RyanVM Posted December 15, 2004 Share Posted December 15, 2004 OK, I'm getting really frustrated by this. On all my fresh installs now, Windows Update is prompting me to run the Doomjuice, Mydoom, Zindos removal tool (KB836528). So far, my quest to find a registry key which makes Windows think it was run (similar to the GDI+ Detection Tool) has turned up nothing. The best lead I've had is that the tool makes a RemovalTools registry key and adds an entry for that tool with a value of OK when it's run. However, I've tried manually adding that entry on a fresh install and Windows Update still thinks the tool must be run.Has anybody figured out a way to trick WindowsUpdate??? Link to comment Share on other sites More sharing options...
Noise Posted December 15, 2004 Share Posted December 15, 2004 Have you tried integrating it into your source? That worked with the GDI detection tool for me, I didn't use a registry hack. Link to comment Share on other sites More sharing options...
RyanVM Posted December 15, 2004 Author Share Posted December 15, 2004 I'm not sure I understand exactly what you're asking. Link to comment Share on other sites More sharing options...
RyanVM Posted December 15, 2004 Author Share Posted December 15, 2004 ...so I'm guessing that's a no then...Rats Link to comment Share on other sites More sharing options...
RyanVM Posted December 17, 2004 Author Share Posted December 17, 2004 Well, I figured out a way that works. As some of you are aware of, blastcln.exe is already on the XP CD. Also, you can see on a fresh install that at some point during XP setup, blastcln.exe is run. The evidence for that is a log file in c:\windows\debug named blastcln.log. I also noticed when running doomcln.exe that a doomcln.log was also created in the same directory. This got the gears spinning in my head. So I tried renaming doomcln.exe to blastcln.exe and compressed it and put it in i386. And (not) to my surprise, it worked! doomcln.log was present and WindowsUpdate no longer wants to install. So for the next release, that's what I'll be doing unless someone can find a better solution. Link to comment Share on other sites More sharing options...
cybpsych Posted December 17, 2004 Share Posted December 17, 2004 that's the closest thing i've seen to totally removing this dreaded tool i simply hid it away in WU ...ur steps fools WU to think it's been executed or installed ...what if you dump the doomcln.log file? does WU look for the exe or log (string search)?? Link to comment Share on other sites More sharing options...
RyanVM Posted December 17, 2004 Author Share Posted December 17, 2004 I tried nearly every combination of file/registry settings I could think of, but to no avail. And I'm really not tricking WU into thinking it was run, since it was actually run . I'm just fooling Windows setup into running something other than what it thinks it is. Link to comment Share on other sites More sharing options...
LaptoniC Posted December 17, 2004 Share Posted December 17, 2004 Last night I integrated all new 5 fixes with /integrate.I tested this new one on virtual pc and it said no critical updates.Before integration I had that stupid Mydoom false alarm.Really dont know the reason Link to comment Share on other sites More sharing options...
RyanVM Posted December 18, 2004 Author Share Posted December 18, 2004 Yeah, it's driving me nuts. Oh well, if the workaround works, the renamed blastcln.exe is 40KB extra on the download size - not exactly a big deal for an 11.5MB file. And it adds an extra 7k to the overall size of the CD Link to comment Share on other sites More sharing options...
edmoncu Posted December 19, 2004 Share Posted December 19, 2004 hi ryan. would like to confirm this... to remove the latest KB836528 patch from WU, ill just have to do this...- download the KB836528 update (for english language)- decompress the DoomCln-KB836528-v4-ENU.exe file. (english file)- on the decompressed folder, rename the uncompressed doomcln.exe to blastcln.exe- compress the blastcln.exe file to blastcln.ex_ to the source i386 folder. Link to comment Share on other sites More sharing options...
RyanVM Posted December 19, 2004 Author Share Posted December 19, 2004 Yes, that should work. But there's another way which supposedly works that I'm in the process of verifying. Link to comment Share on other sites More sharing options...
edmoncu Posted December 19, 2004 Share Posted December 19, 2004 oh... hmm, i did the same... however, an error appeared during the registering component stage... kinda forgot what the exact message was but it was a fatal error or something... checking at the log file (%windir%\debug\doomcln.log), i found the following message...Microsoft MyDoom removal tool (build 1.227) started on Sun Dec 19 12:52:12 2004Checking 23 processes.Checking startup registry keys for current user.Checking keys for 1 other usersInsufficient memory - 0 bytes neededCan't query value for `Startup`, datasize=148, err=00000002Deleted registry key 80000002:Software\Microsoft\Windows\CurrentVersion\ShellChecking known MyDoom filenames.Microsoft MyDoom removal tool stopped on Sun Dec 19 12:52:12 2004wonder if i did something different.i just repacked the doomcln.exe file with the makecab... Link to comment Share on other sites More sharing options...
edmoncu Posted December 19, 2004 Share Posted December 19, 2004 this is wierd...i tried decompressing the blastcln.ex_ file i just integrated onto the source with the one i re-downloaded from the web... thinking there was just an integrity problem with the files that were burned... i found no differences using the FC /B command.however, when i tried re-compressing the downloaded file to a cab via makecab and did a file comparison... i saw some differences... grrr... im confused now...00000036: 02 9300000038: 5C 2A00000039: 73 61 Link to comment Share on other sites More sharing options...
edmoncu Posted December 19, 2004 Share Posted December 19, 2004 tried looking for "doom" words in the registry... so far, i have found a couple of appearances, but this one seems to be relevant.Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools]"MydoomTool"="OK"i wonder if this in combination of adding a dummy log file (%windir%\doomcln.log) on the debug folder is enough to trick WU into thinking the doomcln.exe has been executed.sorry for the succeeding questions...i just happened to look at the %windir%\setuperr.log file... and i saw these... (snippets only)Error:Setup had problems registering the following OLE control DLL:C:\WINDOWS\system32\blastcln.exeContact your system administrator, who may provide assistance in diagnosing this problem.***Error:Setup detected that the system file named [c:\windows\system32\blastcln.exe] is not signed properlyby Microsoft. This file could not be restored to the correct Microsoft version.Use the SFC utility to verify the integrity of the file.*** Link to comment Share on other sites More sharing options...
durex Posted January 1, 2005 Share Posted January 1, 2005 Any progress on this guys? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now