Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


Sign in to follow this  
caps_buster

Truly murder IE :)

Recommended Posts

In the IE removal guide: http://www.vorck.com/windows/2ksp5.html

Fred Vorck says: "To truly murder IE, you will need to make changes to the REGINST sections of the following files:

BROWSEUI.DLL

SHDOCVW.DLL

URLMON.DLL

The changes you need to make are all in the REGINST sections. Make the changes with a program like Resource Hacker and "fix" the file afterward by correcting it's checksum...

REGINST sections of some of these DLLs will undo what you do to the INF files, no matter what. Fortunately, these sections CAN be edited with Resource Hacker (use semicolons right on top of the "H" in HKEY)...

Do not make edits to any LocalZone data. If you did, you would be unable to copy or move files!"

This is, for me, average user, a very unspecific guide about what to do. There are a BUNCH of settings and I having hard time to figure out where to start :) I hoping that this put a stop to the Content.IE5 directory and others for IE, including the history one. I'm right?

Also I did not just want a put semicolons there, I just want to delete everything that is not necessary.

From the there mentioned DLLs above, only urlmon.dll seems (to me and at first look) contain some Zone settings. Keys like:

[Zones.RegCU]

[ZoneMap.RegCU]

[Zones.RegLM]

[TemplatePolicies.RegLM]

[ZoneMap.RegLM]

[uATokens.RegLM]

[strings]

...probably should not be deleted, even some keys like "HKLM,"%PATH_TEMPOL_LOW%","1201",0x10001,0x1 ; initialize and script activex controls not marked as safe" did not exactly looks like I need them, considering ActiveX is completely killed on my machine...

So, what will happen if I just delete all in the REGINST sections of the browseui.dll and shdocvw.dll ...?

Is this the right way, or I better backup my Windows install? :)

Share this post


Link to post
Share on other sites

Better back up that install!

Deleting zone information from your DLLs, which I do not recomment, will result in an inability to copy files over the network (LAN). Be very careful when editing. I don't give a guided tour here because it's up to the user to decide what to keep.

About the content folders like favorites: as far as I know, yes, careful editing will prevent the folders from being created. Now that I think of it, preventing system access might also work. D:P(D;;GA;;;SY) -- right (that's a guess right from memory, don't take that literally!)

I'm glad you mentioned this, it got me thinking. Maybe these folders can be killed that way, instead of having to edit DLLs.

They are created when the DLLs are registered in SYSSETUP, so if file permissions are applied prior (I think they are) then it might take care of that. Their slogan should have been "Microsoft Windows -- What A Mess."

ActiveX controls marked as safe -- yes, they can be deleted.

Share this post


Link to post
Share on other sites

Well, the install is a bit "beaten up" already, but you are right. Backup first, who knows what happen when the REGINST sections of the browseui.dll and shdocvw.dll are gone :) I did not find any zone informations into these two DLLs (browseui.dll, shdocvw.dll), but I could be wrong. Witch is why I asked... :)

In the urlmon.dll seems to be plenty of zone informations, so I was just interesed if I could delete everything besides the mentioned keys... It is possible to delete everything beside these keys? I wonder...

Editing the DLLs aren't a issue for me, I did not update my system at all, SP4 Win2k install and that it is.

Share this post


Link to post
Share on other sites

Can't answer whether or not to do what you're asking, but I can confirm that zone checking is done via urlmon.dll, not browseui or shdocvw.

Share this post


Link to post
Share on other sites

Well, I was asking if anyone tried that (removing the REGINST sections of the BROWSEUI.DLL and SHDOCVW.DLL and editing out everyrhing besides zone settings from URLMON.DLL) and if Windows works, after that.

No answer, so, I backed up my installation and tried that.

Entierly removing the REGINST sections from BROWSEUI.DLL and SHDOCVW.DLL - no ill effec! WoW! Now URLMON.DLL - and wow, things went smooth! I typing now, eMule and ICQ (Miranda) run also well, so, we see. So far, so good.

Anything to test? :thumbup

Share this post


Link to post
Share on other sites

Bottom line - it does NOT help or prevent, however, the re-creation of

Cookies (C:\Documents and Settings\Administrator\Cookies\index.dat)

History (C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat)

IE temp files (C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat)

What is colored as red, I want to be dead! :realmad:

So, guys, a little help there? What next to trully murder IE? :hello:

I did used the "kill IE" inf I made from Fred Vorck work there once again I boted with all the modified DLL: http://rapidshare.com/files/294279201/kill_IE_inf_files.zip

But no help. Files are still re-created on reboot. ****. Kill them with FIRE!

Edited by caps_buster

Share this post


Link to post
Share on other sites
Bottom line - it does NOT help or prevent, however, the re-creation of

Cookies (C:\Documents and Settings\Administrator\Cookies\index.dat)

History (C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat)

IE temp files (C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat)

What is colorad as red, I want to be dead! :realmad:

So, guys, a little help there? What next to trully murder IE? :hello:

I did used the "kill IE" inf I made from Fred Vorck work there once again I boted with all the modified DLL: http://rapidshare.com/files/216136381/kill_IE_inf_files.zip

But no help. Files are still re-created on reboot. ****. Kill them with FIRE!

Wininet creates and opens a handle to these files on logon (it hosts wininet.dll, causing the files to be created). I don't think you can avoid this without replacing winlogon.exe with a hacked version, which I wouldn't recommend.

Share this post


Link to post
Share on other sites

First - I did not mean to say that I dismis your suggestion entierly, but please, look. I come too long way and - after all - what is the worst it can happen when I use modified winlogon.exe? Problems? I put original version back and that it is. Windows fail to boot? I restore them from backup.

So, you see, there is a little reasons why not, when you have backup of system partition (DriveImage) and you are ready to face possible catastrophic consequences. And since I hate these files, I see plenty of reasons why modify the winlogon.exe file. After all, it is not the annoying file that keep showing the ughly lame requester about Windows not using virtual memory, when it is disabed? Time to modify that too :)

I looked at the wininet.dll too, it has a REGINST section as well, but reather tiny one:

[Version]
Signature="$CHICAGO$"
[Reg.HKCU]
RequiredEngine=SETUPAPI, %EngineErrorMsg%
AddReg=
[UnReg.HKCU]
RequiredEngine=SETUPAPI, %EngineErrorMsg%
DelReg=
[Reg.HKLM]
RequiredEngine=SETUPAPI, %EngineErrorMsg%
AddReg=
[UnReg.HKLM]
RequiredEngine=SETUPAPI, %EngineErrorMsg%
DelReg=
[Strings]
PATH_AUTODIAL = "System\CurrentControlSet\Services\Winsock\Autodial"
PATH_INTERNET_SETTINGS = "Software\Microsoft\Windows\CurrentVersion\Internet Settings"

Registres at HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings are full of a VERY interesting settings like cache for Active X and so on. A little clean-up there would be right in order, I assume. That does not help changing the winlogon.exe, tough :)

PS. editing the settings in the registers

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache\Paths

did not stick. I changed them and reboot was slow and upon restart - the very same setting appeared.

There is, for example, the very interesting setting "Directory" witch is string "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5" - exactly what I wanted to kill. I searched whole Windows for Content.IE5 and found it in wininet.dll and IEINFO5.OCX - should not THIS file be long gone anyway?

Well, back to the issue - in wininet.dll aren't tj "Content.IE5" found in the REGINST part. So, where it is?

Edited by caps_buster

Share this post


Link to post
Share on other sites

If you were to run process monitor on a machine you'd see winlogon opening handles on user logon to those locations - it's built into winlogon to use wininet for network communications. The only thing that'd break if you replaced winlogon with one that didn't ingest wininet was that you would be unable to logon anywhere but locally (no domain logons). Note that the requirement for wininet isn't in a reginst section, it's actually a static link in the winlogon code loaded when winlogon.exe starts, so you'd have to rewrite winlogon and replace with your own.

Share this post


Link to post
Share on other sites

I'm a bit late replying to this one, but as Fred himself has already mentioned, it's up to you what to do if you want to 'truly murder IE'. This is why his guide states after step 11 (I think) you are entering advanced territory.

In all honesty, his fileset by default pretty much totally murders IE, or at least, it does in my opinion. The steps after are only for those who want to get really technical, and have the skills to do it. I, and many others don't - and the default fileset is an excellent balance between the vast majority of IE and its s***e being off the system, while not seriously crippling anything - and it satisfies me.

As with most hacks like these... your mileage will vary. I know mine did, I have seen some small things in my system that others don't seem to have. Some don't even seem to have much success at all, and others just don't try hard enough.

Share this post


Link to post
Share on other sites

cluberti -

If you were to run process monitor on a machine you'd see winlogon opening handles on user logon to those locations - it's built into winlogon to use wininet for network communications. The only thing that'd break if you replaced winlogon with one that didn't ingest wininet was that you would be unable to logon anywhere but locally (no domain logons).

Thanks, cluberti! Now we are getting somewhere :) So you say that someone tried that and it actually break only the remote logins to my machine? That sounds rather great! I did not want anyone to be able login to my machine, so as long as filesharing works and using terminal I could login to another server/folding machines, I would be very happy!

Bonus - added security! :thumbup

Note that the requirement for wininet isn't in a reginst section, it's actually a static link in the winlogon code loaded when winlogon.exe starts, so you'd have to rewrite winlogon and replace with your own.

That call for hacking the exe :) So, are you aware if anyone tried that ever before me and if yes, are there some known set of hexa codes that, replaced with another set, will prevent winlogon.exe loading the wininet.dll and did not complain about it?

JustinStacey - yes, while I do agree that for most, Fred Vorck work is more that enought, it is not for me. I want to press harder. I want these ughly cache files are GONE for good. And hacking windows is not only fun, it add knowledge and security along the way, so... I just wanna try harder. Why not? That is what anyone should have done to get completely rid of IE :sneaky:

Edited by caps_buster

Share this post


Link to post
Share on other sites

I'd rather just use Linux to be honest.

You may be able to remove IE, but the only way to get rid of Windows... is to get rid of Windows!

Share this post


Link to post
Share on other sites

Yea, tell that to the millions of people of there :thumbup

Honestly - most used is the Windows platform, no matter the cost, so one got to live with it. The IE is removed already pretty well, tough I'm not yet satisfacted. That's all :hello:

Share this post


Link to post
Share on other sites
I'd rather just use Linux to be honest.

You may be able to remove IE, but the only way to get rid of Windows... is to get rid of Windows!

Who said anything about getting rid of Windows? We're talking about removing IE here and leaving the rest of Windows intact. Keep your fanboi'ism to the relevant sections of the forum.

Share this post


Link to post
Share on other sites
Entierly removing the REGINST sections from BROWSEUI.DLL and SHDOCVW.DLL - no ill effec! WoW! Now URLMON.DLL - and wow, things went smooth! I typing now, eMule and ICQ (Miranda) run also well, so, we see. So far, so good.

I tried cleaning the whole REGINST Section up, with no success, it was obvious:

The REGINST Section was already in the Registry so cleaning of the files hasn't affected anything.

Does the installation of the cleaned out files work?

Any ideas on how to get rid of the Cache-Folders?

Cutting out IE from Windows is a pain! I know why my primary OS is OSX!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...