eidenk

Flash is proprietary. You can't view Flash objects' source code and source media (not legally, anyway). The web is based on open standards. Also, it doesn't resize to the viewport, and it doesn't degrade gracefully (which is a problem for blind users (like Google!)). Mmmh we were talking about flash embeded videos. You can do whatever you want with them. Watch them offline or convert them to other formats easily. And I don't quite understandand what you mean by graceful degradation of flash

Actually it is the main vector of its propagation, come on! YouTube made video dependant on bandwith ? Care to explain better what you mean here ?

Who needs a resident virus scanner anyway ?

Because flash files or pdf files cannot be shared, duplicated ad infinitum maybe ? And they don't allow fast access and easy, intuite, human friendly interraction perhaps ?

Perhaps all those commercial apps have not been mentioned, I could not find them on the first page so... $$$$ LAST Adobe InDesign 2.0 (eBay) $$$$ LAST Adobe Premiere 6.5 (eBay) $$$$ LAST Steinberg Cubase VST 5 (eBay) $$$$ LAST Steinberg Wavelab 4 (eBay) $$$$ LAST Cakewalk Sonar 2 (eBay) $$$$ LAST Emagic Logic 5.5 (eBay) $$$$ LAST Sonic Foundry Sound Forge 5 (eBay) $$$$ LAST Sonic Foundry Acid Pro 4 (eBay) $$$$ LAST Corel Painter 8 (eBay) $$$$ LAST Corel Draw 11 (eBay) $$$$ LAST Serif Photoplus 11 (eBay) $$$$ LAST Serif DrawPlus 8 (eBay) $$$$ LAST Serif WebPlus 10 (eBay) $$$$ LAST Serif PagePlus 11 (eBay) $$$$ LAST Serif ImpactPlus 5 (eBay) $$$$ LAST Serif MoviePlus 4 (eBay) $$$$ LAST Jasc Paint Shop Pro 9 (eBay) $$$$ LAST Ulead MediaStudio Pro 7 (eBay) $$$$ LAST Ulead Photoimpact 11 (eBay)

I also think the MBR is a place to watch as an "autostart" location. Insted of directly jumping to the boot partition it could well jump, if infected, to malware code written on the 62 sectors before the first partition starts on sector 63. Perhaps unlikely as there could be boot manager code there.

I also wanted to say that my Opera browser has been infected twice that I am aware of. In both cases the opera.exe had been patched. I am clueless as to what the vulnerabilty leading to those patching is.

About IO.SYS, I think this file must be checked regularly to make sure it has not be tempered with. I am using this tool but there are many other similar ones I think. http://stols.com/net/md5pack.html

This has got to be the best autostart list I know : http://gladiator-antivirus.com/forum/index...showtopic=24610 I recommend checking autostart locations "offline" as a good rootkit would hide all its keys even from safe mode. RegExport seems to be an excellent tool for doing that : http://freenet-homepage.de/h.ulbrich/

I have read the discusion about webcheck.dll and wanted to say that this file can safely be removed entirely from the system as it is used only for fetching items online in order to update the "Active Desktop" which no one uses I think. I don't have a webcheck.dll in my system for years now and amongst the thousands and thousands of applications I have downloaded not a single one ever complained it was missing this file.

Just wanted to mention that I am the MSFN member who passed those 9x rootkits to Herbalist as mentioned in the thread linked by him above and I point out that they are visible from at least two win32 applications which are System Internals OpenList and Process Explorer (In explorer.exe handles pane for the latter) if I recall correctly. As already mentioned in an old thread there are at least two very easy to use applications for generating rootkits for 9x systems, AFX Rootkit 2003 (Ring3 rootkits that should be invisible only from win32 apps running in the main virtual machine)) and 9xRx (Ring0 rootkits that I think should be invisible from any virtual machines, Win32, Win16 or DOS). One thing that I consider a big vulnerability and which I have discovered is the little known Folder Shortcut (otherwise known as Shell Link I think) feature that permits to completely hide (executable) files from explorer and the find utility. It cannot be exploited by browsing websites but could infect, for example, a downloaded zipped archive containing html files and subfolders. A casual inspection with the find utilty looking for all files would show nothing wrong but opening the html with Internet Explorer would silently execute the hidden executable thanks to a little bit of javascript with the onload tag and the fact that the browsers views this html in the trusted zone (the local machine). I think I made several very simple proofs of concepts of it. I'll dig them up and upoload them if someone's interested.

That's just normal I think. For as far as I can remember I have always seen that on my Windows ME system. All tools that indicate global CPU usage say 100% and when I look with TaskInfo 98 or Process Explorer the idle process uses 97-99% usually. Funny that there is not a single tool that substract the idle value from 100 and presents it as the cpu usage though.

If you like that kind of stuff, here is Tray Animations http://download.computerbild.de/downloads/...44/trayanim.exe Edit: Get this one instead that I have just uploaded, there is a bundled library of nearly 500 animations plus an animation editor : http://www.mediafire.com/download.php?aunmenandad Very rare freeware stuff you can't elsewhere online I think.

I am using Kaspersky as an on-demand scanner, I wouldn't recommend to anybody to be without a good and updated virus scanner. I have not had an infection from browsing the internet during the last 5 years, using Win98 + Opera. My eMule downloads with Win98 contain about 5-10 trojans etc per day, but I have not had a worrying virus infection in the last 5 years. I let eMule download many differences instances. When they are processed they goes first thru Kaspersky, which doesn't like 10-15% of them. WinRAR then has problems with another 10-15%, that goes. After extracting, Beyond Compare can help identify suspicious stuff (lone instances, large nfos). Whatever has many instances when extracted is usually clean, and whatever looks unusual or smells fishy, goes. Just out of curiosity, what is the kind of stuff you download apparently so much from P2P, that is executable code, that has nfos and that DOES NOT SMELL FISHY ?

How about -> right-clicking on any printer icon in the Printers folder, then -> select Properties?Oh yeah right but there is nothing to be seen there from coupon printer, either port or driver.

Check that your RAM is not faulty by runing memtest86+ or another app of that type. http://www.memtest.org/

So where is the VB6 version ?

No, I see no trace of a printer driver but I don't have a Printer Properties -> Details tab -> Ports to tell you the truth, just a virtual folder with icons for the printers I have installed. And btw, it is not ok for a proggy to fetch a dll from the internet and drop it in the sys dir like that, regardless of what this dll may or may not be. And btw as well it is not because you checked an old installer with kaspersky that it's ok either. It fetches a dll from the net and for what I know this one could well be a zero-day eventually.

The Network applet is very nice and useful.

Could not access the site with Opera either but have downloaded it through this direct link I and installed it for the sake of fun. It went fine (I have KernelEx installed.) It's just an IE toolbar and it seems to be working fine in IE 5.5. The toolbar gets populated by menus whose content is fetched from the coupon website and clicking on them sends you on the coupon website which can be visited fine with with Win ME's IE 5.5. That's all there is to it it seems. As for the IndigoRose installer, you can't unpack them. That's actually why they have customers I believe. Edit : No there is a little bit more than that. That's what it installs in windows initially New : 3908 2007-03-27 23:43 CBBasis.xml New : 7 2005-07-11 16:11 CBVersion.txt New : 509272 2007-11-30 07:17 CouponBarIE.dll New : 71008 2008-06-18 07:24 CouponPrinter.ocx And that's what it dowloads to the system dir while on-line : -------- system New : 3908 2007-03-27 23:43 CBBasis.xml New : 202072 2009-04-29 21:48 cpnprt2.cid cpnprt2.cid is in fact a dll Fishy... It's all removed now I hope there was not a rootkit in there as well...

Those are I think some of the best resources for free video software : http://www.videohelp.com/tools http://www.doom9.org/index.html?/software.htm It's a bit of a jungle due to the amount of stuff listed but you should find all you need.

How come isn't the awesome WinDirStat already listed ?

The thing is, Tihiy, that RP9 does install and uninstall, but when it is installed it does not seem to work, I mean I can't load a skin for example. Skins are listed (but I don't think displayed properly) in the config panel but selecting one and clicking apply or OK yelds nothing. Same goes for everything else I tried. So I was not sure it was working at all, including your User and GDI optimizations. And I am not sure I understand why no change in the resource usage is the best you could expect as dencorso seem to have positive results. Maybe you've understood it as my resource usage remaining constant after some use of the OS. If so that's not the case. RP9 is installed but everything seems to behave as if it wasn't there. Maybe that's all off topic here and I should post it in the in the RP9 thread. As for reviving the GDI expander you had worked on, I think it is certainly a good idea but perhaps without an equivalent User expander it does not make too much sense, as it's the User resources that seem to always be depleted the most here. You know better anyway if you want to spend time and efforts on that or not. If it's lot of work for at best very little expected results, then there is perhaps no point in it. I'd be just glad right now if I could get the same boon as dencorso does.

Both quality of blank DVDs and/or too high burn speed can affect succes in burning DVDs I think. With the DVDs I have I can only burn succesfully at 2X speed. If I try to burn them at 4X speed I almost systematically fail the burns. I don't think the OS version has anything to see with that.

Well I am just trying RP9 right now and I don't see any difference at all. I have tried full install and also minimal install and there is no visible difference that I can see. But RP9 as a whole does not seem to work at all here I must say. Maybe that's because I am using Windows ME