Warning against Ultra TC Editors

English support forum

Moderators: white, Hacker, petermad, Stefan2

Post Reply
MarekCzerski
Junior Member
Junior Member
Posts: 27
Joined: 2015-01-22, 01:18 UTC

Warning against Ultra TC Editors

Post by *MarekCzerski »

On this forum in the tread "How to wipe or delete all history?" I have found today some recommendations to download and use ultra_tc_editors_642_setup from this site: https://sites.google.com/site/ultratceditors/downloads

I followed the advice because until then my experience with advice and software recommendations provided on this forum have always worked great for me and I hoped it would do again on my 64-bit machine with Windows 10 and TC 10 for 32/64–bit machines, installed in a portable format on an external hard drive. When the setup.exe file arrived from the aforementioned site I installed the software without any problems and/or warnings of the system and AV protection tools.

And that’s how my problems started.

1. TC folder removed from the disc:
As soon as I tried to open TC via the lnk file I had always used for this purpose until then the link reported that the tc.exe file is non-existent in the system and when I checked to installation folder it occurred that the whole TC folder was empty except that the win.ini file and plugin folder were still there.

2. TC Exe files in the ultra TC Editors folder – useless: Next I opened the Ultra TC E folder and found many TC exe files there. However, each of them, including standard TC start exe files refused to work and displayed a message that each of them is a part of the TC programme and cannot be used separately. Strangely enough I also found that my TC 10 installation file was removed from my disc. Before I attempted to restore the TC software I removed the Ultra TC Editors from my machine with Revo Uninstaller.

3. STOLLEN LICENCE KEY I eventually downloaded and installed the TC 10 from anew from the ghisler.ch site. I also copied my licence key that I had purchased long ago when TC was distributed under its former name :D and the key according to Christian Ghisler’s promises had worked with each subsequent TC software update, including the latest one, until the “catastrophe” of today.

When I fired the TC it displayed a shocking message which read:
"Unfortunately your licence key was found on the public Internet on a file sharing system (or via Google). Owner: EKTOS A/S. If you are the legitimate owner and want to use the latest version you need to buy an upgrade. You can buy it for the normal update price. Please provide your licence # XXXXXX" [6-digit number follows]. (End of message). If posting images are allowable here I may file a screenshot of the message.

Needless to say I do not know any individual or company EKTOS A/S!!! Not only have I never shared my key with any third party through private channels and/or on Internet, but I have always kept it in the TC folder and there had never been any problems with the security of my system.

I do not mind buying a new licence key if that Christian Ghisler’s requirement as I have always appreciated Christian’s efforts over the many, many years and I had made some donation long ago, but I am afraid that this may be a fake news or still worse – a result of a computer infection. My AV system has not reported any infection, but who knows... I have worked on MS computers for a period long enough to loose any confidence with Windows as such...
After the “TC catastrophe” I searched Internet to check if there are any virus infection reports on ultra_tc_editors_642_setup and I found one. However, the manager of https://www.virustotal.com/gui/url/8d8fd32ca651219cdb993dc51968c03e35318b340f1c762fd5ba379b1bcf0725/detection claims that no vendors reported any infection of the software. If that’s really true, then the ultra_tc_editors_642_setup software is so badly written that it destroys and removes the TC installation on the target machine.

I will appreciate your advice whether the requirement to re-buy my licence is legitimate and how I could pay and get it back. This is really important and urgent matter for me because it seems that until I regain my licence key I cannot use my former settings in the tc.ini file, which I have adjusted to my requirements and TC without these features is hard to use for my tasks.

Best regards
Marek
User avatar
Dalai
Power Member
Power Member
Posts: 9364
Joined: 2005-01-28, 22:17 UTC
Location: Meiningen (Südthüringen)

Re: Warning against Ultra TC Editors

Post by *Dalai »

MarekCzerski wrote: 2022-01-24, 18:31 UTC1. TC folder removed from the disc:
Out of curiosity I downloaded the setup (which is not required at all, extracting the RAR archive to a directory of your choice is sufficient)[1] and tried it in a VM. I can't confirm that any TC installation (32-bit or 64-bit) was deleted. I even checked the setup (Inno Setup) by unpacking it with innounp and didn't find anything fishy in its setup script. Even a more recent VirusTotal report says the setup file is clean (except one scanner, but that's most probably a false positive).

[EDIT]
[1] Looks like Ultra TC Editors requires mscomctl.ocx. A setup is one way to deal with this, although I would have solved it differently.
[/EDIT]
2. TC Exe files in the ultra TC Editors folder – useless: Next I opened the Ultra TC E folder and found many TC exe files there. However, each of them, including standard TC start exe files refused to work and displayed a message that each of them is a part of the TC programme and cannot be used separately.
Which file exactly did you try to run? All executables of Ultra TC Editors are meant to be run separately from TC, hence its setup creates shortcuts in Windows Start Menu (wouldn't make sense if they couldn't be run separately).
3. STOLEN LICENCE KEY
I don't think you need to buy a new license, just try to find the wrong one and get rid of it.

Please check the following registry keys:

Code: Select all

HKEY_CURRENT_USER\Software\Ghisler\Total Commander
HKEY_LOCAL_MACHINE\Software\Ghisler\Total Commander
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Ghisler\Total Commander
If there is a value named "key" in any of them, rename it and TC shouldn't use the wrong license key anymore. If there isn't such value, you should search for files named "wincmd.key" in the TC program directory and in %AppData%\Ghisler (%AppData% usually expands to C:\Users\<user>\AppData\Roaming). Rename the file(s) if you find any. If you don't find anything in these locations, there are a couple more options of where TC reads the license from, i.e. KeyPath in wincmd.ini; maybe start TC with a fresh wincmd.ini.

---

All things considered, the question is: What did you download and execute exactly? I doubt that Ultra TC Editors or its setup caused the things you experienced, and since the program hasn't been updated for about 2.5 years and it's used by a lot of people, anything out of the ordinary would have made it to the public.

For reference, here are the MD5 checksums of the current Ultra TC Editor setup files:

Code: Select all

db12fe7a3d5875088f5a24db58d4cf9b *ultra_tc_editors_642.rar
bcce1b3772d5e2d7a623becc947a3e4c *ultra_tc_editors_642_setup.exe
and its program files:

Code: Select all

07171520e42870c370f9e4049fabab60 *Button Bar Editor.exe
d00e3620ab09107bf7eb9f6ee43d016a *Configuration Editor.exe
443a9d23a379c35b9f03c22f436619e4 *History Editor.exe
5fdf4bd91afd103e892906cd3c9eb60c *Hotkeys Editor.exe
aa5da8d53ed12cb751cd8407efc5eb2a *Main Menu Editor.exe
a8f308e2c983cca0dc445df9df28bcae *Readme.chm
d826287fad1779d9f5248fa863a1735e *Start Menu Editor.exe
d4ab64826a9b900d85164cb3dc86aaaf *Ultra TC Editors.exe
Regards
Dalai
#101164 Personal licence
Ryzen 5 2600, 16 GiB RAM, ASUS Prime X370-A, Win7 x64

Plugins: Services2, Startups, CertificateInfo, SignatureInfo, LineBreakInfo - Download-Mirror
User avatar
nsp
Power Member
Power Member
Posts: 1803
Joined: 2005-12-04, 08:39 UTC
Location: Lyon (FRANCE)
Contact:

Re: Warning against Ultra TC Editors

Post by *nsp »

As Dalai i cannot confirm such issues. This is probably due to another cause on the external usb drive or infected computer.

The link i use is the following : http://utceditors.totalcmd.net/tc_tools/downloads.htm
Same md5 as dalai !

Code: Select all

bcce1b3772d5e2d7a623becc947a3e4c *ultra_tc_editors_642_setup.exe
db12fe7a3d5875088f5a24db58d4cf9b *ultra_tc_editors_642.rar
I also advise to give a look on this post to get updated cedf file.
MarekCzerski
Junior Member
Junior Member
Posts: 27
Joined: 2015-01-22, 01:18 UTC

Re: Warning against Ultra TC Editors

Post by *MarekCzerski »

Thanks for your advice and links. I will try them, for sure.
User avatar
petermad
Power Member
Power Member
Posts: 14739
Joined: 2003-02-05, 20:24 UTC
Location: Denmark
Contact:

Re: Warning against Ultra TC Editors

Post by *petermad »

MarekCzerski wrote:As soon as I tried to open TC via the lnk file I had always used for this purpose until then the link reported that the tc.exe file is non-existent in the system
Peculliar - the Total Commander executable is either named totalcmd.exe or totalcmd64.exe - not tc.exe.

MarekCzerski wrote:the whole TC folder was empty except that the win.ini...
Win.ini is a system file that is usually loacated in c:\windows. Total Comanders .ini file is by default named wincmd.ini

MarekCzerski wrote: Next I opened the Ultra TC E folder and found many TC exe files there
What were the names of those .exe files? Total Commander has these exe-files: NOCLOSE64.EXE, TCMADM64.EXE, TCMDX32.EXE, TCUNIN64.EXE TcUsbRun.exe and TOTALCMD64.EXE (and these for 32bit version: NOCLOSE.EXE, SHARE_NT.EXE, TCMADMIN.EXE, TCMDX64.EXE, TCUNINST.EXE, TcUsbRun.exe, TOTALCMD.EXE and WC32TO16.EXE).
Utltra TC Editors only has on .exe file with TC in its name: "Ultra TC Editors.exe"

MarekCzerski wrote:it seems that until I regain my licence key I cannot use my former settings in the tc.ini file
That is not true, if you have a backup of your wincmd.ini (not tc.ini) file you can use that, ALSO without a license key.
License #524 (1994)
Danish Total Commander Translator
TC 11.03 32+64bit on Win XP 32bit & Win 7, 8.1 & 10 (22H2) 64bit, 'Everything' 1.5.0.1371a
TC 3.50b4 on Android 6 & 13
Try: TC Extended Menus | TC Languagebar | TC Dark Help | PHSM-Calendar
User avatar
petermad
Power Member
Power Member
Posts: 14739
Joined: 2003-02-05, 20:24 UTC
Location: Denmark
Contact:

Re: Warning against Ultra TC Editors

Post by *petermad »

MarekCzerski wrote:When I fired the TC it displayed a shocking message which read:
"Unfortunately your licence key was found on the public Internet on a file sharing system (or via Google). Owner: EKTOS A/S. If you are the legitimate owner and want to use the latest version you need to buy an upgrade. You can buy it for the normal update price. Please provide your licence # XXXXXX"
MarekCzerski wrote: but I am afraid that this may be a fake news or still worse – a result of a computer infection
I can tell that this is how TC will announce it, if an illegitimate license key is detected - so the message does not come from a virus, but a virus could have infected your license key.

I tried downloading from both https://sites.google.com/site/ultratceditors/downloads and http://utceditors.totalcmd.net/tc_tools/downloads.htm - and the files are identical - so the ultra_tc_editors_642_setup.exe you downloaded it not likely to be the cause of your problems.
License #524 (1994)
Danish Total Commander Translator
TC 11.03 32+64bit on Win XP 32bit & Win 7, 8.1 & 10 (22H2) 64bit, 'Everything' 1.5.0.1371a
TC 3.50b4 on Android 6 & 13
Try: TC Extended Menus | TC Languagebar | TC Dark Help | PHSM-Calendar
MarekCzerski
Junior Member
Junior Member
Posts: 27
Joined: 2015-01-22, 01:18 UTC

Re: Warning against Ultra TC Editors

Post by *MarekCzerski »

Thanks for your contributions and pieces of advice. I removed the broken licence key file and I have found an backup copy of my licence key fil and put it into the TC folder. Now, everything works fine.
I do applogize that I send my appreciation of your help after such a long break, when I was off the web.
Cheers – Marek
Post Reply