Multibooter

It is not unusual that trojans etc only get detected/added to virus signature updates several years after they came out. Again, why not just create a different SFX?

I just saw a description of the Gamaredon trojan flagged by Kaspersky in cacert_Updater.exe: "Gamaredon ... is a Russian, state-sponsored cyber-espionage hacking group with cybersecurity researchers linking them to the FSB (Russian Federal Security Service)" https://www.bleepingcomputer.com/news/security/gamaredon-hackers-start-stealing-data-30-minutes-after-a-breach/ Russian Kaspersky is very unlikely to flag real Russian state-sponsored trojans, cacert_Updater.exe for ProxHTTPSProxy must therefore be clean, and this must be a false flag Why not just create a different SFX?

I used Cert_Updater_v1.6.exe just as an example of another certificate updater, to see whether it also gets flagged when virus-checking. MiTeC EXE Explorer v1.2 indicates for cacert_Updater.exe an incorrect timestamp of 10May2012, even if the most recent file in the .exe, HTTPDL.exe, has the file modification date 13Feb2019. An incorrect timestamp is a little unusual, but not suspicious, many OK .exes have an incorrect timestamp. Maybe, if the content of cacert_Updater.exe (CERTUPD.bat, HTTPDL.exe and URLLINK) is put into a different SFX, it will not be flagged by virustotal/MediaFire?

Kaspersky's flag of cacert_Updater.exe is most likely a false positive, only 5/74 scanners, including CrowdStrike, of virustotal flag the file: https://www.virustotal.com/gui/file/9f805311953057a944567d9a2e45ee4d65ffb7804925115b3b05bf02d3ff7821 When the content of cacert_Updater.exe is extracted with WinRAR, Kaspersky does not flag anything, so maybe Kaspersky doesn't like the .exe container. When cacert_Updater.exe is run in a sandbox, the program window "Mozilla trusted root certificates Updater" displays: "Do you want to update certificates?", maybe that's what Kaspersky doesn't like, no idea. With another root certificate updater for Windows, Cert_Updater_v1.6.exe (is a Windows Root Certificate Updater which I use for WinXP), Kaspersky does not flag anything when virus-checking.

I downloaded one of the files which mediafire did not like: https://www.mediafire.com/file/4sqkixfd2waaypt/ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3_CheckedByAstroSkipper.7z/file I checked with my ancient version of Kaspersky, updated with the signature of 8Nov2024 (I only update once every 3 months). 1 Trojan and 1 riskware were detected: detected: Trojan program Trojan.Win32.Gamaredon.gj file: E:\Downloads_5\ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3_CheckedByAstroSkipper\ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3\cacert_Updater.exe detected: riskware not-a-virus:RiskTool.Win32.Cmdow.a file: E:\Downloads_5\ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3_CheckedByAstroSkipper\ProxHTTPSProxy_TLS_1_3_1_5_220717_PopMenu_3V3\PopMenu\cmdow.exe Kaspersky gives substantially fewer false positives than other virus-checkers. My feeling is that there is only a 10% chance that the Trojan msg for cacert_Updater.exe is a false positive. I would not be concerned about the riskware msg.

I cannot download these 2 files, I get the message: "Dangerous File Blocked, The file you attempted to download was determined to be dangerous. For your protection, MediaFire does not enable distribution of dangerous files." Any other way that I could get these 2 files? Added: sorry, I could just download the pw-protected files. Thanks anyway.

Could you temporarily upload again the 4 original files flagged by MediaFire's virus checker, to a different location? It would be interesting to see whether my ancient version of Kaspersky also flags them.

GPT disks under SSE-only (Pentium 3) Thanks, my above posting referred to compatibility with SSE-only, i.e. compatibility with my old Inspiron 7500 (SSE-only Pentium III, e.g. 700MHz). For me, external HDDs set to GPT, regardless of capacity, would only be useful if they can be accessed under both SSE-only and under more modern computers. 1) The last build of Acronis Disk Director which has installed AND worked for me under WinXP SP3 and SSE-only was v12.0.3223 (30May2014). This build 3223 requires WinXP SP3, it does not install under WinXP SP2. Also, after installing build 3223 the Help file in the install-to has to be renamed to anything else to avoid crashing under SSE-only. Unfortunately, I don't have it installed anymore on my Inspiron 7500, so I cannot check whether it works OK with GPT HDDs, unless I re-install it. A more recent Acronis v12.5.0.163 is listed in your excellent posting as compatible with GPT >2TB, but this build v12.5.0.163 can most likely not be installed and run under WinXP SP3 SSE-only. 2) The bootable CD of Acronis Disk Director v12.5.163 (en, workstation, 26Dec2018), however, DOES work great under SSE-only. I also have the corresponding bootable server CD with the same build, which I had marked "works with Inspiron" [=SSE-only], but the following experiments were made with the workstation version. With this bootable CD I have created OK a FAT32 partition on a 1TB GPT HDD. The 1TB GPT HDD was inside a Sharkoon Combo [=for IDE and SATA HDDs] docking station, connected via eSATA to an eSATA PC Card in the SSE-only laptop. Data on the FAT32 partition was read and written to OK under Win10 on a more modern desktop, and then read and written to OK again on the SSE-only Inspiron. The bootable CD of Acronis Disk Director v12.5.163 could also format a partition to ext3 on the 1TB GPT HDD. ext3 partitions are not displayed under WinXP and Win10. "Ext2 Installable File System v1.12" (26Dec2015), has worked for me OK to display ext3 partitions under WinXP under SSE-only. It can be downloaded from http://www.fs-driver.org/download.html [http, NOT https] According to https://community.chocolatey.org/packages/ext2ifs it works OK with GPT HDDs. If a GPT HDD, with an ext3 partition >2TB does work OK under WinXP, then the chkdsk issue with Win10/WinXP NTFS partitions can be circumvented. It might show that this issue is a file system issue. Using the ext3 file system may be an alternative to trying the UDF file system (has no partitions) to help identify the cause of the Chkdsk issue. 3) MS Disk Management could reformat OK a FAT32 partition under WinXP SP3 on the SSE-only laptop, BUT: could format only to NTFS, not to FAT32 etc.

I have about 30+ 1TB and 2TB WD SATA HDDs, mainly manufactured 2019 and later, no issues, also 20+ 2nd hand WD SATA HDDs with lower capacity, with manufacturing dates going back to 2011. I also have Hitachi HDDs. I started to like Western Digital because their Data Lifeguard Tools v11.2 could DDO OK WD-brand HDDs >137GB for the Inspiron 7500 under Win98. I used WD HDDs DDOed with DLG v11.2 for about 5 years, until I found out that the Win98 "137GB unofficial patch (for IBM only)" also works with the 240 heads, SSE-only Dell Inspiron 7500.

I have replaced Partmgr.sys and disk.sys with the Win2003 versions + updated sp3.cab under WinXP SP3 on my Inspiron 7500 (Pentium III, SSE-only, 240 heads disk geometry). I used, on a more modern desktop computer, TeraByte BootIt Bare Metal v1.73 (can partition pre-boot) to set a 1TB HDD to GPT and partitioned it pre-boot to 6 FAT32 partitions. The 1TB HDD was detected OK by Win10. The 1TB GPT HDD was also detected OK on the SSE-only Inspiron laptop. It was inside a different Sharkoon IDE/SATA combo docking station, with USB 2.0 and eSATA connectors, connected vie eSATA to an eSATA PC Card in the SSE-only laptop. My Computer and Hard Disk Sentinel v6.20 seem to work OK with the 1TB GPT HDD with WinXP under SSE-only, also Beyond Compare v2.5.3. TeraByte Image for Windows v2.92 also displayed OK the GPT disk and indicated that it is GPT, so I would speculate that there is a good chance that it could clone the 1TB GPT HDD under WinXP. MiniTool Partition Wizard v9.1 did display the GPT HDD, but did not display the partitions on it.

Maybe you were unlucky. I had no bad experience with Western Digital HDDs: 1) An old Inspiron 7500 Pentium III laptop, dedicated to just downloading stuff 24/7, has a 1TB laptop HDD WD10JPVT inside, as 2nd HDD. This WD HDD has been working surprisingly well, health 100%, running and reading/writing continuously 24/7, 1527 power on days, 987 total start/stop, total data written onto it maybe 20TB. 2) The 320GB IDE laptop HDD WD3200BEVE is great for retro-computing. They have worked fine for me as 2nd and 3rd HDDs inside an Inspiron 7500 laptop (Pentium III, one FAT32 partition 298.1GB), under Win98 and WinXP, I have not seen IDE laptop HDDs of other brands with 320GB capacity.

Perhaps it is an issue of different NTFS file system drivers under WinXP and Win10? Maybe you can create on the 3TB HDD GPT disk fourteen or fifteen FAT32 partitions of 196.600MB each [=192GB, 32kB sector size each, aligned to cylinder]. Will then the data beyond 2TB be scrambled up or will it be OK? Old Partition Magic v8.05 has a max.FAT32 partition size of 196.600MB, no idea why, but this size has always worked OK for me, under Win98/XP/10. I don't have any HDDs >2TB, for compatibility reasons and to avoid huge data losses. I have not yet tried to replace the Partmgr.sys, Disk.sys and sp3.cab with those of Windows Server 2003 because I am a little afraid to risk damaging my software collection on my HDDs, maybe later when all experimenting is done and Dave-H and jaclaz give the green light. If the issue is shown to be a file system driver issue, I can eventually buy a 3TB HDD, look for my old WriteDVD! v1.0.0.4 (works under WinXP) and try to format the 3TB GPT disk to UDF. WriteDVD! v1.0.0.4 installs under WinXP the UDF file system driver saiudf.sys [its Property sheet displays "Company: Software Architects, Inc., File version: 6.2.8.1, Description: UDF File System for Windows XP"]

Replacing the original power supply of a HDD docking station or external HDD enclosure with a substantially stronger one (more amps) has resolved for me flaky disk performance, e.g. when a docking station would work with HDD A but not with HDD B. Different HDDs have different power requirements. Hard Disk Sentinel also indicates the power requirements of a HDD for spinup and seek.

Just last week I was fiddling around with a 1TB desktop Seagate Barracuda ST31000333AS, bad firmware SD35, of 2008. This was the initial Seagate model which would die out of the blue, for which Seagate provided a non-working firmware update. The HDD was used as a backup copy, with Health indicated by Hard Disk Sentinel at 84%. I first ran the Short Self-test, then the Extended Self-test [in the "Information" tab of Hard Disk Sentinel]. I then ran the Read test, then the "Read + WRITE + read" test. I then ran Beyond Compare to compare all files of the nearly full 1TB backup Seagate vs a good master HDD, all files and folders were identical. These intensive tests by Hard Disk Sentinel, maybe altogether 30 hours of continuous reading and writing, had not damaged this time-bomb Seagate, Health had stayed at 84%. Hard Disk Sentinel seems to handle poor HDDs very well. In any case the Health indication and the Short-Self-test (takes 2mins) put very little stress on a HDD and give an indication whether something is conspicuously wrong with the HDD and help decide whether it would be advisable to continue testing. I subsequently ran "Reinitialize disk surface" [a sophisticated low level format, reallocation of weak sectors etc] on the time-bomb Seagate because it had contained 1 reallocated bad sector. Health then declined to 83%. I subsequently re-partitioned the time-bomb Seagate, copied with Beyond Compare all stuff from the 1TB master HDD back to it. A binary compare with Beyond Compare of all files and folders on the master HDD vs backup HDD showed that they were identical. Health had stayed at 83%.

1) Maybe 500GB exceeds the maximum FAT32 partition size. The max.FAT32 partition size I use is 192GB (196,600.1MB), although I have partitioned OK a 320GB HDD to a 305227.6MB FAT32 partition, with WinXP ScanDisk working Ok. A 192GB FAT32 partition size has never given me any problems, also works OK under Win98. 2) Maybe the external power supply is going bad? (if your "USB adapter" is a USB docking station or an external HDD enclosure) 3) Maybe it's related to using a 3TB HDD under WinXP? 4) If there is an issue with the physical HDD, maybe Hard Disk Sentinel v6.20 can help: a) check the displayed Health of the HDD b) -> Disk -> Surface Test -> Test Type: Read + WRITE + read test (refresh data area) [may take 16+ hrs on a 3TB HDD] 5) Maybe you should create a clone of this HDD for fiddling around. Also: data recovery is EXTREMELY time-consuming 6) Maybe MiniTool Power Data Recovery v7.0 helps, it has a "Damaged Partition Recovery" button 7) Most likely your problem is not virus-related. I only use 1TB and 2TB HDDs myself, I have about 100+ of them. I stopped buying Seagate stuff in 2010, because of the risk of data loss. About 2 years ago I bought again several 2TB Seagate BarraCuda ST2000DM008 HDDs, they are Ok as backups, Seagate is now a brand of WD. Mucha suerte, hopefully the data on your HDD was not terminally damaged by having run CHKDSK on a 500GB FAT32 partition.

The scan engine of my ancient version of Kaspersky, running under WinXP, canNOT look into all .exe files. In my experience this occurs with about 2-5% of .exe files checked. When Kaspersky cannot look into [=open, extract] a .exe, the "scanned" column of the "Statistics" tab indicates "1", as with the file hmpalert.exe in the screenshot below. So the Kaspersky msg "No threats detected" has to be treated with caution if "1" is displayed in the "Scanned" column, which indicates that the file should be examined further. In contrast, the file 'torbrowser-install-7.5.6_en-US.exe', shown in the screenshot below, could be checked OK by Kaspersky, with 7053 files in it checked by Kaspersky. BTW, 'torbrowser-install-7.5.6_en-US.exe' is the last version which runs OK under WinXP (also under SSE-only = Pentium 3), and is VERY useful for accessing sites blocked by ISPs etc. hmpalert.exe is a modified HitmanPro.Alert 3.8.25 Build 965, from a dubious source. Neither Universal Extractor v1.6.1.2035 (koros mod, 13Dec2018) nor 7-Zip v21.06 (24Nov2021) could extract hmpalert.exe properly, extracting only \.rsrc\ etc. When hmpalert.exe was installed under WinXP in a sandbox of Sandboxie v5.40, the installation completed OK, extracting 25 files and folders. but did not run in a sandbox because a service was not loaded. A 2nd scan with my ancient version of Kaspersky checked OK the 25 files, installed/extracted into the sandbox (see screenshot). hmpalert.exe was used here just as an example for showing how to virus-check a file which cannot be opened by the virus-checker. This sandbox trick probably also works with other virus-checkers, provided that the virus-checker indicates whether or not it can look into a file. BTW, hmpalert.exe seems to install OK under WinXP SP3, but no idea whether it runs OK under WinXP or whether it is of any use.

Annoying Sandboxie error message "Invalid comand line parameter" Many .rar etc downloads contain dubious stuff in nested subfolders with long path names. Very often, after having extracted a .rar and then, when trying to run a dubious file inside a long path name, Sandboxie does NOT run the file, but displays the annoying error message "Invalid command line parameter". This error message occurs under Sandboxie v5.22 (WinXP, SSE-only) and v5.40 (WinXP, SSE2), when the total path length (excluding the filename and the drive letter) exceeds 122 characters. The error message "Invalid command line parameter" does not indicate that something is wrong with the file itself, only that the path length is too long. When running many dubious little files, maybe 60% of the error messages generated by Sandboxie are "Invalid command line parameter". WORKAROUND: Copy the dubious little file into a temporary folder with a short path name, then run it sandboxed. I have attached a picture of this annoying error message, when you run notepad.exe sandboxed in a subfolder exceeding 122 characters. When the path length is reduced to 122 characters, notepad.exe runs OK in a sandbox.

"Kaspersky AV software uninstalls itself and mounts UltraAV in its place" "Kaspersky replaced with UltraAV in the US" https://software.informer.com/Stories/kaspersky-replaced-with-ultraav-in-the-us.html My ancient version of Kaspersky still updates OK: Update on 12Apr2025: the 3 screenshots here were deleted, but can be seen at http://web.archive.org/web/20250412184845/https://msfn.org/board/topic/184730-antimalware-firewall-and-other-security-programs-for-windows-xp-working-in-2023-and-hopefully-beyond/page/80/

Some versions of software require SP3 and don't install or run under SP2, e.g. Beyond Compare 4, MiniTool v10, Paragon Hard Disk Manager 15, HDDScan v4.0, MyPal68 v68.13.8, LibreOffice v5.4.7.2 TCP-IP patch v2.23d by LVLLord may resolve the TCP-IP issue http://www.lvllord.de/?lang=en&url=downloads The removal of features ("security enhancements") was perhaps intended to make it harder for certain download programs, for example when eMule is running 24/7 and the internet provider disconnects and reconnects the internet connection regularly, e.g. every 24 hrs. The patch seems to allow eMule and uTorrent to resume downloading as if nothing had happened. A value of 50 is recommended at that website.

I am still one of them. My "progressive" WinXP opsys/partition backups are based on WinXP SP2, on computers where Win98 is also installed on another partition. By "progressive" opsys backup I mean a clean previous opsys backup plus clean re-installs of programs which I want to add permanently. For creating a new "progressive" opsys backup I restore the previous "progressive" opsys backup, then make a clean install of new useful software to be added plus detect useful new hardware, then created the new "progressive" opsys/partition backup. Since about 2017, I usually install the WinXP SP3 Service Pack update, as a 2nd step, after having restored an opsys backup. I have archived my old "progressive" partition backups, specific to each computer, starting in June 2009. For example, I could restore the WinXP opsys backup "WinXP_Inspiron_11Sep2010.gho", so that WinXP on the Inspiron 7500 is back to how it was on 11Sep2010. I also keep an Install Log .txt file, documenting what software etc was added in each "progressive" opsys backup. With Ghost Explorer I can easily see and extract files contained in the .gho files. My last clean WinXP opsys backup of the Inspiron 7500 laptop (Pentium 3 SSE-only) was made on 6Jan2024 and contains WinXP SP2, not SP3. and the last clean WinXP opsys backup with the Asus P5PE-VM desktop (Pentium Duo E2200), also with SP2, was made on 11Feb2024. So it would be possible to benchmark these two computers with and without SP3, if I just had the time. Different benchmark results of SP2 vs SP3 on the Asus P5PE-VM desktop (Pentium Duo E2200) are of lesser importance to me, unless the potential deterioration caused by SP3 would be so serious as to reduce the usefulness of computer. With the old Inspiron 7500 laptop (Pentium 3 SSE-only), however, a benchmark SP2 vs SP3 might be quite useful to me, especially for deciding whether to add a new operating system "Windows XP SP3", containing software which requires SP3. I am still using System Commander v9.04 as boot manager, on computers where Win98 is also installed, and most of these computers contain a rarely used, additional 2nd instance of WinXP, installed onto an NTFS partition, so there would be a drive letter available for a "Windows XP SP3" partition. BTW my main WinXP is installed onto a FAT32 partition for compatibility with Win98. I haven't noticed a major performance deterioration caused by the WinXP Service Pack 3 update on the Inspiron 7500. But maybe I just didn't notice it because the old Inspiron 7500 laptop is already sooooo slow, especially with web browsers, so that any additional sluggishness would slip my attention. BTW my computers become perceptably crisper after a clean opsys restore. Maybe because no junk is restored, maybe because Ghost restores a pretty much defragged partition.

Yes, test results of PCMark do vary. But 6-16% worse is a little high.

Maybe, maybe not. PCMark uses, for example, qasf.dll [=DirectSHow ASF Support] of the Windows Media Player to calculate graphic test values. It would be logical to expect that the use of different versions of qasf.dll, contained in different versions of WMP, would result in different graphic test results. But how could audio-/video-related dlls affect CPU Scores (-8.1%), Memory scores (-10.2%), Graphics scores (-16.1%) and HDD scores (-6.6%) when the test was made with Windows Media Player 11 instead of WMP 9? Big puzzle, but WMP is a Windows component. Again, I had stated in my posting "The above comparison of Windows Media Player 9 vs 11 with PCMark04 has, however, a major issue: the initial test of 10Sep2024 was not made after a partition restore, so other issues may have contributed to the worse performance of Windows Media Player 11." Maybe repeating the WMP 11 vs 9 benchmark test after identical partition restores could create clarity, but it's too time-consuming for me. The worse test results with Windows Media Player 11 just don't give me a reason for upgrading from v9 on the old Inspiron 7500, especially since I do not use Windows Media Player, except with PCMark. The apparent worse performance of WMP11, and the consequent rejection of PCMark05, which requires WMP10 or 11, is relevant for my weak, old Inspiron 7500, but should be less relevant for my stronger desktops, their performance and speed is not that important.

Maybe "tsu schee" ? In my posting of 10Sep2024 I had displayed a screen shot of the test results of PCMark04 on an Inspiron 7500 laptop (650MHz Pentium 3 SSE-only), run with Windows Media Player 11 installed. The overall score was 568. I have subsequently restored the WinXP partition to a clean, pre-PCMark partition backup. I then installed Windows Media Encoder 9 and PCMark04 v1.3.0 and then ran PCMark04, i.e. with the default Windows Media Player 9, which comes with WinXP, instead of Windows Media Player 11. The overall score was 617. The better test results with Windows Media Player 9 show that the last version for WinXP (i.e. v11) is NOT the best version for every computer, e.g. the old Inspiron 7500. The test with PCMark04 shows that installing the system component Windows Media Player 11 will probably degrade the performance of the old Inspiron 7500. Unfortunately PCMark04, in contrast to PCMark05, does not create a log file showing how long the tests took. The above comparison of Windows Media Player 9 vs 11 with PCMark04 has, however, a major issue: the initial test of 10Sep2024 was not made after a partition restore, so other issues may have contributed to the worse performance of Windows Media Player 11. BTW, Windows Media Player 11 canNOT be uninstalled, only a rollback can be made. I made a rollback to the previous version (i.e. v9) in two steps: -> Start -> Run -> enter %windir%\$NtUninstallwmp11$\spuninst\spuninst.exe -> Start -> Run -> enter %windir%\$NtUninstallWMFDist11$\spuninst\spuninst.exe I had installed WMP11 NOT by running wmp11-windowsxp-x86-enu.exe, but by first extracting wmp11-windowsxp-x86-enu.exe and then running first the extracted wmfdist11.exe and then the exptracted wmp11.exe I don't know how long the test with PCMark04 took on the Inspiron, PCMark04 does not create a .log file. The test with PCMark05 took 7:40hrs PCMark04 does have a special use with very old computers, e.g. the Inspiron 7500 laptop, identifying software and hardware components which slow down the computer, a critical issue for the usefulness of old computers. One benefit of installing older PCMark04 instead of PCMark05 is that PCMark04 works OK with Windows Classic. To restore my previous Windows Classics, e.g. after uninstalling PCMark05, I made the following 3 steps: 1) -> right-click on desktop -> Properties -> in Themes tab: -> select Windows Classic 2) in a Windows Explorer window: -> Tools -> Folder Options -> select Use Windows Classic folders (had been changed to Show common tasks in folders) AND: ->select Open each folder in its own window 3) to restore colors used for high-lighting, etc: -> right-click on desktop -> Properties -> in tab Appearance: - in drop-down box Color Scheme: -> select Windows Classic - in drop-down box Windows and buttons: -> select Windows Classic style I am not sure whether I will keep PCMark04 on the old Inspiron 7500. The 3D test component of PCMark04 still takes many hours. eventually I will test-install PCMark2002. Maybe this old Win98 version is the best version for the Inspiron 7500 under WinXP.

I also have an internal 4MB video card for the Inspiron 7500. My Inspiron 8000, the successor model to the Inspiron 7500, has a 32MB video card, but if I remember right it doesn't fit physically into the Inspiron 7500 and, if it did, it might damage the DC-DC board in the Inspiron 7500 because of the higher power consumption. The Inspiron 7500 is my favorite oldtimer laptop, it works with three internal HDDs/SSDs, which do use already a lot of current. The DC-DC board is the 2nd most fragile part in the Inspiron 7500, after the cracking hinges and the cracking plastic.

I "agree to disagree", but my opinion is only one man's opinion