Jump to content

98 FE + 98 SE + ME updates + patches + (hot)fixes


Recommended Posts

Same MSE 5.7 problem here. First refused to install, said that I already had ver5.7. That is not true. I had ver 5.6. I installed manually by rightclicking on .inf. Same result as Tihiy, files in windows/system, but I haven't noticed anything broken.

After installing wmp.dll WMP9 stopped working on my machine. Said that I have incorrect version of wmp.dll. So I try reinstalling the update. Installer tells me that I have incorrect WMP version? This did not happen on the first install. I had to reinstall WMP9 tot get it working again.

Link to comment
Share on other sites


Same MSE 5.7 problem here. First refused to install, said that I already had ver5.7. That is not true. I had ver 5.6. I installed manually by rightclicking on .inf. Same result as Tihiy, files in windows/system, but I haven't noticed anything broken.

Same here, exactly.

After installing wmp.dll WMP9 stopped working on my machine. Said that I have incorrect version of wmp.dll.

Again, same here. :(

The file wmp.dll has a version number 9.0.0.3354 where 9.0.0.3349 was expected.  Windows Media Player is not installed properly and must be reinstalled.

Link to comment
Share on other sites

After installing wmp.dll WMP9 stopped working on my machine. Said that I have incorrect version of wmp.dll.

Again, same here. :(

The file wmp.dll has a version number 9.0.0.3354 where 9.0.0.3349 was expected.  Windows Media Player is not installed properly and must be reinstalled.

you need to re-register the WMP.DLL file after updating it, bristols and noguru.

Run unregmp2.exe with the /updatewmp switch. otherwise, you won't be able to use the newer wmp.dll file with WMP9. you'll find the UNREGMP2.EXE file in the \WINDOWS\INF\ folder. Type in the Run dialog box the following:

"C:\WINDOWS\INF\UNREGMP2.EXE /UPDATEWMP"

and you should be able to use Windows Media Player 9 with the newer WMP.DLL file.

The unofficial MSE 5.7 download for Win98/ME is definitely FLAWED and should NOT check for previous MSE version of the files. I will say that the unofficial MSE 5.7 download for WinNT4 should be REMOVED as the MSE 5.7 files do NOT work correctly under NT4 as I've confirmed they don't work under NT4 (but at least the MSE 5.7 files do run okay under Win98/ME). AND when I extracted and installed the unofficial MSE 5.7 files under Win98se, the cscript.exe and wscript.exe files are installed in the WRONG folder. CSCRIPT.EXE should go into the \WINDOWS\COMMAND\ folder while WSCRIPT.EXE should be installed in the \WINDOWS\ folder, just like in MSE 5.6.

So I demand the removal of the unofficial MSE 5.7 download for NT4 off MDGx's web site and the revising of the unofficial MSE 5.7 download for Win98/ME.

Edited by erpdude8
Link to comment
Share on other sites

Thanks erpdude8 - I re-registered WMP.DLL with your command and WMP works fine now.

Also, did you reboot before trying to use WMP after installing this update?

the_guy

I certainly did. I reboot after applying any patch or hotfix as a matter of course (unless there is some instruction included with the update that says I shouldn't for whatever reason).

Edited by bristols
Link to comment
Share on other sites

Hi MDGX.
But Script (MSE) 5.7 works ok with Win98 SE

In fact, i found that vb scripts [like msgbox("Hello World")] do not work anymore. Haven't tested JavaScripts.

Moreover, CScript.exe is now in \windows\system (was in \windows\command), but registry entries weren't updated to point to \windows\system (because your registry update flags indicate 'do not overwrite') and thus "Program Not Found" dialog pops up.

I have revised MSE 5.7, I replaced DISPEX.DLL with older 5.6.6626 and WSHOM.OCX with 5.6.8825 from MSE 5.6 [better compatibility], looks like it works better now. ;)

I've also made sure cscript.exe registry values are updated, so the OS "knows" it is in %windir%\system .

SCR579X backs up MSE 5.6 files by renaming them to *.56 .

SCR579X can be uninstalled easily [just in case]:

Start button -> Settings -> Control Panel -> Add/Remove Programs -> select "Unofficial Scripting Engines (MSE) 5.7 = Restore MSE 5.6" -> click Add/Remove button -> reboot.

Please test and let me know.

Thanks.

Unofficial MSE 5.7 5.7.0.16535 for Windows 98/98 SP1/98 SE/ME [714 KB]:

http://www.mdgx.com/files/SCR579X.EXE

If still doesn't work, please reinstall MSE 5.6 [665 KB]:

http://www.mdgx.com/files/SCR569X.EXE

HTH

Link to comment
Share on other sites

After installing wmp.dll WMP9 stopped working on my machine. Said that I have incorrect version of wmp.dll. So I try reinstalling the update. Installer tells me that I have incorrect WMP version? This did not happen on the first install. I had to reinstall WMP9 tot get it working again.
I have revised MP936782.EXE to properly register WMP.DLL into the registry by using unregmp2.exe [which is copied to %windir%\INF].

Should work ok now, please download again:

Unofficial WMP9 Patch for Windows 98 SE/ME [1.89 MB]:

http://www.mdgx.com/files/MP936782.EXE

Thanks.

Link to comment
Share on other sites

Hi MDGX.

I get an error message during the installation of the 938127 (VML/VGX) fix:

An error occurred while renaming a file: "Cannot create a file when that file already exists" (error #183).

Current file name C:\Program Files\Common Files\Microsoft Shared\Vgx\vgx.dll

At this point I chose to cancel the setup.

I have revised the VGX.DLL fix.

Now setup deletes any older *.ORI files so it can rename [back up] the current one from "C:\Program Files\Common Files\Microsoft Shared\VGX".

Should work ok now.

Please download and install again:

Unofficial MS IE 5.5 SP2/6.0/6.0 SP1 Patch for Windows 98/98 SP1/98 SE/NT4 SP6a/ME [1.03 MB, English]:

http://www.mdgx.com/files/IE938127.EXE

P.S.:

Italian fix also revised:

Unofficial MS IE 5.5 SP2/6.0/6.0 SP1 Patch for Windows 98/98 SP1/98 SE/NT4 SP6a/ME [1.03 MB, Italian]:

http://www.mdgx.com/files/IT938127.EXE

Thanks.

HTH

Link to comment
Share on other sites

I will say that the unofficial MSE 5.7 download for WinNT4 should be REMOVED as the MSE 5.7 files do NOT work correctly under NT4 as I've confirmed they don't work under NT4 (but at least the MSE 5.7 files do run okay under Win98/ME).
I have removed MSE 5.7 for NT4 [sCR57NT.EXE].

Thanks.

I have revised SCR579X.EXE to install all files in %windir%\system , similar to the way they do on NTx OSes.

I added INF code to properly register all files to %windir%\SYSTEM .

Also, I've replaced DISPEX.DLL + WSHOM.OCX with the older ones from MSE 5.6, seems to work better that way.

Uninstall is available, if needed:

Start button -> Settings -> Control Panel -> Add/Remove Programs -> select "Unofficial Scripting Engines (MSE) 5.7 = Restore MSE 5.6" -> click Add/Remove button -> reboot.

Please d/l + install again, and test if works ok on 98/98 SE/ME:

Unofficial MSE 5.7 5.7.0.16535 for Windows 98/98 SP1/98 SE/ME [714 KB]:

http://www.mdgx.com/files/SCR579X.EXE

And if everything else fails, there's always MSE 5.6: ;)

Unofficial MSE 5.6 5.6.0.8832 for Windows 98/98 SP1/98 SE/ME [665 KB]:

http://www.mdgx.com/files/SCR569X.EXE

Thanks.

HTH

Link to comment
Share on other sites

Any reason why the unofficial WMP9 patch won't work on 98FE? There is a method to installing it.

the_guy

First I need to have a WMP9 installer [similar to WMP9URP] everybody can install on 98 FE, and after that I will modify the WMP.DLL patch to make it work with 98 FE.

Posted Unofficial WMP90_98.EXE for Win98 (FE) + 98 SP1:

http://www.mdgx.com/wmp.htm#WMP9

HTH

Link to comment
Share on other sites

hey the_guy. can you revise your unofficial Q927779.exe MDAC 2.5 SP3 fix. the Q927779.INF file needs to be changed because a few updated files could not be installed because they were named incorrectly.

In the [AD] section, change msdaomd.dll to msadomd.dll and change msdaox.dll to msadox.dll

http://www.msfn.org/board/index.php?s=&amp...st&p=672079

Didn't know if you've seen this or not. MDGx has the broken pkg on his site...

http://www.mdgx.com/add.htm#DAC

Unofficial MDAC 2.5 SP3 Patch for Windows 95/OSR1/OSR2/NT4/98/98 SP1/98 SE [1.32 MB].

http://www.mdgx.com/files/Q927779.EXE

thanks!

I sent MDGx the fixed patch a while ago.

Please do not send things like this to me via PM. Please post it on the forum so more people are aware.

the_guy

I guess you did see it then.

OK, you want it here, here it is <shrug> . I'm really not used to dealing with communities of hackers (using the original meaning & positive connotation :thumbup ); it seems truth in information really is king. And since I don't post much (not much to say) I'll take this as an opportunity to tell all of you who contribute "I love this stuff!! You guys ROCK!!"

Anyway, I forgot to mention that I e-mailed MDGx via the feedback link on his site, since I didn't know who had dropped the ball. Apparently it's in MDGx's court now.

Edited by Torin
Link to comment
Share on other sites

I have installed this latest unnoficial windows script update by hand and it seems at first sight to work properly with IE 5.5.

Unfortunately it does not seem to fix a javascript exploit about which I exchanged a few emails with the (very distasteful and dishonest IMO) MS Security people a few months ago. I had hoped it would.

An example of the exploit is here : http://homepage.ntlworld.com/eidenk/exploit.chm

By running the chm file (which contains only 1 html page which itself contains only the javascript exploit code), hh.exe tries to connect to a website in Russia and download and execute a file on your local machine.

Actually it doesn't download anything if you allow it go with your firewall (I hope you have one) because the site in Russia is now empty (It was infecting machines with a trojan nicknamed Gozi).

Point is that this vulnerability is big and affects apparently any application using the IE runtime to render javascript, ie, HH.exe, Outlook, IE clones, etc...

Can someone test and confirm that systems other than mine are also vulnerable ?

If so, then maybe the baby could be passed to anonymous or someone able to patch that.

Edited by eidenk
Link to comment
Share on other sites

I have installed this latest unnoficial windows script update by hand and it seems at first sight to work properly with IE 5.5.

Unfortunately it does not seem to fix a javascript exploit about which I exchanged a few emails with the (very distasteful and dishonest IMO) MS Security people a few months ago. I had hoped it would.

An example of the exploit is here : http://homepage.ntlworld.com/eidenk/exploit.chm

By running the chm file (which contains only 1 html page which itself contains only the javascript exploit code), hh.exe tries to connect to a website in Russia and download and execute a file on your local machine.

Actually it doesn't download anything if you allow it go with your firewall (I hope you have one) because the site in Russia is now empty (It was infecting machines with a trojan nicknamed Gozi).

Point is that this vulnerability is big and affects apparently any application using the IE runtime to render javascript, ie, HH.exe, Outlook, IE clones, etc...

Can someone test and confirm that systems other than mine are also vulnerable ?

If so, then maybe the baby could be passed to anonymous or someone able to patch that.

have you contacted Woody Leonard about the "javascript" exploit, eidenk? at least Woody (the self-proclaimed MS software victim) could get Microsoft's attention about it. Contact him here:

http://www.askwoody.com/contactus.php

also try explaining about the JS exploit to the folks at Secunia or US-Cert even. make it well known about the problem

note to MDGx: can you revise your OLE automation update to include these files-

asycfilt.dll 2.40.4530 > from Win2k KB917423

oleaut32.dll 2.40.4519 > from VB6 KB924053 (oant4.dll) v2.40.4531 (oa2k.dll) doesn't work correctly under Win9x/NT4 - fixes security problems in security bulletin MS07-043

olepro32.dll 5.0.4530 > from Win2k KB917423

stdole2.tlb 2.40.4530 > from Win2k KB917423

Edited by erpdude8
Link to comment
Share on other sites

Well erpdude, not wanting to go off topic in this thread, but I think MS had all my attention as I exchanged enough emails about that vuln with them and posted about it on the sysinternal forums (which is also MS) in addition to my posts about it on here.

I have further been contacted, on here by PM, about it by a certain Don Jackson, security researcher :

I saw your post on the vm3.exe file downloaded via an IFRAME from an RBN server. That file is malware related to Small.BS and Snifula trojans and used in a large attack by a Russian team I've been tracking.

The press are doing a fairly big story on this. Please contact (mail or phone is OK) if you would like to talk about when you first noticed it, what platform you were using, how you detected it, what web site you found it on, and so on. I would appreciate the source. You can talk anonymously if you prefer.

I can put you in touch with out VP of Corporate Communications or the reporter himself. I can give you their email addresses. Would that be OK?

Thanks,

He further wrote to me :

Hi, Dom!

Yes, they'd like to talk with you about your post.

A little background on the malware:

The vm2.exe, vm3.exe, and work.exe files on the server were written by a Russian RAT group called the HangUp Team. Once they infected a PC, the trojans stole data submitted to web sites (even SSL-protected sites) and forwarded that back to their server. The server has a back-end system used to index the data and sell it as subscriptions to "feeds" from groups of infected PCs (subscriptions were sold in underground forums). The back-end system was customized to work with those trojans. It was written by Grig, a "graduate" of the HangUp Team, and his new business partner in Mexico calling himself Exoric. Together they are known as "76service". I've been tracking both groups for a while.

The malware was served using IFRAMEs on more than 2,000 compromised web sites, That IFRAME pointed to an exploit page on a Russian server using an ADODB exploit to perfom a "drive-by" download of the EXE files. Most older NT-based systems were vulnerable. XP SP2 would prompt the user before installing the file, but many people still fell for it anyway. It infected more than 5,200 PCs worldwide.

My analysis is here:

http://www.secureworks.com/research/threats/gozi/

While I was preparing the writeup, I saw your post on SysInternals. You are the only person I know that posted about this specific malware, but when I tried to contact you, they had closed the forums (to lock out forum spam), and I couldn't send you a message.

It's been in the press before, but CSO Magazine is doing a big story on these types of trojans and their affect on on-line commerce, and the author (Scott) would like to speak with other sources besides me and SecureWorks.

We had some discussions with Microsoft, too. I'm sure he'd be interested in your experience.

I've forwarded your e-mail address to Scott and also to our Corporate Communications VP.

Regards,

Don Jackson, CISSP

Security Researcher

In that post he backs MS claims that XPSP2 is not vulnerable to the Javascript exploit which in my observation is not correct.

And weirdly for someone who claims to track gangsters he was not interested by another more complex exploit I had fully captured with all the IP adresses and transactions with the various sites involved in spreading another malware from an ukrainian site via a complex exploit. He did not answer a line about my offer to forward him all details I had of that new one.

When I finally pointed out those two things to this Scott Berinato (see above who he is) with whom I subsequently exchanged a phone call and several emails for my interview, asking him if he had any idea why Don Jackson was not interested in other exploits I had discovered, he stopped replying to me and I haven't heard about him since nor have I rteceived any copy of his mag with the interview I gave him.

I can't be bothered to get in touch with woody erpdude but if you want to, please feel free to point him to that post.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...