I spent the entire evening cleaning my pc.
I run Sygate personal firewall.
And Norton with spyware detection.
And HiJackThis.
And Aluria Spyware.
And Spybot.
And Adaware
And Security Task Manager.

After running all the above, WTOOLSA and all its variants were still appearing in running processes (and I could not shut it down)

From safe mode I removed them from the registry because after running all the above, it was still there. Now, I still have stuff popping up requesting dll's to run as an application, but it's not in running processes anymore.

I think I'm about ready to reformat. What nasty @#$% that stuff is.

There ought to be a law...........................

That stuff can be frustrating. I bought this computer used and found it running at a snail's pace until I ran spybot S&D. Luckily it cleaned most of that garbage off of the machine. What I think insulates me from re-infestation is that I use neither IE or outlook express, and am cautious of attachments to E-mail or news group postings. Most of the nasties I have read of rely upon Microsoft security holes (Active X etc.)

I disabled ActiveX, and found a lot of this crap disappeared. I still get the occasional infection, but search for "modified by date", "last day", delete, delete, delete... Spyware Guard has also been somewhat useful. People complain about spam, but it's nothing compared to this spy crap.

I'm like the rest of you in that I get this stuff too, but I have a few things I do to minimize it. I use MS Anti spyware program, AVG anti-virus, Slim Browser or Firefox and the MS Firewall. All of these are free and most generally, the default settings work fine. The new MS anti-spyware program has been working great so far. I found this link for you Queen in case you need to manually get rid of WTOOLSA.
http://www.faqfarm.com/Computer/Virus/53303
Good luck

I spent the entire evening cleaning my pc.
I think I'm about ready to reformat. What nasty @#$% that stuff is.

There ought to be a law...........................

Relax, you're not the only one. I here the same story every week from friends and colleagues.
My honest advice: consider a Mac. You owe it to yourself!

Rudi

Microsoft also has a tool called "Microsoft antiSpyware" downloadable from www.microsoft.com (http://www.microsoft.com).


I hope you have a firewall and aren't just directly connected to the internet.

Some "popups" are browser windows that popup, but others are externally popped-up programs (for example the Windows Messenger) that can get access to your computer if you have no firewall to block the inbound ports they use.

I install cable interent on customers PC's every day and more often than not I have spyware to contend with. I've made a disc with Spybot & Adaware to take with me in case it's needed. On one occasion I remember Adaware finding over 500 entires on one womans computer that I quarantined. Beware free applications that may install third party programs, pop-ups that disguise themselves as Windows messages and most browser add-on toolbars.

People complain about spam, but it's nothing compared to this spy crap.

They're often two sides of the same coin. Some spyware will act as mail relay servers and use your computer as their conduit into other people's mailboxes.

Not to mention those who use spam to promote their (often non-functioning) anti-spyware products.

I.e. if you kill all the spammers, you'll make plenty of headway into the spyware folks too.

This is (now) my favorite tool: http://sysinternals.com/ntw2k/freeware/autoruns.shtml

Autoruns simply lists all processes and shell extensions and makes it possible to track down the root cause of your problems, be they viruses, trojans or spyware. I'm familiar with the usual Run keys, but the shell integration stuff is something I seldom deal with and it's extensive work matching GUIDs with the executables. The Autoruns utility makes all this a snap.

That said, today I encountered a nasty little thing that installs itself as a device driver. We're able to find its pid, but that's not sufficient to kill it. "net stop" works, but it is awkward to find its name.

(oh, after taking my domain offline for a few days, I now receive up-to 500 spam mails per day -- they're trying to mail arbitrary mail addresses on my domain -- too bad, I really enjoyed having a catch-all account till now)

Originally Posted by dbevis:
Some "popups" are browser windows that popup, but others are externally popped-up programs (for example the Windows Messenger) that can get access to your computer if you have no firewall to block the inbound ports they use.


One of the cool things about Microsofts Antispyware program is that it will stop the Messenger Service. This is the first thing it "asked" to do in 3 computers so far. Pretty good little program. :cool:

One of the cool things about Microsofts Antispyware program is that it will stop the Messenger Service. This is the first thing it "asked" to do in 3 computers so far. Pretty good little program. :cool:

any link?

Yep, right here.
http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en
You have to acknowledge if you want to validate your XP OS or not. Just an MS thing and you can choose no.

Thanks for all the info. What I did at home was install the Foxfire browser, and at least for the short term, the problem is gone.

Relax, you're not the only one. I here the same story every week from friends and colleagues.
My honest advice: consider a Mac. You owe it to yourself!

Rudi I considered a Mac last time I purchase a new computer, but reluctantly purchased a PC after looking at the additional cost of replacing all the software I had.

Microsoft also has a tool called "Microsoft antiSpyware" downloadable from www.microsoft.com (http://www.microsoft.com/).
Never knew about Microsoft's Beta AntiSpyware version but am running it now on my pc at work.

Then, I'll check out Rune's link.

But ya know, I think I'm really fond of this little Foxfire browser!

This is (now) my favorite tool: http://sysinternals.com/ntw2k/freeware/autoruns.shtml


Rune, Thanks! This IS a handy little tool!

Yep, right here.
http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en
You have to acknowledge if you want to validate your XP OS or not. Just an MS thing and you can choose no.

Thanks, it found a few files/entries I missed :D

Cox, that's great. I SO hate spyware!!!!:mad: Someday we will find a cure... ;)

Yes, it is a handy little tool. Make sure you enable the view of shell plugins, and also let it remove the certified entries from the list (when searching for spyware it'll slow you down if you start by challenging every little item from MS -- do that as the last step :)).

I am now a firefox user at home....
getting to love it.
My PC is being a pest, resetting itself every now and then, which can be frustrating.
Dunno if that's a memory or power supply based probblem.
No more spy crapola for meee... firefox....!!!!!!!!
Plus the firewalls here at work are machiavellian so we don't get much garbage..... (I hope)
I also bought CA's Ezefirewall and it's nice too....
I hate all this crap on my PC, so I might do some proxy setup.... when I get the link to the tool I will use I'll post it.....

rob

lecter: Your diagnosis is sound. Both the powersupply and memory are sources of much pain and suffering.

A very good memorytester can be found at http://memtest86.com/

Put it on a diskette (run install.bat), reboot and let it run at night. (it'll take several hours to run all the tests, and you'll want to run all the tests)

At home, my previous source of unstable operation turned out to be the motherboard of all things. I had changed everything else at that point... (memory, CPU, PSU and graphics card) I installed a motherboard (from a different manufacturer) with an identical chipset and everything was fine...

Memory failure is very common though, so it pays to run the test even if you're not experiencing any issues.

Agreed on the memory being a stability problem! I had issues with cheap "ValueRAM" from Kingston causing BSODs every few days. Replacing it with Corsair XMS RAM caused the problem to go away, and now everything is fine.

Of course, if Lecter's PC is an OEM model (HP, Dell, etc.), then the problem is more likely to be the PSU than the RAM - I've not heard of many cases of RAM failure as long as the RAM is not overclocked and/or overvolted.