Security Basics mailing list archives

RE: WToolsA / WToolsS

From: LordInfidel () directionweb com
Date: Tue, 6 Jul 2004 07:59:57 -0400

The tool you want to use is:

Manual removal in Safe Mode

**You have found what has been a sticking point with me when it comes to the
smorgasbord of automated tools out there claiming to remove spyware.

A. They can not remove files that are locked by the OS.
B. They are only as good as their database.  (not quite sure how their
database will find dynamically generate reg keys and files.

Hence the spyware never goes away, no matter how many times you run the
tool(s).  

Manually removing the spyware files and registry key's, while in Safe Mode,
is the only effective way to permanently remove them.  But this does take
some investigative work.

LordInfidel

-----Original Message-----
From: Allan [mailto:larsmith () tds net]
Sent: Friday, July 02, 2004 10:15 AM
To: security-basics () securityfocus com
Subject: WToolsA / WToolsS


Anyone here have any experience with WToolsA and/or WToolsS ?

I noticed, in the RUN folder on a WXP PC, an entry involving WinTools.
Deleted the entry. Closed the RUN folder, opened it again and the entry was
right back there.

Didn't surprise me when I deleted the WinTools folder on the PC and got an
"access denied" error, stating that the program / folder contents were in
use.

Nor did it surprise me when I did Ctrl-Alt-Del and went to the Processes
tab, that I saw WToolsA running.  When I tried to "End Process", it came
right back up.  Same with WToolsS.

Anyone know of any effective tools for removing it ?

Farz I know, it's ad/spyware but even the latest of Ad-Aware and SpyBot
didn't even notice / remove the problem.

Allan Smith, NCAA, NDAA


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

WToolsA / WToolsS Allan (Jul 05)
- Re: WToolsA / WToolsS Brian Shaw (Jul 06)
- Re: WToolsA / WToolsS Michael Painter (Jul 06)
- RE: WToolsA / WToolsS Tony (Jul 06)
- RE: WToolsA / WToolsS Dave Dyer (Jul 06)
  - Re: WToolsA / WToolsS Ansgar -59cobalt- Wiechers (Jul 07)
  - Re: WToolsA / WToolsS Michael Painter (Jul 07)
- Re: WToolsA / WToolsS jpc (Jul 06)
- <Possible follow-ups>
- RE: WToolsA / WToolsS LordInfidel (Jul 06)
  - Re: WToolsA / WToolsS Kenny (Jul 07)
- WToolsA / WToolsS Allan (Jul 07)