My doom Solution

Questions about Update Pack making? Ask here.
Post Reply
User avatar
keytotime
Posts: 491
Joined: Thu Dec 16, 2004 9:44 pm

My doom Solution

Post by keytotime » Sat Dec 18, 2004 7:43 pm

Add this as a reg file and run it
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools]
"MydoomTool"="OK"
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell]

as an inf
[Version]
signature="$CHICAGO$"

[DefaultInstall]
AddReg=mydoom.ADDreg
DelReg=mydoom.DELREG

[Mydoom.AddReg]
HKLM,"SOFTWARE\Microsoft\RemovalTools","MydoomTool",0,"OK"
[Mydoom.DelReg]
HKLM,"Software\Microsoft\Windows\CurrentVersion\Shell"

User avatar
RyanVM
Site Admin
Posts: 5189
Joined: Tue Nov 23, 2004 6:03 pm
Location: Pennsylvania
Contact:

Post by RyanVM » Sat Dec 18, 2004 8:14 pm

Have you actually tested that? I specifically said before that I tried adding that registry entry on a fresh install and WindowsUpdate still wanted to install it.
Get up to $200 off on hosting from the same people who host this website!
http://www.ryanvm.net/forum/viewtopic.php?t=2357

User avatar
keytotime
Posts: 491
Joined: Thu Dec 16, 2004 9:44 pm

Post by keytotime » Sat Dec 18, 2004 8:30 pm

Ryan did do the second part removing the shell key in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\

Without removing that key, it prompted me to get the tool. When i removed the key, it no longer prompted me.

I'm testing it on a fresh clean version right now.

User avatar
keytotime
Posts: 491
Joined: Thu Dec 16, 2004 9:44 pm

Post by keytotime » Sat Dec 18, 2004 9:36 pm

I tested it out and it works!!!!!!!!!!!!!!!

If you want to add it to your pack

Under [HotfixUpdates] add:

AddReg=mydoom.Addreg
DelReg=mydoom.DelREG

then add
[Mydoom.AddReg]
HKLM,"SOFTWARE\Microsoft\RemovalTools","MydoomTool",0,"OK"
[Mydoom.DelReg]
HKLM,"Software\Microsoft\Windows\CurrentVersion\Shell"


and then when you install xp, you will be no longer bugged with the mydoom install

User avatar
RyanVM
Site Admin
Posts: 5189
Joined: Tue Nov 23, 2004 6:03 pm
Location: Pennsylvania
Contact:

Post by RyanVM » Sat Dec 18, 2004 10:24 pm

Is that entry safe to remove?

...and I know how to add registry entries to INF files...
Get up to $200 off on hosting from the same people who host this website!
http://www.ryanvm.net/forum/viewtopic.php?t=2357

User avatar
keytotime
Posts: 491
Joined: Thu Dec 16, 2004 9:44 pm

Post by keytotime » Sun Dec 19, 2004 8:19 am

Yes it's safe to remove, if you check the mydoom log, you'll see that it remove's the key also.

User avatar
RyanVM
Site Admin
Posts: 5189
Joined: Tue Nov 23, 2004 6:03 pm
Location: Pennsylvania
Contact:

Post by RyanVM » Sun Dec 19, 2004 10:35 am

Thanks for figuring out the solution. Makes life easier (and the download smaller) than the other way :)
Get up to $200 off on hosting from the same people who host this website!
http://www.ryanvm.net/forum/viewtopic.php?t=2357

DLF
Posts: 33
Joined: Fri Dec 17, 2004 12:36 pm
Location: The Midlands, U.K.

Post by DLF » Thu Dec 23, 2004 10:43 am

@Ryan (et al)

I'm just porting over to RunOnceEx from batch_file.cmd and I'm struggling generally and also quite a bit with the syntax over this solution. On my latest uA CD I've integrated your V104 cab and added the following to my RunOnceEx.cmd file...


REG ADD %KEY%\032 /VE /D "MyDoom Solution" /f
REG ADD %KEY%\032 /V 1 /D "SOFTWARE\Microsoft\RemovalTools","MydoomTool",0,"OK" /f
REG DEL %KEY%\032 /V 2 /D "Software\Microsoft\Windows\CurrentVersion\Shell" /f

Can you check syntax and advise if incorrect OR have I got it completely round my neck? Do I need other files/calls etc? TIA
Last edited by DLF on Thu Dec 23, 2004 11:51 am, edited 1 time in total.

User avatar
RyanVM
Site Admin
Posts: 5189
Joined: Tue Nov 23, 2004 6:03 pm
Location: Pennsylvania
Contact:

Post by RyanVM » Thu Dec 23, 2004 11:41 am

If you just want to add the entries straight from the CMD file, you'd do

Code: Select all

reg add "key to add here"
reg del "key to delete here"
The syntax you've got is if you're making a RunOnceEx registry entry.

DLF
Posts: 33
Joined: Fri Dec 17, 2004 12:36 pm
Location: The Midlands, U.K.

Post by DLF » Thu Dec 23, 2004 11:49 am

So a simpler way would be to add the following to my regtweaks.reg file then? Syntax as per keytotime's post...yes?

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools]
"MydoomTool"="OK"
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell]

User avatar
keytotime
Posts: 491
Joined: Thu Dec 16, 2004 9:44 pm

Post by keytotime » Thu Dec 23, 2004 8:37 pm

yes, you can add to your reg tweaks file

User avatar
RyanVM
Site Admin
Posts: 5189
Joined: Tue Nov 23, 2004 6:03 pm
Location: Pennsylvania
Contact:

Post by RyanVM » Thu Dec 23, 2004 10:19 pm

I'm having real fun removing the Shell key with my INF. As best I can tell, one of the DLLs I'm registering is creating it after the DelReg entry is already executed, causing the entry to still be created. I'm trying to isolate which DLL is causing the problems so I can figure out a solution from there.
Get up to $200 off on hosting from the same people who host this website!
http://www.ryanvm.net/forum/viewtopic.php?t=2357

User avatar
keytotime
Posts: 491
Joined: Thu Dec 16, 2004 9:44 pm

Post by keytotime » Sat Dec 25, 2004 8:54 pm

That's really weird, i've reinstalled over 10 times and i've never had that problem, when you install xp is there anything inside of the shell key?

Edit: It's who lock me, when it is registred it recreate's the shell key, i removed it from your inf, so i didn't have the problem.

User avatar
RyanVM
Site Admin
Posts: 5189
Joined: Tue Nov 23, 2004 6:03 pm
Location: Pennsylvania
Contact:

Post by RyanVM » Sat Jan 01, 2005 12:30 pm

Thanks for the detective work. Now to see if I can figure out how to make that entry not appear :P

Time for me and ResHacker to become good friends.
Get up to $200 off on hosting from the same people who host this website!
http://www.ryanvm.net/forum/viewtopic.php?t=2357

war59312
Posts: 213
Joined: Fri Nov 26, 2004 1:11 am
Location: U.S.A
Contact:

Post by war59312 » Sun Jan 02, 2005 4:27 am

UM wt. I just installed winxp sp2 with all hotfixes intergreated and no my doom tool of any kind is at windows update. Matter of fact the only thing is the stupid viewer thing.
God Bless America

User avatar
RyanVM
Site Admin
Posts: 5189
Joined: Tue Nov 23, 2004 6:03 pm
Location: Pennsylvania
Contact:

Post by RyanVM » Sun Jan 02, 2005 9:03 am

I have no idea what "UM wt" stands for. I can say that I definitely know what's going on with the the WhoLockMe DLL, so this will be fixed in 1.0.5.

war59312
Posts: 213
Joined: Fri Nov 26, 2004 1:11 am
Location: U.S.A
Contact:

Post by war59312 » Fri Jan 07, 2005 3:40 am

lol Was just saying up what the. lol

But yeah i just relized it did not install the tools so no wonder. hehe

Glad to see its fixed in 1.05. :)
God Bless America

a06
Posts: 139
Joined: Thu Dec 23, 2004 2:11 pm

Post by a06 » Sun Jan 09, 2005 1:28 pm

i was about to ask what this whole mydoom thing really is -
windows update says "your machine is likely infected" - i assume that is incorrect, right? i just finished performing a clean install, and i am assuming this problem is simply related to one of the tools in the full pack?

also, you said this is already fixed for 1.05? or it will be fixed (you are still working on it)?

thanks

User avatar
RyanVM
Site Admin
Posts: 5189
Joined: Tue Nov 23, 2004 6:03 pm
Location: Pennsylvania
Contact:

Post by RyanVM » Sun Jan 09, 2005 2:35 pm

It's fixed on my end. And yes, what Windows Update says is incorrect. The reason for the problem is that there's an error in how WhoLockMe registers which creates a registry entry that WU sees as a possible infection.
Get up to $200 off on hosting from the same people who host this website!
http://www.ryanvm.net/forum/viewtopic.php?t=2357

war59312
Posts: 213
Joined: Fri Nov 26, 2004 1:11 am
Location: U.S.A
Contact:

Post by war59312 » Tue Jan 11, 2005 3:33 am

Thanks for clearing that up.

Think I'm going to wait to create my main iso untill 1.05 is released then.
God Bless America

Post Reply