siliconman01

Modified entry: [Quicken *] Added FileKey6 and FileKey7 [Quicken *] LangSecRef=3021 Detect1=HKLM\Software\Intuit\Quicken Detect2=HKLM\Software\Quicken FileKey1=%AppData%\Intuit\Quicken\Log|*.txt;*.log FileKey2=%AppData%\Quicken\Log|*.txt;*.log FileKey3=%CommonAppData%\Intuit\Quicken\Log|*.log FileKey4=%CommonAppData%\Intuit\Quicken\Log\installer|*.*|REMOVESELF FileKey5=%CommonAppData%\Intuit\SendError|*.log FileKey6=%CommonAppData%\Quicken\Inet\QWWebData|Log.old FileKey7=%CommonAppData%\Quicken\Inet\QWWebData\Cache|*.* FileKey8=%CommonAppData%\Quicken\Log|*.log FileKey9=%CommonAppData%\Quicken\Log\installer|*.*|REMOVESELF FileKey10=%CommonAppData%\Quicken\SendError|*.log FileKey11=%LocalAppData%\Intuit\Common\Authorization\V1\Logs|*.txt FileKey12=%LocalAppData%\Quicken\Common\Authorization\V1\Logs|*.txt FileKey13=%ProgramFiles%\Quicken\PDFDrv|install.log;InstallPDFConverter.log

Modified entry: [Dell Logs *] Changed FileKey15 from FileKey15=%CommonAppData%\PCDr\*\Logs|*.Log to FileKey15=%CommonAppData%\PCDr\*\Logs|*.* to remove all files in this Logs folder. [Dell Logs *] LangSecRef=3024 Detect1=HKLM\Software\Dell\MUP Detect2=HKLM\Software\Dell\UpdateService Detect3=HKLM\Software\PC-Doctor DetectFile1=%AppData%\Creative\DELL Webcam Center DetectFile2=%CommonAppData%\Dell DetectFile3=%LocalAppData%\Dell DetectFile4=%LocalAppData%\SupportSoft\DellSupportCenter DetectFile5=%ProgramFiles%\Dell* FileKey1=%AppData%\Creative\DELL Webcam Center|MO_Log.txt FileKey2=%AppData%\PCDr\*\Logs|*.* FileKey3=%CommonAppData%\Dell\*\Log|*.* FileKey4=%CommonAppData%\Dell\*\Logs|*.* FileKey5=%CommonAppData%\Dell\D3\pla\*\*|*.txt|REMOVESELF FileKey6=%CommonAppData%\Dell\D3\Resources\Logs\serilog|*.* FileKey7=%CommonAppData%\Dell\Drivers\*|*.log;*.tmp|RECURSE FileKey8=%CommonAppData%\Dell\Update|*.txt FileKey9=%CommonAppData%\Dell\UpdateService\Clients\Update|*.log FileKey10=%CommonAppData%\Dell\UpdateService\UpdatePackage\Log|*.txt FileKey11=%CommonAppData%\PCDr\*\Cache|*.xml FileKey12=%CommonAppData%\PCDr\*\Cache\archives|*.*|RECURSE FileKey13=%CommonAppData%\PCDr\*\Cache\BUMA|*.* FileKey14=%CommonAppData%\PCDr\*\Cache\DriverScan|*.* FileKey15=%CommonAppData%\PCDr\*\Logs|*.* FileKey16=%LocalAppData%\Dell\*\Log|*.* FileKey17=%LocalAppData%\Dell\DellMobileConnect|*.log FileKey18=%LocalAppData%\SupportSoft\DellSupportCenter\*\state\logs|*.* FileKey19=%ProgramFiles%\Dell*|*.log|RECURSE

https://betanews.com/2020/09/18/microsoft-preparing-windows-10-october-2020-update/ https://blogs.windows.com/windows-insider/2020/09/18/preparing-the-windows-10-october-2020-update-ready-for-release/

Is version 1.4.7550.20152 still considered "beta"?

The new Community.ccleaner.com URL needs a favicon attached to it such as the CCleaner red C.

Visual Studio 2015/2017/2019 C++ Redistributable has been updated to 14.27.29016.0 https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads

Modified entry: [Syncios Cell Phone Backup & Manage *] Added Detect3 [Syncios Cell Phone Backup & Manage *] LangSecRef=3024 Detect1=HKCU\Software\Syncios Detect2=HKCU\Software\Syncios Data Transfer Detect3=HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Syncios Data Transfer.exe FileKey1=%AppData%\app_sycnios_transfer_loader|*.*|REMOVESELF FileKey2=%AppData%\Syncios|android.log;log.txt FileKey3=%AppData%\Syncios Data Transfer|*.log|RECURSE FileKey4=%AppData%\Syncios Data Transfer\GPUCache|*.* FileKey5=%Documents%\Syncios Data Transfer|preference_conf.ini.old.bak FileKey6=%SystemDrive%\temp|*.*|REMOVESELF

Visual Studio 2015/2017/2019 C++ Redistributable has been updated to 14.26.28720.3 https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads

JFI for those users of Winapp2ool.exe (beta version 1.4.7441.15296), VirusTotal is showing 6 engines detecting the tool as infected. In my case, I use Bitdefender Internet Security 2020 and it is tagging the tool as Gen.Variant.Razy.675528. I submitted the file to Bitdefender on 29-May and thus far there has been no FP correction.

Modified Entry: [Bitdefender *] Added FileKey2 [Bitdefender *] LangSecRef=3024 Detect1=HKLM\Software\Bitdefender\Bitdefender Internet Security Detect2=HKLM\Software\Bitdefender\Bitdefender Total Security Detect3=HKLM\Software\Bitdefender\Bitdefender Total Security 2015 Detect4=HKLM\Software\Softwin\Bitdefender Antivirus FileKey1=%AppData%\Bitdefender\Desktop\profiles\Logs\*|*.xml FileKey2=%CommonAppData%\Bitdefender\DTrace|*.log FileKey3=%ProgramFiles%\Softwin\Bitdefender*\Logs|*.* FileKey4=%SystemDrive%|bdlog.txt

Okay, I have 1.4.7427.18862 on all my systems and it does not get flagged via VirusTotal. HitManPro is no longer flagging it either. Be interesting to see what KIS 2020 does the next time you issue a new Beta and Winapp2ool.exe beta attempts to upgrade automatically

No, the one I get from the Beta download URL is 1.4.7427.18038.

VirusTotal is showing Kaspersky and ZoneAlarm flagging Winapp2ool.exe as a trojan.

Also, please keep in mind that Kaspersky and HitmanPro continue to flag these new betas as VHO:Trojan.Win32.Sdum.gen. (false positive needs fixed before a new public release of Winapp2ool.exe). Kaspersky even blocks a VirusTotal submission as a malicious website.

I'm not seeing that behavior either on Beta version 1.4.7427.18038. It seems to be working okay [Trim] TrimFile1_Name=winapp2.ini TrimFile1_Dir=C:\Program Files\CCleaner TrimFile2_Name=whitelist.ini TrimFile2_Dir=C:\Program Files\CCleaner TrimFile3_Name=winapp2.ini TrimFile3_Dir=C:\Program Files\CCleaner TrimFile4_Name=blacklist.ini TrimFile4_Dir=C:\Program Files\CCleaner DownloadFileToTrim=False UseWhiteList=True useBlackList=True ModuleSettingsChanged=True

Winapp2ool.exe v1.4.7426.15696 does not save the useblacklist=TRUE status in winapp2ool.ini when using both a Whitelist and Blacklist in the CCleaner folder. [Trim] MergeFile1_Name=winapp2.ini MergeFile1_Dir=C:\Program Files\CCleaner MergeFile3_Name=winapp2.ini MergeFile3_Dir=C:\Program Files\CCleaner DownloadFileToTrim=False ModuleSettingsChanged=True TrimFile1_Name=whitelist.ini TrimFile1_Dir=C:\Program Files\CCleaner TrimFile2_Name=whitelist.ini TrimFile2_Dir=C:\Program Files\CCleaner TrimFile3_Name=winapp2.ini TrimFile3_Dir=C:\Program Files\CCleaner TrimFile4_Name=blacklist.ini TrimFile4_Dir=C:\Program Files\CCleaner UseWhiteList=True useBlackList=False UPDATE: If UseWhiteList=True and useBlacklist=True at the same time, a TRIM removes all of the Winapp2.ini entries and leaves only the Whitelist entries....weird.

I have a Whitelist.ini and Blacklist.ini in my CCleaner folder. Using Winapp2ool.exe v1.4.7426.15696, the Whitelist.ini and Blacklist.ini appear to be honored.

Is the beta version 1.4.7426.13493 ??

Apparently, Kaspersky uses the Build and Version number of Windows 10 to issue corrections on False Positives. Kaspersky has not caught up with the latest Insider Build 19619.1000 Version 2004 and is continuing to flag Winapp2ool.exe on my Insider test computer.

HitManPro also detects the Trojan as long as Kaspersky is falsely detecting it. UPDATE as of 01-May-2020 04:30 am EDT. It appears that Kaspersky has corrected the false positive. Both KIS 2020 and HitmanPro now scan clear.

KIS 2020 suddenly started quarantining V1.4.7419.18289 of Winapp2ool.exe Had to add to KIS 2020 exclusions. KIS 2020 blocks it as VHO:Trojan.Win32.Sdum.gen

KIS 2020 is not barking at the new version yet.

Testing this entry, on reboot of the system, it causes an alert message to appear in the Notification tray asking if the user wants to make the network discoverable. The default value is Yes. This could be a bit discerning for users to who are running multiple computers on a network.

Modified entry: [CyberLink PowerDVD *] Added changes for newly released PowerDVD20 [CyberLink PowerDVD *] LangSecRef=3023 Detect1=HKCU\Software\CyberLink\PowerDVD14 Detect2=HKCU\Software\CyberLink\PowerDVD15 Detect3=HKCU\Software\CyberLink\PowerDVD16 Detect4=HKCU\Software\CyberLink\PowerDVD17 Detect5=HKCU\Software\CyberLink\PowerDVD18 Detect6=HKCU\Software\CyberLink\PowerDVD19 Detect7=HKCU\Software\CyberLink\PowerDVD20 Default=False FileKey1=%CommonAppData%\Cyberlink\Evoparser|*.xml FileKey2=%LocalAppData%\Cyberlink\DigitalHome|*.log|RECURSE FileKey3=%LocalAppData%\Cyberlink\PowerDVD*|*.log|RECURSE FileKey4=%LocalAppData%\Cyberlink\PowerDVD*\cache*|*.*|RECURSE FileKey5=%LocalAppData%\Cyberlink\PowerDVD*\CL_DMP_Browser|*.*|RECURSE FileKey6=%LocalAppData%\Cyberlink\PowerDVD*\DB*\computer|*.db|RECURSE FileKey7=%LocalAppData%\Cyberlink\PowerDVD*\DefaultMember|*.*|RECURSE RegKey1=HKCU\Software\CyberLink\PowerDVD15\CLMPSvc\MediaObj\MediaCache5\Data5 RegKey2=HKCU\Software\CyberLink\PowerDVD15\CLMPSvc\MediaObj\MediaCache5\ProgramInfo RegKey3=HKCU\Software\CyberLink\PowerDVD15\CLMPSvc\MediaObj\MediaCache5\Thumbnail5 RegKey4=HKCU\Software\CyberLink\PowerDVD16\CLMPSvc\MediaObj\MediaCache5\Data5 RegKey5=HKCU\Software\CyberLink\PowerDVD16\CLMPSvc\MediaObj\MediaCache5\ProgramInfo RegKey6=HKCU\Software\CyberLink\PowerDVD16\CLMPSvc\MediaObj\MediaCache5\Thumbnail5 RegKey7=HKCU\Software\CyberLink\PowerDVD17\CLMPSvc\MediaObj\MediaCache5\Data5 RegKey8=HKCU\Software\CyberLink\PowerDVD17\CLMPSvc\MediaObj\MediaCache5\ProgramInfo RegKey9=HKCU\Software\CyberLink\PowerDVD17\CLMPSvc\MediaObj\MediaCache5\Thumbnail5 RegKey10=HKCU\Software\CyberLink\PowerDVD18\CLMPSvc\MediaObj\MediaCache5\Data5 RegKey11=HKCU\Software\CyberLink\PowerDVD18\CLMPSvc\MediaObj\MediaCache5\ProgramInfo RegKey12=HKCU\Software\CyberLink\PowerDVD18\CLMPSvc\MediaObj\MediaCache5\Thumbnail5 RegKey13=HKCU\Software\CyberLink\PowerDVD19\CLMPSvc\MediaObj\MediaCache5\Data5 RegKey14=HKCU\Software\CyberLink\PowerDVD19\CLMPSvc\MediaObj\MediaCache5\ProgramInfo RegKey15=HKCU\Software\CyberLink\PowerDVD19\CLMPSvc\MediaObj\MediaCache5\Thumbnail5 RegKey16=HKCU\Software\CyberLink\PowerDVD20\CLMPSvc\MediaObj\MediaCache5\Data5 RegKey17=HKCU\Software\CyberLink\PowerDVD20\CLMPSvc\MediaObj\MediaCache5\ProgramInfo RegKey18=HKCU\Software\CyberLink\PowerDVD20\CLMPSvc\MediaObj\MediaCache5\Thumbnail5

New entry: [CobraTek PC Info Logs *] [CobraTek PC Info Logs *] Detect=HKCU\Software\CobraTek\PC Info LangSecRef=3024 Default=False FileKey1=%LocalAppData%\CobraTek\PC Info\ChangeLog|*.txt FileKey2=%LocalAppData%\CobraTek\PC Info\Log|*.*