"Negster22."

We had a little bit of a STORMY session last nite and this morn. That is why I am just now arriving.

Only if you feel a need of necessity. In limbo is not that bad if you are accustomed to it. Actually I have WinDiff on my D partition, my partitions go out to 'O' so there are many runs to be completed before I feel confident. I will need to setup a lettering and numbering system to keep them straight. For those that are run from a Bootable floppy I just place an 'A' for the first letter. The remainder are just randomized but in an orderly fashion.

Thank you for the Deletion,

OK - I did my own comparison using a Windows 95 PC and a DOS boot floppy.

A couple of observations for you:

• WinDiff cannot be run from the floppy even if it fits on the floppy. When I tried it, I got this message:
  "This program cannot be run in dos mode."
  
  
• Because the base part of a DOS formatted file or directory name is restricted to 8 characters, your will find that the identical file may look different in the DOS floppy view vs Win 95 or 98 view. Here's an example of how same file is represented:
  
  From Win 95 PC, the file path looks like this:
  C:\Program Files\The Microsoft Network\The Microsoft Network.MSN
  
  The same file path looks like this from the DOS floppy:
  C:\PROGRA~1\THEMIC~1\THEMIC~1.MSN
  
  both of these representations were generated using the "dir /a-h /s /b" command.
  
  That means you will have to do your own comparison on some of the longer files, apart from using the file comparison tools. Either that, or you can edit the files to match where it is warranted and then recompare them.
  
  If you have an editor that can do copy/replace like EditPad Lite (without inserting control chars), that process is easier.
  
  I tried CSDiff, HTMLDiff, and WinDiff. Abu can give you some pointers on using CSDiff and HTMLDiff more effectively.
  
  
• You may want to do a extra directory listing from both inside and outside, using the exact same command but leaving out the /b switch (bare format) just so you can get a file count, too. (The bare format switch suppresses the file count that you normally see).

You have your work cut out for you then!

_________________
Negster22 - MS MVP - Consumer Security 2006-2008

"negster22,"

Yes, thank you, I know my work is cutout for me and will get to it ASAP.

I have been using JGSoft's EditPad for about 10 years and love it. No limit on size nor quantity, tab feature.

I have used dir /s /on /a (-h) both sorting by name. That way they are both in the same order not random and easier to compare, I have even used EditPad for that purpose.

I have a copy/paste of your message into EditPadClassic, as I call it, for future reference.

Now that some of our fireworks weather has passed maybe some work can be accomplished.

Good Night!!

Thank you so very much for all of this work you have put into my problem.

Negy22,

I just wish, with all of the extras that are on my plate at this time there is not enough for this project.

When you reach the retirement age then you will see thingys much differently. I am usually on here at about 0530 in the morn till maybe 2200 (10pm), when I am able to make it here. Usually up about 0200-0500 to start doing my daily routine.

Maybe later today will be more to my liking.

Thank you for spending so much time with this one, also hope some other KeyBored Jockey is able to find some assistance within my ramblings as well as your Great Assistance,

"Negs22,"

Had a system crash/w BSOD and bad weather coming in again at that time and just shut thingys down.

Just returned yesterday and had a need to work on a different problem before returning to this one. The other is now solved, this one is still in my problems area. That crash also gave me a message about 'system resources are very low' and that has some concern for me as that has not ever occurred.

Am using Avira AntiVir v7.x.x.x/w latest VDF, that was my other problem regaining the hi-ground with that software. After over a week of not being able to download a valid file to use for my update, cheated a little and used an old version saved on my system and then re-ran the update and vola` SUCCESS.

Now for this one, I have run the dir /s /on /b /ah on my C: drive from within Windows and from a bootable floppy. The HTML/Diff program does not show the file sizes so if there is a difference that will have to be done in a TXT file, right? Plus, not really sure what is required to look for in the compared files, most of what I have seen is the diff between Windows file names, long, and DOS file names, 8.3. Maybe I am not looking at the correct file comparison. One other, also, maybe I need to read the HELP files a little more thoroughly.

Just wanted to bring you up to where I am, and not really sure I know that. More bad weather on the way this week so may need to do more waiting.

Thank you so much for your HELP and I did a Google on 'Strider GhostBuster' and that is a MicroSoft project and may not be usable on Win98SE. Need to do more searching in that area.

CU L8R,

Just a quick note:

I did Google 'Strider GhostBuster' and most all of what I found, 864 hits, are for NT, 2k, 2k3 etceteras, nothing seems to fit Win98SE, BOO HOO!!

So I guess we of Win98 will be in limbo to MANUAL operations.

TIA CU L8R,
LKKB

"Negs22,"

What do you know about Blue Pill/Red Pill by Joanna? Are they also not for Win98? I know they are for her employer's use with their customers. Seems she is very up on RKs and how to protect against them.

CU L8R,

"Negs22,"

It seems I am very guilty of being much of a "N00ß" as well. I ran across some of the instructions on the 'Strider GhostBuster Project' on µSoft's site that gave them a little differently, it seems there are not any problems on my system, except for ME!! At least the C: drive seems to be clear. Now to do the other partitions.
Plus have a need to do some editing of those that I have done incorrectly, like the big "D". Then start over.

Again, I cannot say this enough to all that have posted here, a very LARGE THANK YOU,

I know that Microsoft has semi-patched the Blue Pill exploit that Joanna was able to "infect" Vista x64 with:
http://www.eweek.com/article2/0,1895,2034307,00.asp

The Blue Pill prototype that Joanna developed ran on a 64 bit Vista machine with an AMD processor. Joanna says it should be able to run on any operating system built on 64 bit architecture.

Blue pill is a virtual machine based rootkit (VMBR) that is able to penetrate the Vista kernel without a reboot. It is POC (proof of concept) and not in the wild. MS and University of Michigan have jointly developed a rootkit called SubVirt also POC.

Here's a good article on that:
http://www.eweek.com/article2/0,1895,1936666,00.asp

_________________
Negster22 - MS MVP - Consumer Security 2006-2008

I dont know what to say. I mixed up with names of the diff software. I actualy used and intended to recommend to use Compare-It diff program and not htmldiff. When I used the diff programs, I uninstalled them and then I thought I had used htmldiff and that name was stuck in my mind. I would not recommend htmldiff as it is not good at all and the results are confusing. I am terribly sorry for this. I will need to update my blog soon.

Please instead download Compare-It or ExamDiff. Both are almost the same and have a very good comparison interface.

Compare-It has an advantage is that it will color in red the exact difference within common line in the two files. This is an advantage becuase it will make it easy to recognize and skip the lines with file names that were shortened in DOS. You can also generate an htlml report of the results.
ExamDiff has the advantage that you can only display the line differences from the two files. Compare-It also has that feature, but isnt as effective since it will also display common lines between two files that were ordered differently.

If you decide to use Compare-It, download, unzip and install the program.
Start the program-> browse the the text file you generated from dos and click open > browse the othe text file you generated from windows and click open
Now In the left pane, the lines that are colored in green are the files that appeared in DOS but not in windows.
The lines that are colored in blue are files that exist in both files but with some changes such as shortening the file names. Within the blue lines you wil notice the difference colored in red.
Example:
C:\Docume~1\Administrator\
C:\Documents and Settings\Administrator\
You can simply skim quickly through the blue lines.

The lines colored in red in the right pane, are files that appeared in windows but not in dos. You can ignore these files.
The lines colored in black are common lines between the two files and these should be ignored.

I hope this helps.

"Negs22,"

Thank you for that info on BluePill, from what I had read I thought it was a RK killer or IDer. Well also I think I will stay away from that as 64bit is a little over my head.

Thank you,

NEXT:

"AbuIbrahim,"

Beyond my wildest dreams, this has been a very large HELP, that is what I need the most.

I prefer the ExamDiff better and is much easier to work with.

Just a quick note to let you know how thingys are progressing. If you would like I will give a little explanation of what I have done and how it has worked out for me. Not here nor now but L8R.

CU.

Your welcome lkkb. I am glad to hear that you have found what you needed.

I will be eager to know on how things work out.