Security Basics mailing list archives

RE: WToolsA / WToolsS

From: "Tony" <tony () biznetzone net>
Date: Tue, 6 Jul 2004 08:50:16 -0500

I ran into the same problem on my girlfriend's lappie. I fixed it by booting
into Safe Mode w/ Command Prompt and deleting the WinTools folder (under
Program Files/Common Files for me, on XP).

Note that you'll have to do an "attrib -r -h /s /d <wintools_folder>" at the
command prompt because some if not all of the files are read-only and
hidden. A "del /f" did not remove the files, even though it should have.

Cheers,

- Tony


-----Original Message-----
From: Allan [mailto:larsmith () tds net]
Sent: Friday, July 02, 2004 9:15 AM
To: security-basics () securityfocus com
Subject: WToolsA / WToolsS


Anyone here have any experience with WToolsA and/or WToolsS ?

I noticed, in the RUN folder on a WXP PC, an entry involving WinTools.
Deleted the entry. Closed the RUN folder, opened it again and the entry was
right back there.

Didn't surprise me when I deleted the WinTools folder on the PC and got an
"access denied" error, stating that the program / folder contents were in
use.

Nor did it surprise me when I did Ctrl-Alt-Del and went to the Processes
tab, that I saw WToolsA running.  When I tried to "End Process", it came
right back up.  Same with WToolsS.

Anyone know of any effective tools for removing it ?

Farz I know, it's ad/spyware but even the latest of Ad-Aware and SpyBot
didn't even notice / remove the problem.

Allan Smith, NCAA, NDAA


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

WToolsA / WToolsS Allan (Jul 05)
- Re: WToolsA / WToolsS Brian Shaw (Jul 06)
- Re: WToolsA / WToolsS Michael Painter (Jul 06)
- RE: WToolsA / WToolsS Tony (Jul 06)
- RE: WToolsA / WToolsS Dave Dyer (Jul 06)
  - Re: WToolsA / WToolsS Ansgar -59cobalt- Wiechers (Jul 07)
  - Re: WToolsA / WToolsS Michael Painter (Jul 07)
- Re: WToolsA / WToolsS jpc (Jul 06)
- <Possible follow-ups>
- RE: WToolsA / WToolsS LordInfidel (Jul 06)
  - Re: WToolsA / WToolsS Kenny (Jul 07)
- WToolsA / WToolsS Allan (Jul 07)