If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Windows XP Professional installation security problem?
I noticed the v3-19990518 in the path - v3 signifies this may be from
the old v3 of the Windows update site, which tells me you are downloading a Win98/Win98SE version - somehow you are either selecting or being redirected to the incorrect version of WMP - as a Win9x version won't work on an NT OS? -- Star Fleet Admiral Q @ your service -------------------------------------------------------- "Giuseppe Vitillaro" wrote in message om... Last week I meet a really "esoteric" problem that, maybe, can be clarified on this newsgroup (otherwise, please, address me to the right one). It started with "Windows File Protection" claiming this files has a wrong signature (under Windows XP Professional Italian Version, SP1 and SP1a): qasf.dll laprxy.dll wmvdmod.dll wmvcore.dll wmsdmod.dll wmnetmgr.dll wmasf.dll wmadmoe.dll wmadmod.dll mpg4dmod.dll logagent.exe It is "easy" to realize this DLL/EXE files belongs (most of them) to Windows Media Player 9. I restarted a scratch installation (thinking I had a problem) just to find that any installation path that contains WMP9 lead to the same situation. I checked on the news and on other machine without being able to replicate the problem. So I started to investigate deeply. Well I realized that my WMP9 was installed (from Windows Update) from this URL: http://download.windowsupdate.com/ms...C42F8CDF .EXE extracted from the log file of an "empty" squid cache. This is the actual log of the squid cache: 1091035479.420 144 XXX.XXX.XXX.XXX TCP_MISS/200 437 HEAD http://download.windowsupdate.com/ms...C42F8CDF .EXE - DIRECT/195.22.198.71 application/x-msdownload with my address masked for security. Now, if you try to download this file from this URL, you will obtain a valid MPSetupXP.exe file that, if installed, generate the problem. The same file, download "now", from MS site is different and do not generate any signature problem and keep the WFP happy. The wrong file has length "9289840" and MD5 signature "fda94079455d1828fc4ebeeb17dc2aba", while the rigth file has length "10135688" and md5 signature "876f2c0ac871f45d2c93a7dc28e3aa98". Now ... what the hell is wrong here? I was installing from "original" olographic MS CD ... on a scratch partition (reformatted) ... using "Windows Update" and an "empty" squid cache ... even now I downloaded many times the "wrong" file from different machines on different networks ... it is still "wrong". I have to suppose microsoft servers has been hacked? What about the security and itegrity of our machines? May I ask to this group to do some ancilliary test on this? It may be my own problem ... who konws ... but if someone would be able to replicate the problem ... well "we" have a problem ... Thanks, G. Vitillaro. P.S. If you send reply via e-mail, please send them to this address " after removing the "-nospam" mask. |
Ads |
#2
|
|||
|
|||
Windows XP Professional installation security problem?
I'm installing Windows Media Player 9 on a Windows XP Professional
(installed from scratch at least 4 times) using "Windows Update" integrated in Windows XP Professional. So ... how Windows Update may choose a Windows 98 Version? Did you noted the file is called MPSetupXP? In both cases? It really seems the XP installer ... and it actually install on Windows XP ... I never installed the WMP9 on a Windows 98 ... but I cannot the believe MPSetup.exe installs itself on the wrong type of OS ... Furthermore I just downloaded from MS the Windows 98/ME/2000 ... the file is called MPSetup.exe, is 13951112 bytes long and has md5 signature "e919c4e0050b32aebe83a5d2eb613dd4" ... so ... as you can see .... your explanation doesn't work. Again I'm "begging" for some deeper analysis ... it can be MS didn't updated some site ... it can be a server hacking ... it can be a root DNS server hacking ... I haven't an explanation by now ... but I'm pretty sure ... is "not" a trivial explanation. Thank, G. Vitillaro. "Star Fleet Admiral Q" wrote in message ... I noticed the v3-19990518 in the path - v3 signifies this may be from the old v3 of the Windows update site, which tells me you are downloading a Win98/Win98SE version - somehow you are either selecting or being redirected to the incorrect version of WMP - as a Win9x version won't work on an NT OS? -- Star Fleet Admiral Q @ your service -------------------------------------------------------- "Giuseppe Vitillaro" wrote in message om... Last week I meet a really "esoteric" problem that, maybe, can be clarified on this newsgroup (otherwise, please, address me to the right one). It started with "Windows File Protection" claiming this files has a wrong signature (under Windows XP Professional Italian Version, SP1 and SP1a): qasf.dll laprxy.dll wmvdmod.dll wmvcore.dll wmsdmod.dll wmnetmgr.dll wmasf.dll wmadmoe.dll wmadmod.dll mpg4dmod.dll logagent.exe It is "easy" to realize this DLL/EXE files belongs (most of them) to Windows Media Player 9. I restarted a scratch installation (thinking I had a problem) just to find that any installation path that contains WMP9 lead to the same situation. I checked on the news and on other machine without being able to replicate the problem. So I started to investigate deeply. Well I realized that my WMP9 was installed (from Windows Update) from this URL: http://download.windowsupdate.com/ms...C42F8CDF .EXE extracted from the log file of an "empty" squid cache. This is the actual log of the squid cache: 1091035479.420 144 XXX.XXX.XXX.XXX TCP_MISS/200 437 HEAD http://download.windowsupdate.com/ms...C42F8CDF .EXE - DIRECT/195.22.198.71 application/x-msdownload with my address masked for security. Now, if you try to download this file from this URL, you will obtain a valid MPSetupXP.exe file that, if installed, generate the problem. The same file, download "now", from MS site is different and do not generate any signature problem and keep the WFP happy. The wrong file has length "9289840" and MD5 signature "fda94079455d1828fc4ebeeb17dc2aba", while the rigth file has length "10135688" and md5 signature "876f2c0ac871f45d2c93a7dc28e3aa98". Now ... what the hell is wrong here? I was installing from "original" olographic MS CD ... on a scratch partition (reformatted) ... using "Windows Update" and an "empty" squid cache ... even now I downloaded many times the "wrong" file from different machines on different networks ... it is still "wrong". I have to suppose microsoft servers has been hacked? What about the security and itegrity of our machines? May I ask to this group to do some ancilliary test on this? It may be my own problem ... who konws ... but if someone would be able to replicate the problem ... well "we" have a problem ... Thanks, G. Vitillaro. P.S. If you send reply via e-mail, please send them to this address " after removing the "-nospam" mask. |
#3
|
|||
|
|||
Windows XP Professional installation security problem?
Just another clue to this topic.
This is my windows update "wrong" URL (I found it on two of my machines inside the "Windows Update.log" file): http://download.windowsupdate.com/ms...C42F8CDF .EXE and this "seems" a good URL update, found inside some "Windows Update.log" that was posted on the Net: http://download.windowsupdate.com/ms...0E7A6936 .EXE The first URL lead to the bad file, the second URL to the good one (as noted in my first post). As you can see the URL path is the same. It only change the "hex" part of the filename (is it a signature, a checksum, someone knows?). This is really driving me crazy. How may I be sure in the future that Windows Update is downloading the rigth files? G. Vitillaro. "Star Fleet Admiral Q" wrote in message ... I noticed the v3-19990518 in the path - v3 signifies this may be from the old v3 of the Windows update site, which tells me you are downloading a Win98/Win98SE version - somehow you are either selecting or being redirected to the incorrect version of WMP - as a Win9x version won't work on an NT OS? -- Star Fleet Admiral Q @ your service -------------------------------------------------------- "Giuseppe Vitillaro" wrote in message om... Last week I meet a really "esoteric" problem that, maybe, can be clarified on this newsgroup (otherwise, please, address me to the right one). It started with "Windows File Protection" claiming this files has a wrong signature (under Windows XP Professional Italian Version, SP1 and SP1a): qasf.dll laprxy.dll wmvdmod.dll wmvcore.dll wmsdmod.dll wmnetmgr.dll wmasf.dll wmadmoe.dll wmadmod.dll mpg4dmod.dll logagent.exe It is "easy" to realize this DLL/EXE files belongs (most of them) to Windows Media Player 9. I restarted a scratch installation (thinking I had a problem) just to find that any installation path that contains WMP9 lead to the same situation. I checked on the news and on other machine without being able to replicate the problem. So I started to investigate deeply. Well I realized that my WMP9 was installed (from Windows Update) from this URL: http://download.windowsupdate.com/ms...C42F8CDF .EXE extracted from the log file of an "empty" squid cache. This is the actual log of the squid cache: 1091035479.420 144 XXX.XXX.XXX.XXX TCP_MISS/200 437 HEAD http://download.windowsupdate.com/ms...C42F8CDF .EXE - DIRECT/195.22.198.71 application/x-msdownload with my address masked for security. Now, if you try to download this file from this URL, you will obtain a valid MPSetupXP.exe file that, if installed, generate the problem. The same file, download "now", from MS site is different and do not generate any signature problem and keep the WFP happy. The wrong file has length "9289840" and MD5 signature "fda94079455d1828fc4ebeeb17dc2aba", while the rigth file has length "10135688" and md5 signature "876f2c0ac871f45d2c93a7dc28e3aa98". Now ... what the hell is wrong here? I was installing from "original" olographic MS CD ... on a scratch partition (reformatted) ... using "Windows Update" and an "empty" squid cache ... even now I downloaded many times the "wrong" file from different machines on different networks ... it is still "wrong". I have to suppose microsoft servers has been hacked? What about the security and itegrity of our machines? May I ask to this group to do some ancilliary test on this? It may be my own problem ... who konws ... but if someone would be able to replicate the problem ... well "we" have a problem ... Thanks, G. Vitillaro. P.S. If you send reply via e-mail, please send them to this address " after removing the "-nospam" mask. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Critical Updates listed as Not passing Logo Cert. | David Nazzaro | Performance and Maintainance of XP | 2 | July 29th 04 09:58 AM |
Critical Updates listed as Not passing Logo Cert. | David Nazzaro | Performance and Maintainance of XP | 2 | July 29th 04 03:23 AM |
2 home computers XP Pro on comp. and Home Ed. on other? | Tiger | General XP issues or comments | 4 | July 25th 04 12:06 PM |
2 home computers XP Pro on comp. and Home Ed. on other? | Tiger | General XP issues or comments | 4 | July 25th 04 10:21 AM |
2 home computers XP Pro on comp. and Home Ed. on other? | Tiger | General XP issues or comments | 4 | July 25th 04 08:33 AM |