Hackers hid malware in CCleaner software

On Wed, 20 Sep 2017 17:11:36 -0000 (UTC), in
news
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

I thought I removed the errant VPN server but I realized that there was a
duplicate because there it TCP and UDP based configuration files.

So I disabled both the TCP and UDP VPN config file for the VPN server that
adds that Avast sig and header.

I can't promise the *next* VPN service won't do it but 99 out of 100 don't
add that line so most of the time this will work.

Each day there are another hundred servers that get added while another
hundred are deprecated so the list fluctuates daily.

This is a new free VPN server (just added today) so we'll see what it does.

On Wed, 20 Sep 2017 17:11:34 -0000 (UTC), Blake Snyder
wrote:

On Wed, 20 Sep 2017 12:59:44 -0400, in
, Wolf K wrote:

So to eliminate the 8.3 format from Windows would require rewriting the
kernel at a rather low level.
This is completely wrong. You have been able to disable 8.3 file name
creation since the days of NT using the registry and since 2000 using
group policy.

https://support.microsoft.com/en-gb/...tfs-partitions

Sent from my iFurryUnderbelly.


Thanks for corrected info.

Does this "prove" that 8+3 is completely gone from Windows 10?

That wasn't the statement I corrected. It doesn't require a rewrite of
the kernel to turn this functionality off.

This is a legacy function to support applications which use 8.3 format.
So it's the application that needs it not Windows 10.

I ask because I have a WINDOWS~ and a WINDOWS~1 that I certainly didn't
create.

I don't know how they got created but the creation probably has something
to do with the fact that I re-defined the %TMP% & %TEMP% and all the other
Windows temp directories to things like c:\tmp\junk\windows_temp\

I suspect you are running older applications and redefining the path to
the temp folders has just exposed stuff that Windows usually hides from
the end user if you don't mess with the MS default folder paths that is.

BTW. What you see through windows explorer is *folders* and not
directories.

Directories are a file system concept and folders are a GUI/end user
concept.

Folders don't necessarily show the directory as it is.

After that, Windows 10 did its thing to create those 8+3 directories.

It's not essential to the functionality of the file system as you have
been suggesting or some magical old code lurking from before the
dinosaurs that cannot be altered without raising the dead. Neither are
these special directories. From recollection and I cannot be arsed to
research it but every directory has two names unless this functionality
is disabled.

Sent from my iFurryUnderbelly.

--
p-0.0-h the cat

Internet Terrorist, Mass sock puppeteer, Agent provocateur, Gutter rat,
Devil incarnate, Linux user#666, ******* hacker, Resident evil, Monkey Boy,
Certifiable criminal, Spineless cowardly scum, textbook Psychopath,
the SCOURGE, l33t p00h d3 tr0ll, p00h == lam3r, p00h == tr0ll, troll infâme,
the OVERCAT [The BEARPAIR are dead, and we are its murderers], lowlife troll,
shyster [pending approval by STATE_TERROR], cripple, sociopath, kook,
smug prick, smartarse, arsehole, moron, idiot, imbecile, snittish scumbag,
liar, total ******* retard, shill, pooh-seur, scouringerer, jumped up chav,
lycanthropic schizotypal lesbian, the most complete ignoid, joker, and furball.

NewsGroups Numbrer One Terrorist

Honorary SHYSTER and FRAUD awarded for services to Haberdashery.
By Appointment to God Frank-Lin.

Signature integrity check
md5 Checksum: be0b2a8c486d83ce7db9a459b26c4896

I mark any message from »Q« the troll as stinky

On Wed, 20 Sep 2017 14:01:02 -0000 (UTC), Blake Snyder
wrote:

What amazes me but I haven't delved into why, is that when I tell people
that even with Windows 10, you have to keep to 8+3 syntax, they say "prove
it", where I don't keep a log of the times that the tilde shows up.

If that's how you pitch the idea to people, I'd say they're right to
push back. As a user, you haven't *needed* to use 8.3 syntax since
nearly forever, but by default Windows can use it behind the scenes. And
of course, you can use it yourself, whether you intentionally name
something with 8.3 or you simply let Windows create the 8.3 name and you
simply start using what Windows assigned. The dir command can show you
the 8.3 names when you use the /x argument.

The two things I can say, without actually being able to point to an actual
example at the moment, is that when I don't use 8+3, then I need
doublequotes when I shouldn't need them and the tilde shows up in the
oddest places where you can rest assured I never created a directory named
"C:\tmp\WINDOWS~".

Double quotes are typically needed when the path or the filename
contains one or more spaces, and the tilde should really only show up in
the 7th character position of the 8.3 filename. I'm guessing you could
make it 'walk left' by intentionally creating files where the 8.3 name
would collide with an existing 8.3 name, assuming the 8.3 names have
been generated by Windows, of course.

The other use case for tildes is as a leading character for temp files,
but you won't be confusing that use case with 8.3 names.

For one, I never use capital letters, and for the other, I never use tilde
in a name. But Microsoft seems to love both.

I have no problem with leading capitals and in fact I generally use
'title case', where every word is capitalized. Plus, I like the fact
that Windows uses a unique character, meaning something I'd never use on
my own, to designate generated 8.3 names. That makes them easy to
identify.

On 21/9/2017 1:11 AM, Blake Snyder wrote:
Do you do these half dozen tasks with freeware?
If so, what freeware do you use for those tasks that you do?

1. Registry cleaning = what is the best freeware for this?
....
7. Drive wiper = https://www.pcworld.com/article/254509/free_tools_to_wipe_your_drives_securely.html

I don't do that in my home PC.

Not sure about technical support people in workplaces.

--
@~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!!
/ v \ Simplicity is Beauty!
/( _ )\ May the Force and farces be with you!
^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3
�借貸! ��騙! ��交! �打交! �打劫! �自殺! 請考慮綜� (CSSA):
http://www.swd.gov.hk/tc/index/site_...sub_addressesa

On Wed, 20 Sep 2017 17:11:35 -0000 (UTC), Blake Snyder
wrote:

Do you do these half dozen tasks with freeware?
If so, what freeware do you use for those tasks that you do?

1. Registry cleaning = what is the best freeware for this?
2. File cleaning = what is the best freeware for this?
3. Autorun disabling = Mark Russinovich's autoruns freeware
4. Browser plugin disabling = what is the best freeware for this?
5. Program uninstaller = Revo uninstaller freeware
6. Duplicate finder = http://www.top5freeware.com/duplicate-file-finder
7. Drive wiper = https://www.pcworld.com/article/254509/free_tools_to_wipe_your_drives_securely.html

Of those 6 items, I only (occasionally) do #6. I use a tool called
Duplicate Cleaner Free (https://www.digitalvolcano.co.uk/).
No idea if it's the best, but I apparently like it well enough that I've
been using it for quite a few years without wanting to find a
replacement.

I have no use for the other 6 tasks. Yes, I know what each task is
about, so no need to assume something else.

On 09/20/2017 12:11 PM, Blake Snyder wrote:

[snip]

I ask because I have a WINDOWS~ and a WINDOWS~1 that I certainly didn't
create.

WINDOWS~1 has 9 characters, so can't fit into 8.3.

[snip]

On Wed, 20 Sep 2017 14:13:43 -0000 (UTC), Blake Snyder
wrote:

On Wed, 20 Sep 2017 14:01:02 -0000 (UTC), in
news
I don't know what VPN service I'm using at the moment, so I can't say
whether it will add the Avast non-standard-on-purpose sig, but I will add
my own sig below using the dash-dash-space syntax, just in case it does.

--
This is a manual sig following the dash-dash-space syntax.

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

I remove that sig by changing a setting in Avast Free Antivirus on my
PC.

The setting "Enable Avast email signature" can be accessed via
Settings / General and then removing the tick in the adjacent box.

One annoying habit of this Antivirus program is that the tick is
restored when you update the Avast software.

Whether this method is altered by using a VPN is something I have no
experience with.

On Wed, 20 Sep 2017 15:09:59 -0500, in
, Sam E wrote:

On 09/20/2017 12:11 PM, Blake Snyder wrote:

[snip]

I ask because I have a WINDOWS~ and a WINDOWS~1 that I certainly didn't
create.

WINDOWS~1 has 9 characters, so can't fit into 8.3.

[snip]

Typo.
http://i.cubeupload.com/GFf3Bx.jpg

That is a screenshot of my junk folder which contains the Windows & VIM
temps...

Never do I use capital letters or tildes in file or folder names.

On Wed, 20 Sep 2017 13:36:09 -0500, in
, Char Jackson wrote:

If that's how you pitch the idea to people, I'd say they're right to
push back. As a user, you haven't *needed* to use 8.3 syntax since
nearly forever, but by default Windows can use it behind the scenes. And
of course, you can use it yourself, whether you intentionally name
something with 8.3 or you simply let Windows create the 8.3 name and you
simply start using what Windows assigned. The dir command can show you
the 8.3 names when you use the /x argument.

All I can tell you in response is that the 8+3 shows up on its own.

For example, I am super duper positive I never created any folder using
capital letters and a tilde - but there it is - in my Windows 10 junk
folder for the temp variables for both Windows and VIM.

http://i.cubeupload.com/GFf3Bx.jpg

Who created it and put it there if not Windows herself?

On Wed, 20 Sep 2017 21:31:43 -0000 (UTC), Blake Snyder
wrote:

On Wed, 20 Sep 2017 13:36:09 -0500, in
, Char Jackson wrote:

If that's how you pitch the idea to people, I'd say they're right to
push back. As a user, you haven't *needed* to use 8.3 syntax since
nearly forever, but by default Windows can use it behind the scenes. And
of course, you can use it yourself, whether you intentionally name
something with 8.3 or you simply let Windows create the 8.3 name and you
simply start using what Windows assigned. The dir command can show you
the 8.3 names when you use the /x argument.

All I can tell you in response is that the 8+3 shows up on its own.

Yes, of course it does. I thought I said that.

For example, I am super duper positive I never created any folder using
capital letters and a tilde - but there it is - in my Windows 10 junk
folder for the temp variables for both Windows and VIM.

http://i.cubeupload.com/GFf3Bx.jpg

Who created it and put it there if not Windows herself?

Windows! I thought I said that.

You can very easily test it for yourself. Create a file name or a folder
name that's longer than 8 characters or that has one or more spaces in
it. Now use dir /x to view it. There's the 8.3 name, created
automatically by Windows. From that point on, you can access that object
by either its long name or its short name. They are equivalent to each
other in that they both reference the exact same object.

That example holds for scenarios where the user created an object, but
if Windows needs to create an object for its own purposes, it's
perfectly free to skip the long name entirely and simply create the
object using the short name.

This behavior has existed since, what, Win 95?

On Wed, 20 Sep 2017 17:18:13 -0000 (UTC), Blake Snyder
wrote:

On Wed, 20 Sep 2017 17:11:36 -0000 (UTC), in
news
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

I thought I removed the errant VPN server but I realized that there was a
duplicate because there it TCP and UDP based configuration files.

So I disabled both the TCP and UDP VPN config file for the VPN server that
adds that Avast sig and header.

I can't promise the *next* VPN service won't do it but 99 out of 100 don't
add that line so most of the time this will work.

Each day there are another hundred servers that get added while another
hundred are deprecated so the list fluctuates daily.

This is a new free VPN server (just added today) so we'll see what it does.

Pretty hard to believe that a VPN server, which typically operates at
OSI Layer 3, would add (or remove) *anything* in the Layer 7 payload.

There's more to the story here. If this so-called VPN server is able to
muck around at Layer 7 for Usenet posts, what else is it doing to your
other traffic? I'd steer far, very far, from that kind of service. VPN
server, they ain't.

--

Char Jackson

On Wed, 20 Sep 2017 17:26:56 -0500, Char Jackson
wrote:

On Wed, 20 Sep 2017 17:18:13 -0000 (UTC), Blake Snyder
wrote:

On Wed, 20 Sep 2017 17:11:36 -0000 (UTC), in
news
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

I thought I removed the errant VPN server but I realized that there was a
duplicate because there it TCP and UDP based configuration files.

So I disabled both the TCP and UDP VPN config file for the VPN server that
adds that Avast sig and header.

I can't promise the *next* VPN service won't do it but 99 out of 100 don't
add that line so most of the time this will work.

Each day there are another hundred servers that get added while another
hundred are deprecated so the list fluctuates daily.

This is a new free VPN server (just added today) so we'll see what it does.

Pretty hard to believe that a VPN server, which typically operates at
OSI Layer 3, would add (or remove) *anything* in the Layer 7 payload.

There's more to the story here. If this so-called VPN server is able to
muck around at Layer 7 for Usenet posts, what else is it doing to your
other traffic? I'd steer far, very far, from that kind of service. VPN
server, they ain't.

Meethinks it's a proxy server list.

Sent from my iFurryUnderbelly.

--
p-0.0-h the cat

Internet Terrorist, Mass sock puppeteer, Agent provocateur, Gutter rat,
Devil incarnate, Linux user#666, ******* hacker, Resident evil, Monkey Boy,
Certifiable criminal, Spineless cowardly scum, textbook Psychopath,
the SCOURGE, l33t p00h d3 tr0ll, p00h == lam3r, p00h == tr0ll, troll infâme,
the OVERCAT [The BEARPAIR are dead, and we are its murderers], lowlife troll,
shyster [pending approval by STATE_TERROR], cripple, sociopath, kook,
smug prick, smartarse, arsehole, moron, idiot, imbecile, snittish scumbag,
liar, total ******* retard, shill, pooh-seur, scouringerer, jumped up chav,
lycanthropic schizotypal lesbian, the most complete ignoid, joker, and furball.

NewsGroups Numbrer One Terrorist

Honorary SHYSTER and FRAUD awarded for services to Haberdashery.
By Appointment to God Frank-Lin.

Signature integrity check
md5 Checksum: be0b2a8c486d83ce7db9a459b26c4896

I mark any message from »Q« the troll as stinky

In message , Blake Snyder
writes:
[]
I think that the Ccleaner "leatherman" approach of doing lots of things is
OK but the approach of having a single tool do a single job (like
uninstalling apps) is a better approach.

I used to use another "Leatherman" tool - EasyCleaner, by Toni Helenius,
a young Finn. (Well, he was young when I used it!) I can't remember if
it did all the things Cc does, but it had a nice (IMO) user interface to
select them from. I've no idea whether it still exists; I do know he was
URL-squatted at one point, by a company that charged for his freeware.

The work is in finding the best freeware to do the main jobs that CCleaner
does:
[]
I do like the Revo uninstaller, so here's my list of "best" freeware to the
half dozen things that CCleaner does:

1. Registry cleaning = what is the best freeware for this?
2. File cleaning = what is the best freeware for this?
3. Autorun disabling = Mark Russinovich's autoruns freeware
4. Browser plugin disabling = what is the best freeware for this?
5. Program uninstaller = Revo uninstaller freeware
6. Duplicate finder = http://www.top5freeware.com/duplicate-file-finder
7. Drive wiper =
https://www.pcworld.com/article/2545..._your_drives_s
ecurely.html

For duplicate finding in the special case of images, I like a utility
whose name I've forgotten that is very good at that task: it can compare
images of different formats (JPEG, GIF etc.), sizes, and IIRR even
orientations - and you can set a percentage match too. (It shows you the
putative matches side-by-side, which is good: normally its matching
algorithm is good, but occasionally it thinks two images are the same or
similar which a human can see are not.) Duplicate Image File Finder, or
something like that.

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

She's showing her age a little bit. I always say she doesn't have teething
troubles, she has denture troubles! - Timothy West (on their narrowboat!), RT
2014-March

In message , Blake Snyder
writes:
On Wed, 20 Sep 2017 11:34:06 +0100, in
, J. P. Gilliver (John) wrote:

Since there is no way now to NOT reboot (ask me how I know), I will have to

OK I'm asking (-: [If this was the result of it running HP's own
uninstaller as _part_ of a revo uninstall, I'd probably do my best _not_
to have it reboot at that point.]

All (all) of the uninstallers I've tried so far did was run the HP
uninstaller, which obviously doesn't work and always requires a reboot.

Did Revo - at its most aggressive setting - not find _some_
files/folders/registry entries that the HP uninstaller did not? (Even if
not significant.)

It's not a big deal other than to say that uninstallers aren't all they're
cracked up to be if all they do is run the HP uninstaller which fails to
uninstall every time.

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

She's showing her age a little bit. I always say she doesn't have teething
troubles, she has denture troubles! - Timothy West (on their narrowboat!), RT
2014-March

On Wed, 20 Sep 2017 17:26:56 -0500, in
news
Pretty hard to believe that a VPN server, which typically operates at
OSI Layer 3, would add (or remove) *anything* in the Layer 7 payload.

I'm with you in that I don't understand how or why the VPN service would
add both header lines and a signature to the posts.

There's more to the story here. If this so-called VPN server is able to
muck around at Layer 7 for Usenet posts, what else is it doing to your
other traffic? I'd steer far, very far, from that kind of service. VPN
server, they ain't.

That particular server is from http://vpngate.net
Come to think of it, *all* the VPN servers which had that problem were
likely from vpngate.net.

Take a look at their web site.
Do they look like proxy servers?

They have typical openvpn configuration files just like all the other vpn
services out there do.