Jump to content


  • Posts

  • Joined

  • Last visited

  • Donations

  • Country


Everything posted by Acheron

  1. bphlpt, I think Roffen means the DOSNET.INF setup file that is used by Windows XP setup. He has two copies of the DOSNET.INF file without extension on his system. He wants a original version of this file for unclear reason, as this file is probably useless on a running system. As this file is part of Windows XP I don't think we can provide him a copy.
  2. I think you mean Portable Internet Applications when you refer to PIA, do you?
  3. It depends on the software you use. I have installed .NET Framework 2.0, 3.5 and 4.0 so I don't have to remember to install these everytime I want to test some software. Currently the only software on my system that requires .NET Framework is QTTabBar and the Microsoft Keyboard Layout Creator. Nothing else. BTW, Does Norton ConnectSafe DNS block links to malicious Adware install applications? Because Google Safe Browsing does not block these.
  4. I have never heard of a file dosnet.org being part of Windows XP. Why do you need this file?
  5. You can also try HitmanPro.Alert It also supports Windows XP and if you click the link it shows a nice feature comparison sheet, listing regular Anti-Virus, EMET, MBAE, Traps and HitmanPro Alert features. Of course, this is only information from the manufacturer of HitmanPro.Alert, so I can't say anything about if the information is accurate.
  6. I mentioned running both EMET and MBAE simultaneously might be a good idea, as the link Sampei.Nihira posted mentioned a security researcher who found an exploit that circumvented EMET protection mechanism. Luckily it was caught by MBAE. I assume the security researcher was running both programs at the same time. I have not tested running both programs at the same time myself, but I see no reason why you couldn't run both EMET and MBAE simultaneously. See also the following post on the Malware Bytes forum for an explanation about EMET and MBAE functionality and that they basically complement each other.: https://forums.malwarebytes.org/index.php?/topic/143156-any-extra-benifits-running-emet-with-mbae/#entry797279
  7. So to improve the security on your running system, you should install multiple products and have them actively monitoring your system as only running an Anti-Virus is not enough these days. This would mean running a good anti-virus software package, installing and configuring EMET for running processes plus an additional anti exploit package like MBAE and still be very suspicious when opening email documents or visiting webpages from unknown persons.
  8. Another benefit of using a VM is that you don't need to set up a secondary machine to test on. While installing the OS you can continue using your system like you would normally. The 15 minutes you now spend installing your system for each test build can be used more efficient by installing the OS in the background on your running system.
  9. Excellent help, Acheron! Thanks for your useful suggestions!I've just checked the last version of MassStorage Driver Pack from http://driverpacks.net/downloads and it seems that this file is the most up-to-date: DP_MassStorage_wnt5_x86-32_1209.7z But you wrote "the latest MassStorage Drivers 14.11.191". Did you find them on driverpacks.net or somewhere else? Glad to know that I should have 200 MB left for integrating drivers! So I won't have any space problem if I integrate CPU, Chipset, MassStorage, LAN and WAN drivers. For these last 2 packs, would you recommend to firstly remove the ones coming from the XP SP3 I386 folder (less than 3 MB as nLite indicates), before integrating LAN and WAN packs from driverpacks.net? You said you had removed a lot of legacy drivers. Actually, I wish to remove many legacy drivers as well: "Cameras and Camcorders", "IBM PS/2 TrackPoint", "IBM ThinkPad", "Logitech Wingman", "Microsoft SideWinder", "Printers" (nLite suggests to keep just a specific file needed for PDF printers, do you know its name?), "Scanners", "Sony Jog Dial", "Toshiba DVD decoder card". Do you have a similar list of removed drivers? But I wish to keep other ones: "ATM", "Display Adapters", "Multifunctional", "Portable Audio", "SCSI/RAID", "Serial Pen Tablet", "Sound Controllers" and "Tape Drives". These all count just about 5 MB. Would you instead remove some of them? Why? Finally, would you even remove "ISDN" and "Modems" drivers? They count more than 15 MB but I'd like to keep them. After all, I have a 56k modem integrated in my old laptop that I can use in particular but possible occasions (with router and ADSL modem out of order). You can download the latest driver packs for Windows XP on the driverpacks forum here: http://forum.driverpacks.net/viewtopic.php?id=6622 There are multiple threads for Windows XP. I would recommend to only use these, as the regular driver packs are not updated anymore. These nightlies are actively maintained by TechDud. I haven't used a dial-up modem in a long time, but you should be able to remove the legacy modem drivers using nLite and still keep dialup support. I have the option to install a dialup modem still available. Most 'modern' modems built into laptops use the standard dialup modem driver. I also remember ISDN. ISDN was a newer DSL technique with better speed 64kbps instead of 56kbps. You have to look up if your current dial-up connection is 56k6 or 64kbps. Here in the Netherlands you can still use a ISDN connection, but all major ISPs are switching from ISDN to VDSL. If your current ISP connection is not over ISDN you can remove ISDN support. I did ran into a problem using the software for my old Nokia when I removed the legacy modem drivers. You need to add mdmcpq.inf to the nLite exclude list to prevent issues with USB modem drivers: KB837637 - How to use or to reference the Usbser.sys driver from universal serial bus (USB) modem .inf files I removed IBM Thinkpad drivers, IBM PS/2 trackpoint driver, legacy display drivers, old Terminal Services Client, old Terminal Server Client for the Handheld PC, Toshiba DVD decoder card driver, legacy printer drivers, legacy scanner drivers, legacy multifunctional drivers, MSN Network HTTP authentication, old camera and camcorder drivers, portable audio drivers, Windows TabletPC and Windows MediaCenter references, old Network Monitor driver. I did keep the Sony Jogdial support. This driver is not available online and you may run into issues when installing Windows XP on some old Sony laptop. To further save space I removed Windows upgrade support. You should be able to remove everything from the I386\WINNTUPG directory except NETMAP.INF and NETUPGRD.DLL You can also remove I386\WIN9XMIG and I386\WIN9XUPG folders safely and still keep recovery console support working. Manual Install and Upgrade should also be functional, (starting Windows XP setup from within Windows). I have not documented my XP reducing techniques in detail. My general procedure was to remove a specific component with nLite. Then manually revert any changes I didn't want, like the white space and comment removal changes applied by nLite, the nLite helper app added, etc... and then use the latest DriverPacks Base version to integrate the latest drivers. After running DriverPacks Base I did the same, removing any changes I didn't like. I integrated Ricktendo and YumeYao's Common Printer Drivers and XPS Addon 1.2.3 after removing the Printer drivers by nLite to keep printer support. If you want to know which specific printer drivers I removed please send me a PM. If I load my current Windows XP Source in nLite I can still select Printers to remove as an option, file size 33.74 MB. To keep track of everything I use version control. I found a Printer driver keep list in my project reference folder that I probably used: printer driver keep list.txt locale.gpdp6disp.gpdp6font.gpdpcl4res.dllpcl5eres.dllpcl5ures.dllpclxl.dllpclxl.gpdpjl.gpdpscript5.dllpscript.hlppscript.ntfstdnames.gpdstdschem.gdlstdschmx.gdlttfsub.gpdunidrv.dllunidrv.hlpunidrvui.dllunires.dllpjlmon.dllremove the following:plotui.hlpplotui.dllplotter.dllI am not sure if you can safely remove the MassStorage drivers, LAN and WAN drivers first using nLite, before integrating the latest driver packs. The driverpacks do not include any drivers that are installed by default on Windows. When you integrate the latest DriverPacks it should include updated drivers for most hardware. In case there was never made an update to the original driver included with Windows XP you can run into some issues. I was thinking of updating the DriverPacks to add support for these legacy hardware so it wouldn't matter if integrating DriverPacks on a nLited source.
  10. I noticed the comments in the thread on RyanVM are not available anymore. I had some remarks about the latest certificate changes added by Microsoft, while Google chooses to distrust these certificates instead. You can read about it here: http://www.wilderssecurity.com/threads/rcc-check-your-systems-trusted-root-certificate-store.373819/page-8#post-2558843 Maybe something interesting to try if you are security minded is installing Malwarebytes Anti-Exploit. It is similar to EMET, but much easier to use, as you don't have to specify processes yourself. Another option is Hitman Pro Alert. Both programs still support Windows XP.
  11. My all time favourite theme for Windows XP is VistaVG Ultimate (Black48), not to be confused with the VistaVG Black theme. It looks great, and although it has a few minor issues using a custom DPI (150%), the start menu user icon is black and misaligned and the minimize, maximize and close buttons have wide spaces between them, I still prefer this one over any of the default Windows XP themes.
  12. Just for reference, it is possible to integrate a lot of drivers and stuff and keep Windows XP install source under 700 MB. My Windows XP SP3 I386 source folder after integrating the latest updates is about 470 MB. This includes Internet Explorer 8 and Windows Media Player 11, the latest MassStorage Drivers 14.11.191, Ricks/YumeYao's Runtime Addon 2.2.3, Ricktendo and YumeYao's Common Printer Drivers and XPS Addon, User-Mode Driver Framework version 1.9 and more. To keep the size small I have removed a lot of legacy drivers. Remind you this is about drivers for very old hardware, released before 2001. This results in a driver.cab file of only 19 MB. Other things I have removed are Microsoft Netmeeting and MSN Explorer. My complete CD is around 500 MB now (including DOCS, SUPPORT and ValueADD) excluding the OEM folder. I have kept the LANG folder though and not removed any critical files or services. So you then have about 200 MB for Driver Packs. This allows integrating Chipset, Massstorage complete support, LAN and WAN drivers. The Sound driver pack is very big. I suggest to not bother integrating these, but install the sound drivers manually. If you need help removing specific stuff you can contact me. I also removed OOBE and OEMBIOS.BIN files, but I can not discuss removing that here. About integrating additional software and stuff. This is also possible on a CD after integrating DriverPacks, but to accomplish this you will have to remove some Windows XP components that can affect the functionality. I do not recommend this, and instead I strongly recommend to use a secondary CD for these or better move to using DVD's as you won't have this problem and as a bonus have better read disc performance (I'm not really sure about this last statement, but I think so as DVD discs have a higher data density). Currently my Unattended install folder contains about 1 GB of files of which the following are big: Adobe Flash Player plugins for ActiveX and Firefox: 36 MB Adobe Reader 11.0.14: 74 MB LibreOffice 5.0.4 and latest help files: 217 MB Microsoft Security Essentials including the latest security definitions: 127 MB Microsoft .NET 2.0, 3.5SP1 and 4.0 and localized files: 104 MB Mozilla Firefox 43.0.4 including addons, custom themes and more: 60 MB Mozilla Thunderbird 38.5.1 including addons: 36 MB Nero 8 Lite: 32 MB Oracle Java JRE 8.0 update 72: 47 MB Using a DVD I don't have to worry of running out of available disc space, when integrating newer versions of these software packages.
  13. I don't use Java often. The only reason I still install it is mainly for LibreOffice.
  14. Java 8 update 72 works fine here on Windows XP and Firefox 43. See if you can run the Java tester at http://javatester.org/version.html Note to be able to run any Java plugin in the browser you have to add each site to the domain exception list first in the Java control panel. You can also run the official Java verify plugin at https://www.java.com/en/download/installed8.jsp using the same procedure of adding the domain to the exception list first. The only thing that does not work is the Java uninstall applet https://www.java.com/en/download/uninstallapplet.jsp. It adds an exception to the Java console: JRT INFO: Running Java Removal Applet version: 2.2JRT INFO: Browser: Firefox 43.0, user agent: Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0JRT ERROR: java.io.IOException: Cannot run program "C:\Documents and Settings\{UserProfile}\Application Data/Oracle/Java/Uninstall/UninstallJavaVersions.exe": CreateProcess error=193, %1 is geen geldige Win32-toepassing at java.lang.ProcessBuilder.start(Unknown Source) at com.oracle.javauninstall.applet.A.a(Unknown Source) at com.oracle.javauninstall.applet.A.a(Unknown Source) at com.oracle.javauninstall.applet.y.run(Unknown Source)Caused by: java.io.IOException: CreateProcess error=193, %1 is geen geldige Win32-toepassing at java.lang.ProcessImpl.create(Native Method) at java.lang.ProcessImpl.<init>(Unknown Source) at java.lang.ProcessImpl.start(Unknown Source) ... 4 moreJRT ERROR: Error while getting admin flagjava.io.IOException: Cannot run program "C:\Documents and Settings\{UserProfile}\Application Data/Oracle/Java/Uninstall/UninstallJavaVersions.exe": CreateProcess error=193, %1 is geen geldige Win32-toepassing at java.lang.ProcessBuilder.start(Unknown Source) at com.oracle.javauninstall.applet.A.a(Unknown Source) at com.oracle.javauninstall.applet.y.run(Unknown Source)Caused by: java.io.IOException: CreateProcess error=193, %1 is geen geldige Win32-toepassing at java.lang.ProcessImpl.create(Native Method) at java.lang.ProcessImpl.<init>(Unknown Source) at java.lang.ProcessImpl.start(Unknown Source) ... 3 moreJRT ERROR: Initialization failed on isAdminException in thread "Thread-16" sun.awt.SunToolkit$InfiniteLoop at sun.awt.SunToolkit.realSync(Unknown Source) at sun.awt.SunToolkit.realSync(Unknown Source) at com.oracle.javauninstall.applet.H.run(Unknown Source) at java.lang.Thread.run(Unknown Source)
  15. I was already suspicious when the original poster did not reply when I provided an easy answer. I did PM him after a day but he did not respond. The pattern is clear as both accounts are new users with the same kind of random generated name. Next time a user comes along with the same kind of username attached with zero post history I will look up if the question has been asked already. It is interesting to see if the answer provided will show up on some other site. And it is a shame this has to be my official 1000th post
  16. I have changed the first post as it listed under features that my modified HFSLIP supports integrating OnePiece IE8 Addon. That is not the case! My version only supports running HFSLIP after integrating OnePiece IE8 Addon using RVM Integrator 1.6.1 beta 2.1 (older versions may work, but I only tested this version as it is the latest and contains the least amount of bugs)
  17. Just for information the recovery service I used was https://online.officerecovery.com/excel/ It also offers an option to recover the full file for free, but you will have to wait 14 days to be able to download it. If you are not in a rush you can try it.
  18. I have uninstalled EMET 5.0 as I see no use for it. Most options are not supported on Windows XP anyway. BTW, EMET is not a security monitoring tool. It allows you to apply some security enhancements to programs like randomizing memory addresses and disallowing specific calls. You have to explicitly enable monitoring specific applications. By default EMET does not protect any running processes.
  19. EMET 5.1 and EMET 5.2 install fine. However using it and trying to protect a process results in the entrypoint not found error as mentioned here: http://www.wilderssecurity.com/threads/emet-enhanced-mitigation-experience-toolkit.344631/page-33#post-2426312 To fix this we need something like KernelEx for Windows XP to implement the missing functions. EMET 5.0 and newer require .NET 4.0 to be installed and fully functional.
  20. I have tried a hexeditor on it but did not manage getting the contents of the file to load in LibreOffice. However I did manage to get the contents of the file to display in LibreOffice after uploading the file to an online recovery service Here are the contents of the first 20 lines in csv format: ,"V3B 24P, Sample received on 4/16/12, were requested to run"1,INOBA 139A32,GB-EUH 042173,GB-EUH 042284,GB-EUH 042455,GB-EUH 042216,GB-EUH 042237,GB-EUH 042118,GB-EUH 042369,GB-EUH 0422010,GB-EUH 0421811,GB-EUH 0424712,GB-EUH 0426513,GB-EUH 0425514,GB-EUH 0424615,GB-EUH 0423716,GB-EUH 0424917,GB-EUH 0424818,GB-EUH 0425419,GB-EUH 04239The full file contains 3800 lines of this information, but the file recovery service I used only listed the first 20 lines for free.
  21. I did have some problems with versions later than 4.1, and the departed hmuellers did warn that versions later than 4.1 might have problems under XP. The main issues were the Trust button not working, which I've since fixed, and the tray icon not working, which is important as it provides error popups if the program detects a problem. Now I've fixed the former problem I might try version 5.0 again (later versions had other issues). EMET 5.0 is the last one compatible with Windows XP. The tray icon seems to be working fine on my system. It showed a pop-up when it blocked a call from Daemon Tools Lite.
  22. I have tested Gora's Universal Extractor 1.9.11, but this version has changed some functionality, so I'm back to using The feature of Universal Extractor I use the most is extracting Windows XP updates, and it appears this feature is broken in 1.9.11. Another option I often use is decompressing upx'd files, without extracting the contents directly. Universal Extractor 1.9.11 now automatically extracts the files instead of asking about unpacking the exe only to a new file.
  23. Just for reference I am running EMET 5.0 without any issues on my system. Why don't you upgrade to this version instead of using old EMET 4.1?
  24. With all due respect: They are not used by IE8, but they are used by Explorer.exe (the windows explorer)... and, on inspection, they have small differences only, from version to version, but they sure aren't just upped in version number. Nor just that and different checksums and PE Timestamps, of course, either... Of course you can install these files manually, but you don't need to install them to fix security issues if you have Internet Explorer 8 installed. Updating these files manually can cause issues with System File Protection kicking in.
  25. The IE6 update is needed to workaround the following problem: KB972582 - You receive an empty dialog box when you run the "Rundll32.exe shdocvw.dll, DoOrganizeFavDlg" command I integrate both the IE6 and IE8 updates using HFSLIP. On my running system I don't try to update browseui.dll and shdocvw.dll as these files are only upped in version number. Using an older version of these files is fine as these files are not used by Internet Explorer 8. About crashes and burns using PosReady 2009 updates I have not had any, but you may run into some unexplained issues. I ran into a very specific Firefox crash problem on some site and after spending way too much time on it I suspect that a GDI or Win32k security fix was the cause of the issue. You can read about my experience here: https://bugzilla.mozilla.org/show_bug.cgi?id=1205771

  • Create New...