Forum Rules - Formats - Spotlights  -  Home - Library - New Additions

[Offer] Microsoft Word Junior 1.0 FR (SCP, IMG) [5.25 360K]

callmejackcallmejack
in Offers & Requests
Here is Microsoft Word Junior 1.0 French for DOS

This version is copy protected and I hope someone can find a way to make it work under an emulator.

Images in SCP and IMG format, disks are in 5.25" 360KB format, date is 24.09.1989.

Program disk has been modified but fortunately the Program copy seems to be untouched.

https://mega.nz/file/bGwnRaJS#4SXD20jAa0WPLXt3tqmI1rnXgZsunxuqiiApui1hmYE



Comments

  • johnlennon364johnlennon364
    I been looking for this a long time with Microsoft Multiplan Junior 1.0. I know somebody had Microsoft Word Junior 1.0 on Twitter/X had problem with because it Copy Protected. The version they had English version of Microsoft Word Junior 1.0 I think came from UK.
  • SomeGuySomeGuy
    Interesting, this looks more like Word for DOS than Microsoft Works that the Word JR 2 is supposedly based on. It runs in PCE.
  • coolhakencoolhaken
    There is a virus.
  • callmejackcallmejack
    Wow! Is it also on program backup disk ? If not we could remove program disk from the package.
  • 02k-guy02k-guy
    edited March 3
    "There is a virus."

    Grain of salt. Suggest a starting point of submitting to a malware testing site that has not sold it's soul to the devil for market share.

    https://www.hybrid-analysis.com/

    Also: Given the era, would expect to see an infected file with a different date/timestamp than others in the file set.

    As someone once said: "Trust but confirm".
  • johnlennon364johnlennon364
    @callmejack Do you have Microsoft Multiplan Junior 1.0 in your collection. That will be nice.
  • callmejackcallmejack
    edited March 3
    Using virustotal, out of 61 engines only avast and avg (same engine) spotted this as a virus. Strange. Backup program did not show any traces of malware
  • 02k-guy02k-guy
    "Using virustotal, out of 61 engines only avast and avg (same engine) spotted this as a virus. Strange. Backup program did not show any traces of malware"

    Which begs my point: virustotal is known for using shady/unknown a/v vendors. I appreciate that you listed the specific vendors that flagged it as malware.

    The site I linked to above
    https://www.hybrid-analysis.com/

    ....goes to great lengths to filter out false positives. We all would be well-served if this file was run through their engines.

    My personal experience has shown me that ESPECIALLY with this era of Microsoft products (and yes, other publishers too) virustotal has flagged files pulled directly from original Microsoft CD-ROMs.

    Once a software has been flagged by a vendor, the only way for it to be unflagged is for a formal challenge to be entered - by the original publisher.



  • callmejackcallmejack
    You can’t say virustotal is using shady/unknown av engines, do your own research.
    Anyway when I submit a file to virustotal and only one engine spots is as malware I usually conclude it’s a false positive. One way to verify this would be to use the untouched backup copy of program disk, do the setup and then scan the resulting word.com.
  • 02k-guy02k-guy
    "You can’t say virustotal is using shady/unknown av engines, do your own research."

    Yes I can, and I just did. And that is a troll class response you gave.

    Moving on: Regarding research, just a quick browse of it's listed a/v vendors show those from China, Malaysia and unheard of elsewhere. And, among those who handle a lot of files, this is an example of what is known:
    https://answers.microsoft.com/en-us/windows/forum/all/virus-total-false-positive-related/4373b318-9ef0-41df-879f-86bc4678201a
    "VirusTotal will almost always indicate a file may contain malware, it compares the file name, not the file contents against its database and usually indicate one or more of the linked anti-virus software listed that file as malware...."

    "Anyway when I submit a file to virustotal and only one engine spots is as malware I usually conclude it’s a false positive. "

    That is just as risky as assuming that because many vendors flagged it - it means it is malware.

    The particular virus name "com2s.1798" shows up in 2 vintage virus lists - one from MCafee, another from CP. That's just using Google for 1 minute, and I've no doubt there were others "at the time" who listed it.

    " One way to verify this would be to use the untouched backup copy of program disk, do the setup and then scan the resulting word.com."

    Who says it's "untouched"? All that is known is that someone acquired a set of diskettes and believes that one is untouched.

    What I'm trying to get across, is that blindly believing in the results of a "free scanning site" is that you get what you pay for.

    Don't be afraid of hybrid-analysis.com. It won't bite you, and neither will scruffy Microsoft Defender. There is no magic elixir or patent medicine.





  • SomeGuySomeGuy
    From what I can tell, the program backup disk was professionally mastered, and nothing has been modified on the disk. So whatever was on there was on there when it was mastered.
  • callmejackcallmejack
    @SomeGuy that’s good news, thanks for checking !
  • SomeGuySomeGuy
    edited March 4
    Looking a little closer, the MASTER program disk does have what looks like a virus in the COM files, but the BACKUP disk is is unmodified.

    So I'll probably just use the SCP file for the backup.

    But the UTIL disk also has it. Grumble, grumble.

  • callmejackcallmejack
    @coolhaken have you tried the « desinfect » option? Is fprot able to remove the virus ?
  • coolhakencoolhaken
    @callmejack Yes, F-PROT can remove this virus.
    I also noticed that the plan IMG of the MASTER program disk in your archive was not created correctly, so F-PROT can't find the virus in it.
    To create a correct plan IMG, you can try:
    psi disk.psi -p regular 40/2/9/512 disk.img
  • callmejackcallmejack
    @coolhaken I'm not very familiar with psi commands, what does this "regular" parameter do in this particular situation ? I've never used it before.
    Is it due to the fact that the floppy is copy protected and the default parameter do not work properly ?
  • SomeGuySomeGuy
    edited March 5
    Yes, normally PSI and other tools that dump from a flux image tend to dump all and any sectors they find, even if they are non-standard sized or extra sectors that are not accessed by DOS. This makes a raw IMG larger than it should be. (This is sometimes called "overdumping")

    Similarly these tools just omit any sector they can not find, because they have no idea if there should have been a sector there or not. So unreadable or intentionally omitted sectors cause an a raw IMG file to be smaller than it should be.

    Both of these throw things off in the IMG file making it appear corrupt to tools like WinImage or emulators.

    The "regular" parameter tells psi what the expected geometry should be so it only extracts these sectors and fills in an empty sector if a sector is not found. The result is an IMG that exactly matches the expected size.

    In the case of copy protection, the IMG sector file will not create a usable disk image, but you can then view and extract files, such as document files, configuration files, or the executable files. That is assuming the disk had an otherwise standard FAT file system.
  • callmejackcallmejack
    edited March 5
    Thanks very much for this extensive explanation. I will start using it from now on in my process.
    And I assume that if I have a one sided floppy I can use this : psi disk.psi -p regular 40/1/9/512 disk.img ?
Sign In or Register to comment.