CyberyogiCoWindler

Member
  • Content count

    91
  • Joined

  • Last visited

Community Reputation

0 Neutral

About CyberyogiCoWindler

Contact Methods

  • Website URL
    http://weltenschule.de/

Profile Information

  • OS
    98SE
  1. severe bug: Thunderbird crashes ClamWin I already have submitted the following bug report to the ClamWin forum: http://forums.clamwin.com/viewtopic.php?t=4286 I am using ClamWin with German Win98SE/KernelEx on a historical PC (DFI K6BV3+ Motherboard, AMD K6-3+ @550MHz, 768MB RAM, 160GB HDD) which is actually optimized for DOS Games (2 real ISA sound cards, 3Dfx Voodoo 1 graphics card etc.). As firewall I am running ZoneAlarm AntiVirus 6.1.744.001 (with its outdated antivirus part disabled). The start sequence is controlled through StartRight (finishes ZoneAlarm initialization before starting the antivirus). Previously I had Avast 4.8 AntiVirus, which turned unbearably slow (booting 20 minutes, Avast updates >30 min), so I uninstalled it and switched to ClamWin 0.98.6 with Clam Sentinel 1.22. - Thunderbird crashes ClamWin Much worse is, when I run the ClamWin virus scan (which takes many hours per 16GB partition) and it finds my Mozilla Thunderbird e-mail folder (contains some 10000 e-mails of over a decade), it first complains about plenty of ancient phishing mails (they are scam, not malware! There is no harmful code in it, thus an antivirus should not care about them unless manually requested to do so.) Even worse, once it finds the biggest(?) of my e-mail-folders, it completely locks up and freezes my PC. I can only move the mouse pointer, but neither icons nor systray nor screen redraw responds. With ctrl-alt-del I see the taskmanager and can kill ClamWin. If I do so, the PC works again but I not even get a ClamWin log file, so I can only photograph the error by digicam. When I don't and exit taskmanager and then press ctrl-alt-del again, I instead get a popup requester that ClamWin has used up all resources. (I can kill it also from here.) Thunderbird 2.0.0.24 (20100228) stores all e-mails inside a single file (one per folder) in subfolders of "\Windows\Anwendungsdaten\Thunderbird\Profiles" (in English version likely "\Windows\Application Data\Thunderbird\Profiles") Also Avast 4.8 had displayed an anormaly scanning this folder: E:\WINDOWS\Anwendungsdaten\Thunderbird\Profiles\c9spw8g1.default\Mail\Local Folders\=CO=Windler (kein Spam)\p layingit.FONTDIV#4025862408 "Prüfung nicht möglich. Die Datei ist eine Dekomprimierungsbombe." (i.e "Testing impossible. The file is an decompression bomb.") The strange thing is that a subfolder named "p layingit.FONTDIV#4025862408" does not exist, and even copying the contents of the folder into a new one and deleting the old (to get rid of potentially invisible folders) did not change Avast's behaviour. (ClamWin choked by a different mail folder.) I suspect that a bug in Thunderbird always corrupts the last accessed(?) e-mail folder file and fixes this during next start, because Thunderbird itself has no problem to access them. With "Dekomprimierungsbombe" (decompression bomb, uncompression bomb) Avast certainly does not refer those deadly vacuum bombs of Putin, but a kind of faulty recursive pointer somewhere in the internal directory tree inside a compressed file, that causes an infinite loop during decompression and so eats up all memory. The FAT32 file system on that partition is not corrupt (at least scandisk doesn't complain). Please urgently fix this! The freeze makes ClamWin almost useless to me since I can not scan my main partition. Avast at least handled the situation without a lockup. And please make ClamWin update the log file on disk every few seconds or after each read file (changeable in preferences if it would be too slow) and not only after a finished (it never will...) virus scan. - exclude directories fails I tried everything to exclude the corrupted e-mail folder files or their path, but ClamWin simply ignores it and scans it anyway (causing a crash). This may have to do with the lack of regular expression support in Win98SE. Please use a different (and easier to use) solution to exclude directories. ClamWin also alerts plenty of false-positive code found in documents those are not executable. E.g. renamed WAV sound files .wa~ made trouble. There are likely many others I couldn't identify due to the crash. - ClamWin shutdown fails When I want to shutdown Win98SE I often get a popup requester that ClamWin has to quit first (I click ok), which however never happens, so I have to kill it ungently with Process Explorer or the taskmanager to shutdown Windoze. I suspect that Sentinel somehow prevents ClamWin from shutdown because it runs a 2nd copy in memory. Why is it so important to shutdown ClamWin cleanly? Can't it just write the log files to disk and stall like other programs? other flaws: - Please add a pause/resume button to the virus scan window. The virus scan can take many hours and strongly slows down (or completely freezes, see above) my PC. Thus make it possible to pause and resume, because I e.g. may fail to bid on eBay auctions when the PC is occupied with a scan. Although I only start it manually, the need of aborting the entire scan (which takes hours to repeat) can not be a proper solution. - Please make scan targets saveable. Setting up proper combinations of selected and excluded directories (to avoid crash or false positive data-only files) can be time consuming and complicated. Please make the manual selection saveable as scan jobs and allow to exclude certain drives (e.g. CD burner to prevent buffer-underruns) permanently. - Please change the animation. The animation to the left of the virus scan window keeps running while the scan hasn't yet begun (it takes minutes to load the virus database into RAM). Please start the animation only during scan and stop it while paused or loading from disk or whatever, because it feels like scam when it pretends to scan but actually doesn't. Please also animate the tray icon (or make it change colour) during background scan (run by Sentinel) to inform the user that it is on and currently working (and so see whether e.g. a browser slowdown is caused by it). - icon colour During first start (after update?), the button background in Win98SE sometimes appears pink instead of default, which looks ugly.
  2. Thanks. It was indeed the wrong file (I remembered it much bigger). The correct ClamWin installer is "clamwin-0.98.6-setup.exe" (about 100MB). The only strange behaviour I get from ClamSentinel is that memory test opens a DOS box with the following message: "[DllMain] Error setting up low-fragmentation heap: 120" Then it rests some minutes with: "Loading virus signature database, please wait..." After this it does start to scan (a bit slowly?) the currently loaded DLLs etc. I am not sure if there is something wrong due to the stange heap error. Is this normal or something serious?
  3. I am trying to install on Win98SE "clamav-0.98.7-win32.msi", but the installer requests to install the .NET 4 framework. So I downloaded "dotNetFx40_Client_setup.exe", which however only displays this error requester: "There is not enough disk space on your drive for the new files to be uncompressed and installed. Please run this application again after you have freed some space on your drive." I have about 2GB free, which should be plenty enough to uncompress the 868KB file. I already tried various KernelEx settings, but it doesn't help. So I downloaded "clamav-0.98.7-win32.zip" but I don't know how to manually install or start it.
  4. On my Win98SE PC (AMD K6-3+@550MHz,768MB RAM) I run the firewall ZoneAlarm AntiVirus 6.1 (outdated antivirus part disabled) combined with Avast4.8 AntiVirus (start delayed through StartRight to prevent race condition lockups). However nowadays a complete boot takes about 20 minutes and Avast update even >30 minutes. Also random bowser lockups likely come from Avast, which seems to slow down the machine by 90% in some situations. I guess this bloatware monster does linear search through an infinitely growing virus database and since long time has lost its point of usefulness. (The only malwares I ever found with it were adware scripts in old downloaded HTML pages, and obviously fake e-mail attachments I wouldn't open with Acrobat Reader or MS Word anyway since I do not use them.) Thus I will replaces this bugger with ClamWin+Sentinel soon. I hope I manage to make it coexist with ZoneAlarm.
  5. The secret service lobby obviously prevented hardware to become virus-proof by design to still allow their own spyware to be installed, which helps the spread of other malware exploiting the same vulnerabilities. So antiviruses were made, those have a good reason (plausible denial...) of regularly downloading new instructions, of searching whole harddisk contents for some kinds of "patterns", of being encrypted and of uploading things they found back to some obscure places online. So IMO there is no more logical place to camouflage harddisk espionage tools (or even enshroud an entire secret botnet layer) than inside regular antivirus programs. Everybody uses them (me too) and it may be a bad idea not too. But to me each virus scan feels a bit like an invisible house search by mystery intruders. Thus anybody who got a reason to fear NSA or other worldwide watchers scanning their harddisks should better stay away from antivirus software and instead use some exotic hard- and software that is safe enough without. I don't know if ClamWin (open source) may be less likely to contain national spyware, but depending on the country that made an antivirus, it is easy to conclude whose secret service bugged it as a trojan to watch us.
  6. On my Win98SE PC (AMD K6-3+@550MHz,768MB RAM) I run the firewall ZoneAlarm AntiVirus 6.1 (outdated antivirus part disabled) combined with Avast4.8 AntiVirus (start delayed through StartRight to prevent race condition lockups). However nowadays a complete boot takes about 20 minutes and Avast update even >30 minutes. Also random bowser lockups likely come from Avast, which seems to slow down the machine by 90% in some situations. I guess this bloatware monster does linear search through an infinitely growing virus database and since long time has lost its point of usefulness. (The only malwares I ever found with it were adware scripts in old downloaded HTML pages, and obviously fake e-mail attachments I wouldn't open with Acrobat Reader or MS Word anyway since I do not use them.) Thus I will replaces this bugger with ClamWin+Sentinel soon. I hope I manage to make it coexist with ZoneAlarm.
  7. Microsoft Systeminfo shows these DLL versions: STI.DLL 4.10.1998 (same)Kernel32.dll 4.10.2226 (mine 4.10.2222)Advapi32.dll 4.90.3000 (mine 4.80.1675)User32.dll 4.10.2233 (mine 4.10.2231)Gdi32.dll 4.90.3003 (mine 4.10.1998)Comctl32.dll 5.81 (same)Shell32.dll 4.72.3612.1700 (mine 4.72.3812.634)Ole32.dll 4.71.3328 (same) STI.DLL dependencies:Kernel32.dllAdvapi32.dllUser32.dllSetupapi.dll 5.00.1671.1 (same)Cfgmgr32.dll 4.10.1998 (same)RPCRT4.dll 4.71.3336 (same)The "Scanners and Cameras" window does have a 2nd tab where I can select a protocol mode STICLI or STIMON and 3 checkboxes. If I switch to "STIMON", it returns to "STICLI" when reopened.
  8. My "Scanners and Cameras" window is empty and shows none of my (8 different?) imaging devices and all 3 buttons are grayed out. I own no other PC or OS to test it with. I want to buy a Thinkpad T61 or X61t soon, but that may still take a while. May be the scanner's PSU is bad. The plug is special, but may be I need to tap the cable somehow to test how much ripple the 12V DC 1.25A output has. Perhaps I should try the WIA driver or even the Win98SE Unofficial Service Pack 2, but I fear the latter may make everything worse.
  9. I have installed TWAIN 1.7 (TWAIN9X.EXE) without difference. I also tried out FastStone Image Viewer 5.3; it is much like IrfanView with slicker GUI but less features, thus I uninstalled it. The same imaging device list was already displayed by PicturePublisher 8 and IrfanView anyway, and like these, also FastStone only ended with said scanner communication error.
  10. My "Scanners and Cameras" window displays no imaging devices and all 3 buttons are greyed out. What can this be? I am running Win98SE with KernelEx on a historical PC with AMD K6-3+@550MHz and 768MB RAM on mainboard DFI K6BV3+/66. Canon D1250U2F My very bulky old scanner "Plustek OpticPro 6000P" was for parallel port (which is occupied by my matrix printer) and stopped working long ago by driver trouble. So on a fleamarket I recently bought a scanner "Canon D1250U2F" (stylish 1990th iMac design in grey and transparent violet, including slide scanner, original CD and manual) for USB2. But I don't get it to work. The driver "ScanGear CS-U 6.3.1a" from the CD only shows a (German language) popup error like "not enough memory", which however seems to be a very generic error behaviour of this stupid driver (I saw many such reports in forums). So I downloaded an updated version 6.3.3, which instead displays "Can not communicate with scanner. Cable may be disconnected. Check Status. Scanner driver will be closed." The buttons on the scanner sometimes (only when cold?, or after 1st driver install?) work and start a program (running stimon.exe), but when I attempt to scan, I get the same error message again. On the scanner also the "scan" button got stuck, so I dismantled and filed the plastic button parts to make them fit better (got a little dust inside, that I need to remove later). It may be that an electrolytic capacitor in the AC adapter is dying (found a repair webpage about this) but PSU is not dead. When powered on, the white CFL tube lights up (a little dim?) for about 10 minutes. When the belt driven scanner head was manually moved out of its zero position (top rim), after power-on (had no USB connected) the motor quite slowly moves it back to zero with a buzzing noise. But I see no LEDs light up (has it none or is something broken?). "Scanners and Cameras" trouble When in Windows control panel I start "Scanners and Cameras", it displays nothing and (this is bizarre) all 3 buttons are greyed out, so I can not manually add or edit imaging devices. On the internet I found various complaints about the phenomenon but no explaination. I collect digcams, thus there are 21 imaging device entries in my registry. I suspected that Windows can not handle so many devices or some may be faulty, thus I even tried to delete some or all registry entries under this branch (after saving it): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Class\Image But this didn't help. "Scanners and Cameras" still displays nothing, no matter whether I plug in webcams etc. I reloaded most entries into that branch and also managed to install the scanner as the 1st entry "0000" (I read hints that this may be important). This is my contents of the logfile "Windows\Applog\STIMON.LGE": - Which files are needed to make STICPL.CPL work? In Win98SE "Scanners and Cameras" is handled by STICPL.CPL, but Windows ME implements this differently. May it be that an update mixed up DLLs from WinME and so makes STICPL.CPL fail? Which files are correct?
  11. I already disabled the antivirus scan during installation. The Avast antivirus line appears in DependencyWalker *after* the error already has popped up. I also have ZoneAlarm Antivirus running as a firewall (outdated antivirus part disabled). I hope this won't generally prevent WinPcap from working.
  12. WinPcap installer fails on Win98SE (NSIS) I am trying to install "URL Snooper 2.37.01" on Windows 98SE (German language) with KernelEx 4.5.120. The program depends on the WinPcap driver and comes with versions 4.1.3 and 4.0beta2 - the latter is claimed to be compatible for Windows 98. Unfortunately both refuse to install. Details see here: http://www.msfn.org/board/topic/173388-help-winpcap-installer-fails-on-win98se The WinPCap website claims the last version supporting Win98SE were WinPcap 3.1 and WinPcap 4.0beta2. http://www.winpcap.org/install/default.htm However when I attempt to install the self-extracting EXE of 4.0beta2, its NSIS installer exits with the error requester "This version of Windows is not supported by WinPcap 4.0 beta 2. The installation will be aborted." When I tried to install version 3.1, the NSIS installer exits with the even stranger error popup "WinPcap 3.1 can be installed on 32-bit x86 systems only. The installation will be aborted" My CPU is an AMD K6-3+, which is definitely 32 bit x86 compatible. When I debug the WinPcap 4.0beta2 installation process in Dependency Walker, before the popup it throws the error: "GetProcAddress(0xBFF70000 [e:\windows\system\KERNEL32.DLL], "GetUserDefaultUILanguage") called from "h:\download\utilities\videos downladen\winpcap\4.0BETA2-WINPCAP.EXE" at address 0x00405D06 and returned NULL. Error:" Apparently the NSIS installer is incompatible with Windows 98 because the function GetUserDefaultUILanguage in kernel32.dll exists only since Windows 2000. Also KernelEx settings don't seem to change this. So I added in kstub822.ini to the "[Kernel32.dll]" section the following line to simulate it: [Kernel32.dll]...GetUserDefaultUILanguage=r0407 ; German language (added by =CO=Windler)...I tried this also with "e0", which is apparently supposed to suppress an error flag.[Kernel32.dll]...GetUserDefaultUILanguage=r0407e0 ; German language (added by =CO=Windler)...But this doesn't do anything. Even DependencyWalker still shows the same "returned NULL" error. Is my entry wrong or simply ignored by the installer?- Is there a proper way to simulate GetUserDefaultUILanguage with Kext?
  13. This is my DependencyWalker log file from profiling 4.0beta2-WinPcap.exe.
  14. May be the difference is that my Win98SE is the German language version? I already had tested for the installer all KernelEx compatibility modes without success.
  15. To download video streams I am trying to install "URL Snooper 2.37.01" on Windows 98SE (German language) with KernelEx 4.5.120. The program depends on the WinPcap driver and comes with versions 4.1.3 and 4.0beta2 - the latter is claimed to be compatible for Windows 98. Unfortunately both refuse to install. The WinPCap website claims "Starting from WinPcap 4.0beta3, support for the Windows 9x/ME family of operating systems has been dropped. The last builds supporting such OSes are WinPcap 3.1 and WinPcap 4.0beta2, both available in the archive." http://www.winpcap.org/install/default.htm However when I attempt to install the self-extracting EXE of 4.0beta2, its NSIS installer exits with the error requester "This version of Windows is not supported by WinPcap 4.0 beta 2. The installation will be aborted." When I tried to install version 3.1, the NSIS installer exits with the even stranger error popup "WinPcap 3.1 can be installed on 32-bit x86 systems only. The installation will be aborted" My CPU is an AMD K6-3+, which is definitely 32 bit x86 compatible. So the last version that still installs on Win98SE is WinPcap 3.1beta4, which seems to contain a different installer. Unfortunately it is too old and makes URL Snooper lock up, so I had to uninstall it. I have now manually unpacked the 4.0beta2-WinPcap.exe with 7zip. It contains the following directories and files: \$PLUGINSDIRmodern-header.bmpmodern-wizard.bmpioSpecial.iniInstallOptions.dllNSISdl.dllnxs.dllSystem.dll\$R0\$PLUGINSDIRUserInfo.dll\$SYSDIRPacket.dllpthreadVC.dllWanPacket.dllwpcap.dllnpf.vxd\$SYSDIR\driversnpf.sys\$TEMPWpBann.htmI copied the \$SYSDIR folder contents into "\windows\system", but I don't know what to do with the rest; it doesn't seem to be sufficient to work. Despite URL Snooper starts now (previously it complained missing Packet.dll) and shows the correct name of my USB ethernet adapter, the "sniff network" button triggers a popup requester "Automatic Network Adapter Detector FAILED | ERROR: Failed to find a suitable network driver."When I debug the WinPcap 4.0beta2 installation process in Dependency Walker, before the popup it throws the error: "GetProcAddress(0xBFF70000 [e:\windows\system\KERNEL32.DLL], "GetUserDefaultUILanguage") called from "h:\download\utilities\videos downladen\winpcap\4.0BETA2-WINPCAP.EXE" at address 0x00405D06 and returned NULL. Error:" Apparently the NSIS installer is incompatible with Windows 98 because the function GetUserDefaultUILanguage in kernel32.dll exists only since Windows 2000. Also KernelEx settings don't seem to change this. So I added in kstub822.ini to the "[Kernel32.dll]" section the following line to simulate it: [Kernel32.dll]...GetUserDefaultUILanguage=r0407 ; German language (added by =CO=Windler)...I tried this also with "e0", which is apparently supposed to suppress an error flag. [Kernel32.dll]...GetUserDefaultUILanguage=r0407e0 ; German language (added by =CO=Windler)...But this doesn't do anything. Even DependencyWalker still shows the same "returned NULL" error. I am desperate. Is there a proper way to simulate GetUserDefaultUILanguage?- How can I install the unpacked contents of 4.0beta2-WinPcap.exe manually?