Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Junkware Removal Tool


  • Please log in to reply
11 replies to this topic

#1 peterlonz

peterlonz

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 12 February 2013 - 02:00 AM

I wish to make a few observations about this free SW:

1) It is not possible to know if the version you have installed is the latest; & worse a visit to the authors site or Bleeping Computers won't help either.

It appears you need to download the latest offering to discover its version no, which seems impossibly weird to me.

2) In my case at least, for a few days now, even "safe browsing" in Chrome only, has allowed what looks like the same junkware to be found in files relating to FF!

It looks as though they are not being permanently removed by JRT.

3) If I wish to read a little more about the program I am directed to "www.thisissudax.blogspot" which is hardly devoted to JRT. Worse still I can't even copy paste this URL from the GUI.

4) The author appears to prefer any program discussion or questions to be processed through BC rather than his own site - again seems a bit weird to me.

Because this simple program appears to do rather well what others cannot it's hard to be unduly critical, nevertheless I think the above points should be addressed.



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

    Almost Retired


  • Members
  • 9,860 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria Australia
  • Local time:12:03 AM

Posted 12 February 2013 - 02:49 AM

Hello -

1) If you delete then download the tool each time it is required you will always get the latest updated version -

The same applies to many programs used that are constantly updated and added to. Examples start from your Antivirus (although it maintains a "working base") up to ComboFix that is being updated almost daily, or Malwarebytes Anti-Malware that is updated up to 10 or 15 times per day, and updates full versions at times -

 

2) Apart from the fact that not all files are opened or accessable during Safe Mode (this is why it is called Safe Mode) it is designed to prevent many changes being made - Have you followed 1) above ??

 

3) Many malware removal programs are not discussed in open areas to prevent Malware writers from corrupting the tools -

 

4) The program is actually very complex - See the answer at 3)

 

I hope this will anser some of your questions, although I know that some will always question the reasoning behind this.

NOTE: The same given answer applies to other programs like ComboFix and Malwarebytes Anti-Malware programs.

 

Thank You for being interested and I hope this helps -

Spelling Edits Only -


Edited by noknojon, 12 February 2013 - 02:59 AM.


#3 peterlonz

peterlonz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 13 February 2013 - 12:42 AM

First thanks for bothering to comment, I appreciate that.

I do wonder why you elected to embolden some of your words, maybe you think this helps me (or you)?

 

Regarding (1) it is plainly dopey to list a program for download without stating the version number. As to your "instruction" delete & re-download, why do this if its not necessary. At the moment whilst experimenting with this SW I am using it about 3 times per week & so far I believe the program version is updated about once weekly.

 

Your point (2): I have referred to the program notes by the author & the BP review - neither mention safe mode so I hardly see the relevance of your comment to the comment I initially made (IE 2).

I have to ask are you serious in asking if I have downloaded the SW? The answer is yes about 3 times so far, but keeping pace is not easy if you are busy & can't see if an update has been posted .

 

Your point (3): Unless I have missed something this seems utterly unrelated to anything I have posted.

 

Point (4): I readily accept the program may in fact not be simple & in case I have caused offence I apologise for using the word simple. However what this has to do with any of my comments I remain unsure.

 

Might I suggest that a re-read of my initial post just might be constructive, my "issues" may be recognised & influence others who try the SW..



#4 buddy215

buddy215

  • BC Advisor
  • 6,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:03 AM

Posted 13 February 2013 - 09:17 AM

No need to constantly use the Junkware Removal Tool unless you are so careless in

installing other freeware that you miss not allowing the installing of the junk/ crap ware.

 

Junkware Removal removes what most likely the user could have avoided installing by

being more attentive or informed. Though some of those things it removes may or may not

be what is called "foistware"...meaning there was no way to avoid getting the crap when installing

some free program.

 

Programs such SAS and MBAM and others will not remove the crap ware because it is

most likely user installed. There have been cases where the purveyors of the crap ware have sued

the main stream security programs for listing them as spyware or malware, etc.

 

There is an old saying that I think is relevant here..." Don't look a gift horse in the mouth"....which is

what I think you are doing.

 

I really don't understand in your first post whether you are complaining that the free program has

failed to remove what you expected it to or not. Rather confusing when one could read your post as 

saying you are finding FF files in Chrome. Maybe if you clarify what you are seeing....maybe cookies or

other.

 

EDIT: If you are constantly seeing this crap ware reinstalling you may have some malware that

is reinstalling it such as a root kit or trojan downloader. If that is the case then I suggest you post

a topic in the Am I Infected...Forum for a more thorough look.


Edited by buddy215, 13 February 2013 - 10:15 AM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”
Lawrence M. Krauss


#5 thisisu

thisisu

    U


  • Malware Response Team
  • 2,206 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 14 February 2013 - 07:49 PM

Hello peterlonz smile.png

 

I am the developer of the tool and will try to address your concerns to the best of my ability,

 

 


1) It is not possible to know if the version you have installed isthe latest; & worse a visit to the authors site or BleepingComputers won't help either.

It appears you need to download the latest offering to discover its version no, which seems impossibly weird to me.

Yes currently the version number isn't posted on a website. Since you brought it up and it seems the tool is getting more use lately I will add information about the tool at the thisisudax.org website as well as which version is the latest.

 

I can also add a feature to the program to check for updates to see if you have the latest version of the program but it would make the program significantly bigger which is something i am trying to avoid. I may add the feature anyways if others find it useful and don't mind downloading the larger file.

 

 


2) In my case at least, for a few days now, even "safe browsing" in
Chrome only, has allowed what looks like the same junkware to be found
in files relating to FF! It looks as though they are not being permanently removed by JRT.

 

Do you have a log of the entries that are not being removed from the FireFox browser? I would take a look to see if there's something that can be improved / if something is being stubborn and needs a different course of action.

 

 


The author appears to prefer any program discussion or questions to be processed through BC rather than his own site

 

Not really. I help whenever I am contacted. People have contacted me through my blog (thisisudax.blogspot.com), YouTube (youtube.com/thisisudax), and via Private Message on these forums and others I participate at. If you have questions or concerns you can contact me directly and I will help if I can smile.png

 

Hope this clears up a few things. Thank you for your feedback.



#6 peterlonz

peterlonz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 15 February 2013 - 12:34 AM

Thanks for the excellent & considered
response.

I will see how I can help further with the log you wish to
see.

The auto version check is IMHO almost "de rigour" these days &
if the program is a little bigger I really can't see any objection bearing in
mind the obvious benefit.

I am not myself so concerned about an auto update but I think it
would also be very helpful.

At the very least please add the current version no to the BC
download link.

And please add an update/download link to your base program to save
the link searching in the hundreds of browser bookmarks.

 

One thing that annoys me is the amount of time involved these days
in doing routine maintenance.

I spent some hours a few days ago updating about 6 programs that I
use infrequently; in each case the update was not well supported - do I
uninstall or install over the top .................?

Then be careful to dodge the unintended install of crapware which
will likely install anyway!

Then to achieve a decent uninstall I run Revo which takes
time.

Then I read my email & decide it's time again to read the latest
security issues: new decisions, more research, more
experimenting.

Then you have to try to sort out the conflicting views of
experienced Professional IT techos.

Maybe you get my drift.

 

Best Rgds,

Peter O


#7 thisisu

thisisu

    U


  • Malware Response Team
  • 2,206 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:03 AM

Posted 16 February 2013 - 06:33 PM

You're welcome.

 

Please review the revised site: thisisudax.org

 

I will try to add more details and allow users to comment from there if they wish. It may take some time as my schedule has been quite busy lately but just wanted to let you know that it is being worked on smile.png

 

Best regards

 

Thisisu


Edited by thisisu, 16 February 2013 - 07:03 PM.


#8 peterlonz

peterlonz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 16 February 2013 - 10:58 PM

Thisisu,

 

The JRT txt reports after running V444 & lastly V464:

I have selected three as typical & hope you can see the same stuff appearing again & again.

It may be my browser habits, but I think not as lately I have spent almost all my time searching for on-line vehicle parts.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.4 (02.16.2013:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Sun 17/02/2013 at 10:19:25.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
~~~ Services
~~~ Registry Values
 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1299054658-42886156-477042382-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
 
~~~ Files
 
~~~ Folders:   Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\goforfiles"
 
~~~ FireFox:   Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\8zvsvdoc.default\prefs.js
 
user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-re
user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+");
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-r
 
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 17/02/2013 at 10:25:44.03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.4 (01.17.2013:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Fri 15/02/2013 at 14:16:45.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1299054658-42886156-477042382-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
 
Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\8zvsvdoc.default\prefs.js
 
user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.baidu.com.url", "^http\\:\\/\\/www\\.baidu\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-re
user_pref("extensions.wrc.SearchRules.excite.com.url", "^http\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+");
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-r
 
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 15/02/2013 at 14:21:22.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.4.4 (01.17.2013:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Tue 12/02/2013 at 16:24:50.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
 
Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\8zvsvdoc.default\prefs.js
 
user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.baidu.com.url", "^http\\:\\/\\/www\\.baidu\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-re
user_pref("extensions.wrc.SearchRules.excite.com.url", "^http\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+");
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-r
 
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/02/2013 at 16:29:19.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#9 bjbailey21

bjbailey21

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 AM

Posted 14 March 2013 - 02:48 PM

Is there anyway to prevent the event logs from being cleared?



#10 wantei

wantei

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:33 PM

Posted 16 March 2013 - 11:52 AM

I've been using ADWcleaner to remove junkware in bulk. You should try it , it works very efficiently.



#11 peterlonz

peterlonz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:03 PM

Posted 16 March 2013 - 11:05 PM

wantei,

 

FYI: I discovered both AdWare Cleaner & JRT at about the same time.

Both are good IMHO but it's possible to run one & effect deletions, then the other program finds more ( different stuff) & more deletions.

I think we should generally recognise that neither junkware or adware is normally considered a serious.  It's good to "clean up" especially if the procedure is quick & simple. But we need not strive for perfection. Again IMHO.

AdWare cleaners best feature is speed, but you do have to restart, which on my PC takes about 3.5 mins.

Also you need to visit Bleeping Computers to update about every 2 weeks, & you don't know if the version is new or not until after downloading. All of this takes time.

OTOH JRT (same version download ID problems but updates are a bit more frequent than once a fortnight) takes about 7.5 mins to run. An annoyance for me is that about half my tray icons disappear after running JRT. So as a precaution I restart to restore them - more time!

IMHO there's not a lot to choose between them but JRT takes longer in my case.



#12 bindaw

bindaw

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 17 April 2013 - 05:04 AM

thanks for this gift






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users