How do I get rid of this error message?

Craneop2 · May 20, 2004, 12:13am

Its one of those “this program has performed an illegal operation and will be cancelled.”

The message is titled Wtoolsa. Details say invalid page fault. Kernel32.dll at 016f:bff76723.

It only occurs when I am off line. If I open the net it never shows up. Not too troublesome but just drives me batty!
Any ideas??

Lobsang · May 20, 2004, 12:16am

Could be spyware. (sounds like it is accessing the internet and crashing when it is unable to)

Download adaware and spybot (links in my sig) (ignore the temporary lame bit of the sig)

Lobsang · May 20, 2004, 12:19am

A quick google suggests that it is spyware.

Craneop2 · May 20, 2004, 12:21am

I ran Ad aware…it found some probs and supposedly fixed them. Still gettin the messages. BTW I just downloaded Adaware last weekend and have all the prescribed updates.

I also ran AVG and it found nothing as well.

Lobsang · May 20, 2004, 12:37am

Here is the help given on another board. It looks complicated. I’ll keep looking for a simpler fix.

First go to add/remove programs and see if there is an entry for WinTools. If so, uninstall it. Then do the following:

Download ad-aware here -> Adaware Antivirus Free Edition | FileForum

Check for updates of the reference file by using the “webupdate”.

Then …

Don’t scan yet. You will do it at the end in safe mode.

Then boot to safe mode.
CTL-ALT-DEL and verify the following are not running. If they are, end task on them:

WTOOLSA.EXE
WSUP.EXE
TB_SETUP.EXE
Then close all windows and have hijackthis fix the following:

O4 - HKLM…\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM…\RunServices: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwe....0.0.5.cab

Then while in safe mode delete all the files in the C:\PROGRAM FILES\COMMON FILES\WINTOOLS Folder. Finally Delete the C:\PROGRAM FILES\COMMON FILES**WINTOOLS Folder.

Browse to the C:\WINDOWS\TEMP Folder and delete everything in it.

From main window :Click “Start” then " Activate in-depth scan"

then…

Open ad-aware

click “Use custom scanning options>Customize” and have these options on: “Scan within archives” ,“Scan active processes”,“Scan registry”, “Deep scan registry” ,“Scan my IE Favorites for banned URL” and “Scan my host-files”

then…

Click the “Tweak” button.

Open up the “Scanning Engine” section and tick “Unload recognized processes during scanning”

Then…“Cleaning engine” and “Let windows remove files in use at next reboot” and “Automatically try to unregister objects prior to deletion”

then… click “proceed” to save your settings.

Now to scan it´s just to click the “Next” button.

When scan is finished, mark everything for removal and get rid of it. .(Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

Reboot into normal mode and post another hijackthis log.

Lobsang · May 20, 2004, 12:38am

The really bloody frustrating thing is that all the google results are from boards that have moved to new servers so I keep getting re-directed to their main pages or error pages.

Lobsang · May 20, 2004, 12:42am

Try this

ctrl-alt-delete. do ‘end task’ on ‘Wtoolsa.exe’

delete the following directory

“C:\Program Files\Common files\WinTools”

(make sure you’ve got “show hidden/system files” on)

then reboot.

Craneop2 · May 20, 2004, 2:15am

I installed and ran spybot…
Dang thing is still there!
Thanks for your help Lobsang, I’ll try your other suggestion…

Lobsang · May 20, 2004, 10:01am

Let me know if it works. It looks like something I/we will have to watch out for.