WinToolsA -- A Very Special Problem

Discussion in 'Malware Help (A Specialist Will Reply)' started by Josu, Feb 12, 2005.

  1. Josu

    Josu Private E-2

    Hey, so I've been trying for the last 4 hours to remove WinToolsA and TBMP.exe from my computer with no success. Here's the lowdown --

    When I try to go into Safe Mode, my computer resets 2 seconds after getting to the login screen.

    When I try to remove them from the Registry, they reappear seconds later.

    I can't remove them from my running processes list, because "I don't have authorization"... I'm a supervisor! :mad:

    SpyBot won't find them, and HijackThis has an illegal operation shortly after starting its scan. Ad-Aware won't find them, either.

    I've tried using Resident to blacklist them, but for some reason they keep coming back. I've also tried using BCWipe to totally wipe them from the system, but that won't work until they're not a running process. And even when I tell it to wipe on startup, WinToolsA gets the jump on it and starts before BCWipe does!

    I'm at the end of my rope. I can't even post a HijackThis file because it won't run! What the **** to I do?

    Furiously,
    Josu
     
    Josu, Feb 12, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Try to do as much as you can from the below sticky thread. If you cannot run the stuff in safe mode, then run it in normal boot mode. Just tell us what you did.

    You said "I'm a supervisor" did you mean your an Administrator? Are you sure you have Administrator priviledges?

    First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


    After doing ALL of the above if you still have a problem:

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
    chaslang, Feb 12, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds