genieautravail Posted April 8 Posted April 8 (edited) Hello everyone, VT Hash Check is a software that I have been using for years and which allows you to use the VirusTotal online service in a very practical way. At the time of the scarcity of XP compatible anti-virus solutions, its usefulness is strengthened. For a more complete description of the software as well as its use, here is the link on Github: https://github.com/charonn0/vt-hash The 1.60 version released in 2017 is the last compatible with XP (and not completely). The developer uses a little known programming language, Xojo. This programming language is not very effective in compiling applications for Windows. The VT Hash Check installation folder occupies around 40 Mb of disk space, which is a lot with regard to the functionality of the software. The installation files are big because Xojo is a cross-platform App Development tool. It's like that. I have no knowledge in Xojo programming language. It was with rigor and a lot of logic that I managed to restore XP compatibility. To compile VT Hash Check, I used Xojo IDE 2015R2 which is the latest version to allow compiling projects compatible with XP. For the installer, I used Inno Setup 5.6.1. The compilation took place on a computer running under Windows 10 (Xojo IDE 2015R2 requires at least Windows 7 to be installed). Minimum configuration required: A PC Windows XP Internet connection The processor does not need to support the SSE2 instructions set, It is even possible that the SSE instructions set is not necessary also but I have no computer old enough to check it. By Restoring compatibility with XP, I probably also restored compatibility with Vista. If @VistaLover wishes, he will be able to confirm this in this discussion thread. If you use a firewall, please update the rules to allow VT Hash Check to access Internet. Finally, the software to operate needs an API key that can be obtained for free from the VirusTotal online service: https://www.virustotal.com/gui/home/upload With a free API Key, you can submit 4 requests per minute and 500 requests by day. The limit size of a file is 650 Mb. Tricks: In the 'Resources' subfolder of the installation folder, there is a list of trusted CA, DEFAULT_CA_INFO_PEM which can be updated manually. This file is the same as that used by ProxHTTPSProxyMII.. Just rename cacert.pem in DEFAULT_CA_INFO_PEM (without any extension). The method for using a proxy describe on the github page of the project doesn't works with version 1.67. With 3proxy, you must set a proxy in the settings and copy the content of the file 3proxy.pem into the file DEFAULT_CA_INFO_PEM. With ProxHTTPSProxyMII, you must set a proxy in the settings and copy a part of the content (the private key is not necessary) of the file CA.crt into the file DEFAULT_CA_INFO_PEM. Don't forget that all these files are in Linux format. Important: I do not provide any support for this software. This one is provided as it is. If you notice a bug, first check that this bug is also present with the official version of the software. If this is the case do not hesitate to contact the developer on GitHub so that he corrects the problem. If the bug is specific to my unofficial release, you can still report it in this discussion thread. But I don't promise anything! Here, and now the most important, the download link: https://anon.services/folder/fa495338-98fa-4c03-aaa3-a770f77ffb95 md5 : 40f917daebe836cdd10b5702dc4ed080 sha1 : 9b3ee563ca77974a54e0b91cf5c1a8d1b0f51917 sha256: 65a21aeddb36866a8a432705e7a455f4243d5b11cce2d2f501b3ac989b838857 sha512: e5cb0d88f6b76e98f90ce0942f7d7f5e6c78e71c1fe4de36c5081b1b764ea6bbb8ec2bd1cacae92872f4a43ec1b739b260709c318e16b006a10db8954aefb136 Sincerely Edited April 17 by genieautravail 2
AstroSkipper Posted April 13 Posted April 13 (edited) Thanks for your mod! I have never used this programme before. Thus, I have just installed it. What I don't like is to be forced to enter an API key at programme start (Winja doesn't do that) , but displaying the results directly in the programme without having to open the browser is great . Thanks again for restoring XP-compatibility! Edited April 13 by AstroSkipper 4
AstroSkipper Posted April 13 Posted April 13 BTW, I wanted to write about VirusTotal in my thread "Antimalware, firewall, and other security programs for Windows XP working in 2023 and hopefully beyond" soon anyway. I'll give your mod due consideration there as well. 4
Multibooter Posted April 14 Posted April 14 (edited) UPDATE 21Apr2025: Workarounds were found for all issues. VT Hash Check v1.67, modified by genieautravail for WinXP, is an excellent program. Highly recommended. Thanks so much for your work of many hours modding VT Hash Check for use under WinXP. ISSUE #1: Your modded package installed fine, but when I made the 1st run I got the following message: "No API key configured. A VirusTotal.com API key is required in order to use this application. Would you like to open the settings window and enter a key now?" -> Yes I signed up for a new user account at virustotal.com, incl. email address. An email with a validation code was then sent to this email address. Being a little cautious about giving up privacy, I had entered a rarely used email address @yandex.com . Eventually the free API key was displayed at virustotal.com and I pasted the API key into the settings of VT Hash Check ISSUE #2: Then an error msg came up: "VT Hash Check - Settings: VTHash.exe - Unable to Locate Component. The application has failed to start because Normaliz.dll was not found. Re-installing the application may fix the problem" Normaliz.dll was not on my computer. Windows XP had been installed on my computers initially as SP2, followed by an update with SP3 later on, which didnot update Internet Explorer. I still have the original Internet Explorer 6.0.2900 under WinXP, I have not installed MS Internet Explorer 8 for WinXP (8Mar2009). The issue was FIXED by extracting normaliz.dll (v6.0.5441.0, not digitally signed) from IE8-WindowsXP-x86-ENU.exe, which is the installer of MS Internet Explorer 8 for WinXP (8Mar2009), and copied normaliz.dll to \Windows\system32\ UPDATE: normaliz.dll can be copied into the install-to folder of VT Hash Check instead of into \Windows\system32\, both locations work OK. IE8-WindowsXP-x86-ENU.exe can be downloaded here: http://web.archive.org/web/20130507062858/http://download.microsoft.com/download/C/C/0/CC0BD555-33DD-411E-936B-73AC6F95AE11/IE8-WindowsXP-x86-ENU.exe I also had to Permit Outgoing Connections for VT Hash Check in my Kerio Firewall. Virus Total is owned by Google, so I opened the gates for Google. GREAT, an easy to use program. works under WinXP, just needs a right-click on the file to be checked. I checked several files with it, for about 10 minutes... until it stopped working. ISSUE #3: About 15 minutes after signing up and getting the API key from virustotal.com the following error message was displayed instead of the results table: "Your virus total account is not allowed to perform that action" When I double-clicked in the Settings window on the green checkmark next to the API key I got a message about an invalid API key. How could a valid, just downloaded key turn invalid after 15 minutes? I rebooted, waited for an hour, but still the same message about the key. I then installed the whole MS Internet Explorer 8 for WinXP (8Mar2009), instead of just copying normaliz.dll, still the same message about the key. Today, one day after installing VT Hash Check, I tried again, same message about the API key. Edited Monday at 10:14 PM by Multibooter
Multibooter Posted April 14 Posted April 14 (edited) VT Hash Check is easy to use and paranoid users could sign up for an API key via Tor (not yet tried whether possible) and register with a secondary rarely-used email address. Again, genieautravail, thank you so much for your work. Edited April 17 by Multibooter
genieautravail Posted April 14 Author Posted April 14 (edited) 2 hours ago, Multibooter said: How could a valid, just downloaded key turn invalid after 15 minutes? Probably because you have been blacklisted as abusing the service ! Read carefully my first post, you will find the answer to this question. 2 hours ago, Multibooter said: Maybe I am just paranoid... Probably too... Regards Edited April 14 by genieautravail
Multibooter Posted April 14 Posted April 14 (edited) 2 hours ago, genieautravail said: Probably because you have been flagged as abusing the service ! Read carefully my first post, you will find the answer to this question. I don't think that I was abusing the service, I only checked your setup.exe file (1 false positive) and 2 other files within my initial 10mins before I got blocked. Definitely within the limitation of the free API key (4 requests per minute and 500 requests by day). I got the blocked response when I right-clicked, after checking 3 OK files, on a more difficult file. This right-clicked file is most likely OK but has been falsely flagged by Kaspersky for maybe the past 10 years. If I exceeded my limit somehow, I probably should have gotten a message instead of an invalidated API key, invalidated without a message or reason why. No idea why I got blocked, except my guess about the yandex email account. Maybe someone else with a yandex email account could confirm or refute my guess. Best regards! Edited April 14 by Multibooter
genieautravail Posted April 15 Author Posted April 15 (edited) @Multibooter In the settings, do you have a red flag or a green flag at the side of the field of the API key ? If you have a red flag, check the API key present in the dedicated field. If your API key is OK and if you have not abused the service, I can't tell you what is happening. Regards Edited April 15 by genieautravail
Multibooter Posted April 15 Posted April 15 (edited) On 4/15/2025 at 12:57 PM, genieautravail said: @Multibooter In the settings, do you have a red flag or a green flag at the side of the field of the API key ? If you have a red flag, check the API key present in the dedicated field. If your API key is OK and if you have not abused the service, I can't tell you what is happening. Regards Thanks. I tried again, The settings are the default settings of the initial installation. In window Settings there is a green checkmark next to the field API Key. I have erased from the screenshot most digits of the API key. When I right-click on a file, the small msg window "Calculating hash" comes up, indicating the file name and SHA1, but this is followed within a fraction of a second by the msg: "Your Virus Total account is not allowed to perform that action." When I right-click on the green checkmark a msg window "Test API key now?" comes up. If I click on Yes "Thinking" flashes up, then the msg "Invalid API key, API key test failed. (HTTP403)" comes up. The internet connection was a normal connection, not VPN. The program doesn't seem to make a good rudimentary check on the computer of the entered API Key: For example, when I delete the last digit of the key, the green arrow turns into a red cross. When I then add a different, incorrect digit at the end, the red cross turns into a green checkmark again, even if the replaced digit was different. I repeated copying the API Key from my account at virustotal.com into the Settings window, same msg eventually about an Invalid API key, i.e. my user account at virustotal.com still displays the identical API key which generates the "API key test failed" msg. Again, my API key and the program worked OK after the installation during my first use, for about 10mins and for about 3 checks, then "Your Virus Total account is not allowed to perform that action". When I searched for this msg at yandex.com, Yandex showed the link https://github.com/aboul3la/Sublist3r/issues/194 A posting there indicates "Same error here. The first two times worked perfectly but some days after the same error appears". So my guess about a blocked API key is probably wrong, too paranoid, a bug of VT Hash Check v1.67 may be the cause, maybe the newly generated API keys don't work with old v1.67?? Edited April 17 by Multibooter
genieautravail Posted April 16 Author Posted April 16 (edited) @Multibooter Thank you for the screenshots. I see that you have disabled SSL/TLS. You can't establish a connection with VirusTotal with HTTP, only HTTPS. Can you try again with the defaults settings. Just add your API key and don't change anything else. Don't forget to allow VT Hash Check connections in your firewall. If that works again, disable SSL/TLS and tell me what results you get. Regards Edited April 16 by genieautravail
AstroSkipper Posted April 16 Posted April 16 (edited) @genieautravail Your release VT Hash Check 1.67 for Windows XP is running fine here. But one thing is not working as described in the readme file. When clicking the main executable, the window is supposed to be opened to reach its settings. The programme opens, and I can see it in the task manager but its window is inaccessable. I can only reach the settings when performing a hash check. I don't think that was the intention. Or did I miss something? And BTW, the option SSL/TLS has of course to be enabled to establish a connection to VirusTotal. Edited April 16 by AstroSkipper Update of content
AstroSkipper Posted April 16 Posted April 16 (edited) 58 minutes ago, AstroSkipper said: @genieautravail Your release VT Hash Check 1.67 for Windows XP is running fine here. But one thing is not working as described in the readme file. When clicking the main executable, the window is supposed to be opened to reach its settings. The programme opens, and I can see it in the task manager but its window is inaccessable. I can only reach the settings when performing a hash check. I don't think that was the intention. Or did I miss something? And BTW, the option SSL/TLS has of course to be enabled to establish a connection to VirusTotal. FYI and for the cause research, if the programme has been called, and the window is not accessible, it appears the moment you open an Explorer window, very strange. Edited April 16 by AstroSkipper 1
genieautravail Posted April 16 Author Posted April 16 (edited) @AstroSkipper On my computers, no problems opening settings by running the main executable from Explorer, XYplorer or by a shortcut on the desktop. I just need to wait a few seconds. How to do run the main executable ? At the command line, if VTHash.exe is in the path, you just need the following command: vthash --prefs The list of command line parameters can be found on the github page of the project. Regards Edited April 16 by genieautravail 1
AstroSkipper Posted April 16 Posted April 16 17 minutes ago, genieautravail said: How to do run the main executable ? Clicking onto the vthash.exe file as described in the readme file. And it doesn't matter whether doing that from an Explorer or Total Commander window. The window is always hidden and inaccessable. Process Hacker can see its proccess, the window item is disabled, though. 2
Multibooter Posted April 16 Posted April 16 (edited) On 4/16/2025 at 10:57 AM, genieautravail said: I see that you have disabled SSL/TLS. ... Can you try again with the defaults settings. Just add your API key and don't change anything else. Thanks! VT Hash Check displayed the results OK after having selected "Use SSL/TLS" BUT: I had never de-selected "Use SSL/TLS" in Settings! Maybe this setting "Use SSL/TLS" was automatically de-selected after the 3rd check, because Internet Explorer 6 was installed then (the default from WInXP SP2), not IE8? My susbsequent installation of IE8, after I started to get the msg "Your virus total account is not allowed to perform that action", did not reset "Use SSL/TLS", so I continued getting this msg. You and AstroSkipper probably didn't get this message/de-selection of "Use SSL/TLS" because both of you probably have Internet Explorer 8 installed. Edited April 17 by Multibooter
.thumb.jpg.e861836bb05fe824ad8ec1930061ee43.jpg)
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now