|
Win-Tools
Overview
Win-Tools's official name is "Win-Tools Easy Installer",
and is published by IBIS LLC.
Win-Tools's official description:
"Win-Tools assists users finding information with the delivery of contextually-based
information relating to subjects and topics of personal interest."
Win-Tools installs a
Browser Helper Object, a URLSearchHook
and its files, WToolsA.exe, WSup.exe, WToolsS.exe and WToolsB.dll,
are stored in "%ProgramsDir%\Common files\WinTools\". WSup.exe is hidden.
Note: %ProgramsDir% is a variable (?). By default, this is C:\Program Files.
Note: The analysis on this page is based on WSup.exe version 1.1.0.4, WToolsS.exe version 1.0.3.6,
WToolsA.exe version 1.1.04 and WToolsB.dll version 1.1.0.4, if not otherwise stated.
These files' properties does not
contain any information about the vendor. Some
use "Internet Explorer" as their description
and the Internet Explorer icon. ZoneAlarm, a widely used
firewall, uses this information to inform which programs that have accessed
the internet. This screenshot of the ZoneAlarm dialog
shows five programs that all seem to be the Internet Explorer browser. However, the
first Internet Explorer entry is the real Internet Explorer browser, the other
four are files part of the Win-Tools software. ZoneAlarm's online
service that offers more information about programs connecting to the internet
uses the file's description as these
screenshots shows when WToolsA.exe connects to
the internet [1]
[2].
An average user will probably
have difficulties to determine what Win-Tools does, where to find more information about it,
who the vendors is and how to uninstall it. Some will probably think it is the Internet Explorer
browser. If you look inside the files with a hex
editor you will see the following URLs and domain names:
websearch.com
adwave.com
http://as.adwave.com/as.asmx/SrchKeys?
af_id=%af_id%&kw=%keywords%&dom=%new_dom%&TUID=%tuid%
&c_hist=%c_hist%&cookies=%cookies%&r_ip=
http://download.websearch.com/as2 config.asmx/GetXML?TbId=%tb_id%
&TUID=%tuid%&v_lst=%cfg_v_lst% &AIs=%enable_autoinst%
&ASs=%enable_ads%&tsks_s=%cfg_tsks_s%&tsk_h=%cfg_tsk_h%
&max_id=%cfg_max_id%&srv_v=%cfg_srv_v%&stats=%cfg_stats%
&q_res=%cfg_q_res%
http://download.websearch.com/TbStatInstLog.asmx/SetStatus? TbId=%tb_id%
&Modul=ASV2_EXE_IN&TUID=%tuid% &Info=SearchInstall&sdate=%idate%
&stime=%itime%
http://www.win-tools.com/
http://download.websearch.com/dnl/T_50024/WinTA.cab
http://sr.websearch.com/as.aspx?q=#autosearch#&t=%tb_id%
The following message is also located inside the files:
"Do you want to install and run free plugin to optimize Internet Explorer
including Web Search Tools; once you agree to the Licence Terms and Privacy
Policy (http://www.websearch.com/legal/Terms.aspx) - click YES to CONTINUE"
Classification
Adware
Distribution
Win-Tools is included in 13% of the
Websearch Toolbar distributions,
according to a statement made the 7th of April 2005 by an IBIS representative.
Files
WToolsA.exe, WSup.exe, WToolsS.exe, WToolsB.dll, WTuninst.exe
If you have any of the files related to Win-Tools on your system,
please send them
for additional analysis. Generally, I have only analysed a
few versions for each software component listed at this web site. With your help I
will be able to look at both old and more recent versions of the Win-Tools software.
Thank you very much for your time!
Log references
Log 283
Log 286
Vendor
IBIS LLC, websearch.com, win-tools.com, contact@ibisit.com
End User License Agreement
http://www.websearch.com/legal/Terms.aspx ?
Privacy policy
http://www.websearch.com/legal/privacy.aspx ?
Naming history
Win-Tools has previously been called Bubba.wintools. This
change has been made upon IBIS LLC's request.
Alias
WinTools Trojan [Microsoft Antispyware],
IBIS Toolbar [AdAdware],
HuntBar [Spybot Search & Destroy],
Win32:Adan-025 [Avast],
Adware.Searchbar-24 [ClamAV],
W32/Winloot-tr [Fortinet],
AdWare.Wintol.aa, AdWare.Wintol.y, Trojan-Downloader.Win32.Wintool.f [Kaspersky Anti-Virus],
.Websearch.P [mks_vir],
AdWare.Wintol.aa, Adware.Wintol, Trojan-Downloader.Win32.Wintool.f [VBA32],
ADW_WINSTOOL.A, ADW_WSEARCH.109 [Trendmicro],
Adware.Huntbar, Adware.Websearch [Norton AntiVirus],
IBIS Toolbar [eTrust]
Detection
Bazooka Adware and Spyware Scanner detects Win-Tools.
Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and
other potentially unwanted applications.
Read more »
Uninstall procedure
Uninstall Win-Tools from "Add/Remove Programs" in the Windows® Control Panel. Look for entries called 'Win-Tools Easy Installer'
or 'WinTools Easy Installer (by WebSearch)'. If you
run into problems uninstalling Win-Tools,
please contact the vendor at contact@ibisit.com for
advise.
Uninstall Win-Tools with FreeFixer
I'm working on a general purpose tool for removing unwanted software.
The tool is called FreeFixer
and can help you remove unwanted Browser Helper Objects, Internet Explorer toolbars
and software that starts automatically when you reboot your computer, so it can offer some
assistance while uninstalling Win-Tools. The manual removal instructions
listed below will help you to identify what to delete with
FreeFixer.
Read more about FreeFixer.
Manual removal
Please follow the instructions below if you would like to remove Win-Tools manually. Please
notice that you must follow the instructions very carefully and delete everything that is mentioned. In most
cases the removal will fail if one single item is not deleted. If Win-Tools remains on your system
after stepping through the removal instructions, please double-check by stepping through them again.
-
Start your computer in safe mode.
-
Start the registry editor. This is done by clicking Start then Run.
(The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
- Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
- In the right pane, delete the value called 'WinTools', if it exists.
- Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunOnce'
- In the right pane, delete the value called 'WinTools', if it exists.
- Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServices'
- In the right pane, delete the value called 'WinTools', if it exists.
- Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ RunServicesOnce'
- In the right pane, delete the value called 'WinTools', if it exists.
- Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Classes \ CLSID \ {87766247-311C-43B4-8499-3D5FEC94A183}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer\Browser Helper Objects \ {87766247-311C-43B4-8499-3D5FEC94A183}', if it exists.
- Delete 'HKEY_LOCAL_MACHINE\SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Uninstall \ WinTools', if it exists.
- Exit the registry editor.
-
Start Windows Explorer and delete:
%ProgramsDir%\Common files\WinTools\WToolsA.exe
%ProgramsDir%\Common files\WinTools\WSup.exe
%ProgramsDir%\Common files\WinTools\WToolsS.exe
%ProgramsDir%\Common files\WinTools\WToolsB.dll
Note: %ProgramsDir% is a variable (?). By default, this is C:\Program Files.
Problems uninstalling? Click here.
I'm looking for your help!
Thank you for using my site, I hope you find it useful. I'm looking
for help from all users, please read more.
Contact information for Win-Tools's vendor
In order to provide correct, accurate and updated information about Win-Tools
I encourage the vendor to contact me if any part of this write-up
needs a revision.
Related links |
|
Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!
The File Database - Search the file database for more information. Free!
PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!
Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.
|
|
|