Update: ShellBag Analyzer and Cleaner ver. 1.29

[John C.]

I've used this program several times and it works pretty nicely. Here's
a description of it that Snapfiles provides:
_______________________________________________________________________
Remove Traces of Delete(d) Folders

ShellBag Analyzer and Cleaner can analyze and clean a set of Registry
keys known as "shellbags". These keys are used by Windows to maintain
the size, view, icon, and position of a folder when using Explorer.

Shellbags maintain the information for folders even after the directory
is removed, which means that they could be used as a forensic method to
snoop on deleted files, folders, and certain user actions.

ShellBag Analyzer and Cleaner scans for these registry keys and allows
you to review or delete them.
_______________________________________________________________________

Homepage (or the closest thing to one):
https://privazer.com/en/download-shellbag-analyzer-shellbag-cleaner.php

Download and history are both available there.

Privacy policy is here:
https://privazer.com/en/company.php#privacy-policy

The company is now located and operates mainly out of France.

--
John C. BS206. No ad, CD, commercial, cripple, demo, nag, pirated,
share, spy, time-limited, trial or web wares for me please. I filter out
posts made from Google Groups and cross-posted (sent to more than one
newsgroup at a time) messages. I recommend you do likewise.

[occam]

On 24/04/2021 08:32, John C. wrote:
> I've used this program several times and it works pretty nicely. Here's
> a description of it that Snapfiles provides:
> _______________________________________________________________________
> Remove Traces of Delete(d) Folders
>
> ShellBag Analyzer and Cleaner can analyze and clean a set of Registry
> keys known as "shellbags". These keys are used by Windows to maintain
> the size, view, icon, and position of a folder when using Explorer.
>
> Shellbags maintain the information for folders even after the directory
> is removed, which means that they could be used as a forensic method to
> snoop on deleted files, folders, and certain user actions.
>
> ShellBag Analyzer and Cleaner scans for these registry keys and allows
> you to review or delete them.
> _______________________________________________________________________
>
> Homepage (or the closest thing to one):
> https://privazer.com/en/download-shellbag-analyzer-shellbag-cleaner.php
>
> Download and history are both available there.
>
> Privacy policy is here:
> https://privazer.com/en/company.php#privacy-policy
>
> The company is now located and operates mainly out of France.
>

The main product from this company is 'PrivaZer' (currently 4.0.21). I
have been using it for many years. What does Shellbag & Cleaner do that
the all embracing PrivaZer does not do?

[Shadow]

I have not used PrivaZer since I discovered it actually
diminished the "free space" on my HD after the first use(it writes
data to the disk you cannot access - well I couldn't).
The advantage of ShellBag A&C is that it's tiny(not much space
to hide dubious functions) and does what it promises to do in under a
second. The executable I downloaded April 19th (v1.2.9) is still
awaiting quarantine before I use it.
The only other cleaner capable of COMPLETELY cleaning
shellbags I have used is BleachBit, but if you mark the option to
clean shellbags it deletes the Desktop Icon Cache, and you have to use
something like Desktop OK previously to put all the icons back where
they belong, which is a PITA. Placement often does not survive a
reboot, so you have to restore icons for several days before they
"stick" back where they belong.
HTH.
[]'s
--
Don't be evil - Google 2004
We have a new policy - Google 2012

[VanguardLH]

"John C." <r9j...@yahoo.com> wrote:

> I've used this program several times and it works pretty nicely. Here's
> a description of it that Snapfiles provides:
> _______________________________________________________________________
> Remove Traces of Delete(d) Folders
>
> ShellBag Analyzer and Cleaner can analyze and clean a set of Registry
> keys known as "shellbags". These keys are used by Windows to maintain
> the size, view, icon, and position of a folder when using Explorer.
>
> Shellbags maintain the information for folders even after the directory
> is removed, which means that they could be used as a forensic method to
> snoop on deleted files, folders, and certain user actions.
>
> ShellBag Analyzer and Cleaner scans for these registry keys and allows
> you to review or delete them.
> _______________________________________________________________________
>
> Homepage (or the closest thing to one):
> https://privazer.com/en/download-shellbag-analyzer-shellbag-cleaner.php
>
> Download and history are both available there.
>
> Privacy policy is here:
> https://privazer.com/en/company.php#privacy-policy
>
> The company is now located and operates mainly out of France.

The free version of Privazer leans a bit to lureware. There are some
essential functions missing. Seems it is just a tad too crippled to
lure you into buying their subscription payware. Take a look at:

https://privazer.com/en/version-difference.php

In the free version:

- Lack of "more protection", but no description what "more" would be
included if you bought the subscriptionware version (you only get
updates for 1 year, so it's not payware, but subscriptionware).
- Lack of a CLI (command-line interface) meaning you cannot run the
program with any command-line switches or arguments, like adding an
event to Task Scheduler for when to run unattended. Even CCleaner and
Bleachbit have a CLI.

There's no mention of including their ShellBags cleaner in their
Privazer program. If their Shellbag cleaner were included in Privazer,
and in their free version, there would be no need for their separate
Shellbag Cleaner tool.

After using their Shellbag cleanup tool, has anyone yet looked in the
registry to see if the keys and entries were actually all been deleted
(and then recreated to have them exist but empty)?

I use a .reg file to wipe (and restore) the Shellbag entries in the
registry. Don't need 3rd party software for that. I downloaded and
look inside their .exe for their ShellBags tool. Is this a portable
program? .reg files don't need to get installed, just exercised.

I did see an advantage of the ShellBags cleanup tool over using a .reg
file: their tool lets you whitelist shellbags that you want to omit from
cleanup. In addition, and from the options shown in a screenshot of the
tool, apparently you can delete shellbag entries for deleted folders
while keeping those for still-existing folders; i.e., you can delete the
entries for folders you deleted, but keep them for folders that still
exist. Never felt the need for those features before, but maybe someone
else would like those features. While I have the .reg file to do the
shellbags cleanup, I rarely use it. Better would be to use folder names
that don't reveal what they contain[ed] if you're worried about someone
seeing those folder names. Shellbags don't show what was inside a
folder, only what was the folder name and when you last modified any
file inside it. A folder named MyEmbezzlement might belie what is or
was inside that folder.

I don't understand the point of this tool to securely wipe the memory
space occupied by the deleted registry entries. The registry API edits
the memory copy of the registry which gets written to the disk files on
a refresh, logoff, or shutdown. That's why sometimes you have to kill &
restart explore.exe, logoff and back on, or restart Windows to effect a
registry change. On startup of Windows, the registry files get copied
into memory, and it's the memory copy used thereafter for fast access.
There is no undo on registry edits. There's not sufficient info at the
web site to know just what this tool thinks it is wiping. When you
clean the shellbags, you should restart Windows.

The Ghacks review to which Privazer links for the ShellBags cleanup tool
review is dated back in 2014, and doesn't delve into what the various
options do. I have not found newer reviews that don't merely
regurgitate info from Privazer's web site (which is extremely little).

Note that in my .reg file, I also up the count of maximum shellbags from
the default of 5000 (used if the setting is missing) and upped it to
20000. It's an undocumented max count of bag slots based on past
testing: 8000 max on WinXP, 20000 for later versions. Users have
reported, and I have encountered, when folder views got lost until the
folder got touched again. It's a FIFO list, so old folder settings in
shellbags will eventually get pushed out. Not even 20K for BagMRU Size
will eliminate the problem, but will just postpone it for a lot longer.
I have over 300K folders in my C: drive, but the vast majority are never
visited by me using Explorer.

[HKEY_CURRENT_USER\SOFTWARE\Classes\Local
Settings\Software\Microsoft\Windows\Shell]
"BagMRU Size"=dword:4e20
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local
Settings\Software\Microsoft\Windows\Shell\BagMRU]
"BagMRU Size"=dword:4e20

There have been some dispute under which key to add the BagMRU Size
entry, so I just add it under both. The difference Might be appears
related to if you're using Windows XP, or using something later.
There's a Powershell command to get the total number of nodeslots
currently defined as shellbags, but I don't remember what it is. You
can use Nirsoft's ShellBagViewer to look in its status line for the
total nodeslots it found.

Shellbags are only used by Windows/File Explorer. If you use a
different file manager (e.g., TotalCommander) then this forensic info is
not remnant in the registry. Sorry, don't know how other file managers
store their prior folder view settings, if at all.

In addition, all these registry settings are pre-account entries. These
are saved folder views for where you visited when using File Explorer
when you were logged into your Windows account. For other accounts
(Administrator, other Windows accounts), you would have to do a
shellbags cleanup for them, too. Those would be under the registry,
too, provided you dug into the SID for the other accounts under
HKEY_USERS, or you can log into those other accounts to do the shellbag
cleanup there.

[p-0''0-h the cat (coder)]

Shit, find out how VLH does this? I couldn't churn out wordwalls like
this if I was mainlining adderall.

Live everyday like you're a cat.

Sent from my iFurryUnderbelly.

--
p-0.0-h the cat

Internet Terrorist, Mass sock puppeteer, Agent provocateur, Gutter rat,
Devil incarnate, Linux user#666, BaStarD hacker, Resident evil, Monkey Boy,
Certifiable criminal, Spineless cowardly scum, textbook Psychopath,
the SCOURGE, l33t p00h d3 tr0ll, p00h == lam3r, p00h == tr0ll, troll infâme,
the OVERCAT [The BEARPAIR are dead, and we are its murderers], lowlife troll,
shyster [pending approval by STATE_TERROR], cripple, sociopath, kook,
smug prick, smartarse, arsehole, moron, idiot, imbecile, snittish scumbag,
liar, total ******* retard, shill, pooh-seur, Pooh Dendum, scouringerer,
jumped up chav, punk ass dole whore troll, no nothing innumerate religious
maniac, lycanthropic schizotypal lesbian, professional bully and stalker,
the most complete ignoid, joker, and furball.

NewsGroups Numbrer One Terrorist

Honorary SHYSTER and FRAUD awarded for services to Haberdashery.
By Appointment to God Frank-Lin.

Signature integrity check
md5 Checksum: be0b2a8c486d83ce7db9a459b26c4896

I mark any messages from trolls »Q« and 'Arlene' Holder as stinky

[occam]

The perceived loss of free space is because it creates a restore point
before it does any cleaning. If, at the end of the scan, you review the
restore points and delete all but the most recent ones, you will see
that the 'free space' is actually increased. (I use PrivaZer on Win 7.
For some reason Win10 objects to running the program, on some security
issue.)

> The advantage of ShellBag A&C is that it's tiny(not much space
> to hide dubious functions) and does what it promises to do in under a
> second. The executable I downloaded April 19th (v1.2.9) is still
> awaiting quarantine before I use it.

> The only other cleaner capable of COMPLETELY cleaning
> shellbags I have used is BleachBit, but if you mark the option to
> clean shellbags it deletes the Desktop Icon Cache, and you have to use
> something like Desktop OK previously to put all the icons back where
> they belong, which is a PITA. Placement often does not survive a
> reboot, so you have to restore icons for several days before they
> "stick" back where they belong.

This confirms my impression of Bleachbit, and not only because of
'shellbags'. It is a Rottweiler of a cleaner, capable of doing more harm
than good.

[Shadow]

I would have turned that option off if I had seen it(I can't
remember if I saw it, I used Privazer a long time ago). Seems a bit
strange, wiping free space(which took hours) but keeping a copy of
anything "compromising" it found.
Reversing it revealed a huge database of words that could be
used for profiling, and I could not find any setting that could
possibly justify the list. I removed it ASAP.

Message-ID: <ktqt0ddo7llvrj249...@4ax.com>
Message-ID: <t0nuqc94vvta0ecob...@4ax.com>

>If, at the end of the scan, you review the
>restore points and delete all but the most recent ones, you will see
>that the 'free space' is actually increased. (I use PrivaZer on Win 7.
>For some reason Win10 objects to running the program, on some security
>issue.)
>
>> The advantage of ShellBag A&C is that it's tiny(not much space
>> to hide dubious functions) and does what it promises to do in under a
>> second. The executable I downloaded April 19th (v1.2.9) is still
>> awaiting quarantine before I use it.
>
>> The only other cleaner capable of COMPLETELY cleaning
>> shellbags I have used is BleachBit, but if you mark the option to
>> clean shellbags it deletes the Desktop Icon Cache, and you have to use
>> something like Desktop OK previously to put all the icons back where
>> they belong, which is a PITA. Placement often does not survive a
>> reboot, so you have to restore icons for several days before they
>> "stick" back where they belong.
>
>
>This confirms my impression of Bleachbit, and not only because of
>'shellbags'. It is a Rottweiler of a cleaner, capable of doing more harm
>than good.

Well, almost any dog can be trained...
LOL

[John C.]

LOL I remember when YOU recommended Privazer and I pointed out how close
to Washington D.C. they were located as well as the company's name
("Goversoft").

[Shadow]

On Sun, 25 Apr 2021 12:39:23 -0700, "John C." <r9j...@yahoo.com>
wrote:

<blushes and changes the subject>

http://innounp.sourceforge.net/

Innounp was updated to support Inno Setup versions 2.0.7
through 6.1.2.

[John C.]

Shadow wrote:
> John C. wrote:
>> Shadow wrote:
>>> occam wrote:
>>>> Shadow wrote:

Just so you'll know though, I still use Privazer once in a while and
also ShellBag Analyzer and Cleaner. The company (as I mentioned in the
OP) is now located in France.