[caps_buster]

In the IE removal guide: http://www.vorck.com...dows/2ksp5.html
Fred Vorck says: "To truly murder IE, you will need to make changes to the REGINST sections of the following files:
BROWSEUI.DLL
SHDOCVW.DLL
URLMON.DLL
The changes you need to make are all in the REGINST sections. Make the changes with a program like Resource Hacker and "fix" the file afterward by correcting it's checksum...

REGINST sections of some of these DLLs will undo what you do to the INF files, no matter what. Fortunately, these sections CAN be edited with Resource Hacker (use semicolons right on top of the "H" in HKEY)...

Do not make edits to any LocalZone data. If you did, you would be unable to copy or move files!"

This is, for me, average user, a very unspecific guide about what to do. There are a BUNCH of settings and I having hard time to figure out where to start I hoping that this put a stop to the Content.IE5 directory and others for IE, including the history one. I'm right?

Also I did not just want a put semicolons there, I just want to delete everything that is not necessary.

From the there mentioned DLLs above, only urlmon.dll seems (to me and at first look) contain some Zone settings. Keys like:
[Zones.RegCU]
[ZoneMap.RegCU]
[Zones.RegLM]
[TemplatePolicies.RegLM]
[ZoneMap.RegLM]
[UATokens.RegLM]
[Strings]
...probably should not be deleted, even some keys like "HKLM,"%PATH_TEMPOL_LOW%","1201",0x10001,0x1 ; initialize and script activex controls not marked as safe" did not exactly looks like I need them, considering ActiveX is completely killed on my machine...


So, what will happen if I just delete all in the REGINST sections of the browseui.dll and shdocvw.dll ...?
Is this the right way, or I better backup my Windows install?

[fdv]

Better back up that install!
Deleting zone information from your DLLs, which I do not recomment, will result in an inability to copy files over the network (LAN). Be very careful when editing. I don't give a guided tour here because it's up to the user to decide what to keep.

About the content folders like favorites: as far as I know, yes, careful editing will prevent the folders from being created. Now that I think of it, preventing system access might also work. D:P(D;;GA;;;SY) -- right (that's a guess right from memory, don't take that literally!)

I'm glad you mentioned this, it got me thinking. Maybe these folders can be killed that way, instead of having to edit DLLs.

They are created when the DLLs are registered in SYSSETUP, so if file permissions are applied prior (I think they are) then it might take care of that. Their slogan should have been "Microsoft Windows -- What A Mess."

ActiveX controls marked as safe -- yes, they can be deleted.

[caps_buster]

Well, the install is a bit "beaten up" already, but you are right. Backup first, who knows what happen when the REGINST sections of the browseui.dll and shdocvw.dll are gone I did not find any zone informations into these two DLLs (browseui.dll, shdocvw.dll), but I could be wrong. Witch is why I asked...

In the urlmon.dll seems to be plenty of zone informations, so I was just interesed if I could delete everything besides the mentioned keys... It is possible to delete everything beside these keys? I wonder...

Editing the DLLs aren't a issue for me, I did not update my system at all, SP4 Win2k install and that it is.

[cluberti]

Can't answer whether or not to do what you're asking, but I can confirm that zone checking is done via urlmon.dll, not browseui or shdocvw.

[caps_buster]

Well, I was asking if anyone tried that (removing the REGINST sections of the BROWSEUI.DLL and SHDOCVW.DLL and editing out everyrhing besides zone settings from URLMON.DLL) and if Windows works, after that.

No answer, so, I backed up my installation and tried that.

Entierly removing the REGINST sections from BROWSEUI.DLL and SHDOCVW.DLL - no ill effec! WoW! Now URLMON.DLL - and wow, things went smooth! I typing now, eMule and ICQ (Miranda) run also well, so, we see. So far, so good.

Anything to test?

[caps_buster]

Bottom line - it does NOT help or prevent, however, the re-creation of
Cookies (C:\Documents and Settings\Administrator\Cookies\index.dat)
History (C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat)
IE temp files (C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat)

What is colored as red, I want to be dead!

So, guys, a little help there? What next to trully murder IE?


I did used the "kill IE" inf I made from Fred Vorck work there once again I boted with all the modified DLL: http://rapidshare.co...E_inf_files.zip
But no help. Files are still re-created on reboot. ****. Kill them with FIRE!

This post has been edited by caps_buster: 22 October 2009 - 12:08 PM

[cluberti]

caps_buster, on May 16 2009, 07:08 AM, said:

Bottom line - it does NOT help or prevent, however, the re-creation of
Cookies (C:\Documents and Settings\Administrator\Cookies\index.dat)
History (C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat)
IE temp files (C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat)

What is colorad as red, I want to be dead!

So, guys, a little help there? What next to trully murder IE?


I did used the "kill IE" inf I made from Fred Vorck work there once again I boted with all the modified DLL: http://rapidshare.co...E_inf_files.zip
But no help. Files are still re-created on reboot. ****. Kill them with FIRE!

Wininet creates and opens a handle to these files on logon (it hosts wininet.dll, causing the files to be created). I don't think you can avoid this without replacing winlogon.exe with a hacked version, which I wouldn't recommend.

[caps_buster]

First - I did not mean to say that I dismis your suggestion entierly, but please, look. I come too long way and - after all - what is the worst it can happen when I use modified winlogon.exe? Problems? I put original version back and that it is. Windows fail to boot? I restore them from backup.

So, you see, there is a little reasons why not, when you have backup of system partition (DriveImage) and you are ready to face possible catastrophic consequences. And since I hate these files, I see plenty of reasons why modify the winlogon.exe file. After all, it is not the annoying file that keep showing the ughly lame requester about Windows not using virtual memory, when it is disabed? Time to modify that too

I looked at the wininet.dll too, it has a REGINST section as well, but reather tiny one:

[Version]
Signature="$CHICAGO$"
[Reg.HKCU]
RequiredEngine=SETUPAPI, %EngineErrorMsg%
AddReg=
[UnReg.HKCU]
RequiredEngine=SETUPAPI, %EngineErrorMsg%
DelReg=
[Reg.HKLM]
RequiredEngine=SETUPAPI, %EngineErrorMsg%
AddReg=
[UnReg.HKLM]
RequiredEngine=SETUPAPI, %EngineErrorMsg%
DelReg=
[Strings]
PATH_AUTODIAL = "System\CurrentControlSet\Services\Winsock\Autodial"
PATH_INTERNET_SETTINGS = "Software\Microsoft\Windows\CurrentVersion\Internet Settings"

Registres at HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings are full of a VERY interesting settings like cache for Active X and so on. A little clean-up there would be right in order, I assume. That does not help changing the winlogon.exe, tough


PS. editing the settings in the registers
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache\Paths
did not stick. I changed them and reboot was slow and upon restart - the very same setting appeared.
There is, for example, the very interesting setting "Directory" witch is string "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5" - exactly what I wanted to kill. I searched whole Windows for Content.IE5 and found it in wininet.dll and IEINFO5.OCX - should not THIS file be long gone anyway?
Well, back to the issue - in wininet.dll aren't tj "Content.IE5" found in the REGINST part. So, where it is?

This post has been edited by caps_buster: 17 May 2009 - 03:07 PM

[cluberti]

If you were to run process monitor on a machine you'd see winlogon opening handles on user logon to those locations - it's built into winlogon to use wininet for network communications. The only thing that'd break if you replaced winlogon with one that didn't ingest wininet was that you would be unable to logon anywhere but locally (no domain logons). Note that the requirement for wininet isn't in a reginst section, it's actually a static link in the winlogon code loaded when winlogon.exe starts, so you'd have to rewrite winlogon and replace with your own.

[JustinStacey.x]

I'm a bit late replying to this one, but as Fred himself has already mentioned, it's up to you what to do if you want to 'truly murder IE'. This is why his guide states after step 11 (I think) you are entering advanced territory.

In all honesty, his fileset by default pretty much totally murders IE, or at least, it does in my opinion. The steps after are only for those who want to get really technical, and have the skills to do it. I, and many others don't - and the default fileset is an excellent balance between the vast majority of IE and its s***e being off the system, while not seriously crippling anything - and it satisfies me.

As with most hacks like these... your mileage will vary. I know mine did, I have seen some small things in my system that others don't seem to have. Some don't even seem to have much success at all, and others just don't try hard enough.

[caps_buster]

cluberti -

Quote

If you were to run process monitor on a machine you'd see winlogon opening handles on user logon to those locations - it's built into winlogon to use wininet for network communications. The only thing that'd break if you replaced winlogon with one that didn't ingest wininet was that you would be unable to logon anywhere but locally (no domain logons).

Thanks, cluberti! Now we are getting somewhere So you say that someone tried that and it actually break only the remote logins to my machine? That sounds rather great! I did not want anyone to be able login to my machine, so as long as filesharing works and using terminal I could login to another server/folding machines, I would be very happy!
Bonus - added security!

Quote

Note that the requirement for wininet isn't in a reginst section, it's actually a static link in the winlogon code loaded when winlogon.exe starts, so you'd have to rewrite winlogon and replace with your own.

That call for hacking the exe So, are you aware if anyone tried that ever before me and if yes, are there some known set of hexa codes that, replaced with another set, will prevent winlogon.exe loading the wininet.dll and did not complain about it?


JustinStacey - yes, while I do agree that for most, Fred Vorck work is more that enought, it is not for me. I want to press harder. I want these ughly cache files are GONE for good. And hacking windows is not only fun, it add knowledge and security along the way, so... I just wanna try harder. Why not? That is what anyone should have done to get completely rid of IE

This post has been edited by caps_buster: 22 October 2009 - 12:12 PM

[JustinStacey.x]

I'd rather just use Linux to be honest.

You may be able to remove IE, but the only way to get rid of Windows... is to get rid of Windows!

[caps_buster]

Yea, tell that to the millions of people of there

Honestly - most used is the Windows platform, no matter the cost, so one got to live with it. The IE is removed already pretty well, tough I'm not yet satisfacted. That's all

[cluberti]

JustinStacey, on Jun 5 2009, 07:51 AM, said:

I'd rather just use Linux to be honest.

You may be able to remove IE, but the only way to get rid of Windows... is to get rid of Windows!

Who said anything about getting rid of Windows? We're talking about removing IE here and leaving the rest of Windows intact. Keep your fanboi'ism to the relevant sections of the forum.

[HeadHunter2]

caps_buster, on May 15 2009, 07:30 PM, said:

Entierly removing the REGINST sections from BROWSEUI.DLL and SHDOCVW.DLL - no ill effec! WoW! Now URLMON.DLL - and wow, things went smooth! I typing now, eMule and ICQ (Miranda) run also well, so, we see. So far, so good.

I tried cleaning the whole REGINST Section up, with no success, it was obvious:
The REGINST Section was already in the Registry so cleaning of the files hasn't affected anything.

Does the installation of the cleaned out files work?

Any ideas on how to get rid of the Cache-Folders?


Cutting out IE from Windows is a pain! I know why my primary OS is OSX!

[fdv]

HeadHunter2, on Aug 9 2009, 07:19 PM, said:

Does the installation of the cleaned out files work?

Any ideas on how to get rid of the Cache-Folders?

Cleaned out file installs do work but I have to say "sometimes" because depending on the file, you'll get a blank screen with only a mouse on first boot. It's been a loooong time since I tried and I don't remember which ones, sorry.

Cache folders, several ways.
In my fileset depending on the phase of the moon WIndows will just let you delete them. Or you can deny system permissions (that is to say, deny the system permission to read or write to them) and of course booting up with a PE disk and deleting them works too.

[doswind]

caps_buster, on Apr 29 2009, 02:06 PM, said:

So, what will happen if I just delete all in the REGINST sections of the browseui.dll and shdocvw.dll ...?
Is this the right way, or I better backup my Windows install?

I have been using NT 5 without IE and above mentioned pesky .dlls
http://www.msfn.org/board/index.php?showto...rt=#entry632606

Installed NT 5 according to Vorck's instruction
Made all the personal settings I wanted
Installed BlackBox
In registry deleted references to .dlls
Set default shell to blackbox
reboot
deleted .dlls


explorer.exe does not work; I use good old winfile, or 7zip; explorer replacements, like a43 works, but cannot copy/past files, you need to use "send to" which you should set up before elimination of .dlls

Some programs won't install because they want wininet.dll or urlmon.dll

flashplayer won't work without wininet.dll so i put a copy of wininet.dll in the directory where flashplayer is, but from there wininet.dll cannot access and write in winnt directory

[caps_buster]

Interesting findings, doswind! I did not want to go THAT extreme, but I still want to ger rid of the last IE cache files, so... You say that when the wininet.dll is no present, then flash did not work? Hmmm, that is a problem. Puting the wininet.dll into the Firefox/Plugins near the NPSWF32.dll, NPSWF32_FlashUtil.exe and flashplayer.xpt do the trick? That would be good then

Now just how to hack the winlogon.exe to not load wininet.dll