lee/hpr-knowledge-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
caa022c4d8ae3ad9b1daad19289ee988d22bb65d
hpr-knowledge-base/hpr_transcripts/hpr2465.txt

424 lines
23 KiB
Plaintext
Raw Normal View History

Initial commit: HPR Knowledge Base MCP Server - MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-26 10:54:13 +00:00
Episode: 2465
Title: HPR2465: TronScript where have you been all my life!
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr2465/hpr2465.mp3
Transcribed: 2025-10-19 03:43:58
---
This is HPR Episode 2,465 entitled Troncript, where have you been all my life?
It is posted by OperaTneroR and in about 28 minutes long, and Karimanec's visit flag.
The summary is, I take an initial look at Troncript and its features.
This episode of HPR is brought to you by archive.org.
Our universe will access to all knowledge by heading over to archive.org forward slash donate.
Welcome to another episode of Hydropublic Radio with your host Operator.
Today I'm going to go over a new, finally discovered thing called Tron, or TronScript.
This is a, looks like a combination of PowerShell and Bat file, Bash file, Bat file tools that essentially combine all the things that a PC technician would do to a system that might be in a compromised state, all the way up to optimization and defragmenting, which is not really relevant to most file systems today,
but it does that. So I'm going to run through this thing called, it's all in, if you look under, if you Google TronScript, you'll see the posting, now inside of that posting is a Reddit script or the Reddit feed for most of how this is communicated in a GitHub link.
Inside of that, Reddit TronScript subreddit is a thing called full TronDescriptions, or he calls it details of all actions taken, and that link is in the Reddit comments, and I'll provide the link to that probably should.
First, I have developed or ripped and over time created my own clean scripts, which I call a quick kill, or no, quick clean is a Bat script that essentially riches rips a lot of the functions from C Cleaner to a Bat file, and it also supports secure deletion of those files, and also supports the, or also by default,
also delete files from the multiple users on the system. CCs or C Cleaner actually created that ability later in their later builds, but initially C Cleaner didn't have the option to perform on all users, and it also lacked the ability to securely delete the files too.
So, I was looking around for some D-bloat stuff, there are D-bloat scripts for Windows 8 that will remove a lot of the essentially malware spyware that comes with Windows operating system, and in that search process I found a script called D-bloat in this GitHub link for Tron.
I tried to, of course, run this D-bloat back script and realized that it was part of a bigger mess of Bat scripts and the power cell scripts that automate a lot of crazy things all in one go.
So, the backstory here is a lot of the stuff that we do as technicians or computer repair people can be automated, and he thinks specifically states like 85% automation to all of this.
Now, to that point automation comes at a price, he states anywhere from 3 to 10 hours for some of these events to take place.
So, I'm going to go around, I'm going to quickly go over some of my highlights of what I think some of these options are and some of these deep scripts perform.
So, there's different stages all the way from stage 0 to looks like stage 9, and I'm going over this full Tron description of what I think might be included in all this.
So, prep stuff is making log directories, detecting Windows versions, detecting free space, kind of setting everything up, looking for updated D-bloat lists,
detecting if you have admin rights, create one run registry, so that way there's definitely is any cleanup activities that happen after reboot.
It has some stuff that's under the run once key for the registry, dump the smart status of all the hard drive disk systems.
So, that's around smart for a hard drive.
So, that's kind of like a prep mode, kind of check everything and dump out some logs and start some initial logging.
And that's under this stage 0 R-kill anti-malware.
We got some GUID dump list, all the install programs by GUIDs, and I'll kind of go over that where I think is interesting.
Process killer basically that it looks like he kills a bunch of processes that's kind of actually similar to my quick kill script, which has a white list of processes.
And kind of permeates everything else.
So, I might be able to build on this process killer list.
VC edit, say boot network.
I'm not sure moves this and resets the normal boot into this script, compass via.
So, say boot with networking.
Anyways, it sets your NTP time, it does a bunch of other things.
Excuse me.
My channel is making noises.
Backs of the registry, VSS purge.
I don't even know what that is, the volume shadow copy stuff.
So, it looks like it makes a snapshot in time, which basically is your system recovery thing.
Disabled sleep mode.
So, of course, you don't want the computer going to sleep in the middle of all this.
There's a lot of stuff here.
That looks like it's actually pretty straight forward from here.
It's not too many more things.
Timp clean.
There's a lot of stuff in here around.
Internet Explorer cleaning.
Using registry keys.
Clear my tracks by process.
C Cleaner, which has actually been removed because C Cleaner got compromised.
And they were serving malware to like 2.5 million people or something ridiculous.
Bleach bit, which I'm not familiar with.
Timp file cleanup, which I'm not familiar with.
USB device cleanup, which is kind of interesting because over time when you plug devices,
USB devices into windows, over time that structure of how many different devices are plugged in,
kind of builds up and can cause issues, especially I've seen with Android devices.
So, that's a really cool, unique thing that I haven't seen captured before.
I removed duplicate downloads inside of the downloads folder, which is kind of weird.
Windows Event Logs, which may not want to purge the Windows Event Logs.
That doesn't sound like the best of ideas if you're trying to troubleshoot a system.
Clear Windows Update Cash.
And that's part of all the Stage 1 stuff.
Stage 2, we have Debloat, which is where I originally started.
OEM Debloat by GUID, by Name, by BHO, and Toolbar by GUID.
So, this is the interesting part because this explains
some of the efforts I tried to create, I don't know, 10 years ago.
We have interesting things like in this target by Name.
This is really cool stuff.
Target List.
We've got about 244 items in this target list.
We have things like Safe Web or Cool Web Search.
It's a big one.
You probably guys have probably heard of.
180 Search is another big one.
QPDF Editor Toolbar Updater is all that stuff.
There's a bunch of HP stuff in there.
HP Assistant, Documentation, Guide, Help, Notification,
Registration, Study, Support, Updater.
And the whole point of this transcript is to, I think he uses the word,
like, give the user's power back or something to that effect.
Meaning that, yes, it's not malware and it's not AdWare.
But it's not something people want from their system.
It is targeted advertising in some cases.
Most people don't want this crap on their computers.
So, I actually said, what I'm going to do is update this name to
anything Dell, anything HP, and anything, you know,
Symantec, and just boom, done.
And then the theory there is the way WMIC, I think the way he runs these
uninstallers is yet to be discovered.
Maybe I'll do a different episode once I understand how this program
by name target list stuff works.
But it's a software supports back in silent uninstallations,
I think.
I think that's under 4-size S.
And then the GUID or the name.
You can actually uninstall stuff via command line.
And there's a certain percentage of stuff that can be uninstalled that way.
But there's a large percentage of stuff that cannot be uninstalled that way.
So that's the Stage 2 t-bloat.
Disinfect goes around making the assumption that you have some kind of
issue with your computer, which in most cases I don't have that issue.
There's a bunch of stuff in here.
Clear, cryptnet, SSL cache, white windows, SSL cache.
So, meaning if you're SSL, if you've got an unauthorized root certificate
authority installed on your system because of malware, it will prove that.
Malware bytes, anti-malware, which I think clear, cryptnet, cache,
would actually be a result of just wiping Internet Explorer.
So I don't know what that would entail outside of wiping IE settings.
Maybe if you have Firefox or Chrome installed malware bytes, anti-malware,
are we all know what that is?
Because first key virus removal tool, they're actually pretty slick.
The malware bytes, anti-malware, is there's one called Communion for malware bytes.
And it's actually pretty cool.
So if you ever want to do malware bytes, you actually want to install the
Communion version because it's kind of cool when it does some off-use case in
techniques.
So it looks like no pad, but it actually spawns the malware, anti-malware.
So if there's a piece of software that's preventing malware bytes from running,
you can actually use this Communion software to make it look like you're opening
no pad.
And it will spawn a shell automatically down the latest version of of malware bytes
and run it that way.
So maybe I can contribute in that way.
And I'll maybe I'll keep it running, no pad of my own stuff here.
So malware bytes, Communion, and then also look at name,
D-bloat by name.
Also look at ripping C Cleaner to Tibet.
So if you look at C Cleaner, you used to actually come with an IE file.
And I started ripping the IE file and posting that on their forums.
And I got instantly banned from C Cleaner.
So he started actually embedding the IE file inside of the executable,
but it's still in plain text.
So you can go towards the end of the C Cleaner executable.
And find all the registry keys and paths that he uses that they use for that tool.
So there's no big mystery about how C Cleaner works.
You can also use a program like Process Monitor to hijack and rip those pieces of information
to essentially rip what C Cleaner does.
That's kind of the third stage here.
Sophos Vias removal tool is another one, Sophos.
Apparently they're there in that space of this infect.
So move on to stage four is Repair.
MSI installer cleanup.
I haven't messed with that.
That seems interesting.
Maybe you have some ghost MSIs around where offices have installed or something.
D-I-S image checker and Repair.
I'm going to check Windows image store.
Sort of a more powerful system file checker.
That's news to me.
That's an interesting one.
So we'll put that one down to take a look at.
System file checker.
We know about that one.
Forge class C.
We'll check your root files and tell you whether or not they're bad and restore them.
So that one has actually saved me in some cases.
Check this.
You don't know what that is.
Disable Windows telemetry, which is kind of weird.
I don't know what this is.
Anti-beginning persistent code.
So knowledge base, stops, leads, and diag track, diagnostic tracking service.
This is anti-privacy, which doesn't really fall under Repair.
That's more of anti-malware.
So that should be more like a disinfect.
Disinfect stage.
Disable Windows 10 upgrade.
Oh, that's supposed to have a registry patch for that.
So remember, if you guys have received the Windows 10 upgrade nag that kind of went out with Windows 78 and 8.1?
It will fix that.
Network repair.
It turns on our ARP cache and resetting cat log.
I don't know what that is.
File extension repair.
So if someone a piece of malware or someone or something has screwed with your file extensions, that's kind of interesting.
Network repair is actually kind of cool.
So we got to keep that one in mind.
Let me put the main link up in here.
File extension repair.
We went over that one.
Maybe I'll offer my solutions around that.
I have a, it's called ACC.bat, which will associate relative path applications within my USB portable folder with documents, for example.
If you run ACC.bat within the context of the USB folder that I have, that I use, it will associate all the,
like the video files and things like that with VLC.
So that's kind of interesting.
Let's move on to stage, a FOX introvert.
Stage 5 is patch.
Toronto updates programs exist on the system.
If the point is not existing, it skips.
So this is kind of weird.
And updates looks like an update 7 zip.
Adobe Flash Player.
Java runtime environment.
Windows updates.
And then the comment here, Java runtime.
I personally hate Java, but still widely used.
So we need to at least get the system on the latest version.
We need to talk about, if we're going to talk about Java, we need to talk about old versions.
Right?
So it doesn't do it good to install the newest version of Java.
If you can call the old version of Java within some scripting.
So what's the point?
Windows updates.
Checking for Windows apps at DIS and base request.
Recompound Windows in its store.
Typically results in multiple GBs of space.
So this is like a clean up utility DIS and base for its reset.
Any Windows updates installed prior to?
It sounds like that's essentially my remote directory.
Windows, the SQL and backslash windows, backslash software update.
Well, it looks like the right way to do that.
If you delete the software update folder, Windows is kind of forced to like reassess what is actually installed in the system.
Which can fix some broken patch levels of systems.
So if you install like that net and you muts it up, you can actually sometimes fix that by removing the.
The system software update folder and then going from there.
Stage 6 sounds important and cool and it's called optimize.
Page file reset.
Reset the system page file settings.
Let me know as many as the base has in the code.
So we're talking about the resetting page file, which.
I don't know how valuable or interesting that is.
Defrag.
Come in.
A little faster than the build Windows built.
I don't think there's a whole lot of value in running defrag within file systems today.
I might be wrong, but most people don't need to run that.
Stage 7 is wrap up.
It looks like logging.
Create a restore point.
You know report.
If it's optional.
Upload debug logs.
So if you flag that to be sent to somewhere.
And there's another stage 8 called custom strips.
But it looks like you can put.
Excuse me.
You can put anything in the stage 8 and then inside of the bat file and it will run it.
Which is kind of cool because I've got a lot of bat files that I can run that will clean up stuff.
That I've embedded in single click executables using SFX with seven zip.
And that might be a different talk.
So let's put that on the calendar while I'm talking.
Let's see.
HPR seven zip.
SFX.
We're going to do that.
We're good.
So.
Stage 8 is custom scripts.
Stage 9 is manual tools.
We got some tools in here.
AD spy.
Not familiar with that one.
Oh, alternate.
Oh, alternate data streams.
So if you guys don't know about windows and alternate data streams.
Google it.
It's cool.
If you're using a particular piece of encryption or obfuscation.
You can actually what the comment technique is to hide your file system or hide your
varicric volumes or true clip volumes inside of an alternate data stream.
So for example, you have a file that's.
Yo, this is totally not all my stuff.
Text.
Now you apply an alternate data stream to that system to that file and attach your 100 gig.
Secure image that has a backup or they call it a backup password.
So that if you're forced to disclose, you can disclose with the backup password or whatever they call it with varicripped.
Anyways, alternate data streams are a cool way to essentially help hide information on your system.
So if a forensic person gets a hold to your laptop and they notice that you know,
you've been writing to a particular drive letter that doesn't exist when the system is turned on and you have to mount it.
They'll search your computer and never find this this file because it's inside of the alternate data stream.
So that's part of the forensic investigation aspect of looking for big files that are in alternate data streams.
What you'll see and also in alternate data streams is copyright or anti-copy protection stuff.
Whatever trying to bypass or proof of concept or write ODE or reverse engineer, you want to do it on a 32 bit system with a fat 32 file system.
And you will be surprised the amount of crap that that bypasses the Windows memory mitigation stuff, the Windows 8 stuff,
all the memory shenanigans within NTFS that will also bypass all the NTFS alternate data stream stuff.
So I'm yawning again. I yond on the last one.
So alternate data streams are really cool.
A lot of software uses alternate data streams to store its licensing information and kind of hide from the software piracy folks.
AW, ADW, Cleaner, Popular Users Suggest an Adiboy removal tool, don't know that one.
Ruket Skinner, ASW, NBR, that sounds interesting.
Auto runs, I know, I'm familiar with that one. That one's really cool.
Combo Fix is another good one.
Combo Fix has actually caused some issues for me in the past, where it's removed some software that wasn't necessarily legit, but it served the purpose.
So it kind of did what I was supposed to do.
We've got PC Hunter in here, which is awesome, and I was actually going to suggest this one to the guy.
And he's already got PC Hunter in here, so that is cool. PC Hunter is a weird Ruket tool to help you identify Rukets and or other malicious software on your system.
It's not very user-friendly, it's not idiot-proof, but it helps you identify what could potentially be going on.
Junkware Remover, removal tool, this is one I'll have to look at, and understand how it works, and how it correlates to the D-bloat stuff, how that works, and that adaptor repair.
Sometimes you'll get instances where drivers for actual networking devices are compromised by someone appending a DLL,
or a piece of malware appending a DLL to your network drivers.
And then when you pull that piece of software out from under your network driver, your internet doesn't work anymore.
Remote Support Rebooting config on a run login.
I'm not sure what that's about. Remote Support Reboot config.
It's cool to quickly configure autologon and other parameters for running Tron via remote connection.
That seems interesting, so maybe it's talking about autologon.
I'm not familiar with how that works, so that seems something we'll look at.
Safe mode boot selector.
That's file to quickly select bootup methods to save mode.
Service repair, eSet utility for fixing broken windows services.
Sure, I'll mess with that a little bit.
Tron reset tool.
Total quickly reset Tron if it gets interrupted or breaks while running.
That's kind of weird.
I don't know what the hell that is.
So I think I've gone over how ridiculous this tool is and all encompassing.
There is a settings back file that you can...
You can edit to skip some of these stages.
I skipped a lot of them and went with the DLL and...
Junkware removal tool.
It looks like this Junkwell removal tool is not existing.
Anyways, so what I'll probably do is spend some time shoveling through all this mess.
And going from there.
Where's the Junkware removal tool?
Here we go.
Nope.
Same website.
It's a website that does not exist.
Let's look at this Junkware removal tool.
You guys all have anything better to do until listening to me.
Randle on about stuff.
Oh, malware bytes Junkware removal tool.
So this is a malware bytes thing.
Bleeding computer is a great website.
He's actually contributed to this guys.
So now this Junkware removal tool...
Excuse me, it is a malware bytes thing.
Let's grab out the bad, keeps the good.
Removes adware that spawns.
So this is an adware removal tool.
It's not a malware removal tool.
So when I've done assessments against different high-end enterprise-wide internet of things,
slash advanced threat detectives delies,
I've run and I realized after that assessment or midway through that assessment,
I realized the state of a piece of software can change over time.
If I do an assessment of a tool bar and say,
you know why it's just a tool bar, it's cool.
It's not something anybody wants on a computer.
It's called Junkware, apparently.
But it's not malicious anyway.
It's not a spyware or a malware.
So for example, if I had that, if I own that piece of software,
and I have, you know, 100,000 user base,
what I'm going to do at some point in time,
is if one I'm done with that software,
and done with that user base, and I want to sell it,
I can sell that software to someone else to do whatever they want to do with it.
And at that point, things start to get complicated.
So a piece of software can end up initially being non-malicious,
and it can be kind of annoying or stupid and worthless.
But when it gets resold to a third party,
you don't know what's going to happen.
So for example, you do an MD5 check sum of this piece of tool bar,
and it's good today.
And I sell my tool bar to Zingwang district of wherever,
and that tool is now added some extra functionality
that may kind of cause a learn to some people,
may be constitute malware, may constitute malware,
or junkware to some people.
At the end of the day, nobody wants tool bars at all.
So it's all junk, it's all crap, and it's all garbage.
There are very few tool bars that are actually useful in today's world,
and those constitute plug-ins and they're managed through somewhat sanitized
and managed software distribution platforms,
like the Chrome extension, libraries,
and the Firefox extension ecosystem.
So to have a tool bar that's not managed by a Chrome or Firefox,
or even Microsoft has their own ecosystem for their plug-ins,
which I don't even know if people even use.
That's an indication that this is probably not something you want on your system.
If it's not in one of those three buckets,
if you can't find it with a Chrome extension or a Firefox extension,
it's probably not something you want on your system to begin with.
So anyways, what I'm going to do is crawl through all of this mess
because I love that script, and I love automation,
and I love Windows automation, and I miss...
I love this type of stuff, and I miss IT, and I miss all that.
So what I'll do is I'll go through some of these bullet points,
and I'll do a follow-up on Tron script,
and hopefully provide some value to the guy,
because I've been doing this stuff for a while, too.
So anyways, I hope this maybe helps somebody.
I would use this if you're not very familiar with Windows,
and you don't know how to troubleshoot Windows issues,
you just run this Tron script.
It's 500 megs, you run it, and you walk away and come back,
and your system's probably going to be fixed in one way or another.
So it's actually a very interesting way to kind of boil the ocean,
as it were from an automation standpoint,
and it sounds like something I would create
if I was still doing IT support, you know, 10 years later.
But anyways, I hope this is useful,
if you are learning something new,
like I try to learn every once in a while,
try to contribute and upload a quick thing,
record it on your phone, record it on your laptop,
record it with a decent condenser mic, or whatever,
and it doesn't have to be perfect, it just has to be,
provide some value to somebody, right?
You've been listening to HeccopublicRadio at HeccopublicRadio.org.
We are a community podcast network that releases shows every weekday,
Monday through Friday.
Today's show, like all our shows,
was contributed by an HPR listener like yourself.
If you ever thought of recording a podcast,
then click on our contribute link to find out how easy it really is.
HeccopublicRadio was founded by the digital dog pound
and the Infonomicon Computer Club,
and is part of the binary revolution at binrev.com.
If you have comments on today's show,
please email the host directly,
leave a comment on the website,
or record a follow-up episode yourself.
Unless otherwise status,
today's show is released under
Creative Commons,
Attribution,
ShareLite,
3.0 license.
Reference in New Issue Copy Permalink