinDir%\System"
regsvr32 /u "\Program Files\Common
Files\WinTools\WToolsB.dll"
regsvr32 /u "\Program Files\Common
Files\WinTools\btiein.dll"
regsvr32 /u "\Program Files\Toolbar\toolbar.dll"
File deletion
Having done this you can reboot the machine and delete
the files. Open the 'Common Files' folder inside
Program Files. delete 'WinTools'.
Go back to the Program Files folder and delete
Toolbar
Other traces
You can also open 'Downloaded Program Files' in the
Windows folder and delete the entries
{8A05273A-2EA5-42DE-AA75-59EA7D9D50D7}
{59450DB0-341D-4436-B380-B8377D8B6796}
{D6E66235-7AA6-44ED-A06C-6F2033B1D993}
{26E8361F-BCE7-4F75-A347-98C88B418322}
if found.
Finally reset your search and home pages back to normal
(Tools->Internet Options->Programs->Reset Web Settings).
All The Best
Andy
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.