Multibooter

Virus Total as a source and backup of rare files? Paid subscribers to virustotal can download files uploaded by others. https://virustotal.github.io/vt-cli/doc/vt_download.html indicates a downloader, "if you have an API key with access to VirusTotal Intelligence" https://virustotal.github.io/vt-cli/doc/vt_download.html and https://www.virustotal.com/gui/intelligence-overview I checked my ancient version of Kaspersky, which didn't seem to me to be available anywhere in the internet. Wrong. This version/build is not all that rare. VT Hash Check indicated 2019 as last Scan Date, so my ancient version of Kaspersky is probably still available for download, from Virus Total/Google, if you have an API key with access to VirusTotal Intelligence and the MD5 or SHA1 checksum of the file. Writing down the MD5 or SHA1 checksum of old software versions may be an additional precautionary backup measure --- for file recovery from Virus Total/Google?

VT Hash Check also works for me, without Internet Explorer 8, if I copy normaliz.dll into the install-to folder instead of \Windows\system32\

2 instances just looked unusual. Does the big file triddefs.trd in the install-to have any special use? It's a RIFF file, and contains the text "Marco PontelloRURLF.https://en.wikipedia.org/wiki/List_of_video_game_emulators" near the top, Added: Seems to identify file types to be checked, https://www.mark0.net/soft-trid-e.html

Process Explorer v11.11 (still from the days of Win98) on this old desktop also displays under WinXP only ONE instance of VTHash.exe, while Task Manager displays TWO. When I exit Task Manager, while VT Hash Check is loaded, and then restart Task Manager only ONE instance is displayed by Task Manager

When VTHash.exe is displayed via a shortcut on my SSE2 desktop under WinXP, TWO instances of VTHash.exe are displayed by Task Manager Alt-Ctl-Del. When I close the VTHash.exe Settings window, both instances are gone.

I had the same issue under WinXP as AstroSkipper, no program running in the background that catches and hides windows, as far as I know. AstroSkipper's trick to create a desktop shortcut with Target: "H:\Virus Total Hash Check\VTHash.exe" --prefs has resolved the issue for me. I subsequently renamed the shortcut to "Virus Total Settings". Maybe it's best to create such a shortcut immediately after the installation if Internet Explorer 8 is not installed under WinXP, so that you can manually select "Use SSL/TLS" in Settings, in order to avoid getting blocked with the message "Your virus total account is not allowed to perform that action"

Does "in general" also include "AntiViral Toolkit Pro for Windows 95 Beta by Eugene Kaspersky (C) KAMI Corp., Russia, 1992-1996"? It probably still runs under WinXP and surely is no risk. The term "in general" always implies "exceptions", so I agree with you. And I do appreciate your comments, especially from a person a generation younger than I am, who is interested in Windows XP! The risk depends on the version and build, reflecting how Kaspersky mutated. Microsoft also mutated, and I like the old XP version of Windows. BTW, AntiViral Toolkit Pro by Eugene Kaspersky was distributed in the US, around 1996-98, by a company called "Central Command Inc.", sounds like https://en.wikipedia.org/wiki/United_States_Central_Command - what a mutation! But again, I'll move on. I personally have all I need regarding antivirus under WinXP, and there are several other topics at msfn to which I may contribute. My recent postings here were intended to share my experience of updating my antivirus program via VPN. VPN under WinXP has become recently one of my current projects of interest.

UPDATE 20Apr2025: The 3 screenshots in this posting were deleted, to save posting space. The posting with the screenshots was archived at https://web.archive.org/web/20250420155134/https://msfn.org/board/topic/186770-vt-hash-check-xp-compatibility-restored/page/2/ In the screenshot below VT Hash Check displays the scan results of a rare little program which has worked OK and which is most likely OK (the mentioning of what it exactly does may not be appropriate in this forum), but the scan results by most AV programs, including Kaspersky, are displayed by VT Hash Check in red and are false flags. I re-scanned this OK file with my ancient version of Kaspersky, near-current signature update of 12Apr2025. In contrast to the false flag displayed above by Virus Total for "Kaspersky, 22.0.1.28, UDS:DangerousObject.Multi.Generic" my ancient version of Kaspersky with a near-current signature update of 12Apr2025 displays "No threats detected". With old, non-current signatures, however, my ancient version of Kaspersky had also given a false flag for this OK file. Kaspersky must have corrected their false flag in the mean time. Conclusions of this review: 1) The scan results displayed by Virus Total with TC Hash Check on 16Apr2025, the day before I initiated a re-analysis, were of 18Mar2022, 3 years old. Re-analysis is very easy with VT Hash Check, you just click on the "Full Scan" button in the VT Hash Check window, then the default browser opens up and then you click on "Reanalyze", without a need to resubmit/upload the file. 2) My ancient version of Kaspersky, with a near-current signature of 12Apr2025, gives a better result than the re-scan by Virus Total of 17Apr2025 , at least for the results displayed in the table row "Kaspersky 22.0.1.28" of VT Hash Check. 3) Virus Total does NOT use a current signature for their Kaspersky scanner 4) The test results of Virus Total seem to reflect the prohibition by the US government against Kaspersky updates (of course, Virus Total belongs to Google) 5) Virus scanners marked in red AND indicating a Trojan or something serious in the results table of VT Hash Check may not be that reliable, at least with respect to false flags. 6) In my preceding VT Hash Check on 16Apr2025 (in which Virus Total had last checked the file on 18Mar2022), 47 out of 68 scanners had generated false flags for this old, rare file of the year 2008. In the re-analysis of 17Apr2025, 50 out of 72 scanners had generated false flags. 7) VT Hash Check has a Setting "Save As Plain Text". This setting facilitates an easy comparison with Beyond Compare of scan results years apart, e.g. the scans by Virus Total of 18Mar2022 vs 17Apr2025, to see how various virus scanners evolved with their false flags, for example: - Comodo is not in the current list of scanners anymore - GData and Malwarebytes made their false flags even more severe, from "Malware" to "Trojan" - Yandex removed their previous false flag, and indicates everything is OK with the file in the re-scan of 17Apr2025 (maybe they are using the Kaspersky engine with current signatures?) 8) It is amazing to see how many Chinese virus scanners didNOT generate a false flag. 9) One use of VT Hash Check is to quickly compare the quality of various virus scanners, specific to files actually used instead of relying on a huge theoretical "in the wild collection", without having to upload files.

Thanks! VT Hash Check displayed the results OK after having selected "Use SSL/TLS" BUT: I had never de-selected "Use SSL/TLS" in Settings! Maybe this setting "Use SSL/TLS" was automatically de-selected after the 3rd check, because Internet Explorer 6 was installed then (the default from WInXP SP2), not IE8? My susbsequent installation of IE8, after I started to get the msg "Your virus total account is not allowed to perform that action", did not reset "Use SSL/TLS", so I continued getting this msg. You and AstroSkipper probably didn't get this message/de-selection of "Use SSL/TLS" because both of you probably have Internet Explorer 8 installed.

Reminds me of two expert witnesses in court, on opposing sides . I talk about a specific build, you talk about Kaspersky in general. But let's move on!

I can attest that my specific build of Kaspersky Anti-Virus is of top quality and is completely safe to use for virus-checking. I have used this build for 11 years, nearly every other day. I am not Russian and have no affiliation to Kaspersky or Russia whatsoever. I am an old member of msfn, since 2008, 1k+ postings and I have never given bad advice intentionally. One man's opinion, no more discussions about that, you're entitled to your opinion.

One attraction of msfn.org is that you can discover many little jewels here. I, for example, have recently discovered the usefulness for me of Paragon GPT Loader and OpenVPN, thanks to the helpful postings of fellow msfn members.

Edited on 13Oct2025: The screenshot in this posting was deleted because of limited upload space. The posting with the screenshot was archived at https://web.archive.org/web/20250428014030/https://msfn.org/board/topic/186770-vt-hash-check-xp-compatibility-restored/#comment-1279660 Thanks. I tried again, The settings are the default settings of the initial installation. In window Settings there is a green checkmark next to the field API Key. I have erased from the screenshot most digits of the API key. When I right-click on a file, the small msg window "Calculating hash" comes up, indicating the file name and SHA1, but this is followed within a fraction of a second by the msg: "Your Virus Total account is not allowed to perform that action." When I right-click on the green checkmark a msg window "Test API key now?" comes up. If I click on Yes "Thinking" flashes up, then the msg "Invalid API key, API key test failed. (HTTP403)" comes up. The internet connection was a normal connection, not VPN. The program doesn't seem to make a good rudimentary check on the computer of the entered API Key: For example, when I delete the last digit of the key, the green arrow turns into a red cross. When I then add a different, incorrect digit at the end, the red cross turns into a green checkmark again, even if the replaced digit was different. I repeated copying the API Key from my account at virustotal.com into the Settings window, same msg eventually about an Invalid API key, i.e. my user account at virustotal.com still displays the identical API key which generates the "API key test failed" msg. Again, my API key and the program worked OK after the installation during my first use, for about 10mins and for about 3 checks, then "Your Virus Total account is not allowed to perform that action". When I searched for this msg at yandex.com, Yandex showed the link https://github.com/aboul3la/Sublist3r/issues/194 A posting there indicates "Same error here. The first two times worked perfectly but some days after the same error appears". So my guess about a blocked API key is probably wrong, too paranoid, a bug of VT Hash Check v1.67 may be the cause, maybe the newly generated API keys don't work with old v1.67??

Can you judge the quality of a specific program which you have never tested, of which you don't even know the build and version? Just food for thought, please don't take my comment in an argumentative way, I do like your many excellent and really helpful postings! I plan to provide details publicly about this build when the Kaspersky signature server stops providing updates for me. And maybe download links. My ancient version of Kaspersky is a corporate version and the signatures can be updated from the Kaspersky server and from an update distribution folder. Updates from an update distribution folder have worked fine for various computers with WinXP, from Pentium 3 to i7, without requiring internet access. I am archiving each signature update, so that eventually there will be a final signature update under Windows XP - but hopefully not in the near future! A final signature update may still be useful for 6 months and longer, and then virus-checking will have to move on to a more recent operating system. The final signature update for Kaspersky Anti-Virus under Windows 98 was on 1Apr2014. Being able to update signatures under Windows XP in 2025 is pretty good!

I don't think that I was abusing the service, I only checked your setup.exe file (1 false positive) and 2 other files within my initial 10mins before I got blocked. Definitely within the limitation of the free API key (4 requests per minute and 500 requests by day). I got the blocked response when I right-clicked, after checking 3 OK files, on a more difficult file. This right-clicked file is most likely OK but has been falsely flagged by Kaspersky for maybe the past 10 years. If I exceeded my limit somehow, I probably should have gotten a message instead of an invalidated API key, invalidated without a message or reason why. No idea why I got blocked, except my guess about the yandex email account. Maybe someone else with a yandex email account could confirm or refute my guess. Best regards!

VT Hash Check is easy to use and paranoid users could sign up for an API key via Tor (not yet tried whether possible) and register with a secondary rarely-used email address. Again, genieautravail, thank you so much for your work.

UPDATE 21Apr2025: Workarounds were found for all issues. VT Hash Check v1.67, modified by genieautravail for WinXP, is an excellent program. Highly recommended. Thanks so much for your work of many hours modding VT Hash Check for use under WinXP. ISSUE #1: Your modded package installed fine, but when I made the 1st run I got the following message: "No API key configured. A VirusTotal.com API key is required in order to use this application. Would you like to open the settings window and enter a key now?" -> Yes I signed up for a new user account at virustotal.com, incl. email address. An email with a validation code was then sent to this email address. Being a little cautious about giving up privacy, I had entered a rarely used email address @yandex.com . Eventually the free API key was displayed at virustotal.com and I pasted the API key into the settings of VT Hash Check ISSUE #2: Then an error msg came up: "VT Hash Check - Settings: VTHash.exe - Unable to Locate Component. The application has failed to start because Normaliz.dll was not found. Re-installing the application may fix the problem" Normaliz.dll was not on my computer. Windows XP had been installed on my computers initially as SP2, followed by an update with SP3 later on, which didnot update Internet Explorer. I still have the original Internet Explorer 6.0.2900 under WinXP, I have not installed MS Internet Explorer 8 for WinXP (8Mar2009). The issue was FIXED by extracting normaliz.dll (v6.0.5441.0, not digitally signed) from IE8-WindowsXP-x86-ENU.exe, which is the installer of MS Internet Explorer 8 for WinXP (8Mar2009), and copied normaliz.dll to \Windows\system32\ UPDATE: normaliz.dll can be copied into the install-to folder of VT Hash Check instead of into \Windows\system32\, both locations work OK. IE8-WindowsXP-x86-ENU.exe can be downloaded here: http://web.archive.org/web/20130507062858/http://download.microsoft.com/download/C/C/0/CC0BD555-33DD-411E-936B-73AC6F95AE11/IE8-WindowsXP-x86-ENU.exe I also had to Permit Outgoing Connections for VT Hash Check in my Kerio Firewall. Virus Total is owned by Google, so I opened the gates for Google. GREAT, an easy to use program. works under WinXP, just needs a right-click on the file to be checked. I checked several files with it, for about 10 minutes... until it stopped working. ISSUE #3: About 15 minutes after signing up and getting the API key from virustotal.com the following error message was displayed instead of the results table: "Your virus total account is not allowed to perform that action" When I double-clicked in the Settings window on the green checkmark next to the API key I got a message about an invalid API key. How could a valid, just downloaded key turn invalid after 15 minutes? I rebooted, waited for an hour, but still the same message about the key. I then installed the whole MS Internet Explorer 8 for WinXP (8Mar2009), instead of just copying normaliz.dll, still the same message about the key. Today, one day after installing VT Hash Check, I tried again, same message about the API key.

The issue of preserving the original folder dates seems to be an issue of NTFS partitions, not of FAT32 partitions, For example, when copying FTP sites to an NTFS partition, the folder dates of the folders copied to an NTFS target partition get set to the current date. With Beyond Compare you can "Touch" the folder dates on the target NTFS partition in a 2nd step. But when you add a comment file etc later on, the folder date gets changed to the current date and the original folder date is lost. The original folder date provides sometimes important information, e.g. when software was available. The file and folder dates at FTP sites I have named in my notes as the "FTP upload date". I always try to copy FTP sites to a target FAT32 partition, except if there are files >4GB at the FTP site; in that case I copy the file >4GB separately to an NTFS partition.. As a workaround for maintaining the original folder dates I have tried to stick to FAT32 partitions as much as possible. This has limited me in my archive mainly to 1TB and 2TB HDDs, on which I have always created 4 large logical FAT32 partitions and the remaining space as 1 logical NTFS partition, 4+1 has worked fine for me over time. Having more than 4 FAT32 partitions on GPT HDDs >2TB would eventually result in a drive letter overflow, when also connecting a similarly partitioned backup HDD for copying data from one drive to the other. I also try to maintain some backward compatibility to Win98 for my archive. Win98 has a partition size limit for FAT32 partitions, cannot access NTFS without additional tools and cannot use stuff archived stuff on GPT HDDs >2TB. I therefore consider HDDs >2TB, with huge NTFS partition(s), as useful mainly for movies, music, bittorrent downloads, .isos, stuff from archive.org, .gho and .tbi partition backups, not-yet-processed eMule downloads, infected stuff downloaded, stuff never accessed under Win98, stuff accessed only under Win10, etc, i.e. where the creation date of the holding folder is of secondary importance. All other stuff I prefer to archive on FAT32 partitions, where the folder dates do not get modified when adding stuff into folders. Under FAT32 I do not need to ask myself "is this the original folder date?", especially because I use Beyond Compare for file handling.

I have checked the source code. openvpn-2.5.4.zip does contain the string "dev_interface_list_size", while openvpn-2.3.18.zip does not contain this string. The source code files of OpenVPN are located at https://build.openvpn.net/downloads/releases/ So this bug of official OpenVPN v2.5.4 under WinXP SP3, or something similar, will very likely not occur with v2.3.18 under WinXP SP2. An actual test, however, would confirm whether eMule using OpenVPN v2.3.18 does work OK under WinXP SP2 and also under WinXP SP3.

Thanks , so there is no major issue using OpenVPN v2.5.4 on my SSE2 desktop computer. I wasn't sure whether "OpenVPN v2.5.4 Windows XP SP3 bug" in schtrom's article refers to the official v2.5.4 or to his modded v2.5.4. So the severe bug of the official v2.5.4 was resolved by schtrom's modded v2.5.4. Does OpenVPN v2.3.18 under WinXP SP2 (i.e. on an SSE-only computer) have the same severe bug "the returned list size is 1 on Windows XP SP3 for an empty list" as the official OpenVPN v2.5.4 under WinXP SP3 (i.e. on an SSE2 computer)?

1) OpenVPN v2.5.4 (schtrom mod) Thanks , OpenVPN 2.5.4 (schtrom mod) is working fine under WinXP on my SSE2 desktop computer. Your link to the free VPN server at VPNBook was very helpful for learning about OpenVPN and for testing various parameters in the .ovpn OpenVPN config file. The 2 settings with which I was able to get OpenVPN v2.5.4 to work with the .ovpn config file from VPNBook were: - in Device Manager -> TAP-Windows Adapter V9 -> Advanced tab: -> set Media Status: Always connected - added the parameter "ip-win32 ipapi" to the .ovpn config file from VPNBook (or later to the .ovpn file from ExpressVPN) OpenVPN 2.5.4 (schtrom mod), however, does NOT work on my Inspiron 7500 laptop (SSE-only, 650MHz Pentium 3) under WinXP, I have tried many tricks to no avail. 2) OpenVPN v2.3.18 OpenVPN v2.3.18 (last official version for WinXP), however, DOES work OK under SSE-only. Download-link of the Installer (32-bit), Windows XP: http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.18-I001-i686.exe Download links of other builds of v2.3.18 for Windows (not tested): - Installer (64-bit), Windows XP http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.18-I001-x86_64.exe - Installer (32-bit), Windows Vista and later https://swupdate.openvpn.org/community/releases/openvpn-install-2.3.18-I601-i686.exe - Installer (64-bit), Windows Vista and later https://swupdate.openvpn.org/community/releases/openvpn-install-2.3.18-I601-x86_64.exe The .ovpn file from VPNBook doesNOT work with OpenVPN v2.3.18 under SSE-only. The .ovpn file from ExpressVPN, however, DOES work with SSE-only if the parameter "cipher AES-256-GCM" is changed to "cipher AES-256-CBC" in the .ovpn config file VPNBook apparently doesnot work with the parameter "cipher AES-256-CBC". ExpressVPN has a free 7-day trial. 3) Questions Question 1: schtrom indicates that v2.5.4 contains a "severe bug" "OpenVPN v2.5.4 contains a severe bug on Windows XP SP3" https://openvpn-for-windows-xp.sourceforge.io/#topic15 Does this mean that his mod v2.5.4 works OK under Windows Server 2003 R2 SP2 (as shown in his screen shots), but not under Windows XP SP3? How serious is this bug? Does this bug not occur with v2.3.18 under WinXP SP2? i.e. will this bug not show up, for example, if eMule is run under VPN on a Pentium3/SSE-only computer with OpenVPN v2.3.18 under WinXP SP2? i.e. would the non-occurrence of this bug be an indication of a special use of Windows XP SP2. Is Windows XP SP2 the only version of Windows in which OpenVPN v2.3 works, without this bug, with an old Pentium3/SSE-only? Kai Schtrom indicates as a major benefit of v2.5.4: "new TAP-Driver with a network speed of 1 GBit/s instead of 10 MBit/s". 800 kilobytes/s, however, is a useful speed download limitation for eMule. Faster download speeds may reduce the uptime until eMule crashes, especially after 14+ days of continuous uptime on an old and weak computer. eMule is a constant trickle from a huge pool of old stuff (e.g. 2000+ items simultaneously on the transfer list, even on a weak computer), while bittorrent is a very fast downloader if the file is still around. So the download speed of the new TAP driver for OpenVPN is definitely relevant for bittorrent, but less so for eMule. Question 2: Any experiences with VPN providers which have servers in many countries (for working around country-specific requirements) AND where port forwarding can be set, so that eMule works OK under VPN? vypr.com? airvpn.org?

jason88fr (altogether 5 posts, all at this link) at forum.kaspersky.com posted in your link https://forum.kaspersky.com/topic/prevent-blocking-of-vpn-21565/ on November 17, 2021 a screenshot of ExpressVPN being flagged by Kaspersky (no idea which version). My ancient version of Kaspersky, in contrast, did NOT flag anything when I updated Kaspersky via the same ExpressVPN. I had not selected any Protection components during the installation of my ancient version of Kaspersky and I was using OpenVPN, not the proprietary VPN software by ExpressVPN. "Since September 2021, ExpressVPN has been a subsidiary of Kape Technologies, a company wholly owned by Israeli billionaire Teddy Sagi" from: https://en.wikipedia.org/wiki/ExpressVPN

Edited on 13Oct2025: The screenshots in this posting were deleted because of limited upload space. The posting with the screenshots was archived at https://web.archive.org/web/20250413095615/https://msfn.org/board/topic/184730-antimalware-firewall-and-other-security-programs-for-windows-xp-working-in-2023-and-hopefully-beyond/page/81/ I have updated the virus definitions of my ancient version of Kaspersky Ok under WinXP via VPN. 16,832,335 signatures, database release date 4/12/2025 11:14 AM. (screenshot deleted) I have used OpenVPN v2.5.4 (schtrom mod) under WinXP, with a .ovpn config file by ExpressVPN, VPN server location in Ireland. TAP-Windows Adapter V9 was set in Device Manager, Advanced tab, Media Status to Always connected. I have used for this signature update a 7-day free trial by ExpressVPN. ExpressVPN worked fine for me with Kaspersky and also with uTorrent under WinXP, but not with eMule, no port forwarding. The screenshot below shows the Update running via VPN and the System Tray with the green [=connected] OpenVPN icon. The blue shield of the Kerio v2.1.5 Firewall icon shows a green arrow indicating the Permitted Outgoing Connection during the signature update. (screenshot deleted) The ability to obtain signature updates of my ancient version of Kaspersky via VPN may perhaps be of use in some countries

The corresponding bootable CD (i.e. not the installer version) of Acronis Disk Director v12.5.163 (26Dec2018) can be downloaded from: http://dl.acronis.com/s/AcronisDiskDirector12.5Workstation_163_en-US.iso It works OK with my old Pentium 3 laptop (700MHz, SSE-only) and detects OK a HDD in an external docking station connected via eSATA to a SATA PC Card in the laptop. Is an excellent CD.

1) Maybe it works in an external Firewire enclosure, connected to a Firewire card in the PC? 2) Maybe the issue is related to different workings on NTFS under WinXP and Win10? "The inability to process version 2.0 of the $LogFile by versions of Windows older than 8.0 results in an unnecessary invocation of the CHKDSK disk repair utility. This is particularly a concern in a multi-boot scenario involving pre- and post-8.0 versions of Windows, or when frequently moving a storage device between older and newer versions. A Windows Registry setting exists to prevent the automatic upgrade of the $LogFile to the newer version. The problem can also be dealt with by disabling Hybrid Boot" from: https://en.wikipedia.org/wiki/NTFS#Versions The Wikipedia article lists in the footnote https://learn.microsoft.com/en-us/archive/technet-wiki/15645.windows-8-volume-compatibility-considerations-with-prior-versions-of-windows