Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Tron-internal prep jobs:
- (These are all executed even if Tron is canceled before running)
- . Detect TEMP execution Detect if we're running from the TEMP directory and prevent Tron from executing if so. TEMP is one of the first places to get wiped when Tron starts so we cannot run from there
- . Make log directories Create the master log directory and sub-directories if they don't exist. By default this is %SystemDrive%\Logs\tron.log
- . Detect Windows & IE versions Determines quite a few things in the script, such as which versions of various commands get executed
- . Unsupported OS blocker Throw an alert message if running on an unsupported OS, then exit. Use the -dev flag to override this behavior and allow running on unsupported Windows versions
- . Disk configuration check Check if the system drive is an SSD, Virtual Disk, or threw an unspecified error (couldn't be read by smartctl.exe) and set the SKIP_DEFRAG variable to yes_ssd, yes_vm, or yes_error respectively. If any of these conditions are triggered, Tron skips **Stage 5 defrag** automatically
- . Detect free space Detect and save available hard drive space to compare against later. Simply used to show how much space was reclaimed; does not affect any script functions
- . Detect resume Detect whether or not we're resuming after an interrupted run (e.g. from a reboot)
- . Enable F8 Safe Mode selection Re-enable the ability to use the F8 key on bootup (Windows 8/8.1 only; enabled by default on Server 2012/2012 R2)
- . Check for network connection Check for an active network connection, and skip the update checks if one isn't found
- . Check for update Compare the local copy of Tron to the version on the official repo (does this by reading latest version number from sha256sums.txt). If the local copy is out of date, Tron will ask to automatically download the latest copy (**always** recommended). If permitted, it will download a copy to the desktop, verify the SHA256 hash, then self-destruct (delete) the current outdated copy
- . Update debloat lists Connect to Github and download the latest version of the Stage 2 debloat lists at initial launch. Use the -sdu (SKIP_DEBLOAT_UPDATE) switch to prevent this behavior. I recommend letting Tron update the lists unless you have a good, specific reason not to
- . Detect Administrator rights Detect whether or not we're running as Administrator and alert the user if we're not
- . Detect Safe Mode Detect whether or not we're in Safe Mode and notifies the user if we're not
- . SMART check Run a quick SMART disk health check and notify if any drives don't report "OK" for their status
- . Create RunOnce entry Create the following registry key to support resuming if there is an interruption: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v "tron_resume" /t REG_SZ /d "%~dp0tron.bat %-resume"
- STAGE 0: Prep
- . Create System Restore point Create a pre-run system restore point. Vista and up only, client OS's only (not supported on Server OS's, and on Windows 10 does not work if the system is in any form of Safe Mode. This is a known bug, and I spent hours trying to find a workaround but was not able to find a solution, so if you absolutely require a system restore point, recommend running in normal mode
- . Rkill rkill is an anti-malware prep tool; it looks for and kills a number of known malware that interfere with removal tools. Rkill will exclude any process listed in \resources\stage_0_prep\rkill\rkill_process_whitelist.txt from being closed
- . Create pre-run profile Dump list of installed programs and list of all files on the system so we can compare later and see exactly what was removed
- . GUID dump Dump list of all installed program GUIDs. These dumps are useful in helping the project bolster the blacklist of known-bad GUIDs
- . caffeine.exe Tron uses Caffeine to keep the system awake during the scan. At the end of the script it re-enables the screensaver and resets power settings to Windows defaults. Use the -p switch to prevent resetting the power scheme to Windows defaults
- . ProcessKiller Utility provided by /u/cuddlychops06 which kills various userland processes. You can customize this list in the accompanying whitelist.txt file in the same directory as the ProcessKiller .exe. We use this to further kill anything that might interfere with Tron. Specifically, it kills everything in userland with the exception of the following processes: ClassicShellService.exe, explorer.exe, dwm.exe, cmd.exe, mbam.exe, teamviewer.exe, TeamViewer_Service.exe, Taskmgr.exe, Teamviewer_Desktop.exe, MsMpEng.exe, tv_w32.exe, VTTimer.exe, Tron.bat, rkill.exe, rkill64.exe, rkill.com, rkill64.com, conhost.exe, dashost.exe
- . Safe Mode Set system to reboot into Safe Mode with Networking if a reboot occurs. Removes this and resets to normal bootup at the end of the script. Accomplished via this command: bcdedit /set {default} safeboot network
- . Set system time via NTP Sync the system clock to time.nist.gov, 3.pool.ntp.org and time.windows.com
- . check and repair WMI Check the WMI interface and attempt repair if broken. Tron uses WMI for a lot of stuff including ISO date format conversion, OEM bloatware removal, and various other things, so having it functioning is critical
- . McAfee Stinger anti-malware/rootkit/virus standalone scanner from McAfee. Does not support plain-text logs so we save its HTML log to %LOGPATH%\tron_raw_logs (by default). Tron executes Stinger as follows: stinger32.exe --GO --SILENT --PROGRAM --REPORTPATH="%LOGPATH%" --RPTALL --DELETE
- . TDSS Killer anti-rootkit utility from Kaspersky Labs. Tron executes TDSSKiller as follows: tdsskiller.exe -l %TEMP%\tdsskiller.log -silent -tdlfs -dcexact -accepteula -accepteulaksn
- . erunt used to backup the registry before beginning a Tron run
- . VSS purge purges oldest set of Volume Shadow Service files (basically snapshot-in-time copies of files). Malware can often hide out here.
- . Reduce system restore space Restrict System Restore to only use 7% of available hard drive space
- STAGE 1: Tempclean
- . Internet Explorer cleanup Runs built-in Windows tool to clean and reset Internet Explorer ( rundll32.exe inetcpl.cpl,ClearMyTracksByProcess 4351 ). Runs on IE 7 and up
- . TempFileCleanup.bat Script I wrote to clean some areas that other tools seem to miss. Note: it specifically targets, among other things, any .txt or .bat files at the root of C:\
- . CCLeaner CCLeaner utility by Piriform. Used to clean temp files before running AV scanners
- . BleachBit BleachBit utility. Used to clean temp files before running AV scanners
- . Cleanup duplicate downloads Searches for and delete duplicate files found in the Downloads folders of each user profile (ChromeInstaller(1).exe, ChromeInstaller(2)exe, etc). Does not touch any other folders. Uses Sentex's [Find Dupe](http://www.sentex.net/~mwandel/finddupe/) utility
- . USB Device cleanup Uninstalls unused or not present USB devices from the system (non-existent thumb drives, etc). Uses drivecleanup.exe from Uwe Sieber ( www.uwe-sieber.de )
- . Clear Windows event logs Backs up Windows event logs to the LOGPATH directory, then clears all log files
- . Clear Windows Update cache Purges uninstaller files for already-installed Windows Updates. Typically frees up quite a bit of space
- STAGE 2: De-bloat
- . OEM de-bloat (by name) Use WMI to attempt to uninstall any program listed in this file: \resources\stage_2_de-bloat\oem\programs_to_target_by_name.txt
- . OEM de-bloat (by GUID) Use WMI to attempt to remove specific list of GUIDs in this file: \resources\stage_2_de-bloat\oem\programs_to_target_by_GUID.txt
- . Toolbar & BHOs (by GUID) Use WMI to attempt to remove specific list of GUIDs in this file: \resources\stage_2_de-bloat\oem\toolbars_BHOs_to_target_by_GUID.txt
- . Metro de-bloat Remove many built-in Metro apps that aren't commonly used (does NOT remove things like Calculator, Paint) then purges them from the cache (can always fetch later from Windows Update). On Windows 8/8.1, removes all stock "Modern" apps. On Windows 10 and up, only removes a few specific Modern apps. Use the -sdb switch (skip ALL de-bloat) or -m switch (skip only Metro de-bloat) to skip this action. The list of Metro apps to target are in the \resources\stage_2_de-bloat\metro\ folder
- . Remove OneDrive integration Remove forced OneDrive integration (Windows 10 only). Tron first checks if any files exist in the default OneDrive folder (%USERPROFILE%\OneDrive\) and skips removal if any are found. As a an additional safety precaution, Tron leaves the OneDrive folder intact regardless whether OneDrive is removed or not
- STAGE 3: Disinfect
- . Clear CryptNet SSL cache Wipe the Windows CryptNet SSL certificate cache by executing this command: certutil -URLcache * delete
- . Malwarebytes Anti-Malware Anti-malware scanner. Because there is no command-line support for MBAM, we simply install it and continue with the rest of the script. This way a tech can click "scan" whenever they're around, but the script doesn't stall while waiting for user input. Use the -sa or -sm flags skip this component
- . Kaspersky Virus Removal Tool Command-line anti-virus scanner. Use the -sa or -sk flags skip this component
- . Sophos Virus Removal Tool Command-line anti-virus scanner. Use the -v flag gives more verbose output. Use the -sa or -ss flags skip this component
- STAGE 4: Repair
- . MSI installer cleanup Use the Microsoft 'msizap' utility to remove orphaned MSI installer files from the installer cache
- . DISM image check & repair Microsoft utility for checking the Windows Image Store (basically like System File Checker on crack). Windows 8 and up only
- . System File Checker Microsoft utility for checking the filesystem for errors and attempting to repair if found. Tron runs this on Windows Vista and up only (XP and below require a reboot)
- . chkdsk Checks disk for errors and schedules a chkdsk with repair at next reboot
- . Disable Windows "telemetry" Disable Windows "telemetry" (user tracking), Windows 7 and up only. If the system is running Windows 7/8/8.1, Tron removes the "bad" updates Microsoft pushed to Windows 7/8/8.1 systems after the Windows 10 release. These updates backport the surveillance/spyware functions that are by default present in Windows 10. See the code to see exactly which updates are removed. Tron also stops and deletes the Diagtrack ("Diagnostics Tracking Service") service. If the system is running Windows 10, Tron does a more in-depth disabling of the Windows telemetry features, including automatically applying all the immunizations from the Spybot Anti-Beacon and O&O ShutUp10 tools. Go over the code in \tron\resources\stage_4_repair\disable_windows_telemetry\ to see exactly what is removed and disabled. NOTE: This section takes a LONG time to run, DO NOT CANCEL IT. Use the -str switch to just turn telemetry off instead of removing it
- . Disable Windows 10 upgrade Disables the Windows 10 upgrade nagger on Windows 7/8/8.1 by flipping the appropriate registry switches. Users can still manually upgrade the machine if they desire, but it will no longer nag via the system tray, auto-download, or auto-install Windows 10 without their permission
- . Network repair Tron performs minor network repair. Specifically it runs these commands: ipconfig /flushdns, netsh interface ip delete arpcache, netsh winsock reset catalog
- . File extension repair Tron repairs most default file extensions with a batch file that loops through a series of registry files stored in \tron\resources\stage_4_repair\repair_file_extensions\. Thanks to /u/cuddlychops06
- STAGE 5: Patch Tron installs or updates these programs:
- . 7-zip Open-source compression and extraction tool. Far superior to just about everything (including the venerable WinRAR). Use the -sap switch to skip this action
- . Adobe Flash Player Used by YouTube and various other sites. Use the -sap switch to skip this action
- . Adobe Reader Standard PDF reader. Use the -sap switch to skip this action
- . Java Runtime Environment I hate Java, but it is still widely used so we at least get the system on the latest version. Use the sp switch to skip this component
- . Windows updates Runs Windows update via this command: wuauclt /detectnow /updatenow
- . DISM base reset Recompile the "Windows Image Store" (SxS store deflation). This typically results in multiple GB's of space freed up. Windows 8 and up only. Any Windows Updates installed *prior* to this point will become "baked in" (uninstallable). Use the -sdc switch to skip this action
- STAGE 6: Optimize
- . Page file reset Reset the system page file settings to "let Windows manage the page file." Accomplished via this command: %WMIC% computersystem where name="%computername%" set AutomaticManagedPagefile=True. Use the -spr flag skips this action
- . Defraggler Command-line defrag tool from Piriform that's a little faster than the built-in Windows defragmenter
- STAGE 7: Wrap-up
- . generate summary logs Generate before and after logs detailing which files were deleted and which programs were removed. These are placed in LOGPATH\tron_summary_logs. Additionally, if -er flag was used or EMAIL_REPORT variable was set, these logs will be attached to the email that is sent out
- . Create restore point Create a post-run system restore point to mirror the one we created in Stage 0: Prep. Vista and up only, client OS's only, on Windows 10 does not work if the system is in any form of Safe Mode. See notes on System Restore in Stage 0 documentation for more information
- . email_report Sends an email report with log file when Tron finishes. Requires you to specify your SMTP settings in \resources\stage_6_wrap-up\email_report\SwithMailSettings.xml
- . upload debug logs Upload 'tron.log' and the system GUID dump (list of all installed program GUIDs) to the Tron developer (vocatus). Please use this option if possible, log files are extremely helpful in developing Tron! NOTE: tron.log can contain personal information like names of files on the system, the computer name, user name, etc, so if you're concerned about this please look through a Tron log first to understand what will be sent. I don't care what files are on random systems on the Internet, but just something to be aware of
- STAGE 8: Custom Scripts
- . Execute custom scripts Tron will execute any .bat files placed in the \tron\resources\stage_8_custom_scripts directory. See "Executing 3rd-party Scripts" section above for more information
- STAGE 9: Manual tools Tron does not run these automatically because most of them don't support command-line use, or are only useful in special cases
- . ADSSpy Scan for hidden NTFS Alternate Data Streams
- . AdwCleaner Popular user-suggested adware removal tool
- . aswMBR Rootkit scanner
- . autoruns Examine and remove programs that run at startup
- . ComboFix The "scorched-earth policy" of malware removal. Only works on Windows XP through Windows 8 (no Windows 8.1 or above)
- . PCHunter Tool to scan for rootkits and other malicious items. Replaces gmer
- . Junkware Removal Tool Temp files and random junkware remover
- . Net Adapter Repair Utility to repair most aspects of Windows network connections
- . Remote Support Reboot Config Tool to quickly configure auto-login and other parameters for running Tron via a remote connection. Thanks to /u/cuddlychops06
- . Safe Mode Boot Selector.bat Batch file to quickly select bootup method to use (Safe Mode, Network, etc). Thanks to /u/cuddlychops06
- . ServicesRepair.exe ESET utility for fixing broken Windows services
- . TempFileCleaner OldTimer utility for cleaning temp files
- . Tron Reset Tool Tool to quickly reset Tron if it gets interrupted or breaks while running
- . UserBenchMark.exe Quick automatic system benchmark utility, compares the system to an online database of similar systems
- . VirusTotal uploader tool Uploads a file directly to VirusTotal for scanning
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement