Jump to content

VT Hash Check - XP compatibility restored

genieautravail
 Share

Recommended Posts

Multibooter

Multibooter

Posted
Posted

VT Hash Check also works for me, without Internet Explorer 8, if I copy normaliz.dll into the install-to folder instead of \Windows\system32\


Multibooter

Multibooter

Posted
Posted (edited)

Virus Total as a source and backup of rare files?
Paid subscribers to virustotal can download files uploaded by others. https://virustotal.github.io/vt-cli/doc/vt_download.html indicates a downloader, "if you have an API key with access to VirusTotal Intelligence" https://virustotal.github.io/vt-cli/doc/vt_download.html and https://www.virustotal.com/gui/intelligence-overview

I checked my ancient version of Kaspersky, which didn't seem to me to be available anywhere in the internet.

Wrong. This version/build is not all that rare. VT Hash Check indicated 2019 as last Scan Date, so my ancient version of Kaspersky is probably still available for download, from Virus Total/Google, if you have an API key with access to VirusTotal Intelligence and the MD5 or SHA1 checksum of the file.

Writing down the MD5 or SHA1 checksum of old software versions may be an additional precautionary backup measure --- for file recovery from Virus Total/Google?

Edited by Multibooter
1
Multibooter

Multibooter

Posted
Posted (edited)

How rare is a file?
After finding out about the lack of rarity of "my ancient version of Kaspersky" I looked at other jewels in my software collection. One other jewel (at least to me) is the final build 3.0G of Info Select 3, filename ISW3.EXE, 9Dec1996, for Windows 3, 95 and DOS 5.0. This build runs well under WinXP and is one of my most important programs, in daily use.

I checked its rarity with VT Hash Check. And now it's not a guess anymore: I do have a rare jewel which even Virus Total/Google doesn't have.

File_which_Google_does_NOT_have_18Apr2025.thumb.jpg.ea227ba3d39b45758c82bf27b1f31529.jpg

VT Hash Check could be used to indicate the rarity of a file. The message "... is not present in Virus Total's database", or maybe an old Last Scan date, may indicate the rarity of a file. Unfortunately, a rare file does not have the same monetary value as a rare stamp or coin :(.

Edited by Multibooter
Multibooter

Multibooter

Posted
Posted (edited)
11 hours ago, genieautravail said:

it seems that the software is always available but the archive is protected by a password.

Try with an archive not protected by a password.

I have used Info Select since 1991, after the recommendations by Jerry Pournelle in Byte Magazine. With 16bit v3 I can read and enter all my notes while installing or using software under WinXP or Win98, it doesn't interfere, no registry entries and doesn't even show up in Total Uninstall.

To reduce the confusion about files in this posting: there are 3 different files for the various builds: is3t.exe, is3.exe and ISW3.exe

Thanks, your download link is for is3t.exe, which is the expiring, pw-protected trial version, VT Hash Check displays 26Sep2013 as Last Scan date.

is3.exe is the non-expiring, pw-protected Retail version. It is another rare file for which VT Hash Check displays "not present in Virus Total's database" and it has a more obscure download link https://web.archive.org/web/20010421/http://www.miclog.com:80/ftp/is3.exe

Unfortunately :) this Retail is3.exe is also password protected, with a stronger pw than the trial version. After entering the password this is3.exe installs a standalone version, which contains the not pw-protected ISW3.EXE (New executable, Win3.1) for which VT Hash Check displays "not present in Virus Total's database" in the screenshot of my preceding posting. BTW, finding the passwords of files like Retail is3.exe, encrypted with an obsolete technology of 1996, may or may not be permissable, regardless of the potential learning. Technology progresses and plaintext attacks get more sophisticated. An unsafely encrypted WinZip v9.0 SR-1 file, for example, could probably be extracted quickly when compared to a non-encrypted WinZip v9.0 SR-1 file containing just one identical file, perhaps from another version.

Regarding password stuff, I just used VT Hash Check on another little jewel in my software collection, advanced-zip-password-recovery_4-54-55_en_10139.msi, 5,745,152 bytes, digitally signed OK by Elcomsoft 21Aug2013 (17 years after pw-protected is3.exe). Its Last Scan date by VT Hash Check is recent 2/25/2025, so it seems to be popular.

Regarding password stuff, I just used VT Hash Check on another little jewel in my software collection, Advanced Archive Password Recovery v4.54.48, archpr_setup_en.msi, 8,435,712 bytes, digitally signed OK by Elcomsoft 3Nov2012 (16 years after pw-protected is3.exe), which is a build with unique features removed in subsequent builds (smaller size). Its Last Scan date by VT Hash Check is recent 3/29/2025, so it seems to be popular and available.

How frequent is the message "not present in Virus Total's database"?

Edited by Multibooter
CORRECTION
Multibooter

Multibooter

Posted
Posted (edited)

I have test-installed VT Hash Check 1.67 (WinXP, genieautravail, 7Apr2025) on my old Inspiron 7500 laptop (Pentium 3, SSE-only). The program installs and works fine under SSE-only.

The installation was into a dedicated sandbox of Sandboxie v5.22. I also created a special desktop shortcut, which loads and runs the Settings window in the sandbox, and pasted my API Key into the sandboxed Settings window. I then edited the registry so that I could run VT Hash Check in the sandbox by just -> right-clicking on the file to be checked  -> Check File Hash, the same handling as when VT Hash Check is installed and run normally, outside of a sandbox.

The reason for installing and running VT Hash Check in a sandbox was to identify any undesirable results, such as unusual files added to the sandbox.

VT_Hash_Check_installed_into_sandbox_File_too_large_19Apr2025.jpg.7ca228cf7dad6ff8a26250d519f2eb72.jpg

The yellow frame in the screenshot above indicates that VT Hash Check v1.67 is running in a sandbox. The message indicates "the file exceeds 128MB which is the default limit for uploading via API". Not sure whether this is still the current API limit.

Details about creating a shortcut to the program in the sandbox and about the registry entries for starting the sandboxed program with a right-click entry added to the context menu of all file types will eventually be posted in the topic "Sandboxie under Windows XP".

I found nothing conspicuous during my testing of VT Hash Check in the sandbox, the program is definitely OK. It's a very useful program and easy to use.

 

 

 

Edited by Multibooter
2
genieautravail

genieautravail

Posted
  • Author
Posted (edited)

@AstroSkipper @Multibooter

What is the processor model on your computers?

Fortunately, I have a lot of computers at my disposal. :cool:

I have dug the subject of the hidden window.

I installed VT Hash Check on my oldest desktop computer (Sempron 2800+ Socket A release in 2004).
By a double-click on the main executable, the configuration window is displayed.
But only the first time, as long as the configuration file "%Appdata%\Boredom Software\VT hash\Config.dat" is not created.
Afterwards, by a double-click on the main executable, a process is created but no window.
If I delete, move or rename the configuration file, a double-click on the main executable works again but only once.
Once the configuration file is created, you have to use the parameter --prefs to access the configuration window.

Can you confirm this?

I also installed the software on a fourth laptop (Core 2 Duo P8600 release in 2008)
On this laptop, the window of the settings is not hidden like on the laptops with Core i5 from the first (2010) and second (2011) generation that I'm using for testing VT Hash Check.

The problem doesn't exist with CPUs from 2006/2007 and up. :yes:

I can't do anything for that, the problem is linked to the architecture of the CPU. :unsure:

Regards

Edited by genieautravail
2
AstroSkipper

AstroSkipper

Posted
Posted
19 minutes ago, genieautravail said:

What is the processor model on your computers?

Intel Pentium 4 Northwood 2.80 GHz CPU (single core, 32 Bit), 1.5 GB SD-RAM and a NVIDIA GeForce 6200 graphic card. As I already mentioned, the hidden window appears again if I open an Explorer window. Very strange. :crazy:

4
Multibooter

Multibooter

Posted
Posted (edited)
2 hours ago, genieautravail said:

What is the processor model on your computers?

I also installed the software on a fourth laptop (Core 2 Duo P8600 release in 2008)

On this laptop, the window of the settings is not hidden like on the laptops with Core i5 from the first (2010) and second (2011) generation that I'm using for testing VT Hash Check.

The problem doesn't exist with CPUs from 2006/2007 and up. :yes:

After having renamed "%Appdata%\Boredom Software\VT Hash\config.dat" to renamed_config.dat I get the message: "No API key configured" when to double-click on VTHash.exe

VTHash.exe is running on a desktop computer with an Asus P5PE-VM motherboard and has an Intel Pentium Dual CPU E2200 @2.20GHz, code name Conroe according to CPU-Z Vintage Edition v1.04
" A new E2000 series of Allendale processors with half their L2 cache disabled was released in mid-June 2007 under the Pentium Dual-Core brand name" from: https://en.wikipedia.org/wiki/Conroe_(microprocessor).

On my old Inspiron 7500 (Intel Pentium III E 650 MHz, Coppermine, around 2000) when I rename config.dat in the sandbox to renamed_config.dat, and then run the program via the special sandbox desktop shortcut, I get the same error message. About one second after getting the message a new file config.dat is created in "%Appdata%\Boredom Software\VT hash\" in the sandbox.

Edited by Multibooter
Multibooter

Multibooter

Posted
Posted (edited)
2 hours ago, AstroSkipper said:

the hidden window appears again if I open an Explorer window. Very strange. :crazy:

Not with me, on the desktop computer with the E2200, if I right-click on the install-to folder -> Explore and then double-click on VTHash.exe

BTW, config.dat with the configuration data is 72kB, the original/empty config.dat is 10kB. No idea what could get transmitted.

Edited by Multibooter
genieautravail

genieautravail

Posted
  • Author
Posted (edited)
6 hours ago, AstroSkipper said:

As I already mentioned, the hidden window appears again if I open an Explorer window. Very strange. :crazy:

On my oldest desktop computer, the hidden window appear too if I launch Explorer.

So, this is the same problem. :hello:

That confirm what I has written above about the architecture of the CPU.

It's not the first time I see something like this.

Regards

 

Edited by genieautravail
1
genieautravail

genieautravail

Posted
  • Author
Posted
5 hours ago, Multibooter said:

Not with me, on the desktop computer with the E2200, if I right-click on the install-to folder -> Explore and then double-click on VTHash.exe

OK, you are not concerned by the problem as your CPU is more recent. :)

 

5 hours ago, Multibooter said:

BTW, config.dat with the configuration data is 72kB, the original/empty config.dat is 10kB. No idea what could get transmitted.

Yes, the config file size is growing a little with changes made to the settings.

Perhaps that there is even duplicates in the file.

Long time ago, the config file of VT Hash Check was in plain text.

It was easy to edit it without having to launch the program. :P

Regards

AstroSkipper

AstroSkipper

Posted
Posted
5 hours ago, Multibooter said:

Not with me, on the desktop computer with the E2200, if I right-click on the install-to folder -> Explore and then double-click on VTHash.exe

I think you misunderstood my comment a little. :dubbio: The sequence is not correct. First open the VTHash.exe with a double click, the window is then opened hidden and only then open a new Explorer window. For me and @genieautravail, the VTHash.exe window then becomes visible again on older computers.

4

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...