submix8c Posted February 2, 2015 Posted February 2, 2015 Not so sure you can do that. My investigation reveals MS integrated some HotFixes, not to mention a couple of VM-oriented files. I wouldn't use the Unofficial SP4 except against a clean SP3-only Install. Sorry... (and a big FYI...) Addendum - I could be wrong - maybe the SP4 "checks" for any pre-existing HotFixes? I haven't used/tried it yet.
bphlpt Posted February 2, 2015 Posted February 2, 2015 Like I said, I haven't used it yet either, so I could have misunderstood. But this is the conversation I remembered from back in Oct 2014: I tested this on 2 virtual systems, an existing XP mode VM that I have been using for quite some time and a fresh XP mode VM. The existing XP mode VM is now stuck in a reboot loop and the fresh XP mode VM install took several tries to boot to desktop but once it did everything seemed fine aside from the fact that automatic login seems broken. It asks for a password but should not.On the off chance you don't know this VM it is the free XP VM you get to use with 7 pro.For automatic logon to function porperly, make sure that the user account you're using to logon with exists. I'm testing XP SP4 in XP Mode right now.Issue fixed. I will add RDC 7.0 MS catalogs and fix a registry entry in xpfixit.inf. I type this Message from Windows XP Mode with Integration Features enabled. I don't like Windows XP Mode, but it seems to work fine now.Cool, thanks. XP mode is not the greatest way to emulate XP for sure but a lot of people use it so it was good to fix this bug.Cheers and Regards 1
mike1504 Posted February 15, 2015 Posted February 15, 2015 (edited) My virus scanner reported 3 infected files in USP4 v2They are:WindowsXP-USP4-v2-x86-ENU.exe\i386\root\dotnetfx\ndpsp.exeWindowsXP-USP4-v2-x86-ENU.exe\i386\root\dotnetfx\setup.exeWindowsXP-USP4-v2-x86-ENU.exe\i386\root\dotnetfx\dotnetfx.exeI verified that about 1/3 of scanners at virus total.Downloaded from:https://drive.google.com/folderview?id=0B7k-l_4omFECNWRGNHBEdVBsTTA&usp=sharingThe SHA1 hash from Ryanvm's web site matches with my executable:SHA1: 95AE364CE2CB39D9ED022E84F8829C883F43AB5F Hash is from: http://www.ryanvm.net/forum/viewtopic.php?t=10321 Found the same infections in the 2 CD download of v2 as well. Edited February 15, 2015 by mike1504
Guest Posted February 15, 2015 Posted February 15, 2015 (edited) Do you have the VirusTotal results link? Which AV do you use? Edited February 15, 2015 by 5eraph
mike1504 Posted February 15, 2015 Posted February 15, 2015 https://www.virustotal.com/en/file/d6228c8b50bb699bb0bb2f2ec80f021529222547539bad3a173db1c35edd92c0/analysis/https://www.virustotal.com/en/file/f3d91a375d16f578487a839fd10a912ebe0b960c92cbabe86cbf8c714dedd884/analysis/https://www.virustotal.com/en/file/f01b7f5d0a361a769af3d96c37da037a8f9c6cf7a1bbfc2360598e0ce6664115/analysis/ Here are the results.I use Avast
PinkFreud Posted February 15, 2015 Posted February 15, 2015 Scan is from 2 wks ago, Could be previously reported FP...can you rescan?
mike1504 Posted February 15, 2015 Posted February 15, 2015 I uploaded all 3 of the files tonight.Yes they were detected earlier, but the sha1 and MD5 checksums on the scanner match those of the files I uploaded. I doubt seriously the files differ at all.If it were just MD5 checksums there might be a small chance, but not with the SHA1.
PinkFreud Posted February 15, 2015 Posted February 15, 2015 It's not that the files are gonna be "different" but that the detections (beside your FP factory Avast) may be different, Small developers like Harkaz are plagued by many FP's...I suspect these are FP's, I also suspect that Harkaz will be along in 3....2.....1.... to explain as much.YMMV.
mike1504 Posted February 15, 2015 Posted February 15, 2015 The USP4 loaded nicely without the files in quesion.I'm not sure what their purpose was, but they carried names that are part of .net framework, but of a very different binary.It would be nice to know what they do...and of course I will have to disable Avast to do any thing with them...It already stole one of them after I disabled it long enough to re extract them...just because I right clicked to check the hashes.I really do appreciate the work that Harkaz put into this rollup. It was nice to only need some POS updates when the install completed.
harkaz Posted February 20, 2015 Author Posted February 20, 2015 (edited) I have used Pelles C to compile these 3 EXEs:WindowsXP-USP4-v2-x86-ENU.exe\i386\root\dotnetfx\ndpsp.exeWindowsXP-USP4-v2-x86-ENU.exe\i386\root\dotnetfx\setup.exeWindowsXP-USP4-v2-x86-ENU.exe\i386\root\dotnetfx\dotnetfx.exe They are placeholders for some MCE disks. They do absolutely nothing (empty WinMain). I don't know why they are reported as malware. EDIT: The source code is ATTACHED.Aspuncln-PellesC.rar Edited February 20, 2015 by harkaz
ispy Posted July 22, 2015 Posted July 22, 2015 Something wrong with this Service pack I am also getting a report of this Servive pack as being Trojans within Avira Antivir: Dotnetfx.exe TR/Rogue.37376.27Ndpsp.exe TR/Rogue.378646.65Setup.exe TR/Rogue.36864.71 Antivir stopped the process of slipstreaming quarantined the files then all sorts of errors proceeded unable to proceed
harkaz Posted January 14, 2016 Author Posted January 14, 2016 NEWS: A v3 of SP4 will be released soon. This version will include: - A fix for the 16-bit app emulation not working when installed from CD-ROM- Latest updated file versions except for the buggy May 2014 shlwapi.dll- Some security enhancements with firewall configuration- Removal of FP "malware" files and replacement with new, clean, smaller placeholders This will be the final-final build of SP4 ever.
Dibya Posted January 17, 2016 Posted January 17, 2016 Something wrong with this Service pack I am also getting a report of this Servive pack as being Trojans within Avira Antivir: Dotnetfx.exe TR/Rogue.37376.27Ndpsp.exe TR/Rogue.378646.65Setup.exe TR/Rogue.36864.71 Antivir stopped the process of slipstreaming quarantined the files then all sorts of errors proceeded unable to proceedHi Quick heal also showing same previously thanks for fixes.Detected: Trojan.Dorv.016816 inC:\Users\Dr.Mom Samanta\Desktop\last\Aspuncln-PellesC\Aspuncln-PellesC\ndpsp.exeAction taken: RepairedDetected: Trojan.Dorv.016816 inC:\Users\Dr.Mom Samanta\Desktop\last\Aspuncln-PellesC\Aspuncln-PellesC\dotnetfx.exeAction taken: RepairedDetected: Trojan.Dorv.016816 inC:\Users\Dr.Mom Samanta\Desktop\last\Aspuncln-PellesC\Aspuncln-PellesC\setup.exeAction taken: RepairedI am testing it on my mothers laptop.
submix8c Posted January 19, 2016 Posted January 19, 2016 Those are *probably* False Positives. Maybe due to Repack to get all of the Updates merged?
harkaz Posted January 20, 2016 Author Posted January 20, 2016 SP4 v3 is now available. Download available at the usual location.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now