Jump to content

ident

Experienced Members
  • Posts

    1,627
  • Joined

  • Last visited

Everything posted by ident

  1. And? CCleaner also disables reg items via startup like MSCONFIG does. But that does not mean it should ever be done.
  2. every action has a chance of making files less recoverable. You cant decide when windows deletes these files. should of made a shadow copy first
  3. what is the issue? if you want it to apply to all files, you have to add a hive to HKEY CLASSES ROOT/* which is basic enough. EX: HKEY_CLASSES_ROOT\123\shell\******** HKEY_CLASSES_ROOT\123\shell\********\command @=C:\Program Files\********folder\********.EXE %1 This was an unfinished test mock(15 years ago or just under i think) i used that allowed a user to download CCleaner, install & uninstall context menus and upload multiple files to image shack. Imports DX Imports Rhino.Mocks Imports Rhino.Mocks.Constraints Imports Xunit Imports Xunit.Extensions ' Tests the ShellContextMenuProcess class. Public Class TestShellContextMenuProcess <Fact()> _ Public Sub SetProcessManager_ProcessManagerIsNull_Throws() Dim expectedExceptionType As Type = GetType(ArgumentNullException) Dim exceptionWasThrown As Boolean Try Dim sut As New ShellContextMenuProcess() sut.SetProcessManager(Nothing) Catch ex As Exception exceptionWasThrown = True Assert.IsType(expectedExceptionType, ex) End Try Assert.True(exceptionWasThrown, "Exception was not thrown.") End Sub <Fact()> _ Public Sub StartInstall_Invariant_UsesRegisterArgument() Dim sut As New ShellContextMenuProcess() Dim expectedMode As String = "register" Dim processManagerMock As ProcessManager = New ProcessManagerMockThatExpectsModeArgument(expectedMode) sut.SetProcessManager(processManagerMock) sut.Install() CType(processManagerMock, ProcessManagerMockThatExpectsModeArgument).Verify() End Sub <Fact()> _ Public Sub StartUninstall_Invariant_UsesUnregisterArgument() Dim sut As New ShellContextMenuProcess() Dim expectedMode As String = "unregister" Dim processManagerMock As ProcessManager = New ProcessManagerMockThatExpectsModeArgument(expectedMode) sut.SetProcessManager(processManagerMock) sut.Uninstall() CType(processManagerMock, ProcessManagerMockThatExpectsModeArgument).Verify() End Sub <Fact()> _ Public Sub WaitForExit_Success_ReturnsTrue() Dim expectedValue As Boolean = True Dim sut As New ShellContextMenuProcess() Dim processManagerStub As ProcessManager = New ProcessManagerStubThatReturnsSpecificExitCode(ShellContextMenuProcess.SuccessCode) sut.SetProcessManager(processManagerStub) Dim actualValue As Boolean = sut.Install() Assert.Equal(expectedValue, actualValue) End Sub <Fact()> _ Public Sub WaitForExit_Failure_ReturnsFalse() Dim expectedValue As Boolean = False Dim sut As New ShellContextMenuProcess() Dim processManagerStub As ProcessManager = New ProcessManagerStubThatReturnsSpecificExitCode(ShellContextMenuProcess.FailureCode) sut.SetProcessManager(processManagerStub) Dim actualValue As Boolean = sut.Install() Assert.Equal(expectedValue, actualValue) End Sub ' Handwritten mock that tests that the Arguments property is set and it has the expected mode. Private Class ProcessManagerMockThatExpectsModeArgument Inherits ProcessManager Private Const ExpectedNumberOfArguments As Integer = 2 Private _expectedMode As String Private _propertyWasSet As Boolean Public Sub New(ByVal expectedMode As String) MyBase.New("asdf") _expectedMode = expectedMode _propertyWasSet = False End Sub Public Overrides Property Arguments() As String() Get Return MyBase.Arguments End Get Set(ByVal value As String()) Assert.Equal(ExpectedNumberOfArguments, value.Length) Assert.Equal(_expectedMode, value(1)) MyBase.Arguments = value _propertyWasSet = True End Set End Property Public Sub Verify() Assert.True(_propertyWasSet, "Arguments was not set.") End Sub ' Always returns success Protected Overrides Function GetExitCodeCore() As Integer Return ShellContextMenuProcess.SuccessCode End Function Protected Overrides Sub StartProcess() ' Do nothing, we don't need to start a process for tests. End Sub Protected Overrides Sub WaitForExitCore() ' Do nothing. End Sub End Class ' ProcessManager stub that returns a desired exit code and has no other logic. Public Class ProcessManagerStubThatReturnsSpecificExitCode Inherits ProcessManager Private _exitCode As Integer Public Sub New(ByVal exitCode As Integer) MyBase.New("asdf") _exitCode = exitCode End Sub Protected Overrides Function GetExitCodeCore() As Integer Return _exitCode End Function Protected Overrides Sub StartProcess() ' Do nothing. End Sub Protected Overrides Sub WaitForExitCore() ' Do nothing End Sub End Class End Class Imports DX Imports Xunit Imports Xunit.Extensions Imports Rhino.Mocks ' Tests the ShellContextMenuInstaller class. Public Class TestShellContextMenuInstaller <Fact()> _ Public Sub Install_Failure_ReturnsFalse() Dim expectedValue As Boolean = False Dim sut As New ShellContextMenuInstaller() Dim processStub As ShellContextMenuProcess = New ShellContextMenuProcessStub_ReturnsSpecificValue_FromGetWaitForExit(expectedValue) sut.SetProcess(processStub) Dim actualValue As Boolean = sut.Install() Assert.Equal(expectedValue, actualValue) End Sub <Fact()> _ Public Sub Install_Success_ReturnsTrue() Dim expectedValue As Boolean = True Dim sut As New ShellContextMenuInstaller() Dim processStub As ShellContextMenuProcess = New ShellContextMenuProcessStub_ReturnsSpecificValue_FromGetWaitForExit(expectedValue) sut.SetProcess(processStub) Dim actualValue As Boolean = sut.Install() Assert.Equal(expectedValue, actualValue) End Sub <Fact()> _ Public Sub Uninstall_Failure_ReturnsFalse() Dim expectedValue As Boolean = False Dim sut As New ShellContextMenuInstaller() Dim processStub As ShellContextMenuProcess = New ShellContextMenuProcessStub_ReturnsSpecificValue_FromGetWaitForExit(expectedValue) sut.SetProcess(processStub) Dim actualValue As Boolean = sut.Uninstall() Assert.Equal(expectedValue, actualValue) End Sub <Fact()> _ Public Sub Uninstall_Success_ReturnsTrue() Dim expectedValue As Boolean = True Dim sut As New ShellContextMenuInstaller() Dim processStub As ShellContextMenuProcess = New ShellContextMenuProcessStub_ReturnsSpecificValue_FromGetWaitForExit(expectedValue) sut.SetProcess(processStub) Dim actualValue As Boolean = sut.Uninstall() Assert.Equal(expectedValue, actualValue) End Sub Private Class ShellContextMenuProcessStub_ReturnsSpecificValue_FromGetWaitForExit Inherits ShellContextMenuProcess Private _expectedValue As Boolean Public Sub New(ByVal expectedValue As Boolean) MyBase.New() _expectedValue = expectedValue Dim mocks As New MockRepository() SetProcessManager(mocks.Stub(Of ProcessManager)("asdf")) End Sub Public Overrides Function GetTargetPath() As String Return "" End Function Protected Overrides Function WaitForExit() As Boolean Return _expectedValue End Function End Class End Class Passing a List(of Q off to a task factory, for instance, is nothing to you guys. Whats the issue? I understand each new file would be sent to a new instance, so this leaves us with a couple options I know which ain't pretty like me 1) SEND TO PATH: Nasty ain't it. No commands would be needed but.....yes let's move on from that one. 2) could CC work with MultiSelectModel verb..... Too tired to look into this but it's how video plays work. I think. 3) let me write the class for you in VB.Net http://www.vbforums.com/member.php?113656-ident
  4. Why you running it in safemode? The only purpose in running things in safe mode is when the malware is stopping programs from running in regular mode. You are experience odd behavior for the whole point of SF. Malware cant be completed loaded into memory . The amount of times we see members suggesting run MBAM is shocking. It's an option that can be used if all else fails. A Bad option. MBAM relies on runtime files in the net library. The same as CCleaners c++ uses libs.
  5. Instructions for scans removed as per rule 10 https://forum.piriform.com/announcement/15-forum-rules/ Poster has also indicated the thread is closed as far as he is concerned.
  6. It's not an Exception since it was a user dialog options choice. Making choice once, then recreating a dialog is not needed. An oversight but that's annoying. Retry would be for an unexpected exception where the control was out of our hands. I can see this confusing user and loop this repetitive cycle more than once. https://gyazo.com/e0c4ff36756d9795b63c9b8a5f47ecf1
  7. You are walking into danger with duplicates. Leave them alone and be done with it. If you are worried about space run https://windirstat.net
  8. Customers are "next" trigger happy. My advice install uncheck https://unchecky.com
  9. If adobe is using the same location then it's apps login page will be using Trident. So they are using IE uner the hood hence the location. Companys like that will follow basic rules. Program files fro programs, app data for application data. if Trident is being used which likely is, it's IE engine so yes it will store there. End of te day buddy it's a text file.
  10. which says to me something is blocking it. I can't assist with Malware on here. But i can get you to run FRST which is a diagnostic tool. Farbar Recovery Scan Tool NOTE: You need to run the version compatible with your system, if you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. NOTE: If you are unable to download the tools, the tools can be saved to and run from a USB flash drive. All scans are to be run in Normal Mode. Do not run anything in "Safe Mode," unless you are instructed to do so. This will allow getting a more in-depth insight. If you are infected I cannot advise anything here but can forward you to our trusted forum. That said, I am not looking for infections, just a possible conflicting application. All Logs will be treated 100% confidential. I am happy for you to post the logs VIA PM but any instructions i feel warrant a script I will need to check with the mods first. Let's go! Run Farbar Recovery Scan Tool (FRST): Double-click to run it. When the tool opens click Yes to the disclaimer. Press Scan button. Farbar Recovery Scan Tool will produce the following logs: FRST.txt Addition.txt I need to see in your next reply or private FRST.txt Addition.txt
  11. It's nothing to do with ccleaner. This is a duplicate thread from yesterday. Jesus block them with the host file if so concerned 127.0.0.1 connect.facebook.net
  12. You have already posted this thread and ignored responses.
  13. Are you using MSE? Try adding it's directory to whitelist "C:\Program Files:\CCleaner" I believe IE history gets cleaned first which produces the appearance of "hanging".
  14. can you unmask the image.
  15. Carpenter yes. Twenty-Two years in software development. At Thirteen wrote a module for Microsoft for the MSN chat network IRCX protocol. Classic vb (1997/2002) VB.net, C# (2002 present day) PHP, JavaScript, HTML . MySqL, XML, C++, C . Technologies/Other: Regular Expressions, Internet IRCD, IRCX, MIRC, CSS, ASP, ASPX, Windows application development. I dedicated my life since 16 to my main job and to help others for free. Two years I studied under One of the schools listed on this site as a Malware academy. Every day I help malware victims, your attitude is of little shock. We often get abuse.
  16. who actually care about personal computer security I would suggest learning about security before flying off the handle at members offering you assistance. The third stage attack was found on 4 piriform employees machines. All hardware has now been moved to AVAST's own network. I cannot say anything else. The public will be updated when and if needed. You have nothing to worry about currently.
  17. Expanding on that even back in 1996 35 passes was pointless. It was a method designed to cover all bases, which was not understood by most and lead to a lot of criticism. It was never intended to set a standard. Was simply his own work.
  18. you do realize 35 passes was designed to use random encoding on drives from 1996 and before that. Nearly all of it's passes do nothing. Logical guess it's retained to stop weekly threads asking for it to be implemented. Peter Gutmanns follow up. "years" later. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes.
  19. Do you understand what I mean by saying reflection? The reason it's unchecked is that the registry hive does not reflect the checkboxs state and visa versa. This could be due to a number of reasons, however, we have little information to go by. You must keep in mind XP is no longer support and from a developers point adding a context menu entry is different to later versions. Granted you say the same setup works as expected on an identical build. I am not there to prove that either way. Real-time protection, a different AV or something like win patrol etc. I'd be happy to look at an FRST log. https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
  20. The checkbox reflects the registry hive setting. If it's not being set then the checkbox wont reflect this.The context menu will require admin priveledges. What happens if you rollback to the previous version you used?
  21. To find what file is taking up space use windirstat https://windirstat.net
  22. The files still exist regardless. deleted files only have the pointer removed. 51gb is a lot of files. My advice let ccleaner have it's way and run for a while, without overwriting. Failing that you could also have a looking with https://windirstat.net
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.