siliconman01 Posted May 3, 2020 Share Posted May 3, 2020 1 hour ago, Winapp2.ini said: Unfortunately I can only go by VirusTotal and it currently shows clear. https://www.virustotal.com/gui/file/5ba3effd47aed9b57a31d3398fcd35168be2d83001f78653c74ce6f141e8c9e2/detection It seems kaspersky is being particularly hostile here, but I'm not sure why as none of these vendors provide tremendous information on their flagging motivations (for good reasons I suppose) VirusTotal is showing Kaspersky and ZoneAlarm flagging Winapp2ool.exe as a trojan. Windows 10 x64 Pro on ASUS Maximus VIII Extreme motherboard, i7-6700k CPU,H220 X2 Liquid Cooler, 64 gbyte RipJaws DDR4 3200 RAM, Samsung 970 Pro NVMe M.2 500 gbyte SSD + Samsung 850 Pro 512 gbyte SSD, EVGA RTX 3060 Titan graphics card (Home Built System); Windows 11x64 Pro on 512 gigabyte Dell XPS 15 2-in-1 Laptop/tablet and Dell XPS 8940 PC and Dell XPS 16 9640 Laptop. ASUS RT-AC88U router, 14 tbyte WD My Cloud PR2100 NAS Server, 200 Mbps cable Internet, MS Edge Chromium, MS Office 2021 (Local), Casper 11, DisplayFusion (3 Flat Panel Displays per system): Latest Bitdefender Internet Security, Quicken, Weather Watcher Live, ThumbsPlus 10, Sticky Password 8, WD Smartware, CyberLink PowerDVD23, MSI AfterBurner, Rainmeter, 8GadgetPack, and many more. Link to comment Share on other sites More sharing options...
Winapp2.ini Posted May 3, 2020 Author Share Posted May 3, 2020 49 minutes ago, siliconman01 said: VirusTotal is showing Kaspersky and ZoneAlarm flagging Winapp2ool.exe as a trojan. The hash of your copy of winapp2ool is different from the one I posted, are you using the latest version? 1.4.7427.18862 winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
siliconman01 Posted May 3, 2020 Share Posted May 3, 2020 56 minutes ago, Winapp2.ini said: The hash of your copy of winapp2ool is different from the one I posted, are you using the latest version? 1.4.7427.18862 No, the one I get from the Beta download URL is 1.4.7427.18038. Windows 10 x64 Pro on ASUS Maximus VIII Extreme motherboard, i7-6700k CPU,H220 X2 Liquid Cooler, 64 gbyte RipJaws DDR4 3200 RAM, Samsung 970 Pro NVMe M.2 500 gbyte SSD + Samsung 850 Pro 512 gbyte SSD, EVGA RTX 3060 Titan graphics card (Home Built System); Windows 11x64 Pro on 512 gigabyte Dell XPS 15 2-in-1 Laptop/tablet and Dell XPS 8940 PC and Dell XPS 16 9640 Laptop. ASUS RT-AC88U router, 14 tbyte WD My Cloud PR2100 NAS Server, 200 Mbps cable Internet, MS Edge Chromium, MS Office 2021 (Local), Casper 11, DisplayFusion (3 Flat Panel Displays per system): Latest Bitdefender Internet Security, Quicken, Weather Watcher Live, ThumbsPlus 10, Sticky Password 8, WD Smartware, CyberLink PowerDVD23, MSI AfterBurner, Rainmeter, 8GadgetPack, and many more. Link to comment Share on other sites More sharing options...
Winapp2.ini Posted May 3, 2020 Author Share Posted May 3, 2020 1 minute ago, siliconman01 said: No, the one I get from the Beta download URL is 1.4.7427.18038. Try a force clear of your browser cache or updating through winapp2ool beta. If you don't see an update notification, you can type forceupdate into the main menu to make winapp2ool update itself anyway winapp2.ini additions thread winapp2.ini github Link to comment Share on other sites More sharing options...
siliconman01 Posted May 3, 2020 Share Posted May 3, 2020 Okay, I have 1.4.7427.18862 on all my systems and it does not get flagged via VirusTotal. HitManPro is no longer flagging it either. Be interesting to see what KIS 2020 does the next time you issue a new Beta and Winapp2ool.exe beta attempts to upgrade automatically Windows 10 x64 Pro on ASUS Maximus VIII Extreme motherboard, i7-6700k CPU,H220 X2 Liquid Cooler, 64 gbyte RipJaws DDR4 3200 RAM, Samsung 970 Pro NVMe M.2 500 gbyte SSD + Samsung 850 Pro 512 gbyte SSD, EVGA RTX 3060 Titan graphics card (Home Built System); Windows 11x64 Pro on 512 gigabyte Dell XPS 15 2-in-1 Laptop/tablet and Dell XPS 8940 PC and Dell XPS 16 9640 Laptop. ASUS RT-AC88U router, 14 tbyte WD My Cloud PR2100 NAS Server, 200 Mbps cable Internet, MS Edge Chromium, MS Office 2021 (Local), Casper 11, DisplayFusion (3 Flat Panel Displays per system): Latest Bitdefender Internet Security, Quicken, Weather Watcher Live, ThumbsPlus 10, Sticky Password 8, WD Smartware, CyberLink PowerDVD23, MSI AfterBurner, Rainmeter, 8GadgetPack, and many more. Link to comment Share on other sites More sharing options...
APMichael Posted May 4, 2020 Share Posted May 4, 2020 Winapp2.ini update:https://github.com/MoscaDotTo/Winapp2/commit/4e740fec28c04a9c94dd5368480f9e7c68420b7b Winapp3.ini update:https://github.com/MoscaDotTo/Winapp2/commit/ff6dcc530e4bda1d2d9abd2adca04c3abe65b429 Link to comment Share on other sites More sharing options...
Moderators Andavari Posted May 6, 2020 Moderators Share Posted May 6, 2020 New entry: [AOMEI Partition Assistant *] LangSecRef=3024 Detect=HKCU\Software\Partition Assistant Default=False FileKey1=%ProgramFiles%\AOMEI Partition Assistant\log|*.log Link to comment Share on other sites More sharing options...
SMalik Posted May 8, 2020 Share Posted May 8, 2020 Revised Entry Removed: Detects Added: DetectFile2 Fixed: %CommonAppData%\Wondershare\drfone\log|*.*|RECURSE [Wondershare dr.fone *] LangSecRef=3021 DetectFile1=%ProgramFiles%\Wondershare\drfone DetectFile2=%ProgramFiles%\Wondershare\dr.fone FileKey1=%CommonAppData%\Wondershare\drfone\log|*.*|RECURSE FileKey2=%CommonAppData%\Wondershare\dr.fone\log|*.*|RECURSE FileKey3=%CommonAppData%\Wondershare\WAF\Log|*.*|RECURSE FileKey4=%CommonAppData%\Wondershare\WAF\ProductFeatures\*Logs|*.*|RECURSE FileKey5=%CommonAppData%\Wondershare\WSRoot|*.tmp FileKey6=%CommonAppData%\Wondershare\WSRoot\Logs|*.*|RECURSE Link to comment Share on other sites More sharing options...
SMalik Posted May 9, 2020 Share Posted May 9, 2020 I think we should remove the [Security Service Token Cache *] entry. When used with built-in "Network Passwords" entry under Windows Explorer, it deletes the Shared experiences account. Link to comment Share on other sites More sharing options...
SMalik Posted May 9, 2020 Share Posted May 9, 2020 New Entries [Windows Client *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MicrosoftWindows.Client.CBS_cw5n1h2txyewy FileKey1=%LocalAppData%\Packages\MicrosoftWindows.Client.CBS_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\MicrosoftWindows.Client.CBS_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\MicrosoftWindows.Client.CBS_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\MicrosoftWindows.Client.CBS_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey5=%LocalAppData%\Packages\MicrosoftWindows.Client.CBS_*\AC\Temp|*.*|RECURSE FileKey6=%LocalAppData%\Packages\MicrosoftWindows.Client.CBS_*\AC\TokenBroker\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\MicrosoftWindows.Client.CBS_*\TempState|*.*|RECURSE [Windows Search *] DetectOS=10.0| LangSecRef=3031 Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy FileKey1=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\AppCache|*.*|RECURSE FileKey2=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\INet*|*.*|RECURSE FileKey3=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE FileKey4=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE FileKey5=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\Temp|*.*|RECURSE FileKey6=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\TokenBroker\Cache|*.*|RECURSE FileKey7=%LocalAppData%\Packages\Microsoft.Windows.Search_*\TempState|*.*|RECURSE Link to comment Share on other sites More sharing options...
APMichael Posted May 11, 2020 Share Posted May 11, 2020 Thanks for the new and revised entries. Winapp2.ini update:https://github.com/MoscaDotTo/Winapp2/commit/43f204e5e220555c1d9054bb8f40a0feed399c8a Winapp3.ini update:https://github.com/MoscaDotTo/Winapp2/commit/d42b0f628c6c66b7a5d0101d12b9642a5ffbd8f6 Link to comment Share on other sites More sharing options...
SMalik Posted May 11, 2020 Share Posted May 11, 2020 1 hour ago, APMichael said: Thanks for the new and revised entries. Winapp2.ini update:https://github.com/MoscaDotTo/Winapp2/commit/43f204e5e220555c1d9054bb8f40a0feed399c8a Winapp3.ini update:https://github.com/MoscaDotTo/Winapp2/commit/d42b0f628c6c66b7a5d0101d12b9642a5ffbd8f6 Looks like you have added [Security Service Token Cache *] into Winapp3.ini The correct name is [Security Token Service Cache *]. Also please add a warning. Link to comment Share on other sites More sharing options...
Special Posted May 15, 2020 Share Posted May 15, 2020 Any reason why not to clean out the "C:\Windows\servicing\LCU" folder? Should this be added to Winapp3.ini? Link to comment Share on other sites More sharing options...
APMichael Posted May 15, 2020 Share Posted May 15, 2020 (edited) This entry is already included in Winapp3.ini: [Windows Latest Cumulative Update *] Edit: @Special It happens. Don't worry about it. Edited May 16, 2020 by APMichael Link to comment Share on other sites More sharing options...
Special Posted May 15, 2020 Share Posted May 15, 2020 Oh, my bad. Not sure how I missed that, sorry. Link to comment Share on other sites More sharing options...
siliconman01 Posted May 19, 2020 Share Posted May 19, 2020 Modified Entry: [Bitdefender *] Added FileKey2 [Bitdefender *] LangSecRef=3024 Detect1=HKLM\Software\Bitdefender\Bitdefender Internet Security Detect2=HKLM\Software\Bitdefender\Bitdefender Total Security Detect3=HKLM\Software\Bitdefender\Bitdefender Total Security 2015 Detect4=HKLM\Software\Softwin\Bitdefender Antivirus FileKey1=%AppData%\Bitdefender\Desktop\profiles\Logs\*|*.xml FileKey2=%CommonAppData%\Bitdefender\DTrace|*.log FileKey3=%ProgramFiles%\Softwin\Bitdefender*\Logs|*.* FileKey4=%SystemDrive%|bdlog.txt Windows 10 x64 Pro on ASUS Maximus VIII Extreme motherboard, i7-6700k CPU,H220 X2 Liquid Cooler, 64 gbyte RipJaws DDR4 3200 RAM, Samsung 970 Pro NVMe M.2 500 gbyte SSD + Samsung 850 Pro 512 gbyte SSD, EVGA RTX 3060 Titan graphics card (Home Built System); Windows 11x64 Pro on 512 gigabyte Dell XPS 15 2-in-1 Laptop/tablet and Dell XPS 8940 PC and Dell XPS 16 9640 Laptop. ASUS RT-AC88U router, 14 tbyte WD My Cloud PR2100 NAS Server, 200 Mbps cable Internet, MS Edge Chromium, MS Office 2021 (Local), Casper 11, DisplayFusion (3 Flat Panel Displays per system): Latest Bitdefender Internet Security, Quicken, Weather Watcher Live, ThumbsPlus 10, Sticky Password 8, WD Smartware, CyberLink PowerDVD23, MSI AfterBurner, Rainmeter, 8GadgetPack, and many more. Link to comment Share on other sites More sharing options...
CSGalloway Posted May 21, 2020 Share Posted May 21, 2020 On 23/03/2020 at 05:58, APMichael said: @CSGallowayhttps://github.com/MoscaDotTo/Winapp2/issues/391 i'd like some assistance in, for instance if the INI file has 1035 entries, have the first one be numbered 0001 and not 1, and so on and so on...... Also how can I output the line number that the current line from the INI file is going to preface and not the new split INI file? A huge thank you ! Link to comment Share on other sites More sharing options...
Moderators Nergal Posted May 22, 2020 Moderators Share Posted May 22, 2020 8 hours ago, CSGalloway said: i'd like some assistance in, for instance if the INI file has 1035 entries, have the first one be numbered 0001 and not 1, and so on and so on...... Remember we are only able to handle what ccleaner can handle, if ccleaner needs it to be 1 and not 0001 then there's nothing that can be done ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
APMichael Posted May 22, 2020 Share Posted May 22, 2020 @Nergal CSGalloway's question was not directly related to Winapp2.ini, but to a batch script on GitHub. 19 hours ago, CSGalloway said: i'd like some assistance in, for instance if the INI file has 1035 entries, have the first one be numbered 0001 and not 1, and so on and so on...... Also how can I output the line number that the current line from the INI file is going to preface and not the new split INI file? ... Unfortunately, I have very little time for other things at the moment, but with a little trick I was able to insert the leading zeros quickly. You can download the updated batch script on GitHub. Excuse me, but I don't quite understand the line number question. Which line number should be output where exactly? And what use is the information about the line number then? Since the batch script skips all blank lines, the line numbers would not match those in Winapp2.ini anyway. Please keep in mind that this is only a simple batch script. Compared to a "real" programming language it has very limited functionality and performance. Link to comment Share on other sites More sharing options...
CSGalloway Posted May 22, 2020 Share Posted May 22, 2020 1 hour ago, APMichael said: @Nergal CSGalloway's question was not directly related to Winapp2.ini, but to a batch script on GitHub. Unfortunately, I have very little time for other things at the moment, but with a little trick I was able to insert the leading zeros quickly. You can download the updated batch script on GitHub. Excuse me, but I don't quite understand the line number question. Which line number should be output where exactly? And what use is the information about the line number then? Since the batch script skips all blank lines, the line numbers would not match those in Winapp2.ini anyway. Please keep in mind that this is only a simple batch script. Compared to a "real" programming language it has very limited functionality and performance. The change I see is SET "wais_rule=0000%wais_entry%" and I wanted the entry to be padded out to the length of the wais_entries so if wais_entries was 3105 then entry 1 would be 0001, 10 would be 0010, 100 would be 0100, and 1000 would not be padded out. The line numbering question has to do with ECHO !wais_line! >>"%wais_folder%\preamble.txt" I would just like to output the line number from the INI file before the wais_line. Something like: ECHO nLine | !wais_line! >>"%wais_folder%\preamble.txt" where nLine is the line numbere from the INI file being read. Link to comment Share on other sites More sharing options...
APMichael Posted May 22, 2020 Share Posted May 22, 2020 On 22/05/2020 at 16:17, CSGalloway said: ... and I wanted the entry to be padded out to the length of the wais_entries ... Sorry, but this is just a "cosmetic thing". Whether there is a 0 more or less shouldn't bother you. I just took 5 digits now, because that should be enough "forever". An adjustment to the actual number of entries would only work with more lines of code, but I don't have time for that at the moment. On 22/05/2020 at 16:17, CSGalloway said: ... I would just like to output the line number from the INI file before the wais_line. Something like: ECHO nLine | !wais_line! >>"%wais_folder%\preamble.txt" where nLine is the line numbere from the INI file being read. Ok, I understand, but as already written, the batch script unfortunately skips blank lines and therefore the line numbers do not match those of the INI and are therefore actually useless. In addition, I still don't understand what the indication of the line numbers is supposed to help. (I can find an entry also by its name in the INI, the line numbers are not needed for this). Maybe you can find someone who can rewrite the batch script according to your wishes or better rewrite it in another programming language. (By the way, since this is rather off-topic, we should discuss possible further things via PM.) Link to comment Share on other sites More sharing options...
APMichael Posted May 25, 2020 Share Posted May 25, 2020 Thanks for the modified entry. Winapp2.ini updates:https://github.com/MoscaDotTo/Winapp2/commit/a43591f6046872ca37e0f9cc629abd90c89c1e98https://github.com/MoscaDotTo/Winapp2/commit/efac42536ab1ac882e789068291d05b9952d9412 Link to comment Share on other sites More sharing options...
godfreythemasterbaiter Posted May 28, 2020 Share Posted May 28, 2020 (edited) Hello Please remove from [Internet Explorer *] the line: RegKey4=HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl It contains some settings that can be useful and are used by some of us, either through group policy or otherwise. The way to clean something is not to wipe all the settings. These settings in particular are used (queried) not only by IE, but also by many programs that access the Internet (or try to or are badly written to try to). You can check with Process Monitor, nearly every program uses them. For Windows 7 I am sure that many programs use them, and I see the queries also on Win10, don't know if they are used to the same extent, but they are used. I remove the line manually for nearly a year since it was introduced, enough is enough. Edited May 28, 2020 by godfreythemasterbaiter Link to comment Share on other sites More sharing options...
siliconman01 Posted June 1, 2020 Share Posted June 1, 2020 JFI for those users of Winapp2ool.exe (beta version 1.4.7441.15296), VirusTotal is showing 6 engines detecting the tool as infected. In my case, I use Bitdefender Internet Security 2020 and it is tagging the tool as Gen.Variant.Razy.675528. I submitted the file to Bitdefender on 29-May and thus far there has been no FP correction. Windows 10 x64 Pro on ASUS Maximus VIII Extreme motherboard, i7-6700k CPU,H220 X2 Liquid Cooler, 64 gbyte RipJaws DDR4 3200 RAM, Samsung 970 Pro NVMe M.2 500 gbyte SSD + Samsung 850 Pro 512 gbyte SSD, EVGA RTX 3060 Titan graphics card (Home Built System); Windows 11x64 Pro on 512 gigabyte Dell XPS 15 2-in-1 Laptop/tablet and Dell XPS 8940 PC and Dell XPS 16 9640 Laptop. ASUS RT-AC88U router, 14 tbyte WD My Cloud PR2100 NAS Server, 200 Mbps cable Internet, MS Edge Chromium, MS Office 2021 (Local), Casper 11, DisplayFusion (3 Flat Panel Displays per system): Latest Bitdefender Internet Security, Quicken, Weather Watcher Live, ThumbsPlus 10, Sticky Password 8, WD Smartware, CyberLink PowerDVD23, MSI AfterBurner, Rainmeter, 8GadgetPack, and many more. Link to comment Share on other sites More sharing options...
APMichael Posted June 1, 2020 Share Posted June 1, 2020 @siliconman01 The AV vendors are really getting on my nerves. After weeks of silence they suddenly start flagging Winapp2ool again... @godfreythemasterbaiter Thank you for the hint and the description. Winapp2.ini update:https://github.com/MoscaDotTo/Winapp2/commit/4fd8ec6ddf25251f7aebcbcf6acc47e49af870c7 Winapp3.ini update:https://github.com/MoscaDotTo/Winapp2/commit/0081c771f684d2465dda06d43baf4295e86aac7c Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now