Jump to content

Total Uninstall 6.27.0


Karamjit

Recommended Posts

On 7/7/2019 at 6:18 AM, cmhdream said:

6.27.0.565 perfect working

 

Site: https://mega.nz

Sharecode: /#!cpYVTIiC!VwCGz7JR1wPZbJt9SjvtAHdg0rRtKSpLn6KZk7juCno

 

 

 

I'm one of those who had no luck with the crack made by @ remek002.
However the patch placed here by @cmhdream is working perfectly sense was posted.
Good work @cmhdream !!!

Edited by Abacaxi
Link to post
Share on other sites
  • Replies 138
  • Created
  • Last Reply

Top Posters In This Topic

  • cosy

    10

  • DeLtA

    9

  • rushdie

    9

  • cmhdream

    8

Top Posters In This Topic

Popular Posts

Total Uninstall Pro 6.27.0.565 x64 crk v2   Site: https://www.upload.ee Sharecode: /files/9532179/tu_6.27.0.565_c_v2_x64.rar.html

Total Uninstall Pro 6.27.0.565 x64 crk   Site: https://www.upload.ee Sharecode: del    

Total Uninstall is a complete uninstaller which include two working modes: - "Installed programs" module analyze existing installations and create a log with installation changes. It is able to uninst

51 minutes ago, Abacaxi said:

I'm one of those who had no luck with the crack made by @ remek002.
However the patch placed here by @cmhdream is working perfectly sense was posted.

Hmm, I have to agree with you. I omitted sth. My fault.
Copying the two dlls from the patch is not enough. You have to actually apply the patch and then all is fine.
I made some further quick tests in shadow mode (shadow defender).
 - In a state where TU (though seemingly registered when the 2 dlls are in the folder) produce no results after "analysis", after removing the dlls and applying the patch - TU went back to a working state. So far at least - any online checks for new version from within the UI have no detrimental effects.
Looking closer at the virustotal results -- the patch is harmless, in malware terms :); -high confidence :). But, make up your own mind.
I will compare snapshots one day to see what exactly it does.
so yes, I am happy.
Thank you @Abacaxi for inadvertently prompting me to check further. 

Link to post
Share on other sites
21 minutes ago, capt_blake said:

I will compare snapshots one day to see what exactly it does

Patch Copies two dll files Named "JonganTU.dll" & "winmm.dll" to Program Directory. That's it. Nothing more, you can confirm it by checking Checksums of Executable & dll files in program directory [Before & After Patch Applied] or Trace Patch Using Revo Uninstaller.

 

Link to post
Share on other sites
21 hours ago, DeLtA said:

Patch Copies two dll files Named "JonganTU.dll" & "winmm.dll" to Program Directory. That's it. Nothing more, you can confirm it by checking Checksums of Executable & dll files in program directory [Before & After Patch Applied] or Trace Patch Using Revo Uninstaller.

 

That's what I thought initially too. As I explained.
Sure I compared folder contents and checksums. The first thing to do.
Having the 2 additional dlls in the program's folder is not enough, from what i see.
the "void analysis" error (like the one with remek002's crack) - will appear.
apply the patch  - and it is a different story.
The patch introduces more changes than simply copying 2 dlls to a folder.  
I hope those alterations affect only the TU program, but have no more system-wide effects, affecting access of other application packages to system resources, for example. 
What exactly's going on, I still don't know, but will find out.
BTW, I wouldn't use Revo to compare.
nevermind. :)

P.S. A, OK, this means that your repack is useless. Nothing to worry about.

Edited by capt_blake
Link to post
Share on other sites
17 minutes ago, aporete said:

The winmm.dll file is detected as ESET suspicious software. It is stated that this file can send information to the other party.

well then, it could be cryptomalware or a vector from the Chinese APT-10/40.

Link to post
Share on other sites
1 hour ago, capt_blake said:

P.S. A, OK, this means that your repack is useless. Nothing to worry about.

Don't go this fast. Take a break. Useless, I'm Sure it is useless.:tooth:

 

Link to post
Share on other sites
2 hours ago, cyberber said:

Abacaxi can you repost  the patch placed here by @cmhdream is working perfectly in a different mirror https://mega.nz is giving me a corrupt file and cant download

 

Site: https://www.upload.ee
Sharecode: /files/10261423/Total_Uninstall_6.27.0___Patch.rar.html

 

(Includes T.U. 6.27.0.565 + Patch )

Edited by Abacaxi
Link to post
Share on other sites
3 hours ago, DeLtA said:

Don't go this fast. Take a break. Useless, I'm Sure it is useless.:tooth:

 

I did not mean to offend you, but to tell the truth.:)
In essence: packing (in flawed assumption) a few dlls and "All Connections to Home are Blocked" (upon what proven necessity or benefit?)
..and some cosmetics.
Of course, I wouldn't recommend your repack to anyone.
Additionally: when, like in this case, it is not difficult for people to apply the fix on their own.

Edited by capt_blake
Link to post
Share on other sites
On 7/24/2019 at 2:50 AM, DeLtA said:

Patch Copies two dll files Named "JonganTU.dll" & "winmm.dll" to Program Directory. That's it. Nothing more, you can confirm it by checking Checksums of Executable & dll files in program directory [Before & After Patch Applied] or Trace Patch Using Revo Uninstaller.

 

Can you upload 2 files "JonganTU.dll" & "winmm.dll " ?

Edited by TCCS
Link to post
Share on other sites

Tested and working on Win10 x64

 

Reupload for members 

 

TU x64 Cracked by rmk-free include registry fix

Site: https://www.upload.ee
Sharecode: /files/10320745/TU_x64-rmk-free.rar.html

 

TU x86 x64 DLL files + registry fix by Jongan

Site: https://www.upload.ee
Sharecode: /files/10320758/TU_v6.27.Fix_x32_x64_Jongan.rar.html

 

Thanks @xanax

Edited by TCCS
Link to post
Share on other sites
On 8/6/2019 at 9:11 AM, xanax said:

 

That is correct

 

 

That is actually not correct
Also if you want to trace it then don't use some uninstaller to do that, use something like Sysinternals Process Monitor

 

 

TU calls to home, example when check for updates
https://total-uninstall.com/cc/updates.php

and send some data like:

Version=62700&Language=English&HdwId=XXXXXXXX-XXXXXXXX-XXXXXXXX~XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX&HdwName=<COMPUTER_NAME>&Method=0&Module=0&OS=10.0.0&Platform=X86

 

try to check update when you add version.dll in TU program folder

 

 

Again, this is correct, there is a catch

 

 

@DeLtA

You have two problems with repack
1. version.dll is 64-bit and if repack is installed on 32-bit OS then 64-bit version.dll will be copied to program folder and program can't start, need to manually remove version.dll

2. you miss one important registry entry because you use wrong program to trace

 

 

When TU is installed and program start and when we do first anlyze then in registry will be created one important value which will determinate when the Trial will expire

it use 1900 Date System

 

for reset trial this value also must be deleted

or

increase number to get more trial days so Analyze can work properly

for example:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SECURITY]
"SecFlagsR0E"=dword:ffffffff
psexec.exe -accepteula -s -d -i 1 reg add HKLM\SECURITY /v SecFlagsR0E /t reg_dword /d 4294967295 /f

 

 

tracing Jongan patch also show that part when patch is applied

it increase analyze trial time for 10 years instead 30 days which is set by TU

 

1bPkSS8.png

 

 

 

More details.

2W3vn.jpg

Edited by vovhas
Link to post
Share on other sites

on Win7 32-bit after analyze some app TU create "0E" without "SecFlagsR"

and after using "Monitored programs" module TU create "SecFlagsR0E" value

 

looks like there can be also "SecFlagsR0D" and "0D"

Edited by xanax
  • Like 2
  • Thanks 1
Link to post
Share on other sites
On 8/12/2019 at 6:00 PM, xanax said:

on Win7 32-bit after analyze some app TU create "0E" without "SecFlagsR"

and after using "Monitored programs" module TU create "SecFlagsR0E" value

 

looks like there can be also "SecFlagsR0D" and "0D"

Quote

[HKEY_LOCAL_MACHINE\SECURITY]
"SecFlagsT"=dword:00000006
"SecFlagsR06"=dword:00009e26
"SecFlagsR07"=dword:0000a156
"SecFlagsR08"=dword:0000a322
"SecFlagsR0B"=dword:0000aaa8
"SecFlagsR0C"=dword:0000aaa8
"SecFlagsR0D"=dword:0000b8cb
"SecFlagsR0E"=dword:0000aa94

 

Link to post
Share on other sites
9 hours ago, xanax said:

also creating REG_SZ insted REG_DWORD should work as no time limited

What format is the data in?  1900 Data System?

 

Please show an example:

reg add HKLM\SECURITY /v SecFlagsR0E /t REG_SZ /d ?????? /f

 

 

Link to post
Share on other sites
8 hours ago, vovhas said:

What format is the data in?  1900 Data System?

 

Please show an example:

reg add HKLM\SECURITY /v SecFlagsR0E /t REG_SZ /d ?????? /f

 

 

just leave it empty

reg add HKLM\SECURITY /v SecFlagsR0E /t REG_SZ /f
Link to post
Share on other sites
1 hour ago, xanax said:

just leave it empty

No, after analysis, the result: 
 

Quote

 

[HKEY_LOCAL_MACHINE\SECURITY]

"SecFlagsR0E"=dword:0000aab0

 

Added value:
 

Quote

 

[HKEY_LOCAL_MACHINE\SECURITY]

"SecFlagsR0E"="fffff"

 

OK!

Link to post
Share on other sites

looks like differently acting on different Windows version

on Win 10 REG_SZ will be rewrited with REG_DWORD and on Win 7 32-bit REG_SZ will stay intact, at least on my side

 

however, in new TU version i'm not be suprised if this SecFlags module trial measurement will be replaced with something completely different

Edited by xanax
Link to post
Share on other sites
26 minutes ago, xanax said:

Win 7 32-bit REG_SZ will stay intact, at least on my side

What version of TU do you have installed on Win 7x 32? What patches?
The fact is that the medicine for "JONDAN", not all applications are analyzed correctly. For example: UniversalExtractor. I checked both x 64 and x 86, and on different computers. Now I will check the cure for "rmk-free" for analysis.

Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...