Jump to content

Total Uninstall 6.27.0


Karamjit

Recommended Posts

  • Replies 138
  • Views 31.7k
  • Created
  • Last Reply
51 minutes ago, Abacaxi said:

I'm one of those who had no luck with the crack made by @ remek002.
However the patch placed here by @cmhdream is working perfectly sense was posted.

Hmm, I have to agree with you. I omitted sth. My fault.
Copying the two dlls from the patch is not enough. You have to actually apply the patch and then all is fine.
I made some further quick tests in shadow mode (shadow defender).
 - In a state where TU (though seemingly registered when the 2 dlls are in the folder) produce no results after "analysis", after removing the dlls and applying the patch - TU went back to a working state. So far at least - any online checks for new version from within the UI have no detrimental effects.
Looking closer at the virustotal results -- the patch is harmless, in malware terms :); -high confidence :). But, make up your own mind.
I will compare snapshots one day to see what exactly it does.
so yes, I am happy.
Thank you @Abacaxi for inadvertently prompting me to check further. 

Link to comment
Share on other sites


21 minutes ago, capt_blake said:

I will compare snapshots one day to see what exactly it does

Patch Copies two dll files Named "JonganTU.dll" & "winmm.dll" to Program Directory. That's it. Nothing more, you can confirm it by checking Checksums of Executable & dll files in program directory [Before & After Patch Applied] or Trace Patch Using Revo Uninstaller.

 

Link to comment
Share on other sites


21 hours ago, DeLtA said:

Patch Copies two dll files Named "JonganTU.dll" & "winmm.dll" to Program Directory. That's it. Nothing more, you can confirm it by checking Checksums of Executable & dll files in program directory [Before & After Patch Applied] or Trace Patch Using Revo Uninstaller.

 

That's what I thought initially too. As I explained.
Sure I compared folder contents and checksums. The first thing to do.
Having the 2 additional dlls in the program's folder is not enough, from what i see.
the "void analysis" error (like the one with remek002's crack) - will appear.
apply the patch  - and it is a different story.
The patch introduces more changes than simply copying 2 dlls to a folder.  
I hope those alterations affect only the TU program, but have no more system-wide effects, affecting access of other application packages to system resources, for example. 
What exactly's going on, I still don't know, but will find out.
BTW, I wouldn't use Revo to compare.
nevermind. :)

P.S. A, OK, this means that your repack is useless. Nothing to worry about.

Link to comment
Share on other sites


The winmm.dll file is detected as ESET suspicious software. It is stated that this file can send information to the other party.

Link to comment
Share on other sites


17 minutes ago, aporete said:

The winmm.dll file is detected as ESET suspicious software. It is stated that this file can send information to the other party.

well then, it could be cryptomalware or a vector from the Chinese APT-10/40.

Link to comment
Share on other sites


1 hour ago, capt_blake said:

P.S. A, OK, this means that your repack is useless. Nothing to worry about.

Don't go this fast. Take a break. Useless, I'm Sure it is useless.:tooth:

 

Link to comment
Share on other sites


3 hours ago, DeLtA said:

Don't go this fast. Take a break. Useless, I'm Sure it is useless.:tooth:

 

I did not mean to offend you, but to tell the truth.:)
In essence: packing (in flawed assumption) a few dlls and "All Connections to Home are Blocked" (upon what proven necessity or benefit?)
..and some cosmetics.
Of course, I wouldn't recommend your repack to anyone.
Additionally: when, like in this case, it is not difficult for people to apply the fix on their own.

Link to comment
Share on other sites


On 7/24/2019 at 2:50 AM, DeLtA said:

Patch Copies two dll files Named "JonganTU.dll" & "winmm.dll" to Program Directory. That's it. Nothing more, you can confirm it by checking Checksums of Executable & dll files in program directory [Before & After Patch Applied] or Trace Patch Using Revo Uninstaller.

 

Can you upload 2 files "JonganTU.dll" & "winmm.dll " ?

Link to comment
Share on other sites


On 7/23/2019 at 9:23 PM, capt_blake said:

Copying the two dlls from the patch is not enough. You have to actually apply the patch and then all is fine.

 

That is correct

 

On 7/23/2019 at 9:50 PM, DeLtA said:

Patch Copies two dll files Named "JonganTU.dll" & "winmm.dll" to Program Directory. That's it. Nothing more, you can confirm it by checking Checksums of Executable & dll files in program directory [Before & After Patch Applied] or Trace Patch Using Revo Uninstaller.

 

That is actually not correct
Also if you want to trace it then don't use some uninstaller to do that, use something like Sysinternals Process Monitor

 

On 7/23/2019 at 11:49 PM, capt_blake said:

In essence: packing (in flawed assumption) a few dlls and "All Connections to Home are Blocked" (upon what proven necessity or benefit?)

 

TU calls to home, example when check for updates
https://total-uninstall.com/cc/updates.php

and send some data like:

Version=62700&Language=English&HdwId=XXXXXXXX-XXXXXXXX-XXXXXXXX~XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX&HdwName=<COMPUTER_NAME>&Method=0&Module=0&OS=10.0.0&Platform=X86

 

try to check update when you add version.dll in TU program folder

 

On 7/23/2019 at 10:00 PM, capt_blake said:

Having the 2 additional dlls in the program's folder is not enough, from what i see.
the "void analysis" error (like the one with remek002's crack) - will appear.
apply the patch  - and it is a different story.
The patch introduces more changes than simply copying 2 dlls to a folder. 

 

Again, this is correct, there is a catch

 

 

@DeLtA

You have two problems with repack
1. version.dll is 64-bit and if repack is installed on 32-bit OS then 64-bit version.dll will be copied to program folder and program can't start, need to manually remove version.dll

2. you miss one important registry entry because you use wrong program to trace

 

 

When TU is installed and program start and when we do first anlyze then in registry will be created one important value which will determinate when the Trial will expire

it use 1900 Date System

 

for reset trial this value also must be deleted

or

increase number to get more trial days so Analyze can work properly

for example:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SECURITY]
"SecFlagsR0E"=dword:ffffffff
psexec.exe -accepteula -s -d -i 1 reg add HKLM\SECURITY /v SecFlagsR0E /t reg_dword /d 4294967295 /f

 

 

tracing Jongan patch also show that part when patch is applied

it increase analyze trial time for 10 years instead 30 days which is set by TU

 

1bPkSS8.png

 

 

 

Link to comment
Share on other sites


Tested and working on Win10 x64

 

Reupload for members 

 

TU x64 Cracked by rmk-free include registry fix

Site: https://www.upload.ee
Sharecode: /files/10320745/TU_x64-rmk-free.rar.html

 

TU x86 x64 DLL files + registry fix by Jongan

Site: https://www.upload.ee
Sharecode: /files/10320758/TU_v6.27.Fix_x32_x64_Jongan.rar.html

 

Thanks @xanax

Link to comment
Share on other sites


On 8/6/2019 at 9:11 AM, xanax said:

 

That is correct

 

 

That is actually not correct
Also if you want to trace it then don't use some uninstaller to do that, use something like Sysinternals Process Monitor

 

 

TU calls to home, example when check for updates
https://total-uninstall.com/cc/updates.php

and send some data like:

Version=62700&Language=English&HdwId=XXXXXXXX-XXXXXXXX-XXXXXXXX~XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX&HdwName=<COMPUTER_NAME>&Method=0&Module=0&OS=10.0.0&Platform=X86

 

try to check update when you add version.dll in TU program folder

 

 

Again, this is correct, there is a catch

 

 

@DeLtA

You have two problems with repack
1. version.dll is 64-bit and if repack is installed on 32-bit OS then 64-bit version.dll will be copied to program folder and program can't start, need to manually remove version.dll

2. you miss one important registry entry because you use wrong program to trace

 

 

When TU is installed and program start and when we do first anlyze then in registry will be created one important value which will determinate when the Trial will expire

it use 1900 Date System

 

for reset trial this value also must be deleted

or

increase number to get more trial days so Analyze can work properly

for example:


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SECURITY]
"SecFlagsR0E"=dword:ffffffff

psexec.exe -accepteula -s -d -i 1 reg add HKLM\SECURITY /v SecFlagsR0E /t reg_dword /d 4294967295 /f

 

 

tracing Jongan patch also show that part when patch is applied

it increase analyze trial time for 10 years instead 30 days which is set by TU

 

1bPkSS8.png

 

 

 

More details.

2W3vn.jpg

Link to comment
Share on other sites


on Win7 32-bit after analyze some app TU create "0E" without "SecFlagsR"

and after using "Monitored programs" module TU create "SecFlagsR0E" value

 

looks like there can be also "SecFlagsR0D" and "0D"

Link to comment
Share on other sites


On 8/12/2019 at 6:00 PM, xanax said:

on Win7 32-bit after analyze some app TU create "0E" without "SecFlagsR"

and after using "Monitored programs" module TU create "SecFlagsR0E" value

 

looks like there can be also "SecFlagsR0D" and "0D"

Quote

[HKEY_LOCAL_MACHINE\SECURITY]
"SecFlagsT"=dword:00000006
"SecFlagsR06"=dword:00009e26
"SecFlagsR07"=dword:0000a156
"SecFlagsR08"=dword:0000a322
"SecFlagsR0B"=dword:0000aaa8
"SecFlagsR0C"=dword:0000aaa8
"SecFlagsR0D"=dword:0000b8cb
"SecFlagsR0E"=dword:0000aa94

 

Link to comment
Share on other sites


1 hour ago, vovhas said:

 

 

i'm not look older versions, maybe different SecFlagsR are from diffrent versions
also creating REG_SZ insted REG_DWORD should work as no time limited

Link to comment
Share on other sites


9 hours ago, xanax said:

also creating REG_SZ insted REG_DWORD should work as no time limited

What format is the data in?  1900 Data System?

 

Please show an example:

reg add HKLM\SECURITY /v SecFlagsR0E /t REG_SZ /d ?????? /f

 

 

Link to comment
Share on other sites


8 hours ago, vovhas said:

What format is the data in?  1900 Data System?

 

Please show an example:


reg add HKLM\SECURITY /v SecFlagsR0E /t REG_SZ /d ?????? /f

 

 

just leave it empty

reg add HKLM\SECURITY /v SecFlagsR0E /t REG_SZ /f
Link to comment
Share on other sites


1 hour ago, xanax said:

just leave it empty

No, after analysis, the result: 
 

Quote

 

[HKEY_LOCAL_MACHINE\SECURITY]

"SecFlagsR0E"=dword:0000aab0

 

Added value:
 

Quote

 

[HKEY_LOCAL_MACHINE\SECURITY]

"SecFlagsR0E"="fffff"

 

OK!

Link to comment
Share on other sites


looks like differently acting on different Windows version

on Win 10 REG_SZ will be rewrited with REG_DWORD and on Win 7 32-bit REG_SZ will stay intact, at least on my side

 

however, in new TU version i'm not be suprised if this SecFlags module trial measurement will be replaced with something completely different

Link to comment
Share on other sites


26 minutes ago, xanax said:

Win 7 32-bit REG_SZ will stay intact, at least on my side

What version of TU do you have installed on Win 7x 32? What patches?
The fact is that the medicine for "JONDAN", not all applications are analyzed correctly. For example: UniversalExtractor. I checked both x 64 and x 86, and on different computers. Now I will check the cure for "rmk-free" for analysis.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...