Does anyone have a TrueCrypt entry for Winapp2.ini that they will share?

CCleaner for Windows
1

Just wondering if anyone has created a TrueCrypt Winapp2.ini entry that they would share?

(for all of the Registry keys that Windows throws in there)

Thanks,

GWaite

2

Why would you want to add support for TrueCrypt disk encryption software??

Richard S.

3

Politeness... (and self-preservation) :)

I'm a consultant - I keep my corporate and customer data in a TrueCrypt volume on a portable drive - (with TrueCrypt portable on there also). Often, I will plug into a customer's computer to get at some info that I need.

Sometimes I get questions about the registry entries that I've left on a customer's workstation. I would just like to "clean up after myself" and save the customer and myself some discomfort.

TrueCrypt only makes a couple of registry entries - and I know which ones those are. But a RegScan usually shows 40+ keys that have "TrueCrypt" in them. About 38+ of these are ones that Windows creates in the course of TrueCrypt running.

Some values are simple strings - some are embedded in bags - some are written in unicode text. Most of these keys are "Explorer" or menu related - and some of them have associated GUIDs. Since I don't know the significance of the relationship between these keys and Windows - I don't know which ones are safe to delete.

GWaite

4

I don't know about remove the stuff Windows will add into Bags, however for the rest of the settings a simple homemade. REG you could run from your USB drive could get rid of most settings.

Info here on how to make .REG files delete settings:

http://www.pcreview.co.uk/forums/delete-key-using-reg-file-t1581446.html

5

When searching for keys holding the value "TrueCrypt" also look for "Gehrpelcg"

I forget what I was looking for in sundry Windows Logs/Bags/etc,

but I noticed reference to a weird file located in P:\.

I never had any drive P:\ and I chased that to death in case Malware had installed something horrible.

I Googled the specific P:\{file name now forgotten} and got a perfect match.

It was actually a standard common file after ROT13 encryption which had converted C:\ to P:\

Rot13 is something sneaky that I had not realised was used by M.S. to conceal how much it knew of what files I used.

This is the on-line site which converted "TrueCrypt" to "Gehrpelcg"

http://faqintosh.com/risorse/en/othutil/webapps/rot13/

N.B. Run ROT13 a second time and you are back to the original.

6

Hi Alan_B... Thanks for reminding me... I had forgotten about the UserAssist key.

(FYI: The subkeys there are where Microsoft keeps a list of all of the programs that you access, so they can display the "Most frequently used" program list on your Start Menu).

Microsoft obfuscated (with ROT-13) the entries there so that if some tech was working on your machine and searching the Registry, they would not just "stumble" across the list of programs you had been running -- (Microsoft is a kind of "don't ask, don't tell" organization).

:)

(Note: If anybody cares, you can just delete the UserAssist key whenever you want - MS will rebuild it the next time you reboot).

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist

Anyway Alan_B, I'm not worried about the UserAssist key. If a customer knows about it and is going there and using a ROT-13 program to determine what programs I was running; I've got a pretty smart (and paranoid) customer and some serious trust relationship problems between us.

Normally, this whole issue comes up because a customer's IT person is doing some work on the machine and running some cheap "malware detector" that finds "TrueCrypt" in the registry and labels it as a "Possible TROJAN!!!" -- then they start talking about "spyware and malware and that damned consultant". It just takes a ton of my time to explain, and then calm the ruffled feathers of my customer (and the IT dummy). That's why I am looking for something to get rid of all of the CR*P that Windows shoves in the Registry about TrueCrypt when I use it -- just so I can get some "billable" work done.

Thanks again Alan_B -- UserAssist took me on a trip down memory lane...

------------

I've been around long enough that I knew Bill and Paul when they were starting up and had their dinky ads for BASIC in the Dr. Dobbs "newsletter" - (it wasn't even a magazine yet! -- "Running lite with overbyte").

They had a little "BASIC OS" they were working on - (WAY before DOS) -- and I was trying to get them to port it to the Intertec SuperBrain.

------------

GWaite

7

For those who are wondering what Rot13 is, it is a Caesar-cypher encryption that replaces each English letter with the one 13 places forward or back along the alphabet. Microsoft uses this method to hide reg entries to 'protect' you.

There have been a couple of threads on forum where Rot13 was mentioned, the last one you took part in Alan and also mention P:\

http://forum.piriform.com/index.php?showtopic=27662#entry166500

8

There have been a couple of threads on forum where Rot13 was mentioned, the last one you took part in Alan and also mention P:\

I had forgotten that post

I am afraid - very very afraid.

Another lady like my wife who remembers everything I ever said better than I,

and has the power to hold it against me ! ! !

9

I had forgotten that post

I am afraid - very very afraid.

Another lady like my wife who remembers everything I ever said better than I,

and has the power to hold it against me ! ! !

Its not fair at all! :P How do they do that?

But on the bright side you can trust Hazel ... if she said the world was flat, I'd sell my old globe map.

10

Then she'd make a killing by buying all of the globes at minimum price, and reinforming everyone that the world is round and selling the globes back to you :lol:

11

ROT13 is available as a little standalone exe file, no install needed. See HERE.

Winapp, how can you suspect our Hazel of chicanery? I'm aghast.

12

Tincanery (I feel like Corona!) :lol: