• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Phishing
    • Ransomware
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Malware removal › Tutorials - HowTo › How to remove xlavra (Trojan-Downloader.Win32.Agent) and Wintools adware

How to remove xlavra (Trojan-Downloader.Win32.Agent) and Wintools adware

Myantispyware team November 13, 2007     No Comment    

WinTools is an adware that adds a toolbar to your browser and generating annoying popups and balloon dialogs.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found: WinTools, WhenU, SearchUpgrader

Download HijackThis and save the file to your desktop. Double click on the file for install.
Download CCleaner. Double click on the file for install.
Download Avenger and unzip to your desktop.
Download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop.

Reboot your computer in Safe Mode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

Start HijackThis. Click “Do a system scan only.” and put a checkmark next to the following items:

R3 – URLSearchHook: (no name) – {1C78AB3F-A857-482E-80C0-3A1E5238A565} – (no file)
O2 – BHO: (no name) – {87766247-311C-43B4-8499-3D5FEC94A183} – C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O3 – Toolbar: (no name) – {8B224779-3B0E-4FEA-8AE1-B66C20DD840F} – (no file)
O4 – HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 – HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 – HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O9 – Extra button: (no name) – {AFC3FA82-AD07-45cd-8B57-983435B9899E} – (no file)
O16 – DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} –
O20 – AppInit_DLLs: C:\WINDOWS\system32\sulimo.dat
O23 – Service: WinTools for IE service (WinToolsSvc) – Unknown owner – C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

Now close all browser and other windows except for HijackThis, and click “Fix Checked” to have HijackThis fix the entries you checked.

Open notepad and then copy and paste the lines below into it.

@echo off
sc stop WinToolsSvc
sc delete WinToolsSvc

Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
Double-click on fixes.bat file to execute it.

Run Avenger.
Check the ‘Input script manually’ option. Click the Magnifying Glass icon. In the box that opens, copy,then paste the following text:

Files to delete:
C:\WINDOWS\xlavba3.exe
C:\WINDOWS\system32\sulimo.dat

Folders to delete:
C:\Program Files\Common files\SearchUpgrader\
C:\Program FilesVVSN\
C:\PROGRA~1\COMMON~1\WinTools\

Then click on ‘Done’.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Boot your PC in Safe Mode.

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode

Open the SmitfraudFix folder and double-click smitfraudfix.cmd. Press the number 2 on your keyboard and the press the enter key to choose the option Clean (safe mode recommended).

You will be prompted : “Registry cleaning – Do you want to clean the registry ?“; answer “Yes” by typing Y and press “Enter” in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer “Yes” by typing Y and press “Enter”.

The tool may need to restart your computer to finish the cleaning process; if it doesn’t, please restart it into Normal Windows.

Run CCleaner.

Click Analyze button. After scan your system, click Run Cleaner.

Reboot your PC.

Disable system restore to flush out infected restore points. Reboot your computer again. Turn on Windows System Restore. After that click START > ALL PROGRAMS > ACCESSORIES > SYSTEM TOOLS > SYSTEM RESTORE. click on “create new restore point” > click on NEXT and follow the prompts.

If you are still having problems with spyware after completing these instructions, it`s possible, then please follow the steps outlined in the topic linked below:
Spyware removal – Read Before Posting

Malware removal Tutorials - HowTo

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Your Netflix account has been suspended Scam text
Your Netflix account has been suspended Scam Text Recovery.ffm.to
SearchIT New Tab searchresults.store
How to uninstall SearchIT New Tab from Chrome, Firefox, IE, Edge
goog.urewsawani.autos malicious
Track.clickcrystal.com pop-up redirect (Virus removal guide)
Legivenestatery.com Click Allow Scam
Legivenestatery.com Virus Removal Guide
Advaguru.com Click allow Scam
Advaguru.com Virus Removal Guide

Follow Us

Search

Useful Guides

ads by adware
How to remove Adware from Windows 10 (Virus removal guide)
remove android virus
How to remove virus from Android phone
Files encrypted by ransomware become useless
How To Recover Encrypted Files (Ransomware file recovery)
adwcleaner
AdwCleaner – Review, How to use, Comments
This setting is enforced by your administrator (Removal guide)

Recent Posts

SnoopFree Privacy Shield – informs you when another programme is wanting to log your keystrokes
Comodo BOClean – Anti-Malware – 100% Free
Ad-Aware updated
Dr.Web CureIt! A FREE anti-malware utility
How to remove IE Defender

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2022 Myantispyware.com - Free antispyware programs and Spyware Removal Instructions.