mike1504

The USP4 loaded nicely without the files in quesion. I'm not sure what their purpose was, but they carried names that are part of .net framework, but of a very different binary. It would be nice to know what they do...and of course I will have to disable Avast to do any thing with them...It already stole one of them after I disabled it long enough to re extract them...just because I right clicked to check the hashes. I really do appreciate the work that Harkaz put into this rollup. It was nice to only need some POS updates when the install completed.

I uploaded all 3 of the files tonight. Yes they were detected earlier, but the sha1 and MD5 checksums on the scanner match those of the files I uploaded. I doubt seriously the files differ at all. If it were just MD5 checksums there might be a small chance, but not with the SHA1.

https://www.virustotal.com/en/file/d6228c8b50bb699bb0bb2f2ec80f021529222547539bad3a173db1c35edd92c0/analysis/ https://www.virustotal.com/en/file/f3d91a375d16f578487a839fd10a912ebe0b960c92cbabe86cbf8c714dedd884/analysis/ https://www.virustotal.com/en/file/f01b7f5d0a361a769af3d96c37da037a8f9c6cf7a1bbfc2360598e0ce6664115/analysis/ Here are the results. I use Avast

My virus scanner reported 3 infected files in USP4 v2 They are: WindowsXP-USP4-v2-x86-ENU.exe\i386\root\dotnetfx\ndpsp.exe WindowsXP-USP4-v2-x86-ENU.exe\i386\root\dotnetfx\setup.exe WindowsXP-USP4-v2-x86-ENU.exe\i386\root\dotnetfx\dotnetfx.exe I verified that about 1/3 of scanners at virus total. Downloaded from: https://drive.google.com/folderview?id=0B7k-l_4omFECNWRGNHBEdVBsTTA&usp=sharing The SHA1 hash from Ryanvm's web site matches with my executable: SHA1: 95AE364CE2CB39D9ED022E84F8829C883F43AB5F Hash is from: http://www.ryanvm.net/forum/viewtopic.php?t=10321 Found the same infections in the 2 CD download of v2 as well.