Tom,
Try this solution from MVP Mike Maltby:
- - -
wtoolsa.exe is malware and appears to be a new member of the IBIS
Toolbar family
(
http://www.pestpatrol.com/PestInfo/i/ibis_toolbar.asp) or even a
variant of the CoolWebSearch parasite. It certainly doesn't form a
part of the Win Me operating system. One install mechanism it uses
is if you choose to install the toolbar from xxx.websearch.com
Boot to Safe Mode, open MSConfig (Start, Run, enter MSConfig in the
box and click OK), open the Startup tab and uncheck the entry being
used to launch wstoolsa.exe, possibly labelled something like
WinTools as well as any entries
referring to wtoolsb.dll, wsup.exe and tb_setup.exe.
Browse to and delete the contents of your C:\Windows\Temp folder and
also clear you Temporary Internet Files (Internet Options | General
| Delete Files
and ensure that you check the box "Delete all offline content", then
click OK
and Apply.
Now check Add/Remove Programs and uninstall any entry for WinTools.
You should also delete the entire Wintools folder which is probably
located as a sub-folder in C:\Program Files\Common Files or
alternatively in C:\Windows\System. Check for and delete all copies
of wtoolsa.exe, wtoolsb.dll, wsup.exe and tb_setup.exe.
Now reboot back into Normal Mode and check your system for commercial
parasites.
This might be a good time to download yourself a copy
of the free Ad-Aware 6.0 from Lavasoft
(
http://www.lavasoftusa.com/software/adaware/) and also SpyBot
(
http://www.safer-networking.org/) and scan your system for and
remove all unwanted parasites, adware and spyware that might be
hiding on your PC.
I would suggest you download and run merijn's CWShredder which
targets the CoolWebSearch parasite. CWShredder can be downloaded from
(
http://www.zerosrealm.com/downloads/CWShredder.zip or
http://www.spywareinfo.com/~merijn/files/cwshredder.zip). Details
of the many
forms of the CoolWebSearch hijacker can be found at
http://www.spywareinfo.com/~merijn/cwschronicles.html and also
http://www.pestpatrol.com/pestinfo/c/cws.asp.
If you continue to have problems download a copy of HijackThis from
http://www.spywareinfo.com/~merijn/downloads.html). Create a folder
called hijackthis on C: and copy the file you downloaded to that
folder. Close as many applications as you can including all
instances of Internet Explorer and
then run hijackthis.exe and post back the log, provided that it
isn't too long, to this thread, otherwise to the HijackThis Forum at
http://www.spywareinfo.com/forums/ and hopefully this will enable
someone to identify the cause of your problem.
Possible entries in the HiJackThis log to remove include:
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common
files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common
files\WinTools\WToolsA.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products
Installer
Start) -
http://imgfarm.com/images/nocache/funwe....0.0.5.cab
- - - - -
Or... a google search on wtoolsa will return some useful results.
Hope this helps,
Don
--
MVP IE/OE
Please reply to the newsgroup so that others may participate.
"Tom C" <TomC[at]discussions.microsoft.com> wrote in message
Not sure if this is IE related but it seems most of the errors I'm
experiencing are. The Dial Up Connection window automatically
appears when I start Windows98. The following error appears after
closing the Connection window.
Wtoolsa: This program has performed an illegal operation and will
be shut
down.
This messages keeps reappearing after responding ok. Any help will
be
appreciated.
