Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Disabling shellbag in win7


  • Please log in to reply
4 replies to this topic

#1 allstock

allstock

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 15 April 2017 - 07:09 AM

How do I go about doing so in the registry. Any help would be appreciated.



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,566 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:01:52 PM

Posted 15 April 2017 - 01:17 PM

https://www.google.com/#q=disable+shellbag

 

Louis



#3 allstock

allstock
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 15 April 2017 - 08:15 PM

I don't know if I should thank you or take it as a generic reply. I've already searched through several sources. The results were rather inconsistent and lacks more concise direction. In one I am not sure if I'm supposed to input a new value within the shell key and name it bagmru size and modify to size to zero. If you do this windows Explorer will crash. Or is the direction to just change the key BagMRU reg_sz to 0 after the keys have been deleted and new keys replaced. I'm not into using apps for this kind of thing. Just want a one and done deal and not have constantly hit it.

#4 medab1

medab1

  • Members
  • 854 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:earth
  • Local time:02:52 PM

Posted 15 April 2017 - 08:37 PM

Read this---

 

https://www.julianevansblog.com/2013/06/protecting-your-windows-anonymity-shellbags.html

 

It may help.


Learn to take screenshots & add them to your posts. :thumbup2:

https://www.bleepingcomputer.com/forums/t/43088/how-to-capture-and-edit-a-screen-shot/#entry4532851

Learn to use Google Search.  :busy:

Make full system images to restore to if your computer goes bonkers.


#5 allstock

allstock
  • Topic Starter

  • Members
  • 126 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 15 April 2017 - 11:17 PM

This was one of the sources I was referring to. If you notice where he says

 

" Left-click on the Shell key and in the right pane. Note: If you can see BagMRU Size then there is no need to undertake this step. If it isn’t there you will need to right-click and select New>DWORD 32-bit Value and name it BagMRU Size then set this value to 0 in Decimal view "

 

When you do this Windows explorer will crash and you won't be able to see any of your directory. In place of his "0" if you place a "1" I think it will work and no shellbags will be stored beyond simple system and control panel entries. I may be totally wrong but that is what I am seeing when I test it with the privizer shellbag parser app version 1.8. That new app version is way too convoluted for me to want to use and don't want to continuously use it.

 

This is better to do this if you delete certain keys first and then replace them with fresh empty ones. I found this thread:

 

https://www.reddit.com/r/security/comments/32fb1l/open_guide_to_scrubbing_windows_oss_from_forensic/?st=j1k6b7sc&sh=c6b47ca5

 

I'm surprised this isn't more of a topic than it is when you understand the nature of shellbags.


Edited by allstock, 15 April 2017 - 11:20 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users