Program Lockup (Wintools)

A

AndyManchesta

Wintools can be a nightmare to remove because there are
three executables running at startup including one hidden
one and one running as a Windows service . These
processes interact to stop each other from being killed,
preventing removal of the software,



Try this fix by symantec

http://securityresponse.symantec.com/avcenter/FxWebsch.exe


Save to desktop.open and double click to run a scan,Run
the remover in safe mode

Also run MS Antispy in safe mode and see if it clears
Wintools after using the remover.If it does you can
ignore the manual removal and just check the add/remove
screen & use Ccleaner to clean up.


Check Add/remove screen for these and remove if found:

Toolbar
WinTools
WebOffer
Web Search Toolbar
Win-Tools Easy Installer



Manual Removal : (If you need to remove the manually copy
this to notepad and save it so you can still use it in
safe mode)


WinTools cannot be removed in normal mode because of each
of the three processes, plus a BHO, keep each other alive
when you try to stop them. So you will need to use Safe
Mode.

To get to Safe Mode, press the F8 key just as Windows is
about to boot. keep tapping F8 as the machine boots until
the menu appears.


Open the registry

click Start, choose Run, enter

regedit

and find the key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on.

Select the subkey 'Run' and delete these if found in the
right pane:

WinTools
TB_setup
TBPS




Next, select the subkey 'Explorer\Browser Helper
Objects', delete this subkey


{87766247-311C-43B4-8499-3D5FEC94A183}


find the key


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and
delete the WinToolsSvc subkey.

To clean up, delete

WinTools

in the Software subkey of both HKEY_LOCAL_MACHINE and
HKEY_CURRENT_USER.

you can also delete the keys inside
HKEY_CLASSES_ROOT\CLSID with numbers

{26E8361F-BCE7-4F75-A347-98C88B418322} and
{87067F04-DE4C-4688-BC3C-4FCF39D609E7}

Inside HKEY_CLASSES_ROOT\PROTOCOLS, the Name-Space
Handler\res\WToolsB.ResProtocol key can also go.

Next, open

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\Installer\UserData and delete the

AUI
STO
TUID

subkeys if found



Reboot normally.


Open a DOS command prompt window

(from Start->Programs->Accessories), and enter the
following commands.

First Copy & Paste the first line in and press enter
then copy and paste the other lines in pressing enter
after each one the second part is one command from regsvr
to .dll"

1st.


cd "%WinDir%\System"


2nd.


regsvr32 /u "\Program Files\Common
Files\WinTools\WToolsB.dll"


3rd.


regsvr32 /u "\Program Files\Common
Files\WinTools\btiein.dll"


4th.


regsvr32 /u "\Program Files\Toolbar\toolbar.dll"



File deletion


Having done this you can reboot the machine and delete
the files. Open the 'Common Files' folder inside
Program Files. delete 'WinTools'.


Go back to the Program Files folder and delete

Toolbar



Finally reset your search and home pages back to normal
(Tools->Internet Options->Programs->Reset Web Settings).


Download Ccleaner and run on all 3 settings
(windows,applications & Issues) and remove anything found

Ccleaner:

http://download.ccleaner.com/download119bin.asp


Let me know if you need any help,Hopefully the remover
will clear this for you to save alot of reg work.



Andy
 
R

rsullum

-----Original Message-----

Wintools can be a nightmare to remove because there are
three executables running at startup including one hidden
one and one running as a Windows service . These
processes interact to stop each other from being killed,
preventing removal of the software,



Try this fix by symantec

http://securityresponse.symantec.com/avcenter/FxWebsch.exe


Save to desktop.open and double click to run a scan,Run
the remover in safe mode

Also run MS Antispy in safe mode and see if it clears
Wintools after using the remover.If it does you can
ignore the manual removal and just check the add/remove
screen & use Ccleaner to clean up.


Check Add/remove screen for these and remove if found:

Toolbar
WinTools
WebOffer
Web Search Toolbar
Win-Tools Easy Installer



Manual Removal : (If you need to remove the manually copy
this to notepad and save it so you can still use it in
safe mode)


WinTools cannot be removed in normal mode because of each
of the three processes, plus a BHO, keep each other alive
when you try to stop them. So you will need to use Safe
Mode.

To get to Safe Mode, press the F8 key just as Windows is
about to boot. keep tapping F8 as the machine boots until
the menu appears.


Open the registry

click Start, choose Run, enter

regedit

and find the key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi
on.

Select the subkey 'Run' and delete these if found in the
right pane:

WinTools
TB_setup
TBPS




Next, select the subkey 'Explorer\Browser Helper
Objects', delete this subkey


{87766247-311C-43B4-8499-3D5FEC94A183}


find the key


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services and
delete the WinToolsSvc subkey.

To clean up, delete

WinTools

in the Software subkey of both HKEY_LOCAL_MACHINE and
HKEY_CURRENT_USER.

you can also delete the keys inside
HKEY_CLASSES_ROOT\CLSID with numbers

{26E8361F-BCE7-4F75-A347-98C88B418322} and
{87067F04-DE4C-4688-BC3C-4FCF39D609E7}

Inside HKEY_CLASSES_ROOT\PROTOCOLS, the Name-Space
Handler\res\WToolsB.ResProtocol key can also go.

Next, open

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersi
on\Installer\UserData and delete the

AUI
STO
TUID

subkeys if found



Reboot normally.


Open a DOS command prompt window

(from Start->Programs->Accessories), and enter the
following commands.

First Copy & Paste the first line in and press enter
then copy and paste the other lines in pressing enter
after each one the second part is one command from regsvr
to .dll"

1st.


cd "%WinDir%\System"


2nd.


regsvr32 /u "\Program Files\Common
Files\WinTools\WToolsB.dll"


3rd.


regsvr32 /u "\Program Files\Common
Files\WinTools\btiein.dll"


4th.


regsvr32 /u "\Program Files\Toolbar\toolbar.dll"



File deletion


Having done this you can reboot the machine and delete
the files. Open the 'Common Files' folder inside
Program Files. delete 'WinTools'.


Go back to the Program Files folder and delete

Toolbar



Finally reset your search and home pages back to normal
(Tools->Internet Options->Programs->Reset Web Settings).


Download Ccleaner and run on all 3 settings
(windows,applications & Issues) and remove anything found

Ccleaner:

http://download.ccleaner.com/download119bin.asp


Let me know if you need any help,Hopefully the remover
will clear this for you to save alot of reg work.



Andy


.
I got to the registry directions and needed to
Click to expand...
select "Permissions" and enter the administrator to delete
the Wintools entries. I did a "find next" till I had
deleted all entries. I then ran Microsoft spyware and the
the Wintools Trojan was removed from the registry scan and
the scan completed successfully for the first time.

Thank for the help. I going to go back now finish cleaning
up with the rest of your directions.
 
A

AndyManc

Good Work !

Now its clearing the Wintools entry running a full scan
in safe mode may remove anything else that's left to save
you some work but unregister the files anyway and check
for any folders that remain after running the removal
tool


All the best


Andy
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Software hangs when it reaches the key "HKEY_Local_Machine\Software\BTIEIN 1
WinTools Lockup 2
WinTools stops MSAP 9
Wintools 4
always finds same program. 1
Freezing at the same place 10
WD fails to remove WinTools 1
WinTools 1

Top