-
Posts
1,116 -
Joined
-
Last visited
Posts posted by siliconman01
-
-
9 hours ago, Winapp2.ini said:
I regret saying this I haven't had time for winapp2ool as I am a teacher in NYC and things are... hectic to say the least.. lol
No problemo! By far, our kids' safety and teaching are far more important. Just keep yourself safe as well.
-
Modified entry: [Dell Logs *]
Added: FileKey7, FileKey9, FileKey10, FileKey13
[Dell Logs *] LangSecRef=3024 Detect1=HKLM\Software\Dell\MUP Detect2=HKLM\Software\Dell\UpdateService Detect3=HKLM\Software\PC-Doctor DetectFile1=%AppData%\Creative\DELL Webcam Center DetectFile2=%CommonAppData%\Dell DetectFile3=%LocalAppData%\Dell DetectFile4=%LocalAppData%\SupportSoft\DellSupportCenter DetectFile5=%ProgramFiles%\Dell* FileKey1=%AppData%\Creative\DELL Webcam Center|MO_Log.txt FileKey2=%AppData%\PCDr\*\Logs|*.* FileKey3=%CommonAppData%\Dell\*\Log|*.* FileKey4=%CommonAppData%\Dell\*\Logs|*.* FileKey5=%CommonAppData%\Dell\D3\pla\*\*|*.txt|REMOVESELF FileKey6=%CommonAppData%\Dell\D3\Resources\Logs\serilog|*.* FileKey7=%CommonAppData%\Dell\DellDataVault\Log|*.*|RECURSE FileKey8=%CommonAppData%\Dell\Drivers\*|*.log;*.tmp|RECURSE FileKey9=%CommonAppData%\Dell\SARemediation\Log|*.*|RECURSE FileKey10=%CommonAppData%\Dell\TrustedDevice|*.log FileKey11=%CommonAppData%\Dell\Update|*.txt FileKey12=%CommonAppData%\Dell\UpdateService\Clients\Update|*.log FileKey13=%CommonAppData%\Dell\UpdateService\Log|*.* FileKey14=%CommonAppData%\Dell\UpdateService\UpdatePackage\Log|*.txt FileKey15=%CommonAppData%\PCDr\*\Cache|*.xml FileKey16=%CommonAppData%\PCDr\*\Cache\archives|*.*|RECURSE FileKey17=%CommonAppData%\PCDr\*\Cache\BUMA|*.* FileKey18=%CommonAppData%\PCDr\*\Cache\DriverScan|*.* FileKey19=%CommonAppData%\PCDr\*\Logs|*.* FileKey20=%LocalAppData%\Dell\*\Log|*.* FileKey21=%LocalAppData%\Dell\DellMobileConnect|*.log FileKey22=%LocalAppData%\SupportSoft\DellSupportCenter\*\state\logs|*.* FileKey23=%ProgramFiles%\Dell*|*.log|RECURSE
Modified entry: [Dell SupportAssist Agent *]
Changed FileKey3 from RECURSE to REMOVESELF
[Dell SupportAssist Agent *] LangSecRef=3024 Detect=HKLM\Software\Dell\SupportAssistAgent FileKey1=%CommonAppData%\PCDr\*\snapshots\*|*.* FileKey2=%CommonAppData%\SupportAssist\Client\Agent\Downloads|*.*|RECURSE FileKey3=%CommonAppData%\SupportAssist\Client\Agent\Logs\*|*.*|REMOVESELF FileKey4=%CommonAppData%\SupportAssist\Client\SRE|*.log FileKey5=%CommonAppData%\SupportAssist\Client\SRE\ExtendedLogs|*.* FileKey6=%CommonAppData%\SupportAssist\Client\TechnicianToolkit\Library\Logs|*.*|RECURSE FileKey7=%CommonAppData%\SupportAssist\Client\TechnicianToolkit\Library\RegBackup|*.* FileKey8=%CommonAppData%\SupportAssist\Client\TechnicianToolkit\Library\Temp|*.*|RECURSE
Modified entry: [Intel Graphics Command Center *]
Added FileKey1
[Intel Graphics Command Center *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\AppUp.IntelGraphicsExperience_8j3eq9eme6ctt FileKey1=%LocalAppData%\Intel\GCC|*.txt FileKey2=%LocalAppData%\Packages\AppUp.IntelGraphicsExperience_*\AC\BackgroundTransferApi|*.*|RECURSE FileKey3=%LocalAppData%\Packages\AppUp.IntelGraphicsExperience_*\AC\INet*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\AppUp.IntelGraphicsExperience_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey5=%LocalAppData%\Packages\AppUp.IntelGraphicsExperience_*\AC\Temp|*.*|RECURSE FileKey6=%LocalAppData%\Packages\AppUp.IntelGraphicsExperience_*\LocalCache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\AppUp.IntelGraphicsExperience_*\LocalState|gcc_log_*.txt FileKey8=%LocalAppData%\Packages\AppUp.IntelGraphicsExperience_*\LocalState\Games2\cache|*.*|RECURSE FileKey9=%LocalAppData%\Packages\AppUp.IntelGraphicsExperience_*\LocalState\Intel\GCC|gcc_log_*.txt FileKey10=%LocalAppData%\Packages\AppUp.IntelGraphicsExperience_*\LocalState\MetroLogs|*.*|RECURSE FileKey11=%LocalAppData%\Packages\AppUp.IntelGraphicsExperience_*\LocalState\Promotions|*.*|RECURSE FileKey12=%LocalAppData%\Packages\AppUp.IntelGraphicsExperience_*\TempState|*.*|RECURSE
-
Modifiec entry: [Cyberlink PowerDVD *]
Added Filekey2
[CyberLink PowerDVD *] LangSecRef=3023 Detect1=HKCU\Software\CyberLink\PowerDVD14 Detect2=HKCU\Software\CyberLink\PowerDVD15 Detect3=HKCU\Software\CyberLink\PowerDVD16 Detect4=HKCU\Software\CyberLink\PowerDVD17 Detect5=HKCU\Software\CyberLink\PowerDVD18 Detect6=HKCU\Software\CyberLink\PowerDVD19 Detect7=HKCU\Software\CyberLink\PowerDVD20 FileKey1=%CommonAppData%\Cyberlink\Evoparser|*.xml FileKey2=%CommonAppData%\SUPPORTDIR\*|*.log FileKey3=%LocalAppData%\Cyberlink\DigitalHome|*.log|RECURSE FileKey4=%LocalAppData%\Cyberlink\PowerDVD*|*.log|RECURSE FileKey5=%LocalAppData%\Cyberlink\PowerDVD*\cache*|*.*|RECURSE FileKey6=%LocalAppData%\Cyberlink\PowerDVD*\CL_DMP_Browser|*.*|RECURSE FileKey7=%LocalAppData%\Cyberlink\PowerDVD*\DB*\computer|*.db|RECURSE FileKey8=%LocalAppData%\Cyberlink\PowerDVD*\DefaultMember|*.*|RECURSE RegKey1=HKCU\Software\CyberLink\PowerDVD15\CLMPSvc\MediaObj\MediaCache5\Data5 RegKey2=HKCU\Software\CyberLink\PowerDVD15\CLMPSvc\MediaObj\MediaCache5\ProgramInfo RegKey3=HKCU\Software\CyberLink\PowerDVD15\CLMPSvc\MediaObj\MediaCache5\Thumbnail5 RegKey4=HKCU\Software\CyberLink\PowerDVD16\CLMPSvc\MediaObj\MediaCache5\Data5 RegKey5=HKCU\Software\CyberLink\PowerDVD16\CLMPSvc\MediaObj\MediaCache5\ProgramInfo RegKey6=HKCU\Software\CyberLink\PowerDVD16\CLMPSvc\MediaObj\MediaCache5\Thumbnail5 RegKey7=HKCU\Software\CyberLink\PowerDVD17\CLMPSvc\MediaObj\MediaCache5\Data5 RegKey8=HKCU\Software\CyberLink\PowerDVD17\CLMPSvc\MediaObj\MediaCache5\ProgramInfo RegKey9=HKCU\Software\CyberLink\PowerDVD17\CLMPSvc\MediaObj\MediaCache5\Thumbnail5 RegKey10=HKCU\Software\CyberLink\PowerDVD18\CLMPSvc\MediaObj\MediaCache5\Data5 RegKey11=HKCU\Software\CyberLink\PowerDVD18\CLMPSvc\MediaObj\MediaCache5\ProgramInfo RegKey12=HKCU\Software\CyberLink\PowerDVD18\CLMPSvc\MediaObj\MediaCache5\Thumbnail5 RegKey13=HKCU\Software\CyberLink\PowerDVD19\CLMPSvc\MediaObj\MediaCache5\Data5 RegKey14=HKCU\Software\CyberLink\PowerDVD19\CLMPSvc\MediaObj\MediaCache5\ProgramInfo RegKey15=HKCU\Software\CyberLink\PowerDVD19\CLMPSvc\MediaObj\MediaCache5\Thumbnail5 RegKey16=HKCU\Software\CyberLink\PowerDVD20\CLMPSvc\MediaObj\MediaCache5\Data5 RegKey17=HKCU\Software\CyberLink\PowerDVD20\CLMPSvc\MediaObj\MediaCache5\ProgramInfo RegKey18=HKCU\Software\CyberLink\PowerDVD20\CLMPSvc\MediaObj\MediaCache5\Thumbnail5
-
Modified entry: [Malwarebytes Anti-Malware *]
Added FileKey7=%LocalAppData%\Crashdumps\Malwarebytes|*.*|REMOVESELF
[Malwarebytes Anti-Malware *] LangSecRef=3024 Detect=HKCU\Software\Malwarebytes DetectFile=%ProgramFiles%\Malwarebytes Anti-Malware\mbam.exe Warning=You must manually and temporarily turn off Malwarebytes "self-protection" to remove the logs. FileKey1=%AppData%\Malwarebytes\Malwarebytes*Anti-Malware\Logs|*.* FileKey2=%CommonAppData%\Malwarebytes\Malwarebytes*Anti-Malware|mbam-setup.exe FileKey3=%CommonAppData%\Malwarebytes\Malwarebytes*Anti-Malware\Logs|*.* FileKey4=%CommonAppData%\Malwarebytes\MBAMService|*.log;*.bak;*.regtrans-ms;*.TM.blf;*-ntuser.dat;*.LOG1;*.LOG2;*-UsrClass.dat FileKey5=%CommonAppData%\Malwarebytes\MBAMService\logs|*.* FileKey6=%CommonAppData%\Malwarebytes\MBAMService\ScanResults|*.* FileKey7=%LocalAppData%\Crashdumps\Malwarebytes|*.*|REMOVESELF
-
Modified entry: [Quicken *]
Added FileKey6 and FileKey7
[Quicken *] LangSecRef=3021 Detect1=HKLM\Software\Intuit\Quicken Detect2=HKLM\Software\Quicken FileKey1=%AppData%\Intuit\Quicken\Log|*.txt;*.log FileKey2=%AppData%\Quicken\Log|*.txt;*.log FileKey3=%CommonAppData%\Intuit\Quicken\Log|*.log FileKey4=%CommonAppData%\Intuit\Quicken\Log\installer|*.*|REMOVESELF FileKey5=%CommonAppData%\Intuit\SendError|*.log FileKey6=%CommonAppData%\Quicken\Inet\QWWebData|Log.old FileKey7=%CommonAppData%\Quicken\Inet\QWWebData\Cache|*.* FileKey8=%CommonAppData%\Quicken\Log|*.log FileKey9=%CommonAppData%\Quicken\Log\installer|*.*|REMOVESELF FileKey10=%CommonAppData%\Quicken\SendError|*.log FileKey11=%LocalAppData%\Intuit\Common\Authorization\V1\Logs|*.txt FileKey12=%LocalAppData%\Quicken\Common\Authorization\V1\Logs|*.txt FileKey13=%ProgramFiles%\Quicken\PDFDrv|install.log;InstallPDFConverter.log
-
Modified entry: [Dell Logs *]
Changed FileKey15 from FileKey15=%CommonAppData%\PCDr\*\Logs|*.Log to FileKey15=%CommonAppData%\PCDr\*\Logs|*.* to remove all files in this Logs folder.
[Dell Logs *] LangSecRef=3024 Detect1=HKLM\Software\Dell\MUP Detect2=HKLM\Software\Dell\UpdateService Detect3=HKLM\Software\PC-Doctor DetectFile1=%AppData%\Creative\DELL Webcam Center DetectFile2=%CommonAppData%\Dell DetectFile3=%LocalAppData%\Dell DetectFile4=%LocalAppData%\SupportSoft\DellSupportCenter DetectFile5=%ProgramFiles%\Dell* FileKey1=%AppData%\Creative\DELL Webcam Center|MO_Log.txt FileKey2=%AppData%\PCDr\*\Logs|*.* FileKey3=%CommonAppData%\Dell\*\Log|*.* FileKey4=%CommonAppData%\Dell\*\Logs|*.* FileKey5=%CommonAppData%\Dell\D3\pla\*\*|*.txt|REMOVESELF FileKey6=%CommonAppData%\Dell\D3\Resources\Logs\serilog|*.* FileKey7=%CommonAppData%\Dell\Drivers\*|*.log;*.tmp|RECURSE FileKey8=%CommonAppData%\Dell\Update|*.txt FileKey9=%CommonAppData%\Dell\UpdateService\Clients\Update|*.log FileKey10=%CommonAppData%\Dell\UpdateService\UpdatePackage\Log|*.txt FileKey11=%CommonAppData%\PCDr\*\Cache|*.xml FileKey12=%CommonAppData%\PCDr\*\Cache\archives|*.*|RECURSE FileKey13=%CommonAppData%\PCDr\*\Cache\BUMA|*.* FileKey14=%CommonAppData%\PCDr\*\Cache\DriverScan|*.* FileKey15=%CommonAppData%\PCDr\*\Logs|*.* FileKey16=%LocalAppData%\Dell\*\Log|*.* FileKey17=%LocalAppData%\Dell\DellMobileConnect|*.log FileKey18=%LocalAppData%\SupportSoft\DellSupportCenter\*\state\logs|*.* FileKey19=%ProgramFiles%\Dell*|*.log|RECURSE
-
-
3 hours ago, Winapp2.ini said:
A small update is available for winapp2ool that improves the Diff module's output
Is version 1.4.7550.20152 still considered "beta"?
-
-
Visual Studio 2015/2017/2019 C++ Redistributable has been updated to 14.27.29016.0
https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads
-
Modified entry: [Syncios Cell Phone Backup & Manage *]
Added Detect3
[Syncios Cell Phone Backup & Manage *] LangSecRef=3024 Detect1=HKCU\Software\Syncios Detect2=HKCU\Software\Syncios Data Transfer Detect3=HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\Syncios Data Transfer.exe FileKey1=%AppData%\app_sycnios_transfer_loader|*.*|REMOVESELF FileKey2=%AppData%\Syncios|android.log;log.txt FileKey3=%AppData%\Syncios Data Transfer|*.log|RECURSE FileKey4=%AppData%\Syncios Data Transfer\GPUCache|*.* FileKey5=%Documents%\Syncios Data Transfer|preference_conf.ini.old.bak FileKey6=%SystemDrive%\temp|*.*|REMOVESELF
-
Visual Studio 2015/2017/2019 C++ Redistributable has been updated to 14.26.28720.3
https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads
-
JFI for those users of Winapp2ool.exe (beta version 1.4.7441.15296), VirusTotal is showing 6 engines detecting the tool as infected. In my case, I use Bitdefender Internet Security 2020 and it is tagging the tool as Gen.Variant.Razy.675528. I submitted the file to Bitdefender on 29-May and thus far there has been no FP correction.
-
Modified Entry: [Bitdefender *]
Added FileKey2
[Bitdefender *] LangSecRef=3024 Detect1=HKLM\Software\Bitdefender\Bitdefender Internet Security Detect2=HKLM\Software\Bitdefender\Bitdefender Total Security Detect3=HKLM\Software\Bitdefender\Bitdefender Total Security 2015 Detect4=HKLM\Software\Softwin\Bitdefender Antivirus FileKey1=%AppData%\Bitdefender\Desktop\profiles\Logs\*|*.xml FileKey2=%CommonAppData%\Bitdefender\DTrace|*.log FileKey3=%ProgramFiles%\Softwin\Bitdefender*\Logs|*.* FileKey4=%SystemDrive%|bdlog.txt
-
Okay, I have 1.4.7427.18862 on all my systems and it does not get flagged via VirusTotal. HitManPro is no longer flagging it either. Be interesting to see what KIS 2020 does the next time you issue a new Beta and Winapp2ool.exe beta attempts to upgrade automatically
-
56 minutes ago, Winapp2.ini said:
The hash of your copy of winapp2ool is different from the one I posted, are you using the latest version? 1.4.7427.18862
No, the one I get from the Beta download URL is 1.4.7427.18038.
-
1 hour ago, Winapp2.ini said:
Unfortunately I can only go by VirusTotal and it currently shows clear.
It seems kaspersky is being particularly hostile here, but I'm not sure why as none of these vendors provide tremendous information on their flagging motivations (for good reasons I suppose)
VirusTotal is showing Kaspersky and ZoneAlarm flagging Winapp2ool.exe as a trojan.
-
-
I'm not seeing that behavior either on Beta version 1.4.7427.18038. It seems to be working okay
[Trim]
TrimFile1_Name=winapp2.ini
TrimFile1_Dir=C:\Program Files\CCleaner
TrimFile2_Name=whitelist.ini
TrimFile2_Dir=C:\Program Files\CCleaner
TrimFile3_Name=winapp2.ini
TrimFile3_Dir=C:\Program Files\CCleaner
TrimFile4_Name=blacklist.ini
TrimFile4_Dir=C:\Program Files\CCleaner
DownloadFileToTrim=False
UseWhiteList=True
useBlackList=True
ModuleSettingsChanged=True -
Winapp2ool.exe v1.4.7426.15696 does not save the useblacklist=TRUE status in winapp2ool.ini when using both a Whitelist and Blacklist in the CCleaner folder.
[Trim]
MergeFile1_Name=winapp2.ini
MergeFile1_Dir=C:\Program Files\CCleaner
MergeFile3_Name=winapp2.ini
MergeFile3_Dir=C:\Program Files\CCleaner
DownloadFileToTrim=False
ModuleSettingsChanged=True
TrimFile1_Name=whitelist.ini
TrimFile1_Dir=C:\Program Files\CCleaner
TrimFile2_Name=whitelist.ini
TrimFile2_Dir=C:\Program Files\CCleaner
TrimFile3_Name=winapp2.ini
TrimFile3_Dir=C:\Program Files\CCleaner
TrimFile4_Name=blacklist.ini
TrimFile4_Dir=C:\Program Files\CCleaner
UseWhiteList=True
useBlackList=FalseUPDATE: If UseWhiteList=True and useBlacklist=True at the same time, a TRIM removes all of the Winapp2.ini entries and leaves only the Whitelist entries....weird.
-
I have a Whitelist.ini and Blacklist.ini in my CCleaner folder. Using Winapp2ool.exe v1.4.7426.15696, the Whitelist.ini and Blacklist.ini appear to be honored.
-
18 minutes ago, Winapp2.ini said:
the latest winapp2ool beta build includes support for adding a whitelist and a blacklist to the trim process.
simply fill a whitelist.ini and/or blacklist.ini file with the headers (you don't need the whole entry, just the [Header *] of entries you want to never trim or always trim
entries in whitelist.ini will always be kept in the file, irrespective of whether or not the detection criteria are met
entries in blacklist.ini will never be kept in the file, likewise.
The menu might be a little wonky!
Is the beta version 1.4.7426.13493 ??
-
50 minutes ago, Winapp2.ini said:
Hooray!
Apparently, Kaspersky uses the Build and Version number of Windows 10 to issue corrections on False Positives. Kaspersky has not caught up with the latest Insider Build 19619.1000 Version 2004 and is continuing to flag Winapp2ool.exe on my Insider test computer.
-
15 hours ago, Winapp2.ini said:
This hasn't shown up on VirusTotal yet but I'll submit it to them through their False Positive page, thanks for the TrojanID
HitManPro also detects the Trojan as long as Kaspersky is falsely detecting it.
UPDATE as of 01-May-2020 04:30 am EDT. It appears that Kaspersky has corrected the false positive. Both KIS 2020 and HitmanPro now scan clear.
Visual C++ Redistributables
in Software
Posted
Visual Studio 2015/2017/2019 C++ Redistributable has been updated to 14.27.29112.0
https://support.microsoft.com/en-us/help/2977003/the-latest-supported-visual-c-downloads