Site search
Powered by Google
Links
February 19, 2008
A new version of BFU is available. Changes in v1.11:
- Added RegSetExpandValue to set REG_EXPAND_SZ values
- Added RegDeleteKeyIfNameContainsText/Hex to delete keys matching a mask
- Online scripts can now be executed from the commandline (i.e. bfu.exe http://www.example.com/test.bfu)
- Fixed RegResetPermissions (and others) not being recognized
- Added OptionShowLog command to force showing the logfile after script completion
- Added OptionSaveLog command to save the logfile to disk after script completion
- More extensive logging
- Fixed bug in CRC32 module with leading zeroes
- Updated CRC32 module to read files ~3 times faster
December 11, 2007
Lately a lot of people have been asking me what HijackThis is and how it got onto their system. I've answered this question so often now and pointed people to the relevant answer on my FAQ so many times, that I'm adding it here on the front page:
HijackThis is a free antispyware program for computer experts. If you paid for HijackThis, you were either scammed or sold something else. HijackThis does not automatically remove bad things, you need to decide for yourself what is good or bad in the scan results. If you want an automated antispyware program, get Spybot Search & Destroy.
If you found HijackThis on your system and you did not put it there, someone else did. HijackThis is not automatically installed, ever. If you recently brought your computer in for repairs or upgrading or fixing, or someone helped you clean up the computer of malware, most likely they installed HijackThis and forgot to remove it. BestBuy's Geeksquad uses HijackThis, and most likely more computer shops do.
If the entry in the Add/Remove Software list is not working, the person who installed HijackThis on your system did not remove it correctly. Old versions of HijackThis (1.9x and older) can be removed by running this Registry script.
I no longer own, maintain or support HijackThis. In March 2007, I sold HijackThis to TrendMicro. This includes the complete rights, the source code and customer support. I can no longer help you with error messages in HijackThis, bugs or missing features. If you use an older version of HijackThis, upgrade. If you find a bug, contact TrendMicro.
Thanks for your understanding.
HijackThis is a free antispyware program for computer experts. If you paid for HijackThis, you were either scammed or sold something else. HijackThis does not automatically remove bad things, you need to decide for yourself what is good or bad in the scan results. If you want an automated antispyware program, get Spybot Search & Destroy.
If you found HijackThis on your system and you did not put it there, someone else did. HijackThis is not automatically installed, ever. If you recently brought your computer in for repairs or upgrading or fixing, or someone helped you clean up the computer of malware, most likely they installed HijackThis and forgot to remove it. BestBuy's Geeksquad uses HijackThis, and most likely more computer shops do.
If the entry in the Add/Remove Software list is not working, the person who installed HijackThis on your system did not remove it correctly. Old versions of HijackThis (1.9x and older) can be removed by running this Registry script.
I no longer own, maintain or support HijackThis. In March 2007, I sold HijackThis to TrendMicro. This includes the complete rights, the source code and customer support. I can no longer help you with error messages in HijackThis, bugs or missing features. If you use an older version of HijackThis, upgrade. If you find a bug, contact TrendMicro.
Thanks for your understanding.
October 28, 2007
A new version of BFU (Brute Force Uninstaller) is available! The new version offers better logging commands, better wildcard support and some bugfixes.
Changelog:
Thanks for Pieter, Mark and Savvas for helping me testdrive the betas!
Changelog:
- Added wildcard for all Registry functions that need it
- Added: RegDelValueIfNameContainsText, RegDelValueIfNameContainsHex and RegDelValueIfDataContainsText, RegDelValueIfDataContainsHex to replace RegDelValueIfContains[x] for clarity
- Added: OptionShowLog to force show log after the script ends
- Added: LogIfFileMD5Match, LogIfFileSHA1Match, LogIfFileMD2Match, LogIfFileMD4Match, LogIfFileCRC32Match
- Added: LogIfFileExist, LogIfRegKeyExist, LogIfRegValExist
- Added: FolderClear, will attempt delete to delete all files and folders in a given folder
- Added: RegKeyResetPermissions, resets all permissions on a Registry key to the defaults (if possible)
- Added: OptionBFUExit, quits BFU
- Added: %Favorites% environment variable
- Changed FolderDelete so it uses FolderClear on fail and deletes the folder on reboot (if that option is set)
- Changed: OptionRunSilent is ignored if scriptfile is passed as commandline parameter, for safety
- Changed: Any file commands with wildcards will apply to any matches in subfolders as well
- Fixed: Windows 2003 SBS was detected as Windows XP 64-bit
- Fixed: CRC32 checksum was reversed
- Fixed: lines with unexpanded environment variables are skipped
- Removed OptionSetStatusOn command, the first OptionSetStatus triggers the status messages
Thanks for Pieter, Mark and Savvas for helping me testdrive the betas!
September 3, 2007
I just got word that the popup on my website isn't because the server was hacked, but because Zoneedit is adding them. Since they were acquired by Dotster, they are forcing popups onto free Zoneedit accounts.
The ever awesome Paul Laudanski of CastleCops.com has contacted me about hosting merijn.org.
The ever awesome Paul Laudanski of CastleCops.com has contacted me about hosting merijn.org.
August 23, 2007
A quick heads-up: the popup on my website is not my doing - I have no idea how it got here. I don't run any advertising on this website, period. I'm in the process of finding out what's going on. Feel free to write an angry letter to Casalamedia, since it's their popup.
August 27: it appears one or more of the mirrors that host my website has been compromised in some way that makes the popup appear sometimes, but not always. Since Mike Healan is the only one who can do anything about this and he's not available, the next best thing I can do is change hosting. Suggestions are welcome.
Meanwhile, the popup should never appear if you use www.spywareinfo.com/~merijn to visit my website. My apologies for the inconvenience, and thanks for your understanding.
August 27: it appears one or more of the mirrors that host my website has been compromised in some way that makes the popup appear sometimes, but not always. Since Mike Healan is the only one who can do anything about this and he's not available, the next best thing I can do is change hosting. Suggestions are welcome.
Meanwhile, the popup should never appear if you use www.spywareinfo.com/~merijn to visit my website. My apologies for the inconvenience, and thanks for your understanding.