If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
wtoolsa error
I keep getting 'wtoolsa has caused an errorin KERNEL
32.DLL.' can anyone help me? What is this, what causes it and what can I do to fix it? Thanks! |
#2
|
|||
|
|||
wtoolsa error
Did you read any of the many replies that have been posted to those with this
problem? wtoolsa.exe is malware and appears to be a new member of the IBIS Toolbar family (http://www.pestpatrol.com/PestInfo/i/ibis_toolbar.asp) or even a variant of the CoolWebSearch parasite. It certainly doesn't form a part of the Win Me operating system. One install mechanism it uses is if you choose to install the toolbar from xxx.websearch.com Boot to Safe Mode, open MSConfig (Start, Run, enter MSConfig in the box and click OK), open the Startup tab and uncheck the entry being used to launch wstoolsa.exe, possibly labelled something like WinTools as well as any entries referring to wtoolsb.dll, wsup.exe and tb_setup.exe. Browse to and delete the contents of your C:\Windows\Temp folder and also clear you Temporary Internet Files (Internet Options | General | Delete Files and ensure that you check the box "Delete all offline content", then click OK and Apply. Now check Add/Remove Programs and uninstall any entry for WinTools. You should also delete the entire Wintools folder which is probably located as a sub-folder in C:\Program Files\Common Files or alternatively in C:\Windows\System. Check for and delete all copies of wtoolsa.exe, wtoolsb.dll, wsup.exe and tb_setup.exe. Now reboot back into Normal Mode and check your system for commercial parasites. This might be a good time to download yourself a copy of the free Ad-Aware 6.0 from Lavasoft (http://www.lavasoftusa.com/software/adaware/) and also SpyBot (http://www.safer-networking.org/) and scan your system for and remove all unwanted parasites, adware and spyware that might be hiding on your PC. I would suggest you download and run merijn's CWShredder which targets the CoolWebSearch parasite. CWShredder can be downloaded from (http://www.zerosrealm.com/downloads/CWShredder.zip or http://www.spywareinfo.com/~merijn/files/cwshredder.zip). Details of the many forms of the CoolWebSearch hijacker can be found at http://www.spywareinfo.com/~merijn/cwschronicles.html and also http://www.pestpatrol.com/pestinfo/c/cws.asp. If you continue to have problems download a copy of HijackThis from http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called hijackthis on C: and copy the file you downloaded to that folder. Close as many applications as you can including all instances of Internet Explorer and then run hijackthis.exe and post back the log, provided that it isn't too long, to this thread, otherwise to the HijackThis Forum at http://www.spywareinfo.com/forums/ and hopefully this will enable someone to identify the cause of your problem. Possible entries in the HiJackThis log to remove include: O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwe....0.0.5.cab --? Mike Maltby MS-MVP Kathleen wrote: I keep getting 'wtoolsa has caused an errorin KERNEL 32.DLL.' can anyone help me? What is this, what causes it and what can I do to fix it? Thanks! |
#3
|
|||
|
|||
wtoolsa error
I see your 'copy and paste' buttons are still working, Mike. You are, no
doubt, a patient and kind man.......my hat is off to you. Heirloom, old and gets tired for you "Mike M" wrote in message ... Did you read any of the many replies that have been posted to those with this problem? wtoolsa.exe is malware and appears to be a new member of the IBIS Toolbar family (http://www.pestpatrol.com/PestInfo/i/ibis_toolbar.asp) or even a variant of the CoolWebSearch parasite. It certainly doesn't form a part of the Win Me operating system. One install mechanism it uses is if you choose to install the toolbar from xxx.websearch.com Boot to Safe Mode, open MSConfig (Start, Run, enter MSConfig in the box and click OK), open the Startup tab and uncheck the entry being used to launch wstoolsa.exe, possibly labelled something like WinTools as well as any entries referring to wtoolsb.dll, wsup.exe and tb_setup.exe. Browse to and delete the contents of your C:\Windows\Temp folder and also clear you Temporary Internet Files (Internet Options | General | Delete Files and ensure that you check the box "Delete all offline content", then click OK and Apply. Now check Add/Remove Programs and uninstall any entry for WinTools. You should also delete the entire Wintools folder which is probably located as a sub-folder in C:\Program Files\Common Files or alternatively in C:\Windows\System. Check for and delete all copies of wtoolsa.exe, wtoolsb.dll, wsup.exe and tb_setup.exe. Now reboot back into Normal Mode and check your system for commercial parasites. This might be a good time to download yourself a copy of the free Ad-Aware 6.0 from Lavasoft (http://www.lavasoftusa.com/software/adaware/) and also SpyBot (http://www.safer-networking.org/) and scan your system for and remove all unwanted parasites, adware and spyware that might be hiding on your PC. I would suggest you download and run merijn's CWShredder which targets the CoolWebSearch parasite. CWShredder can be downloaded from (http://www.zerosrealm.com/downloads/CWShredder.zip or http://www.spywareinfo.com/~merijn/files/cwshredder.zip). Details of the many forms of the CoolWebSearch hijacker can be found at http://www.spywareinfo.com/~merijn/cwschronicles.html and also http://www.pestpatrol.com/pestinfo/c/cws.asp. If you continue to have problems download a copy of HijackThis from http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called hijackthis on C: and copy the file you downloaded to that folder. Close as many applications as you can including all instances of Internet Explorer and then run hijackthis.exe and post back the log, provided that it isn't too long, to this thread, otherwise to the HijackThis Forum at http://www.spywareinfo.com/forums/ and hopefully this will enable someone to identify the cause of your problem. Possible entries in the HiJackThis log to remove include: O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwe....0.0.5.cab --? Mike Maltby MS-MVP Kathleen wrote: I keep getting 'wtoolsa has caused an errorin KERNEL 32.DLL.' can anyone help me? What is this, what causes it and what can I do to fix it? Thanks! |
#4
|
|||
|
|||
wtoolsa error
The trouble heirloom is that my instructions are changing slightly over time
as more is discovered about this new pest. The latest version now being as follows and includes information on how to inoculate the system against being attacked by this pest. :wtoolsa.exe is malware and appears to be a new member of the IBIS Toolbar family (http://www.pestpatrol.com/PestInfo/i/ibis_toolbar.asp). It certainly doesn't form a part of the Win Me operating system. One install mechanism it uses is if you choose to install the toolbar from xxx.websearch.com. Boot to Safe Mode, open MSConfig (Start, Run, enter MSConfig in the box and click OK), open the Startup tab and uncheck the entry being used to launch wstoolsa.exe, possibly labelled something like WinTools as well as any entries referring to wtoolsb.dll, wsup.exe and tb_setup.exe. Browse to and delete the contents of your C:\Windows\Temp folder and also clear you Temporary Internet Files (Internet Options | General | Delete Files and ensure that you check the box "Delete all offline content", then click OK and Apply. Now check Add/Remove Programs and uninstall any entry for WinTools. You should also delete the entire Wintools folder which is probably located as a sub-folder in C:\Program Files\Common Files or alternatively in C:\Windows\System. Check for and delete all copies of wtoolsa.exe, wtoolsb.dll, wsup.exe and tb_setup.exe. Now reboot back into Normal Mode and check your system for commercial parasites. This might be a good time to download yourself a copy of the free Ad-Aware 6.0 from Lavasoft (http://www.lavasoftusa.com/software/adaware/) and also SpyBot (http://www.safer-networking.org/) and scan your system for and remove all unwanted parasites, adware and spyware that might be hiding on your PC. I would suggest you download and run merijn's CWShredder which targets the CoolWebSearch parasite. CWShredder can be downloaded from (http://www.zerosrealm.com/downloads/CWShredder.zip or http://www.spywareinfo.com/~merijn/files/cwshredder.zip). Details of the many forms of the CoolWebSearch hijacker can be found at http://www.spywareinfo.com/~merijn/cwschronicles.html and also http://www.pestpatrol.com/pestinfo/c/cws.asp. If you continue to have problems download a copy of HijackThis from http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called hijackthis on C: and copy the file you downloaded to that folder. Close as many applications as you can including all instances of Internet Explorer and then run hijackthis.exe and post back the log, provided that it isn't too long, to this thread, otherwise to the HijackThis Forum at http://www.spywareinfo.com/forums/ and hopefully this will enable someone to identify the cause of your problem. Entries in the HiJackThis log to remove include: R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe Finally to prevent reinfection download and use SpywareBlaster (http://www.wilderssecurity.net/spywareblaster.html) which can inocualte your PC against infection by many parasites and using Tools | Custom Blocking add the following: Item Name - WinTools CLSID - {87766247-311C-43B4-8499-3D5FEC94A183} --? Mike Maltby MS-MVP heirloom wrote: I see your 'copy and paste' buttons are still working, Mike. You are, no doubt, a patient and kind man.......my hat is off to you. Heirloom, old and gets tired for you |
#5
|
|||
|
|||
wtoolsa error
Yes, I have noticed the changes, but, unlike some (most), I read pertinent
responses and have attached your latest to a couple. You still have the patience of Job and my highest respect. Heirloom, old and help when I can "Mike M" wrote in message ... The trouble heirloom is that my instructions are changing slightly over time as more is discovered about this new pest. The latest version now being as follows and includes information on how to inoculate the system against being attacked by this pest. :wtoolsa.exe is malware and appears to be a new member of the IBIS Toolbar family (http://www.pestpatrol.com/PestInfo/i/ibis_toolbar.asp). It certainly doesn't form a part of the Win Me operating system. One install mechanism it uses is if you choose to install the toolbar from xxx.websearch.com. Boot to Safe Mode, open MSConfig (Start, Run, enter MSConfig in the box and click OK), open the Startup tab and uncheck the entry being used to launch wstoolsa.exe, possibly labelled something like WinTools as well as any entries referring to wtoolsb.dll, wsup.exe and tb_setup.exe. Browse to and delete the contents of your C:\Windows\Temp folder and also clear you Temporary Internet Files (Internet Options | General | Delete Files and ensure that you check the box "Delete all offline content", then click OK and Apply. Now check Add/Remove Programs and uninstall any entry for WinTools. You should also delete the entire Wintools folder which is probably located as a sub-folder in C:\Program Files\Common Files or alternatively in C:\Windows\System. Check for and delete all copies of wtoolsa.exe, wtoolsb.dll, wsup.exe and tb_setup.exe. Now reboot back into Normal Mode and check your system for commercial parasites. This might be a good time to download yourself a copy of the free Ad-Aware 6.0 from Lavasoft (http://www.lavasoftusa.com/software/adaware/) and also SpyBot (http://www.safer-networking.org/) and scan your system for and remove all unwanted parasites, adware and spyware that might be hiding on your PC. I would suggest you download and run merijn's CWShredder which targets the CoolWebSearch parasite. CWShredder can be downloaded from (http://www.zerosrealm.com/downloads/CWShredder.zip or http://www.spywareinfo.com/~merijn/files/cwshredder.zip). Details of the many forms of the CoolWebSearch hijacker can be found at http://www.spywareinfo.com/~merijn/cwschronicles.html and also http://www.pestpatrol.com/pestinfo/c/cws.asp. If you continue to have problems download a copy of HijackThis from http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called hijackthis on C: and copy the file you downloaded to that folder. Close as many applications as you can including all instances of Internet Explorer and then run hijackthis.exe and post back the log, provided that it isn't too long, to this thread, otherwise to the HijackThis Forum at http://www.spywareinfo.com/forums/ and hopefully this will enable someone to identify the cause of your problem. Entries in the HiJackThis log to remove include: R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe Finally to prevent reinfection download and use SpywareBlaster (http://www.wilderssecurity.net/spywareblaster.html) which can inocualte your PC against infection by many parasites and using Tools | Custom Blocking add the following: Item Name - WinTools CLSID - {87766247-311C-43B4-8499-3D5FEC94A183} --? Mike Maltby MS-MVP heirloom wrote: I see your 'copy and paste' buttons are still working, Mike. You are, no doubt, a patient and kind man.......my hat is off to you. Heirloom, old and gets tired for you |
#6
|
|||
|
|||
wtoolsa error
Heirloom,
I still don't think I justify the use of such kind words. g Just put it down to boredom whilst I'm trying to create a demo DVD from a load of video captures for use in support of a proposal to get the BBC to run a feature program on an event later this year in which my elder daughter is involved. -- Mike Maltby MS-MVP heirloom wrote: Yes, I have noticed the changes, but, unlike some (most), I read pertinent responses and have attached your latest to a couple. You still have the patience of Job and my highest respect. |
#7
|
|||
|
|||
wtoolsa error
Mike,
Ahhh, you are much to modest. And a producer to boot! I was on the telly Sunday evening.....got caught up in the camera during a news event. I was a participant in the "Run for the Wall" www.rftw.org . Pretty cool being amongst approx. 600 bikes on an escorted run....went about 350 miles.....all in honor of my father, who was shot down in WWII an held POW in Stalag 3 (and others) for almost a year. Best wishes on your efforts for your daughter. Heirloom, old and will ride till I can't "Mike M" wrote in message ... Heirloom, I still don't think I justify the use of such kind words. g Just put it down to boredom whilst I'm trying to create a demo DVD from a load of video captures for use in support of a proposal to get the BBC to run a feature program on an event later this year in which my elder daughter is involved. -- Mike Maltby MS-MVP heirloom wrote: Yes, I have noticed the changes, but, unlike some (most), I read pertinent responses and have attached your latest to a couple. You still have the patience of Job and my highest respect. |
#8
|
|||
|
|||
wtoolsa error
I was a participant in the "Run for the Wall" www.rftw.org .
Very interesting. .....all in honor of my father, who was shot down in WWII an held POW in Stalag 3 (and others) for almost a year. Clearly a brave man. -- Mike Maltby MS-MVP heirloom wrote: Mike, Ahhh, you are much to modest. And a producer to boot! I was on the telly Sunday evening.....got caught up in the camera during a news event. I was a participant in the "Run for the Wall" www.rftw.org . Pretty cool being amongst approx. 600 bikes on an escorted run....went about 350 miles.....all in honor of my father, who was shot down in WWII an held POW in Stalag 3 (and others) for almost a year. Best wishes on your efforts for your daughter. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Wtoolsa Error | bob1nor | General | 2 | May 24th 04 05:49 AM |
Scan Disk run without automatic error fix checked | Jay Eddins | Disk Drives | 2 | May 22nd 04 12:37 AM |
"Wtoolsa" Error Message / Start-up Error | siljaline | General | 0 | May 21st 04 06:54 AM |
Error Message - Wtoolsa - Kernel32.dll | Martin Allan | General | 5 | May 20th 04 05:22 PM |
Wtoolsa has caused an error | Jeannie | General | 5 | May 19th 04 11:13 PM |