The WhiteSmoke web site indicates it makes English grammar correction software, translation software, and other specialized English writing tools. However, many users have reported they did not know how WhiteSmoke was downloaded or installed. From our investigation and dealings with this software we are also finding many cases of it with a TDSS rootkit
infection. So depending on the severity of system infection will determine how the disinfection process goes.
The web site says the software can be removed through Add/Remove Programs
or Programs and Features
if using Vista
so check there first, highlight anything with the name "Whitesmoke
", select Remove and restart the computer normally. This appears to work in most cases with the Whitesmoke Toolbar but not with the Translator.
Please run these and see how we are.
Please download the TDSS Rootkit Removing Tool
) and save it to your Desktop. <-Important!!!Be sure to print out and follow all instructions for performing a scan or refer to these instructions with screenshots.
- Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. Vista/Windows 7 users refer to these instructions if you're unsure how to unzip a file.
- If you don't have an extracting program, you can download TDSSKiller.exe and use that instead.
- Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.Rerun MBAM (MalwareBytes) like this:
- When the program opens, click the Start Scan button.
- Do not use the computer during the scan
- If the scan completes with nothing found, click Close to exit.
- If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
- Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process.<- Important!!
Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
- A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
- Copy and paste the contents of that file in your next reply.
Open MBAM in normal/regular mode and click Update
tab, select Check for Updates
scan and scan (normal mode).
After scan click Remove Selected
, Post new scan log
into normal mode.