I am having the same trouble that "Edith is having with
the Wtoolsa has caused an error in KERNEL32.Dll. Any help
wouyld be appreciated. Thanks, "Kris"

Try reading the many replies that have been posted to deal with it, click
on the + at the side of the messages.
Joan

Kris wrote:
> I am having the same trouble that "Edith is having with
> the Wtoolsa has caused an error in KERNEL32.Dll. Any help
> wouyld be appreciated. Thanks, "Kris"

If you read Edith's message why didn't you read and follow siljaline's reply
rather than making yet another post?

wtoolsa.exe is malware and appears to be a new member of the IBIS Toolbar
family (http://www.pestpatrol.com/PestInfo/i/ibis_toolbar.asp). It certainly
doesn't form a part of the Win Me operating system. One install mechanism it
uses is if you choose to install the toolbar from xxx.websearch.com.

Boot to Safe Mode, open MSConfig (Start, Run, enter MSConfig in the box and
click OK), open the Startup tab and uncheck the entry being used to launch
wstoolsa.exe, possibly labelled something like WinTools as well as any entries
referring to wtoolsb.dll, wsup.exe and tb_setup.exe.

Browse to and delete the contents of your C:\Windows\Temp folder and also
clear you Temporary Internet Files (Internet Options | General | Delete Files
and ensure that you check the box "Delete all offline content", then click OK
and Apply.

Now check Add/Remove Programs and uninstall any entry for WinTools.

You should also delete the entire Wintools folder which is probably
located as a sub-folder in C:\Program Files\Common Files or alternatively in
C:\Windows\System. Check for and delete all copies of wtoolsa.exe,
wtoolsb.dll, wsup.exe and tb_setup.exe.

Now reboot back into Normal Mode and check your system for commercial
parasites.

This might be a good time to download yourself a copy
of the free Ad-Aware 6.0 from Lavasoft
(http://www.lavasoftusa.com/software/adaware/) and also SpyBot
(http://www.safer-networking.org/) and scan your system for and remove all
unwanted parasites, adware and spyware that might be hiding on your PC.

I would suggest you download and run merijn's CWShredder which targets the
CoolWebSearch parasite. CWShredder can be downloaded from
(http://www.zerosrealm.com/downloads/CWShredder.zip or
http://www.spywareinfo.com/~merijn/files/cwshredder.zip). Details of the many
forms of the CoolWebSearch hijacker can be found at
http://www.spywareinfo.com/~merijn/cwschronicles.html and also
http://www.pestpatrol.com/pestinfo/c/cws.asp.

If you continue to have problems download a copy of HijackThis from
http://www.spywareinfo.com/~merijn/downloads.html). Create a folder called
hijackthis on C: and copy the file you downloaded to that folder. Close as
many applications as you can including all instances of Internet Explorer and
then run hijackthis.exe and post back the log, provided that it isn't too
long, to this thread, otherwise to the HijackThis Forum at
http://www.spywareinfo.com/forums/ and hopefully this will enable someone to
identify the cause of your problem.

Entries in the HiJackThis log to remove include:

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} -
C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} -
C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common
files\WinTools\WToolsA.exe
O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common
files\WinTools\WToolsA.exe

Finally to prevent reinfection download and use SpywareBlaster
(http://www.wilderssecurity.net/spywareblaster.html) which can inocualte your
PC against infection by many parasites and using Tools | Custom Blocking add
the following:
Item Name - WinTools
CLSID - {87766247-311C-43B4-8499-3D5FEC94A183}
--?
Mike Maltby MS-MVP



Kris > wrote:

> I am having the same trouble that "Edith is having with
> the Wtoolsa has caused an error in KERNEL32.Dll. Any help
> wouyld be appreciated. Thanks, "Kris"

Q. If you read Edith's message why didn't you read and follow siljaline's
reply rather than making yet another post?

A. Because that would be too simple?

Feel free to add any answer that you think fits......LOL.

Figgs

"Mike M" > wrote in message
...
> If you read Edith's message why didn't you read and follow siljaline's
reply
> rather than making yet another post?
>
> wtoolsa.exe is malware and appears to be a new member of the IBIS Toolbar
> family (http://www.pestpatrol.com/PestInfo/i/ibis_toolbar.asp). It
certainly
> doesn't form a part of the Win Me operating system. One install mechanism
it
> uses is if you choose to install the toolbar from xxx.websearch.com.
>
> Boot to Safe Mode, open MSConfig (Start, Run, enter MSConfig in the box
and
> click OK), open the Startup tab and uncheck the entry being used to launch
> wstoolsa.exe, possibly labelled something like WinTools as well as any
entries
> referring to wtoolsb.dll, wsup.exe and tb_setup.exe.
>
> Browse to and delete the contents of your C:\Windows\Temp folder and also
> clear you Temporary Internet Files (Internet Options | General | Delete
Files
> and ensure that you check the box "Delete all offline content", then click
OK
> and Apply.
>
> Now check Add/Remove Programs and uninstall any entry for WinTools.
>
> You should also delete the entire Wintools folder which is probably
> located as a sub-folder in C:\Program Files\Common Files or alternatively
in
> C:\Windows\System. Check for and delete all copies of wtoolsa.exe,
> wtoolsb.dll, wsup.exe and tb_setup.exe.
>
> Now reboot back into Normal Mode and check your system for commercial
> parasites.
>
> This might be a good time to download yourself a copy
> of the free Ad-Aware 6.0 from Lavasoft
> (http://www.lavasoftusa.com/software/adaware/) and also SpyBot
> (http://www.safer-networking.org/) and scan your system for and remove all
> unwanted parasites, adware and spyware that might be hiding on your PC.
>
> I would suggest you download and run merijn's CWShredder which targets
the
> CoolWebSearch parasite. CWShredder can be downloaded from
> (http://www.zerosrealm.com/downloads/CWShredder.zip or
> http://www.spywareinfo.com/~merijn/files/cwshredder.zip). Details of the
many
> forms of the CoolWebSearch hijacker can be found at
> http://www.spywareinfo.com/~merijn/cwschronicles.html and also
> http://www.pestpatrol.com/pestinfo/c/cws.asp.
>
> If you continue to have problems download a copy of HijackThis from
> http://www.spywareinfo.com/~merijn/downloads.html). Create a folder
called
> hijackthis on C: and copy the file you downloaded to that folder. Close
as
> many applications as you can including all instances of Internet Explorer
and
> then run hijackthis.exe and post back the log, provided that it isn't too
> long, to this thread, otherwise to the HijackThis Forum at
> http://www.spywareinfo.com/forums/ and hopefully this will enable someone
to
> identify the cause of your problem.
>
> Entries in the HiJackThis log to remove include:
>
> R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} -
> C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
> O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} -
> C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
> O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common
> files\WinTools\WToolsA.exe
> O4 - HKLM\..\RunServices: [WinTools] C:\Program Files\Common
> files\WinTools\WToolsA.exe
>
> Finally to prevent reinfection download and use SpywareBlaster
> (http://www.wilderssecurity.net/spywareblaster.html) which can inocualte
your
> PC against infection by many parasites and using Tools | Custom Blocking
add
> the following:
> Item Name - WinTools
> CLSID - {87766247-311C-43B4-8499-3D5FEC94A183}
> --?
> Mike Maltby MS-MVP
>
>
>
> Kris > wrote:
>
> > I am having the same trouble that "Edith is having with
> > the Wtoolsa has caused an error in KERNEL32.Dll. Any help
> > wouyld be appreciated. Thanks, "Kris"
>
>

LOL.

I think I've replied to over 50 wtoolsa posts now in the last two/three days.
That's worse than any virus I recall seeing in these newsgroups.
--
Mike Maltby MS-MVP



Heather > wrote:

> Q. If you read Edith's message why didn't you read and follow siljaline's
> reply rather than making yet another post?
>
> A. Because that would be too simple?
>
> Feel free to add any answer that you think fits......LOL.