Jump to content
CCleaner Community Forums

Winapp2.ini additions


Recommended Posts

1 hour ago, Winapp2.ini said:

Unfortunately I can only go by VirusTotal and it currently shows clear.

https://www.virustotal.com/gui/file/5ba3effd47aed9b57a31d3398fcd35168be2d83001f78653c74ce6f141e8c9e2/detection

It seems kaspersky is being particularly hostile here, but I'm not sure why as none of these vendors provide tremendous information on their flagging motivations (for good reasons I suppose)

VirusTotal is showing Kaspersky and ZoneAlarm flagging Winapp2ool.exe as a trojan.

 

VirusTotal.png

Link to post
Share on other sites
49 minutes ago, siliconman01 said:

VirusTotal is showing Kaspersky and ZoneAlarm flagging Winapp2ool.exe as a trojan.

 

VirusTotal.png

The hash of your copy of winapp2ool is different from the one I posted, are you using the latest version? 1.4.7427.18862

Link to post
Share on other sites
56 minutes ago, Winapp2.ini said:

The hash of your copy of winapp2ool is different from the one I posted, are you using the latest version? 1.4.7427.18862

No, the one I get from the Beta download URL is 1.4.7427.18038.

Link to post
Share on other sites
1 minute ago, siliconman01 said:

No, the one I get from the Beta download URL is 1.4.7427.18038.

Try a force clear of your browser cache or updating through winapp2ool beta. If you don't see an update notification, you can type forceupdate into the main menu to make winapp2ool update itself anyway

Link to post
Share on other sites

Okay, I have 1.4.7427.18862 on all my systems and it does not get flagged via VirusTotal.  HitManPro is no longer flagging it either.  Be interesting to see what KIS 2020 does the next time you issue a new Beta and Winapp2ool.exe beta attempts to upgrade automatically 🙃

Link to post
Share on other sites
  • Moderators

New entry:

[AOMEI Partition Assistant *]
LangSecRef=3024
Detect=HKCU\Software\Partition Assistant
Default=False
FileKey1=%ProgramFiles%\AOMEI Partition Assistant\log|*.log

 

Link to post
Share on other sites

Revised Entry

Removed: Detects
Added: DetectFile2
Fixed: %CommonAppData%\Wondershare\drfone\log|*.*|RECURSE

[Wondershare dr.fone *]
LangSecRef=3021
DetectFile1=%ProgramFiles%\Wondershare\drfone
DetectFile2=%ProgramFiles%\Wondershare\dr.fone
FileKey1=%CommonAppData%\Wondershare\drfone\log|*.*|RECURSE
FileKey2=%CommonAppData%\Wondershare\dr.fone\log|*.*|RECURSE
FileKey3=%CommonAppData%\Wondershare\WAF\Log|*.*|RECURSE
FileKey4=%CommonAppData%\Wondershare\WAF\ProductFeatures\*Logs|*.*|RECURSE
FileKey5=%CommonAppData%\Wondershare\WSRoot|*.tmp
FileKey6=%CommonAppData%\Wondershare\WSRoot\Logs|*.*|RECURSE

Link to post
Share on other sites

I think we should remove the [Security Service Token Cache *] entry. When used with built-in "Network Passwords" entry under Windows Explorer, it deletes the Shared experiences account.

 

Link to post
Share on other sites

New Entries

[Windows Client *]
DetectOS=10.0|
LangSecRef=3031
Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\MicrosoftWindows.Client.CBS_cw5n1h2txyewy
FileKey1=%LocalAppData%\Packages\MicrosoftWindows.Client.CBS_*\AC\AppCache|*.*|RECURSE
FileKey2=%LocalAppData%\Packages\MicrosoftWindows.Client.CBS_*\AC\INet*|*.*|RECURSE
FileKey3=%LocalAppData%\Packages\MicrosoftWindows.Client.CBS_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE
FileKey4=%LocalAppData%\Packages\MicrosoftWindows.Client.CBS_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE
FileKey5=%LocalAppData%\Packages\MicrosoftWindows.Client.CBS_*\AC\Temp|*.*|RECURSE
FileKey6=%LocalAppData%\Packages\MicrosoftWindows.Client.CBS_*\AC\TokenBroker\Cache|*.*|RECURSE
FileKey7=%LocalAppData%\Packages\MicrosoftWindows.Client.CBS_*\TempState|*.*|RECURSE

[Windows Search *]
DetectOS=10.0|
LangSecRef=3031
Detect=HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy
FileKey1=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\AppCache|*.*|RECURSE
FileKey2=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\INet*|*.*|RECURSE
FileKey3=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\Microsoft\CryptnetUrlCache\*|*.*|RECURSE
FileKey4=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\Microsoft\Internet Explorer\DOMStore|*.*|RECURSE
FileKey5=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\Temp|*.*|RECURSE
FileKey6=%LocalAppData%\Packages\Microsoft.Windows.Search_*\AC\TokenBroker\Cache|*.*|RECURSE
FileKey7=%LocalAppData%\Packages\Microsoft.Windows.Search_*\TempState|*.*|RECURSE

Link to post
Share on other sites
1 hour ago, APMichael said:

 

Looks like you have added [Security Service Token Cache *] into Winapp3.ini
The correct name is [Security Token Service Cache *]. Also please add a warning.

Link to post
Share on other sites
Posted (edited)

This entry is already included in Winapp3.ini: [Windows Latest Cumulative Update *]

Edit: @Special It happens. Don't worry about it. 🙂

Edited by APMichael
Link to post
Share on other sites

Modified Entry:  [Bitdefender *]

Added FileKey2

[Bitdefender *]
LangSecRef=3024
Detect1=HKLM\Software\Bitdefender\Bitdefender Internet Security
Detect2=HKLM\Software\Bitdefender\Bitdefender Total Security
Detect3=HKLM\Software\Bitdefender\Bitdefender Total Security 2015
Detect4=HKLM\Software\Softwin\Bitdefender Antivirus
FileKey1=%AppData%\Bitdefender\Desktop\profiles\Logs\*|*.xml
FileKey2=%CommonAppData%\Bitdefender\DTrace|*.log
FileKey3=%ProgramFiles%\Softwin\Bitdefender*\Logs|*.*
FileKey4=%SystemDrive%|bdlog.txt

 

Link to post
Share on other sites
On 23/03/2020 at 05:58, APMichael said:

 

i'd like some assistance in, for instance if the INI file has 1035 entries, have the first one be numbered 0001 and not 1, and so on and so on......

Also how can I output the line number that the current line from the INI file is going to preface and not the new split INI file?

A huge thank you !

Link to post
Share on other sites
  • Moderators
8 hours ago, CSGalloway said:

 

i'd like some assistance in, for instance if the INI file has 1035 entries, have the first one be numbered 0001 and not 1, and so on and so on......

Remember we are only able to handle what ccleaner can handle, if ccleaner needs it to be 1 and not 0001 then there's nothing that can be done

Link to post
Share on other sites

@Nergal CSGalloway's question was not directly related to Winapp2.ini, but to a batch script on GitHub.

19 hours ago, CSGalloway said:

i'd like some assistance in, for instance if the INI file has 1035 entries, have the first one be numbered 0001 and not 1, and so on and so on......

Also how can I output the line number that the current line from the INI file is going to preface and not the new split INI file? ...

 

Unfortunately, I have very little time for other things at the moment, but with a little trick I was able to insert the leading zeros quickly. You can download the updated batch script on GitHub.

Excuse me, but I don't quite understand the line number question. Which line number should be output where exactly? And what use is the information about the line number then? Since the batch script skips all blank lines, the line numbers would not match those in Winapp2.ini anyway.

Please keep in mind that this is only a simple batch script. Compared to a "real" programming language it has very limited functionality and performance.

Link to post
Share on other sites
1 hour ago, APMichael said:

@Nergal CSGalloway's question was not directly related to Winapp2.ini, but to a batch script on GitHub.

 

Unfortunately, I have very little time for other things at the moment, but with a little trick I was able to insert the leading zeros quickly. You can download the updated batch script on GitHub.

Excuse me, but I don't quite understand the line number question. Which line number should be output where exactly? And what use is the information about the line number then? Since the batch script skips all blank lines, the line numbers would not match those in Winapp2.ini anyway.

Please keep in mind that this is only a simple batch script. Compared to a "real" programming language it has very limited functionality and performance.

The change I see is

SET "wais_rule=0000%wais_entry%"

and I wanted the entry to be padded out to the length of the wais_entries so if wais_entries was 3105 then entry 1 would be 0001, 10 would be 0010, 100 would be 0100, and 1000 would not be padded out.

The line numbering question has to do with

ECHO !wais_line! >>"%wais_folder%\preamble.txt"

I would just like to output the line number from the INI file before the wais_line.  Something like:

ECHO nLine | !wais_line! >>"%wais_folder%\preamble.txt"

where nLine is the line numbere from the INI file being read.

Link to post
Share on other sites
On 22/05/2020 at 16:17, CSGalloway said:

... and I wanted the entry to be padded out to the length of the wais_entries ...

 

Sorry, but this is just a "cosmetic thing". Whether there is a 0 more or less shouldn't bother you. I just took 5 digits now, because that should be enough "forever". An adjustment to the actual number of entries would only work with more lines of code, but I don't have time for that at the moment.

 

On 22/05/2020 at 16:17, CSGalloway said:

... I would just like to output the line number from the INI file before the wais_line.  Something like:


ECHO nLine | !wais_line! >>"%wais_folder%\preamble.txt"

where nLine is the line numbere from the INI file being read.

 

Ok, I understand, but as already written, the batch script unfortunately skips blank lines and therefore the line numbers do not match those of the INI and are therefore actually useless. In addition, I still don't understand what the indication of the line numbers is supposed to help. (I can find an entry also by its name in the INI, the line numbers are not needed for this).

Maybe you can find someone who can rewrite the batch script according to your wishes or better rewrite it in another programming language.

(By the way, since this is rather off-topic, we should discuss possible further things via PM.)

Link to post
Share on other sites
Posted (edited)

Hello

Please remove from

[Internet Explorer *]

the line:

RegKey4=HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl

It contains some settings that can be useful and are used by some of us, either through group policy or otherwise.

The way to clean something is not to wipe all the settings.

These settings in particular are used (queried) not only by IE, but also by many programs that access the Internet (or try to or are badly written to try to). You can check with Process Monitor, nearly every program uses them. For Windows 7 I am sure that many programs use them, and I see the queries also on Win10, don't know if they are used to the same extent, but they are used.

I remove the line manually for nearly a year since it was introduced, enough is enough. 🙃

Edited by godfreythemasterbaiter
Link to post
Share on other sites

JFI for those users of Winapp2ool.exe (beta version 1.4.7441.15296), VirusTotal is showing 6 engines detecting the tool as infected.  In my case, I use Bitdefender Internet Security 2020 and it is tagging the tool as Gen.Variant.Razy.675528.  I submitted the file to Bitdefender on 29-May and thus far there has been no FP correction.  

 

VirusTotal.png

Link to post
Share on other sites

@siliconman01 The AV vendors are really getting on my nerves. After weeks of silence they suddenly start flagging Winapp2ool again... ☹️

@godfreythemasterbaiter Thank you for the hint and the description.

Winapp2.ini update:
https://github.com/MoscaDotTo/Winapp2/commit/4fd8ec6ddf25251f7aebcbcf6acc47e49af870c7

Winapp3.ini update:
https://github.com/MoscaDotTo/Winapp2/commit/0081c771f684d2465dda06d43baf4295e86aac7c

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...