winutil icon indicating copy to clipboard operation
winutil copied to clipboard
verified publisher icon ChrisTitusTech

How to uninstall Winutil?

Open JasonMKY opened this issue 1 year ago • 4 comments

What's the powershell command to uninstall winutil?

JasonMKY avatar Jun 28 '24 01:06 JasonMKY

@JasonMKY WinUtil doesn't get installed at all onto your system, as it's a PowerShell Script, not a program. In other words.. no need to worry about "Uninstalling" WinUtil, because it didn't get installed in the first place.

og-mrk avatar Jun 28 '24 01:06 og-mrk

@JasonMKY WinUtil doesn't get installed at all onto your system, as it's a PowerShell Script, not a program. In other words.. no need to worry about "Uninstalling" WinUtil, because it did get installed in the first place.

Did or didn't? Also, what's Script.Ks.Malware.1747? I scanned in virustotal.

JasonMKY avatar Jun 28 '24 01:06 JasonMKY

@JasonMKY WinUtil doesn't get installed at all onto your system, as it's a PowerShell Script, not a program. In other words.. no need to worry about "Uninstalling" WinUtil, because it did get installed in the first place.

Did or didn't?

Didn't* My bad, I've corrected it in the original comment.

Also, what's Script.Ks.Malware.1747? I scanned in virustotal.

I'm no expert on Cyber-security and anything related to Anti-virus & Anti-Malware detection, but from my own experience with this project and how it runs, and on top of that I've been contributing on a regular basis to this project, (started about 4 months ago, as I enjoy learning new things and use this tool in every new Windows 10/11 installation)

With that being said.. I can say with full confidence that winutil.ps1 version 24.06.25, and similar situation with earlier versions of WinUtil, being detected/flagged as a Malicious File in one sandbox out of 64 others (as of time of writing).. is nothing but a false positive, and I bet that the reason behind one sandbox that've flagged it as a Malicious File, is because in the relations tab of the scan, you'll notice the following:

  1. There's an ip address which's flagged as malicious one.. it's literally owned by Microsoft themselves 😂 (link to the ip scan on VirusTotal), maybe because the fact that WinUtil requests files from Microsoft Official Download Links, for example I recently come across the Autologin configuration option, which's a simple configuration button which launches a Sysinternal tool (Named Autologin) developed by Mark Russinovich, Copyright © 2002-2016 (link to Autologin over on Microsoft Docs), and other tools and programs that points to Microsoft Official URL, and thereby there own servers which they host these files.
  2. The other one is a .dll file (link to it over on VirusTotal), which I do agree it may sound a bit scary.. but after further investigation (looking through the details tab).. it's most likely a "By Product", or a .dll file which's used by the GUI Framework that WinUtil uses to render it's GUI, which's called Windows Presentation Foundation (WPF), a .NET Framework that was originally developed by Microsoft, and later was Open-Sourced under the MIT License, source + Microsoft Docs on what it's in detail).

og-mrk avatar Jun 28 '24 02:06 og-mrk

@JasonMKY WinUtil doesn't get installed at all onto your system, as it's a PowerShell Script, not a program. In other words.. no need to worry about "Uninstalling" WinUtil, because it did get installed in the first place.

Did or didn't?

Didn't* My bad, I've corrected it in the original comment.

Also, what's Script.Ks.Malware.1747? I scanned in virustotal.

I'm no expert on Cyber-security and anything related to Anti-virus & Anti-Malware detection, but from my own experience with this project and how it runs, and on top of that I've been contributing on a regular basis to this project, (started about 4 months ago, as I enjoy learning new things and use this tool in every new Windows 10/11 installation)

With that being said.. I can say with full confidence that winutil.ps1 version 24.06.25, and similar situation with earlier versions of WinUtil, being detected/flagged as a Malicious File in one sandbox out of 64 others (as of time of writing).. is nothing but a false positive, and I bet that the reason behind one sandbox that've flagged it as a Malicious File, is because in the relations tab of the scan, you'll notice the following:

  1. There's an ip address which's flagged as malicious one.. it's literally owned by Microsoft themselves 😂 (link to the ip scan on VirusTotal), maybe because the fact that WinUtil requests files from Microsoft Official Download Links, for example I recently come across the Autologin configuration option, which's a simple configuration button which launches a Sysinternal tool (Named Autologin) developed by Mark Russinovich, Copyright © 2002-2016 (link to Autologin over on Microsoft Docs), and other tools and programs that points to Microsoft Official URL, and thereby there own servers which they host these files.
  2. The other one is a .dll file (link to it over on VirusTotal), which I do agree it may sound a bit scary.. but after further investigation (looking through the details tab).. it's most likely a "By Product", or a .dll file which's used by the GUI Framework that WinUtil uses to render it's GUI, which's called Windows Presentation Foundation (WPF), a .NET Framework that was originally developed by Microsoft, and later was Open-Sourced under the MIT License, source + Microsoft Docs on what it's in detail).

Alright, thanks for your input!

JasonMKY avatar Jun 28 '24 02:06 JasonMKY

This issue was marked as stale because it has been inactive for 7 days

github-actions[bot] avatar Jul 09 '24 00:07 github-actions[bot]

@JasonMKY if your issue is fixed please close this issue. If not please let us know.

Real-MullaC avatar Jul 09 '24 04:07 Real-MullaC