ie6 browser homepage hijacked by hklm software

By lou
Dec 15, 2005
  1. Is there any free software to get rid of this annoyance and regain control of my computer?
  2. poertner_1274

    poertner_1274 secroF laicepS topShceT Posts: 4,172

    I have moved this thread to the Security and the Web forum.

    Take a look at the threads at the top of this forum. They will most certainly fix you up.

    :wave:Welcome to TechSpot:wave:
  3. Tedster

    Tedster Techspot old timer..... Posts: 6,002   +15

    hklm removal

    What is WinTools?

    WinTools appears to be a variant of Huntbar. It is very persistent and extremely difficult to remove. It creates its own folder under Program Files/Common Files called WinTools. All of its files appear to be contained within this folder.

    How do I Remove WinTools?

    Although there are many different methods across the web to remove this parasite, here is the most reliable way of doing this.

    1) While online, download the popular HiJackThis program for You may want to read through the HiJackThis tutorial as well.

    2) Reboot your computer into Safe Mode, you may want to also Turn off System Restore in Windows XP/ME as well to remove any backups of the files you are about to delete.

    3) Remove the Startup Entries in the Registry

    * Click on Start, Run, Type REGEDIT and Click OK
    * Click the pluses(+) next to the following items
    o Software
    o Microsoft
    o Windows
    o CurrentVersion
    o Run
    * Right-Click on the file WinTools and click DELETE
    * Click the pluses(+) next to the following items
    o Software
    o Microsoft
    o Windows
    o CurrentVersion
    o RunServices
    * Right-Click on the file WinTools and click DELETE
    * Close REGEDIT

    3) Run HiJackThis (while in Safe Mode) and Delete any entries relating to WinTools including

    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183}- C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {63B78BC1-A711-4D46-AD2F-C581AC420D41} - C:\PROGRA~1\COMMON~1\WINTOOLS\BTIEIN.DLL

    Although the following entries should have been deleted in Step 2, delete these entries if they still exist.

    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
    O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsS.exe
    O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsS.exe
    O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WSup.exe
    O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WSup.exe

    3) Delete the WinTools folder and all associated files

    * Open My Computer, Drive C, Program Files, Common Files
    * Right-click on the WinTools folder (if it exists) and Delete it

    4) You should also delete or clean up your hosts file

    Windows 95/98/Me c:\windows\hosts
    Windows NT/2000/XP Pro c:\winnt\system32\drivers\etc\hosts
    Windows XP Home c:\windows\system32\drivers\etc\hosts

    5) Reboot the computer in Normal Mode and run HiJackThis again to test (Wintools should be gone)
  4. lou

    lou TS Rookie Topic Starter

    Thanks Poertner_1274

    Re:my question about HKLM Software. I think I have fixed the problem now. I searched for Wintools and haven't found anything. I used taskmanager to stop a process called shdocha.exe from running then deleted it. I then restarted in Safemode and used Registry Repair Pro to find Autostart Programs and deleted shdocha.exe again. Now I can reset my homepage normally. The only problem I've noticed now is a Runtime Error when I boot up. Thanks again for your help and to Tedster for the advice.

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...