You are here

Portidy (clean up files and registry on guest hosts)

64 posts / 0 new
Last post
aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Portidy (clean up files and registry on guest hosts)

Portidy is a tool to clean up files, folders and registry entries left on a guest host by portable applications. Portidy can run automatically as soon as the USB stick is mounted. It monitors data saved by applications and deletes them on exit.

The current version of Portidy can be downloaded from Sourceforge.net.

BuddhaChu
BuddhaChu's picture
Offline
Last seen: 4 months 2 weeks ago
Joined: 2006-11-18 10:26
So, since this app uses .ini

So, since this app uses .ini file to get the registry entries to delete, what happens whn I use this app and PortablePutty on my memory stick? PortablePutty cleans up it's own registry settings so when this app goes to delete/save the reg entries, there won't be any. what happens in that case? Would that be like wearing two condoms and being "extra safe just in case"?

How will this app handle multiple version of programs where a registry entry could be used by one version, but not another? Two .ini files for the same app? What about updates for the .ini files? Will users have to download the whole package every time a new version of one of the programs comes out that uses a new registry entry?

Cancer Survivors -- Remember the fight, celebrate the victory!
Help control the rugrat population -- have yourself spayed or neutered!

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Portidy is intended to

Portidy is intended to delete files and registry entries of applications, which don't handle them properly themselves. For example, the portable firefox browser creates the folders 'Mozilla' and 'Talkback' when started, don't uses them at all and doesn't delete them on exit. Another example is the "portable" version of skype, which floods the registy everytime it is started, without deleting it's registry entries on exit as well.

To answer your questions:

If no files, folders or registry entries are found, Portidy doesn't delete anything. If a portable application (like f.e. PuttyPortable does) handles it's data properly: nothing to do for Portidy.

I don't understand completely, what you mean with your second question, but it is possible to use different configuration files for different versions of an application and it is possible to handle different versions of an application within one configuration as well. If an application is recognized as installed on the guest host, Portidy doesn't touch it's data at all by default.

At the moment, there are not as much configuration files and I put them together with the main application. If this is not suitable for future versions, it is of course possible to seperate ini files from the Portidy application. If the tool gets spread, I may implement a more user friendly update function or something.

In my experience, the files and registry enrties used by applications doesn't change very often. Especially if an application is not installed on the guest host, in most cases it leaves only a few data on the file system or in the registry. If an update for a configuration file is needed, I will publish it on the download page.

Espreon
Espreon's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-09-29 18:23
Why don't u fully paf.exe the app?

" "

Also the app crashed a few secs after launch.

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Thanks for your reply. But

Thanks for your reply. But without a more precise error report I can't eliminate any errors. In developement I tested Portidy on several systems with different OS versions (Win2000, WinXP, Vista) and it didn't crash.

Is there any error window, when Portidy crashes or does it crash silently? Can you give me an error message or a screenshot of the error?

You may also drop your error report on sourceforge. There you can easily upload a screenshot as well. Thanks in advance.

Espreon
Espreon's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-09-29 18:23
I am using WinXP SP2 on a Limited Account

Also the crash occured after left-clickin the try icon, if the icon has no use why not have the AutoIT Script hide the tray icon?

Le Error Message:

Line 0 (File "F:\PortableApps\Portidy_0.9\Portidy.exe"):

$User = $WMI.Get ('Win32_UserAccount.Domain="" & @LogonDomain& ""',Name=""&',Name="" & @UserName & "")
""^ERROR

Error: The requested action with this object has failed.

BTW the "" is the ditto sign

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Ok, I see. There is

Ok, I see. There is obviously a problem with the method I used to retrieve the current user's SID (Security ID) used for the %SID% placeholder.

If you want, I can mail you a new Portidy.exe, that uses a (hopefully) more reliable function to get the SID from an official AutoIt function library. Just mail me and I'll send you the new executable. Copy it into the Portidy root folder and give me a feedback if it works.

To answer your first question: The error is not (should not be) related to the tray icon. The erroneous function was called right at the beginning of the Portidy initialization. At this state the tray icon has no function, but if Portidy launched normally, a click on the tray icon opens the Portidy main menu.

Espreon
Espreon's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-09-29 18:23
E-Mail me at

(email removed)

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Ok, sent you an email with the new build

I hope it reached you now, as it seems to need some effort to get an executable attachment through GMail... Smile

Espreon
Espreon's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-09-29 18:23
Nice!

BTW I am not that knowledgeable about AutoIT but on the tray icon the context menu is not able to be brung up and a circle-x sign is around the tray icon, also it get executables through GMail you can also 7-Zip it in the .7z format.

Also does Portidy not use drive letters in its paths, if it uses them it is not completely portable.

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Hmmm... You seem to have

Hmmm... You seem to have some strange problems with Portidy. What exactly happens, when you run the tool? Does it work at all? Are you able to open the config window and the information window? If you want to see how Portidy should work, watch this little video:

http://www-pool.math.tu-berlin.de/~boerner/portidy/Portidy-Video.avi

It's of bad quality to reduce file size, but it shows, how Portidy should look like, when it starts.

About drive letters: Portidy doesn't use absolute paths. For all configuration options various environment variables can be used, f.e. %ScriptDir% or %TempDir%. Actually there are some absolute paths at the beginning of the Portidy source code, but these are just compiler options for the AutoItWrapper, whitch can't handle relative paths. But the executable itself doesn't include these absolute paths anymore.

Espreon
Espreon's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-09-29 18:23
It does work, I was just telling you about the tray icon.

The tray icon returns to normal when using Portidy..... Also it did work on the stuff FFPE left behind, so I am DEFINETLY putting this in all editions of my suites!

So congrats for making such a kick-ass app!

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Thanks for the compliment.

Thanks for the compliment. It seems that I completely misunderstood your reply. Smile I'm pleased to hear that the app now works for you too.

Espreon
Espreon's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-09-29 18:23
Your Welcome!

" "

gvgerman
gvgerman's picture
Offline
Last seen: 15 years 1 week ago
Joined: 2006-11-04 13:54
Does Portidy clean-up after applications ...

Does Portidy clean-up after applications not included in the "monitored applications" list?

Live by the Law of the Minimum

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Portidy does not clean up

Portidy does not clean up after applications that are not monitored. To add an application for monitoring, the user has to create a new appini file or use an already existing one. How to create new appini files is described in the Portidy Readme.

To see, which files and registry entries an application adds to the system, I use a tiny neat open source tool called regshot. You can download it from http://regshot.blog.googlepages.com . regshot scans the registry and selected folders for new, changed and deleted files and registry keys before and after you start a (portable) application.

If you create a new appini file I would appreciate it if you could send me a copy for including it into the next release of Portidy.

gvgerman
gvgerman's picture
Offline
Last seen: 15 years 1 week ago
Joined: 2006-11-04 13:54
Thanks

I'll give it a go and play around w/ it a bit

Live by the Law of the Minimum

arqbrulo
arqbrulo's picture
Offline
Last seen: 4 years 9 months ago
Joined: 2006-08-10 16:38
Confirm

Can we have the option to confirm the deletion? How about an option to delete just the files or just the registry? Thanks.

"In three words I can sum up everything I've learned about life: it goes on." -- Robert Frost
"In three words I can sum up everything I've learned about life: baby ain't mine." -- Adam Holguin

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
If you set the "Execute

If you set the "Execute default action after..." setting to 0 (zero) seconds, no countdown for auto deletion is started and the user has to chose either "Clean up" or "Quit" explicitly on exit. Also the countdown can be canceled by clicking into the clean up window.

In the thread view you can select or de-select individual files or registry entries for deletion before continuing. Does this fit your needs?

I could implement an option to delete just files or just registry entries, but - maybe I'm a bit paranoid at this point - would this option be useful for you on a regular basis? Do you really want Portidy to clean up files but leave the registry entries on a guest host or the other way around?

Espreon
Espreon's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-09-29 18:23
After you fix things up a bit I would like to include this in

the upcoming v2 of my suites.

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Yes, that's all right with

Yes, that's all right with me.

If possible, please test the fixed Portidy version, if it doesn't crash anymore on your XP SP2 account, because I can't reproduce the error with the SID function on other systems. Thank you!

powerjuce
powerjuce's picture
Offline
Last seen: 13 years 8 months ago
Developer
Joined: 2007-09-20 21:34
hey could you make the interface easier

the add a new application will be hard to understand for anyone who does not understand the how the registry works

Please search before posting. ~Thanks

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Indeed, creating new appini

Indeed, creating new appini files requires a little knowledge about the registry and system files & folders. To be honest, I don't want to make that part too easy to beware users from unintentionally damaging other peoples computers. Smile No offense!

I already thought about analyzing RegShot log files to create new appini's from it, but this will require a little more effort, to make that function somewhat safe for unaware users, so please don't expect this to be realized in the next release.

Maybe I can help you, If you have a certain app you want to monitor?

powerjuce
powerjuce's picture
Offline
Last seen: 13 years 8 months ago
Developer
Joined: 2007-09-20 21:34
No I love this program

No I love this program expecially with miranda portable. However when i showed to to some of my friends i had to create a appini for them.
How about if you made the files to be deleted in a way to be autofound and the allow the user to create the lines to modify to the registry.

Please search before posting. ~Thanks

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Miranda IM?

Interesting... Does Miranda Portable leave traces on the guest host? I also played around with Miranda for some minutes when testing all portableapps.com applications for "data leaks", but didn't find any data left behind. Ok, I didn't test it very well, because normally I don't use it. If possible please send your appini file for Miranda. Thanks!

powerjuce
powerjuce's picture
Offline
Last seen: 13 years 8 months ago
Developer
Joined: 2007-09-20 21:34
Miranda IM

miranda leaves traces in the system tray
so normally i have to go and delete the registry for miranda manually but this one does it for me

Please search before posting. ~Thanks

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
This one?

Do you have an appini file for Miranda? I think this would be useful for others as well.

sgp
Offline
Last seen: 5 years 9 months ago
Joined: 2006-10-29 01:38
I love this program. It is

I love this program. It is very well designed, with a clean UI, easy to understand for me. Someone was asking why not just do a full NSIS then? Doing the NSIS is more work than writing a portidy ini file, though both require some technical skills. Maintaining the ini is easy, you can write it incrementally as you notice what traces your apps leave around. I have some portable apps that need to write into the system registry, for instance to modify the Explorer context menu. With portidy I can run them as they are, then simply let portidy cleanup the modified Explorer context menu entry.
Thanks for this app. I will post some ini files in a few days.

sgp
Offline
Last seen: 5 years 9 months ago
Joined: 2006-10-29 01:38
Two possible enhancements

Two possible enhancements for a future version.

;wild card to delete all temporary files created by an application
delfile %TempDir%\prog*.ext
delfile %TempDir%\prog.*
;etc. wildcards

;delete files CREATED after portidy start up
delnewerfile %TempDir%\*.*
delnewerfile %TempDir%\prog*.ext
;etc. wildcards

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Yes, wildcards are also on

Yes, wildcards are also on my wishlist. For files and folders this can be implemented quite easy, but at the moment I agonize over a manageable wildcard solution for the registry, because searching the registry has to be done 'by hand', and this could result in big performance problems if used without care.

I don't know, if a 'delnewerfile' option would be really useful: If you identify a temp file of a portable app, you can delete it on exit, regardless whether it was created before or after Portidy was started. But if you don't know at all, what temp files are created by an application, I think it is not a good idea to delete all temp files created after Portidy was started, because this could interfere with other apps, that save temp files while running Portidy.

sgp
Offline
Last seen: 5 years 9 months ago
Joined: 2006-10-29 01:38
Some apps mark their files

Some apps mark their files with an easy-to-identify string, that's where delnewerfiles makes more sense and is probably safe to use:
delnewerfiles %TempDir%\vi*.tmp
Yes, you could use delfiles with the same wildcard pattern, but then you couldn't identify files that were there before portidy (you) started using the computer.

I agree that
delnewerfiles %TempDir%\*.*
isn't such a good idea, unless you're preparing to shutdown an untrusted host system, but there are other utilities better suited than portidy for such kind of cleanup.

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
FYI: Just released Portidy version 0.9.0.71

...with some new appini files and a bugfix, that crashed the app under some circumstances (see release notes on Sourceforge).

sgp
Offline
Last seen: 5 years 9 months ago
Joined: 2006-10-29 01:38
Portidy makes sense with

Portidy makes sense with Sysinternal's PsTools suite. It's a collection of command-line utilities that prompt the user to accept a EULA and write it to the registry. No more traces left with this ini file!

[pstools]
name=pstools suite
; "EulaAccepted" is the only value I found under these keys
regdelete=HKEY_USERS\%SID%\Software\Sysinternals\loggedon
regdelete=HKEY_USERS\%SID%\Software\Sysinternals\PsExec
regdelete=HKEY_USERS\%SID%\Software\Sysinternals\psfile
regdelete=HKEY_USERS\%SID%\Software\Sysinternals\PsGetSid
regdelete=HKEY_USERS\%SID%\Software\Sysinternals\PsInfo
regdelete=HKEY_USERS\%SID%\Software\Sysinternals\PsList
regdelete=HKEY_USERS\%SID%\Software\Sysinternals\PsLogList
regdelete=HKEY_USERS\%SID%\Software\Sysinternals\PsPasswd
regdelete=HKEY_USERS\%SID%\Software\Sysinternals\PsService
regdelete=HKEY_USERS\%SID%\Software\Sysinternals\PsShutdown
regdelete=HKEY_USERS\%SID%\Software\Sysinternals\PsSuspend
sgp
Offline
Last seen: 5 years 9 months ago
Joined: 2006-10-29 01:38
Do you know why portidy

Do you know why portidy wants to send a network packet? It's annoying with my firewall prompting me to enable network activity for portidy...

File Version : 0.9.0.71
File Description : Portidy - cleanup portable app files and registry
File Path : H:\portidy\Portidy.exe
Process ID : 0x7D4 (Heximal) 2004 (Decimal)

Connection origin : local initiated
Protocol : Raw Ethernet
Local Address : 0.0.0.0
Local Port : 0
Remote Name :
Remote Address : 0.0.0.0
Remote Port : 0

Ethernet packet details:
Ethernet II (Packet Length: 56)
Destination: ff-ff-ff-ff-ff-ff
Source: 00-02-3f-19-b7-c0
Type: ARP (0x0806)
Address Resolution Protocol (ARP)
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: Request
Sender hardware address: 00-02-3f-19-b7-c0
Sender IP address: 192.168.0.9

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
The never ending SID story :-)

The packet seems to be initiated by the _Security_LookupAccountName() function I introduced in build 71 to retrieve the current users SID, which in turn uses the dll function LookupAccountName from AdvAPI32.dll to get user data and finally LookupAccountName seems to try to connect a domain controller in the LAN.

This is harmless and the function actually doesn't need net access to retrieve the SID for the local logged in user, but I can understand that this is annoying for you. I am a little paranoid too. This is why Portidy was written. Wink

I will investigate, if there is another possibility to get the SID, but I can't promise.

Devo
Offline
Last seen: 1 year 1 week ago
Joined: 2007-09-04 14:55
ini files

I noticed that you're only including ini files in your releases. I think you should have all the ini files that people submit available for download individually on soundforge. That way people could choose which ini files they want and not have to install them all. Also, I've found that ThunderbirdPortable leaves files in the registry.

I also think that adding appini files should be a bit easier. There could be a way to select the exe files on the USB that you want to monitor and then the program could auto-find the files that it leaves behind. It would automatically create appini files.

Espreon
Espreon's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-09-29 18:23
Some .ini s

For FreeMind:

[freemind]
name=FreeMind
fileexists=%UserProfileDir%\.freemind
filedelete=%UserProfileDir%\.freemind

For Eclipse (also takes care of Subclipse's mess)

[Eclipse]
name=Eclipse
fileexists=%AppDataDir%\Subversion
filedelete=%AppDataDir%\Subversion
fileexists=%UserProfileDir%\workspace
filedelete=%UserProfileDir%\workspace

For the so called DeepBurner "Portable"

[deepburnerportable]
name=DeepBurner Portable
regexists=HKU\S-1-5-21-1640585903-3496352711-3131184175-1188\Software\Astonsoft\DeepBurner\
regdelete=HKU\S-1-5-21-1640585903-3496352711-3131184175-1188\Software\Astonsoft\DeepBurner\
fileexists=%AppDataDir%\DeepBurner
filedelete=%AppDataDir%\DeepBurner

Just thought these would be useful for your project.

Maybe I will put these up on my wiki...
I will make more, since making these for and using Portidy is sooooo much fun!

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Deepburner appini / %SID% placeholder

The reg paths to the deepburner registry entries should use the %SID% placeholder to make them all-purpose for other guest hosts. Or even better: the HKCU hive should be used.

To be honest, it should not be necessary at all to use 'HKU\%SID%\...' anywhere in an appini file, as 'HKU\%SID%\...' is mirrored as 'HKCU\...' (HKEY_CURRENT_USER) for the currently logged in user. Registry keys added or removed in HKCU are added and removed in HKU\%SID% as well and vice versa. In other words: You will never see differences between 'HKU\%SID%\' and 'HKCU\'. The %SID% placeholder can be useful for apps that f.e. generate temp file names from the current users security ID, although no portable app, which did so crossed my path so far.

I have also used HKU\%SID% together with HKCU in some of my own appini files, but as this is redundant I will remove the HKU\%SID% entries in future versions.

Here is a deepburner appini file, which should work on other guest hosts as well:

[deepburnerportable]
name=DeepBurner Portable
regexists=HKCU\Software\Astonsoft\DeepBurner\
regdelete=HKCU\Software\Astonsoft\DeepBurner\
fileexists=%AppDataDir%\DeepBurner
filedelete=%AppDataDir%\DeepBurner
Espreon
Espreon's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-09-29 18:23
A modified firefox.ini for DTA users

if you use the DownThemAll extension the you should use this modified firefox.ini since it takes care of DTA's leavings in the TEMP:

[firefox]
name=Firefox Portable
fileexists=%AppDataDir%\Mozilla
filedelete=%AppDataDir%\Mozilla
filedelete=%AppDataDir%\Talkback
fileexists=%TempDir%\dta
filedelete=%TempDir%\dta
regdelete=HKEY_LOCAL_MACHINE\SOFTWARE\FullCircle\TalkBack

Also one for those people who don't wanna modernize, I made one for U3:

[u3]
name=U3
fileexists=%AppDataDir%\U3
filedelete=%AppDataDir%\U3
wsm23
Offline
Last seen: 12 years 9 months ago
Joined: 2006-01-09 22:05
Where?

Does it go?

Life is about the journey not the destination!

The Kazoo Spartan

Espreon
Espreon's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-09-29 18:23
You open notepad, copy and paste the stuff

in the pre-formatted text, and save it as an .ini file and save it in Portidy\appini

powerjuce
powerjuce's picture
Offline
Last seen: 13 years 8 months ago
Developer
Joined: 2007-09-20 21:34
hey

hey could you make one for thunderbird portable?

Please search before posting. ~Thanks

Espreon
Espreon's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-09-29 18:23
Maybe but IDK if it leaves anything behind.

""

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Thunderbird

I tested Portable Thunderbird and it doesn't seem to leave any data on the guest host like Firefox does. But as I don't use it regularly, I can't say for sure.

Jacob Mastel
Offline
Last seen: 4 years 1 month ago
Developer
Joined: 2007-06-13 19:36
I like the idea of pordity but...

I don't know that much about the registry. I know what it is and all that but I don't know all of the technobably to set up an application to be monitored. Do you think you could make it so those of us that don't know so much can still use it??

Release Team Member

Espreon
Espreon's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-09-29 18:23
OK, I don't know how

Opening NotePad, saving to the appini directory a .ini file, copying and pasting the structure from another .ini and putting the info in is hard.

Espreon
Espreon's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-09-29 18:23
One for uTorrent if your not using...

Ryan's uTorrent launcher:

[utorrent]
name=uTorrent
fileexists=%AppDataDir%\uTorrent
fileedelete=%AppDataDir%\uTorrent
regdelete=HKCU\Software\BitTorrent\uTorrent
regdelete=HCR\.torrent
Ryan McCue
Ryan McCue's picture
Offline
Last seen: 15 years 1 month ago
Joined: 2006-01-06 21:27
Yeh, but

All you have to do is stick a settings.dat in the same folder. Which is exactly what the FAQ on their site says.

"If you're not part of the solution, you're part of the precipitate."

Espreon
Espreon's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-09-29 18:23
Yeah but what if the user does not know about this technique?

" "

Ryan McCue
Ryan McCue's picture
Offline
Last seen: 15 years 1 month ago
Joined: 2006-01-06 21:27
Well,

I doubt they'd be able to use this if they didn't know how to read an FAQ or search for "portable utorrent".

"If you're not part of the solution, you're part of the precipitate."

powerjuce
powerjuce's picture
Offline
Last seen: 13 years 8 months ago
Developer
Joined: 2007-09-20 21:34
limited

i use portable apps in my school
now we are not allowed to modify the registry, so can i use it in school?

Please search before posting. ~Thanks

Espreon
Espreon's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-09-29 18:23
You mean morally or is the Registry locked down?

in Portidy's GUI you can select what leavings you wanna clean up.

powerjuce
powerjuce's picture
Offline
Last seen: 13 years 8 months ago
Developer
Joined: 2007-09-20 21:34
don't know

i havent tried yet becuase i did not want to get into trouble
so should i try or not?

Please search before posting. ~Thanks

Espreon
Espreon's picture
Offline
Last seen: 12 years 3 months ago
Joined: 2006-09-29 18:23
Then if you don't wanna take chances then don't select the

sub-options that involve the Registry.

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Portidy on a limited account

At the moment there are no appinis in the Portidy package or posted in this thread that could seriously damage your system or applications, as long as you don't clean up installed applications (this is disabled by default).

Besides that, Portidy shouldn't be able to seriously damage the system when started from a limited account. Otherwise it's time for the system administrator to seriously reconsider his security policies. Smile On a properly maintained windows system a limited user should not have write access to essential system files or registry entries, hence he is not able to change or delete them, even if he tries.

porterj
Offline
Last seen: 1 month 1 day ago
Joined: 2007-10-02 20:08
Keylogger detection

I run two instances of Portidy; the 2nd instance to clean up before existing, but the initial instance uses the following .ini files to detect, not disable, some publicly available keyloggers.

I'll try and post more but here are three to start with:

[datadoctor-keylogger]
name=DataDoctor-KeyLogger
fileexists=%SystemDir%\Urncb.dll
fileexists=%SystemDir%\Urncbc.dll
regexists=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\NCB


[elogger]
name=Elogger (keylogger)
fileexists=%WindowsDir%\!!!
regexists=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\elogger


[kgb-keylogger]
name=KGB-Spy keylogger
fileexists=%ProgramFilesDir%\KGB
regexists=HKLM\SOFTWARE\Classes\CLSID\{4EB82C70-4A64-4AA9-53BB-D3784261D7A3}
regexists=HKLM\SOFTWARE\Classes\mpkreg
regexists=HKLM\SOFTWARE\KGB Software
sgp
Offline
Last seen: 5 years 9 months ago
Joined: 2006-10-29 01:38
ini file for operaportable
[operaportable]
name=operaportable
fileexists=%TempDir%\hebat
filedelete=%TempDir%\hebat
regdelete=HKEY_CURRENT_USER\Software\Opera Software
regdelete=HKEY_USERS\%SID%\Software\Opera Software
; above files/keys might be left behind in case of operaportable crash
sgp
Offline
Last seen: 5 years 9 months ago
Joined: 2006-10-29 01:38
Perhaps a small bug. In the

Perhaps a small bug. In the monitored application dialog, create new ini file, write something then press Save. Do it again with another new file. At this point it becomes impossible to close the monitored application dialog, unless you right-click on portidy's tray icon and select exit, then press the Quit button.

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Can't reproduce this

I can't reproduce this lockup. But this problem could be related to the problem, that the input for underlying windows is not disabled when opening a new window. Thus it is possible to open (f.e.) the monitored applications window two (or more) times, but after one of them is closed, the other windows don't accept any more input.

This issue will be solved in the next release.

Edit: I could reproduce this bug now, when renaming an appini's display name with the latest release. As I already assumed, it will be resolved with the next release, since I made some internal modifications in GUI handling.

sgp
Offline
Last seen: 5 years 9 months ago
Joined: 2006-10-29 01:38
Would it be possible to sort

Would it be possible to sort applications by "name" instead of by filename (or section name) as it is now?

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
What do you mean?

In the monitored applications window the apps should be sorted alphabetically by 'name', i.e. the name shown in the list, aren't they?

sgp
Offline
Last seen: 5 years 9 months ago
Joined: 2006-10-29 01:38
sorry, I meant to say the

sorry, I meant to say the information/cleanup window, not the monitored apps window. In the info/cleanup window apps are sorted by [section], which equates to filename.

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
Ok, this will be changed in the next release

""

aboerner
Offline
Last seen: 10 years 11 months ago
Joined: 2007-09-12 05:19
removed

removed

Log in or register to post comments