Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account



Photo

POSReady 2009 updates ported to Windows XP SP3 ENU

- - - - -

  • Please log in to reply
873 replies to this topic

#851
dencorso

dencorso

    Iuvat plus qui nihil obstat

  • Supervisor
  • 6,365 posts
  • Joined 07-April 07
  • OS:98SE
  • Country: Country Flag

Donator

It's better, in this particular case, to run delcert.exe after hexalter, instead of PEChecksum.exe, because delcert will both remove the now invalid certificate and then correct the PE checksum. IMO it's better to have a non-signed file than one having an invalid certificate. Of course, that's just my 2 ¢.


  • 5eraph, heinoganda and Dibya like this


How to remove advertisement from MSFN

#852
submix8c

submix8c

    Inconceivable!

  • Patrons
  • 4,914 posts
  • Joined 14-September 05
  • OS:none specified
  • Country: Country Flag

@Dibya - HxD would probably work as well as HexAlter. It appears that HexAlter simply replaces byte-wise starting at a given Offset each byte until done.

 

Here are some folks who apparently have the (some) code?

https://gist.github....69e5a948977694d

 

And I agree with dencorso on his suggestion. Also my thanks for pointing out yet another tool.


  • Dibya likes this

Someday the tyrants will be unthroned... Jason "Jay" Chasteen; RIP, bro!

Posted Image


#853
liamZ

liamZ
  • Member
  • 3 posts
  • Joined 18-December 15
  • OS:XP Pro x86
  • Country: Country Flag

Thanks heinoganda for the solution.

 

I found another way of doing it without touching palemoon.exe

 

If you run WinXP as a limited user like i do (and using the program SuRun to elevate permisions when needed), or you just run palemoon as a limited user, you just can remove users permissions from the key:

 

HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady

 

and leave only Administrators, SYSTEM and CREATOR OWNER

 

and modify the owner to Administrators.

 

After that you can run palemoon as a limited user without any problem.

 

After these changes I still get posready updates through system tray icon and install them without problems, but installing them through internet explorer ends with an error.



#854
heinoganda

heinoganda

    Junior

  • Member
  • Pip
  • 97 posts
  • Joined 24-February 15
  • OS:none specified
  • Country: Country Flag

@liamZ

 

Personally, I use this POSReady entry in the registry not to times I published POSReady updates itself Modify if necessary correct (for example by KB3072630 for Microsoft Installer, where one has removed the query of the existing version of the file update_SP3QFE.inf) having to be installed easily in a normal XP environment. Think forward at this point that there's various nasties on us XP users. I'm curious how it soon with Chrome looks, as here the support for Windows XP stopped this year.

 

:)


Edited by heinoganda, 27 January 2016 - 02:22 PM.

Cert_Updater to download and update the roots certificates as of revoked certificates for Windows XP here

Tutorial for current roots certificates and revoked certificate for Windows XP here

List of .NET Framework updates for Windows XP after April 2014 here

Complete list of .NET Framework 3.5 and 4 updates for Windows XP here


#855
Dibya

Dibya

    Junior

  • Member
  • Pip
  • 87 posts
  • Joined 22-October 15
  • OS:XP Pro x86
  • Country: Country Flag

thanks



#856
heinoganda

heinoganda

    Junior

  • Member
  • Pip
  • 97 posts
  • Joined 24-February 15
  • OS:none specified
  • Country: Country Flag

There are an update for root certificates:

 

authroots.sst  from  01/28/2016

 

Those using heinoganda's Cert_Updater.exe should run it ASAP. Others needing a redistributable rootsupd.exe should follow his instructions for creating their own, or PM at 5eraph for an updated EXE file.

 

:)


Edited by heinoganda, Today, 12:16 PM.

Cert_Updater to download and update the roots certificates as of revoked certificates for Windows XP here

Tutorial for current roots certificates and revoked certificate for Windows XP here

List of .NET Framework updates for Windows XP after April 2014 here

Complete list of .NET Framework 3.5 and 4 updates for Windows XP here


#857
SD73

SD73

    Newbie

  • Member
  • 17 posts
  • Joined 07-December 15
  • OS:XP Home
  • Country: Country Flag

Bluebolt - your fix is working on my XP machine! 

 

I created a new system restore point, immediately restored to that point, rebooted, and no more error messages.  Two or three reboots now.

 

The odd temp folders in Documents and Settings are gone.

 

The folders LocalService and NetworkService in Documents and Settings are showing a "Date Modified" time of my first successful reboot just now.  (I recall they were stuck on a January date before.)

 

The only odd thing is that in System Properties - Advanced - User Profiles - Settings, there are still five "Account Unknown"s last modified 6-23-15, each with a size of 20.4MB.  (My own profile is 2.86GB, last modified today.)  Should I try deleting those "Account Unknown"s?  (Where are they on C:\ drive anyway?)

 

Of course, this just might be only cosmetic - what do I know?  Is there a deeper level I should check?

 

Thanks!

 

[PS - for some reason, after May 27, I no longer get email alerts whenever someone posts here.  But my profile on this forum is to get those alerts.  What happened?]

 

 

 

I've been racking my brains trying to figure out why I had a some errors showing up in my event logs.  I ASSumed it was because in my never ending cause to eliminate Services I don't need I disabled something I shouldn't have.  Since my machine is primarily for sending out emails once a month and not much more I've tried to secure it as best I could by eliminating as many extraneous things I could.  So after a lot or researching why I was getting 1502, 1508, 1511, and 1515 all related to Temp Profiles I ended up back here.  The place I should have started as I would have saved a few hours of troubleshooting.  Thank you GLNZ for asking this question.  I never would have thought of posting it here.  And thank you Bluebolt for your answer!  This issue has been around for over a decade and I tried many of the solutions posted with not luck at all.  Your's worked like a charm.  It was simple as pie too!  And now my Task Manager shows just 26 Service running.  The O/S on my old machine seems as speedy as a new machine.

 

Thanks guys for such a fantastic forum!  


Edited by SD73, 30 January 2016 - 04:37 PM.

Dell Inspiron 530s / 2Gb RAM

Dual Boot:  XP Home 32 Bit w/SP3 / Linux Mint Cinnamon 64-bit

Office 2003 (Outlook & Word)

Firefox

CCleaner

VNC

Malwarebytes Anti-Exploit

BitDefender


#858
bluebolt

bluebolt

  • Member
  • PipPip
  • 152 posts
  • Joined 11-March 13
  • OS:Windows 2000 Professional
  • Country: Country Flag

 

Bluebolt - your fix is working on my XP machine! 

 

I created a new system restore point, immediately restored to that point, rebooted, and no more error messages.

 

I've been racking my brains trying to figure out why I had a some errors showing up in my event logs.

 

 

Man, what a crazy coincidence:  I used the System Restore trick just today on another machine that had odd Event Viewer “errors” at every startup, which I was pretty sure weren’t real errors--and it worked!  No more Event Viewer errors every time I boot up the machine.

 

I was even thinking about starting a new thread about “Using System Restore to Remove Event Viewer Errors” except…

 

I still have no idea how / why this works.



#859
SD73

SD73

    Newbie

  • Member
  • 17 posts
  • Joined 07-December 15
  • OS:XP Home
  • Country: Country Flag

Well i for one am certainly glad you did post here.  I I know myself well enough to know that little trick of yours would have been the very last thing I tried.  Thanks again!


Dell Inspiron 530s / 2Gb RAM

Dual Boot:  XP Home 32 Bit w/SP3 / Linux Mint Cinnamon 64-bit

Office 2003 (Outlook & Word)

Firefox

CCleaner

VNC

Malwarebytes Anti-Exploit

BitDefender


#860
Acheron

Acheron

    MSFN Expert

  • Member
  • PipPipPipPipPipPip
  • 1,010 posts
  • Joined 28-June 04
  • OS:XP Pro x86
  • Country: Country Flag


 

There are an update for root certificates:

 

authroots.sst  from  01/28/2016

 

Those using heinoganda's Cert_Updater.exe should run it ASAP. Others needing a redistributable rootsupd.exe should follow his instructions for creating their own, or PM at 5eraph for an updated EXE file.

 

:)

 

I noticed the comments in the thread on RyanVM are not available anymore. I had some remarks about the latest certificate changes added by Microsoft, while Google chooses to distrust these certificates instead. You can read about it here:

 

http://www.wildersse...-8#post-2558843

 

Maybe something interesting to try if you are security minded is installing Malwarebytes Anti-Exploit. It is similar to EMET, but much easier to use, as you don't have to specify processes yourself. Another option is Hitman Pro Alert.

 

Both programs still support Windows XP.


Edited by Acheron, 31 January 2016 - 12:32 PM.

Say no to bloatware. Download Nero Lite!

#861
heinoganda

heinoganda

    Junior

  • Member
  • Pip
  • 97 posts
  • Joined 24-February 15
  • OS:none specified
  • Country: Country Flag

@Acheron

Today I had to change the links in my posts to the contribution in RyanVM Forum, because the origional contribution was no longer available. Apparently there were problems.

 

In the event that Malwarebyte Anti-Exploit is used, would be interested to know what experiences have been made so respectively there was eventually problems with some programs.

 

:)


Edited by heinoganda, 31 January 2016 - 02:22 PM.

Cert_Updater to download and update the roots certificates as of revoked certificates for Windows XP here

Tutorial for current roots certificates and revoked certificate for Windows XP here

List of .NET Framework updates for Windows XP after April 2014 here

Complete list of .NET Framework 3.5 and 4 updates for Windows XP here


#862
Sampei.Nihira

Sampei.Nihira

    Newbie

  • Member
  • 16 posts
  • Joined 11-February 15
  • OS:XP Home
  • Country: Country Flag
Protection for I.E. scripting on MBAE:

Immagine.jpg

An example of testing with Exploit Test Tool (HPA3):

image.jpg

With MBAE you can uninstall all of the .NET Framework.

Edited by Sampei.Nihira, 04 February 2016 - 12:12 PM.


#863
Mcinwwl

Mcinwwl

    Newbie

  • Member
  • 47 posts
  • Joined 12-April 15
  • OS:XP Home
  • Country: Country Flag

MBAE had some issues with my XP, preventing IE 8 and Firefox from running, but with new update problems seem to be gone.



#864
heinoganda

heinoganda

    Junior

  • Member
  • Pip
  • 97 posts
  • Joined 24-February 15
  • OS:none specified
  • Country: Country Flag

First of all thanks for the info will, I install Malwarebytes Anti-Exploit times and taste over a longer period.

 

:)


Cert_Updater to download and update the roots certificates as of revoked certificates for Windows XP here

Tutorial for current roots certificates and revoked certificate for Windows XP here

List of .NET Framework updates for Windows XP after April 2014 here

Complete list of .NET Framework 3.5 and 4 updates for Windows XP here


#865
Sampei.Nihira

Sampei.Nihira

    Newbie

  • Member
  • 16 posts
  • Joined 11-February 15
  • OS:XP Home
  • Country: Country Flag
Good choice:


http://casual-scruti...et-evasion.html

Edited by Sampei.Nihira, Today, 09:15 AM.


#866
Acheron

Acheron

    MSFN Expert

  • Member
  • PipPipPipPipPipPip
  • 1,010 posts
  • Joined 28-June 04
  • OS:XP Pro x86
  • Country: Country Flag

So to improve the security on your running system, you should install multiple products and have them actively monitoring your system as only running an Anti-Virus is not enough these days. This would mean running a good anti-virus software package, installing and configuring EMET for running processes plus an additional anti exploit package like MBAE and still be very suspicious when opening email documents or visiting webpages from unknown persons.


Edited by Acheron, Today, 09:37 AM.

Say no to bloatware. Download Nero Lite!

#867
heinoganda

heinoganda

    Junior

  • Member
  • Pip
  • 97 posts
  • Joined 24-February 15
  • OS:none specified
  • Country: Country Flag

Either EMET or MBAE that behaves as if it has 2 virus scanners are installed simultaneously. In various tests, the programs bite.

 

:)


Cert_Updater to download and update the roots certificates as of revoked certificates for Windows XP here

Tutorial for current roots certificates and revoked certificate for Windows XP here

List of .NET Framework updates for Windows XP after April 2014 here

Complete list of .NET Framework 3.5 and 4 updates for Windows XP here


#868
5eraph

5eraph

    Update Packrat

  • Member
  • PipPipPipPipPipPip
  • 1,381 posts
  • Joined 04-July 05
  • OS:XP Pro x64
  • Country: Country Flag

Donator

I noticed the comments in the thread on RyanVM are not available anymore. I had some remarks about the latest certificate changes added by Microsoft[...]

@Acheron
Today I had to change the links in my posts to the contribution in RyanVM Forum, because the origional contribution was no longer available. Apparently there were problems.


The original thread seems to have been corrupted somehow, giving visitors an error 500 (Internal Server Error) when trying to access it. The thread was temporarily replaced and all comments were moved pending a fix. RyanVM fixed the issue and the original thread has been restored with all comments.

Edited by 5eraph, Today, 10:48 AM.


#869
Dclem

Dclem
  • Member
  • 9 posts
  • Joined 11-March 15
  • OS:XP Home
  • Country: Country Flag

MBAE had some issues with my XP, preventing IE 8 and Firefox from running, but with new update problems seem to be gone.

I discovered that when using EMET 4.1, It was necessary to disable deep hooks under the application settings.  Otherwise, IE8 and firefox would not launch.   Once the deep hooks were disabled, everything proceeded as normal.



#870
Dave-H

Dave-H

    MSFN Expert

  • MSFN Sponsor
  • 1,214 posts
  • Joined 04-January 06
  • OS:98SE
  • Country: Country Flag

I'm using EMET 4.1 Update 1, and just for the record, I have had to disable the EAF, MemProt, and StackPivot functions for Firefox to work properly, the EAF, LoadLib, MemProt, Caller, SimExecFlow, and StackPivot functions to get Google Chrome to work properly, and the LoadLib, MemProt, Caller, SimExecFlow, and StackPivot functions to get IE8 to work properly.

If any of these are enabled, the browsers concerned either won't start properly, or keep crashing.

:)


Triple boot Windows 98SE SP2.1a, Windows XP Professional SP3 32 bit, and Windows 8.1 Pro 64 bit.
Dual 3.16GHz X5460 Quad Core Xeons with 8GB RAM. Dual graphics cards ATI Radeon X600 and Nvidia Quadro 2000. 1920x1080 32 Bit Colour with Large Fonts.


#871
Acheron

Acheron

    MSFN Expert

  • Member
  • PipPipPipPipPipPip
  • 1,010 posts
  • Joined 28-June 04
  • OS:XP Pro x86
  • Country: Country Flag


Either EMET or MBAE that behaves as if it has 2 virus scanners are installed simultaneously. In various tests, the programs bite.

 

:)

 

I mentioned running both EMET and MBAE simultaneously might be a good idea, as the link Sampei.Nihira posted mentioned a security researcher who found an exploit that circumvented EMET protection mechanism. Luckily it was caught by MBAE. I assume the security researcher was running both programs at the same time.

 

I have not tested running both programs at the same time myself, but I see no reason why you couldn't run both EMET and MBAE simultaneously.

 

See also the following post on the Malware Bytes forum for an explanation about EMET and MBAE functionality and that they basically complement each other.:

 

https://forums.malwa...ae/#entry797279


Edited by Acheron, Today, 12:07 PM.

Say no to bloatware. Download Nero Lite!

#872
Sampei.Nihira

Sampei.Nihira

    Newbie

  • Member
  • 16 posts
  • Joined 11-February 15
  • OS:XP Home
  • Country: Country Flag
It's possible. But it is necessary competence to disable the mitigations of 2 anti exploits and get a good symbiotic job. EMET 4.1U1 is very poor on Exploit Test Tool (HPA3): http://www.surfright.nl/en/downloads/

#873
heinoganda

heinoganda

    Junior

  • Member
  • Pip
  • 97 posts
  • Joined 24-February 15
  • OS:none specified
  • Country: Country Flag

@5eraph

Thanks for the info, I changed the link in my posts accordingly.

 

@Acheron

So much the better, at least at an earlier time, there were often problems when both ran. Then I'm going to try a little bit, with both simultaneously in my VM.

 

:)


Edited by heinoganda, Today, 12:28 PM.

Cert_Updater to download and update the roots certificates as of revoked certificates for Windows XP here

Tutorial for current roots certificates and revoked certificate for Windows XP here

List of .NET Framework updates for Windows XP after April 2014 here

Complete list of .NET Framework 3.5 and 4 updates for Windows XP here


#874
Acheron

Acheron

    MSFN Expert

  • Member
  • PipPipPipPipPipPip
  • 1,010 posts
  • Joined 28-June 04
  • OS:XP Pro x86
  • Country: Country Flag

You can also try HitmanPro.Alert

 

It also supports Windows XP and if you click the link it shows a nice feature comparison sheet, listing regular Anti-Virus, EMET, MBAE, Traps and HitmanPro Alert features. Of course, this is only information from the manufacturer of HitmanPro.Alert, so I can't say anything about if the information is accurate.


Say no to bloatware. Download Nero Lite!




5 user(s) are reading this topic

2 members, 3 guests, 0 anonymous users


    heinoganda, Acheron