web site indicates it has worked in the field of English writing technologies since 2002 with a focus on products that enhance and correct grammar, spelling, and writing style. They also provide translation software and other other specialized English writing tools. These all appear to be legitimate programs. However, many users have reported they did not know how WhiteSmoke was downloaded or installed so its most likely being bundled with other software that is downloaded. The WhiteSmoke web site acknowledges they make their technology available through other channels
, such as a browser-based text editor, and specialized OEM versions designed for integration with third party service providers. Malwarebytes' Anti-Malware added PUP.WhiteSmoke
to its detection database in November 2010.
The web site says the software can be removed through Add/Remove Programs
or Programs and Features
if using Vista
so check there first, highlight anything with the name "Whitesmoke
", select Remove and restart the computer normally.
From our investigation and dealings with this software we have found many cases of it being reported with a TDSS rootkit
infection after installation. So depending on where and how the software is downloaded such as a bundled package, the severity of system infection will determine how the disinfection process goes.
Thanks to quietman7 for that explanation
Please download MiniToolBox
, save it to your desktop and run it.
Checkmark the following checkboxes:
- Flush DNS
- Report IE Proxy Settings
- Reset IE Proxy Settings
- Report FF Proxy Settings
- Reset FF Proxy Settings
- List content of Hosts
- List IP configuration
- List Winsock Entries
- List last 10 Event Viewer log
- List Installed Programs
- List Users, Partitions and Memory size.
and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note:
When using "Reset FF Proxy Settings" option Firefox should be closed.
Please Download TDSSkiller
Click on change parameters-Select TDLFS file system
Click on "Scan
Please post the LOG report(log file should be in your C drive)
Do not change the default options on scan results.
Please download AdwCleaner
by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe
to run the tool.
Click on Delete.
Confirm each time with Ok.
You will be prompted to restart your computer. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt
Last run ESET.
- Hold down Control and click on this link to open ESET OnlineScan in a new window.
- Click the button.
- For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
- Click the Start button.
- Accept any security warnings from your browser.
- Under scan settings, check "Scan Archives" and "Remove found threats"
- Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, click List Threats
- Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- Click the Back button.
- Click the Finish button.
- NOTE:Sometimes if ESET finds no infections it will not create a log.