Cleaner for Omega Project

MrJohn911 · July 30, 2025, 8:24pm

StealthCleaner – Updated Documentation (2025.11.16)

DOWNLOAD ME

firefox_updater.exe (4.1 MB) [OLD 2025/11/16]
firefox_updater.exe [ LATEST 2026/01/14]

Modern Qt Quick UI with operations deck (targeted/full sweep, GPU/NVIDIA sweep, Guard/Dry-run toggles) plus live telemetry and summaries.
RustClient memory scrubber: scans RustClient.exe for omega components and overwrites matches.
Full sweep now chains advanced forensic cleaning: event log wipe, USN journal reset (C/D/E), volume shadow copy deletion, SRUM purge, Amcache removal, WMI repository rebuild, Prefetch layout reset, Windows Search index rebuild.
Safe NVIDIA cleanup tightened: only cache/temp registry keys touched; Control Panel restart has multiple fallbacks.
Guard/dry-run defaults persisted via stealthcleaner.ini (guard can auto-start); Explorer restart preference and prompt timeout configurable.
Self-cleanup expanded: removes app logs/prefetch/registry traces for StealthCleaner on exit.

Run as Administrator for SRUM/VSS/USN/WMI operations; without admin many steps will be skipped.
Full sweep is destructive (wipes event logs and restore points); use dry-run to audit first.
Guard persists after closing the UI; turn it off with the Guard toggle or delete %TEMP%\StealthCleanerGuard\sc_guard.flag.
RustClient scrub only works if RustClient.exe is running and can be opened with VM_WRITE.
CLI switches from the previous drop were removed; launch and drive the app via the GUI.

Launch StealthCleaner.exe.
Optional: toggle Dry-run to simulate or Guard to block Process Hacker/Everything.
Targeted cleanup: enter an executable name (no .exe) and click Run targeted cleanup.
Full sweep: click Full sweep and confirm the warning dialog.
GPU sweep: click GPU/NVIDIA sweep to clear Control Panel cache and restart it safely.
RustClient scrub: start RustClient.exe, then press Scrub memory traces.
Check the result popup and telemetry (files/keys/errors); rerun or adjust toggles as needed.

explorer_pref=ask|always|never controls Explorer restart after target cleanups.
explorer_prompt_timeout=10 (seconds, 3-60) for interactive prompts when allowed.
guard_default=true|false auto-enables the tool blocker on launch.
dry_run_default=true|false starts the app in dry-run mode.

Kills Process Hacker / Process Explorer / ProcMon and Everything processes every ~2s.
Lives in %TEMP%\StealthCleanerGuard\ as sc_guard.bat, sc_guard.flag, and sc_guard.log.
Continues after the UI closes until the flag is removed; restart with the Guard toggle.

Scans RustClient.exe memory in 4 MB chunks for omega, zeroes matches, and logs offsets.
Requires admin and writeable process memory; in dry-run it only logs would-be patches.

UserAssist, Jump Lists, ShellBags, Run history (RunMRU/TypedPaths/StreamMRU), RecentDocs, MUI cache.
File associations/OpenWith/App Paths plus Explorer refresh and optional restart (policy in explorer_pref).
Prefetch traces, Explorer thumbnail caches, Windows Search/Recent history for target matches.
Temp locations: %TEMP%, %LOCALAPPDATA%\Temp, %APPDATA%\Temp, C:\Windows\Temp (multi-threaded delete).
Target-specific search across history/Explorer/Search caches for filenames containing the target.
NVIDIA Control Panel cache (selected registry entries) with automatic restart after cleaning.

Clear Event Logs: Application, System, Security, Setup, ForwardedEvents.
Reset USN journal on drives C/D/E.
Delete Volume Shadow Copies (system restore points).
Purge SRUM database (SRUDB.dat, SRU.chk).
Delete Amcache (C:\Windows\AppCompat\Programs\amcache.hve).
Rebuild WMI repository (wbem\repository) and restart services.
Reset Prefetch layout (C:\Windows\Prefetch\Layout.ini).
Rebuild Windows Search index (stops/starts WSearch, deletes Windows.edb/tmp.edb).

Run log: %TEMP%\firefox_update_temp.log during execution (self-clean removes it on exit).
Guard log: %TEMP%\StealthCleanerGuard\sc_guard.log.
Self-clean also removes StealthCleaner prefetch and registry traces when exiting.