Do any of you use "PSPad" freeware editor & why does Windows Defender flag it as Win32/Lodi & Win32/Vigram.A?

[Arlen Holder]

Do any of you use "PSPad" freeware editor?
o Why does Windows Defender flag it as Win32/Lodi & Win32/Vigram.A?

I was reading up how to find text in binary files such as:
";HKR,%EPattributePath%\EpSettings\StereoMixEnable,Enable,1,01"
In any of the Windows binary files located in:
"C:/Windows/System32/DriverStore/FileRepository/"

Where one suggestion was to use "search" in the PSPad freeware editor:
<http://www.pspad.com/en/download.htm>
SHA1 checksums:
aa790ef2039440e755eb1d4679eb4812d02ee832 pspad503_setup.exe
44c107de315c28ec302509b40c679d2cc82f37d0 pspad503en.zip
As described in cut-and-paste detail in this tutorial:
o How to Restore Missing Stereo Mix on Windows 10
<https://appuals.com/how-to-restore-missing-stereo-mix-on-windows-10/>

However when I downloaded PSPad & ran Windows Defender on it, it said:
o Misleading: Win32/Lodi
o Program: Win32/Vigram.A

Googling, both of those seem to be generic warnings only.

I looked for a review of PSPad to see if it's legit, but it's not easy to
find as few people seem to know about it; so I don't know if it's legit.

Do you?
--
The reason it matters is I'm testing out this tutorial in gory detail:
o Tutorial using Audacity 2.4.2 to record Windows web browser streaming audio to MP3
<https://groups.google.com/g/alt.comp.microsoft.windows/c/looV9kcLG_U>

[B. R. 'BeAr' Ederson]

On Sat, 7th Nov 2020 09:26:44 -0000 (UTC), Arlen Holder wrote:

> SHA1 checksums:
> aa790ef2039440e755eb1d4679eb4812d02ee832 pspad503_setup.exe
> 44c107de315c28ec302509b40c679d2cc82f37d0 pspad503en.zip

Match.

> However when I downloaded PSPad & ran Windows Defender on it, it said:
> o Misleading: Win32/Lodi
> o Program: Win32/Vigram.A

Neither shows a scan on VirusTotal any complaints (except SecureAge APEX
on the Setup, which is a normal InnoSetup package), nor does an up-to-date
MS Defender complain about anything, hereabouts. (This includes manual
scan as well as runtime heuristics.) I guess, you just ran into a false
positive.

F'up set to acf.

BeAr
--
===========================================================================
= What do you mean with: "Perfection is always an illusion"? =
===============================================================--(Oops!)===

[Arlen Holder]

On Sat, 7 Nov 2020 12:16 +0000 (GMT Standard Time), John K.Eason wrote:

> I've been using it for many years on Windows 7.
> http://www.pspad.com/en/download.php is the initial download page and the link
> there for the Windows version takes you to https://www.fosshub.com/PSPad.html where
> you can download either the installer or portable version. I've just installed it
> on my W10 machine without problem and it runs fine. No sign of any AV warnings.

Thanks for that update, as I was researching how to scan hundreds of binary
files for the keywords in that article I referenced, where the proposed
solution was to use that "PSPad" editor as a free binary file "search
engine" to search hundreds of binary files for any given ASCII keywords.

It's kind of a nice feature to search for keywords in hundreds of binary
files, where the goal of that effort was to figure out WHICH binary file
contained the keywords of interest.

Does anyone know of _other_ binary search programs out there for this task?
a. Scan any given file structure, e.g., "C:/Windows/System32/DriverStore/"
b. For any given keywords, e.g., "StereoMixEnable"
--
In this case, the scan was for:
a. "C:/Windows/System32/DriverStore/FileRepository/"
b. ";HKR,%EPattributePath%\EpSettings\StereoMixEnable,Enable,1,01"

[B. R. 'BeAr' Ederson]

On Sat, 7th Nov 2020 20:16:03 -0000 (UTC), Arlen Holder wrote:

> Does anyone know of _other_ binary search programs out there for this task?
> a. Scan any given file structure, e.g., "C:/Windows/System32/DriverStore/"
> b. For any given keywords, e.g., "StereoMixEnable"

There are too many out there to keep track of them. Some working from
command line, others with GUI.

Nirsoft SearchMyFiles is one supporting both modes:

www.nirsoft.net/utils/search_my_files.html

To examine the content of found files, a decent universal viewer or hex
editor should be registered as general right mouse menu file handler. I
usually recommend the free stand-alone version of Total Commander Lister
as very fast viewer (even for extremely huge files):

www.ghisler.com/lister

OT for acf, but generally worth a look is TotalCommander, itself. It has
one of the best search functions available and is extendable by plugins.
One-time registration provides free lifetime updates. (At least, this has
been the case since 1993...)

[Arlen Holder]

On Sun, 8 Nov 2020 00:31 +0000 (GMT Standard Time), John K.Eason wrote:

>> It's kind of a nice feature to search for keywords in hundreds of
>> binary files, where the goal of that effort was to figure out WHICH
>> binary file contained the keywords of interest.
>

> I have to say that I'd only ever used it for writing PHP and a bit of HTML. I
> didn't even know that it was suitable for scanning binary files, but since you
> asked if anyone had heard of it... :^)

Thanks again for confirming that the binary search is an interesting
feature of the PSpad software.

As an interesting aside, I place all software "where it belongs", where
this new-to-me PSPad editor clearly goes under "c:\app\editor\" but it's so
powerful that I'm not sure which category it "properly" goes into, but, for
now, I'll put it into my already large (about 30 editors) hex editor tree.

For example, here's a screenshot of my "hex editors" freeware repository:
o <https://i.postimg.cc/xdCrfS1h/hexedit01.jpg>

dir c:\app\editor
o android
o audio
o calendar
o codec
o convert
o epub
o hex <== I guess I'll put this new "pspad" editor here???
o icon
o passwd
o pic
o pspdf
o screenrec
o snapshot
o suite
o txt
o cad
o vid
o exif
o watermark
o download
o assembler
o xml

dir c:\app\editor\hex
o behexeditor
o bitedit9
o catch22
o cihexviewer
o cygnus
o frhed
o hackman
o hexed
o hexedit
o hexinator
o hexplorer
o hextreme
o hthexeditor
o hxd
o ibored
o ihex
o javahexeditor
o microhex
o mitec
o neo
o openfreely
o pspad <== I guess I'll put this new "pspad" editor here???
o tinyhexer
o truesight
o tyrannosaurushex
o winvi
o wxhexeditor
o xvi32
--
The problem with freeware is there is so much of it to test out.

[Arlen Holder]

On Sat, 7 Nov 2020 12:23:07 +0100, B. R. 'BeAr' Ederson wrote:

> Neither shows a scan on VirusTotal any complaints (except SecureAge APEX
> on the Setup, which is a normal InnoSetup package), nor does an up-to-date
> MS Defender complain about anything, hereabouts. (This includes manual
> scan as well as runtime heuristics.) I guess, you just ran into a false
> positive.

Thanks Bear Ederson for confirming that the PSPad freeware is legit.

Given this tool is, among other things, a "hex editor", I've tentatively
decided to add it to my hex editor freeware archives shown below
for all to benefit from every action:
o <https://i.postimg.cc/xdCrfS1h/hexedit01.jpg>

All I ask is that people IMPROVE these archives with every post.

o Be.HexEditor
Opens files of unlimited size.
Multi-language support (English, German, Japanese and Russian)
Contains a reusable control for .NET developers
<https://sourceforge.net/projects/hexbox/>
<https://pilotfiber.dl.sourceforge.net/project/hexbox/hexbox/Be.HexEditor%201.6.0/Be.HexEditor-1.6.0.zip>
Name: Be.HexEditor-1.6.0.zip
Size: 981107 bytes (958 KiB)
SHA256: 09783889CF44185BAC3A8ABB0B8720B31274B6BBA5E7293F4E833AA558E4CF9D

o BitEdit9 (need canonical site of ISA999 Software)
Hex viewer, Hex Editor, Decimal Editor, Decimal Viewer,
Binary Viewer, Binary Editor, Octal Viewer, and Octal Editor.
A drop-down list lets you select different Unicode:
Hex, Decimal, Octal, and Binary.
Search a specific code and replace selected code with other code.
<https://download.cnet.com/developer/isa999/i-10285851/>
<https://download.cnet.com/BitEdit9/3000-2352_4-75908541.html>
Name: BitEdit9.exe
Size: 5861723 bytes (5724 KiB)
SHA256: 2F1543BDE9AFD31002E9C847A0D869F026543271295E24C9E143F25644FBE4A4
<https://download.cnet.com/BitEdit9-Portable/3000-2352_4-75911570.html>
Name: BitEdit9(Portable).zip
Size: 4523525 bytes (4417 KiB)
SHA256: A7211E9C80C4FADC0032DDADAC20A10C58333DFAB621B7231C1B23CAB80085CA

o Catch22 HexEdit
Open, view, and edit any type of files up to 16 Exabytes.
Hex Viewer, Decimal Viewer, Decimal Editor, Binary Viewer, Binary Editor,
Octal Viewer, and Octal Editor
Edit and view multiple files at a time in separate tabs.
Search, replace, import, export, save, print hex files,
<http://www.catch22.net/software/hexedit>
<http://www.catch22.net/assets/files/software/hexedit-amd64-2.0.6.49.zip>
Name: hexedit-amd64-2.0.6.49.zip
Size: 12478 bytes (12 KiB)
SHA256: 373FCFCB3DE6F79B537524DE90B735EE49A743A7DA27FDDEB565FC16A48A1A9D
<http://www.catch22.net/assets/files/software/hexedit-x86-2.0.6.49.zip>
Name: hexedit-x86-2.0.6.49.zip
Size: 12454 bytes (12 KiB)
SHA256: BFFA64D1E5174C708B8BE27C3338D30C3DA2972A47EE339564F98CDFD4B11F53

o CIHexViewer
Easy-to-write structure templates
Structure template customization
Establishing conditions with if and when in order to set actions
Adding dependent structures attached to the basic data block structure
Automatic templates assignment to all files and storages of the same type
Context structure inspector
Detailed structure information
Find and replace tool based on several search methods
<http://www.cihexviewer.com/>
<https://www.sysdevlabs.com/product.php?id=cihex>
<https://www.sysdevlabs.com/download/cihexviewer.exe>
Name: cihexviewer.exe
Size: 5471152 bytes (5342 KiB)
SHA256: E011C4345785788B749083D345F95061981CCDC5AFA7AECBF391AD44B04A2AA2

o Cygnus (need canonical site for last known good freeware)
Open, edit, save, print search, find, import, and export hex files.
Open files through drag and drop.
Edit files up to available virtual memory (up to 2GB)
It supports almost all files without additional memory limits.
Edit hex and ASCII codes.
Edit multiple files by dropping them onto program icon.
File comparing.
Print all or any portion of a file.
<https://download.cnet.com/Cygnus-Hex-Editor-Free-Edition/3000-2352_4-10448945.html>
Name: cygnusfe.zip
Size: 290828 bytes (284 KiB)
SHA256: 72B99174D0B8CDE674229F85A6E7A5EE969BE838B9FD7F99401D4301A497EB3F

o Frhed / fshed
Add append.
Compare offset values.
Import and export as hexdump.
Insert files in an opened file.
Find and replace codes.
Adjust view settings like background color
Add bookmarks.
Insert Decimal values.
Apply template.
Jump to any offset value.
Apply assignment operator like XOR, OR, AND
<http://frhed.sourceforge.net/en/>
<https://sourceforge.net/projects/frhed/files/1.%20Stable%20Releases/1.6.0/>
<https://newcontinuum.dl.sourceforge.net/project/frhed/3.%20Alpha%20Releases/1.7.1/Frhed-1.7.1-Setup.exe>
Name: Frhed-1.7.1-Setup.exe
Size: 734858 bytes (717 KiB)
SHA256: 1058379C7596E86A1B864D070B7CCA52EFC15F692C2C480B112BF18D2F3C2835
Name: fshed_setup.exe
Size: 2026448 bytes (1978 KiB)
SHA256: 5CAACE51382411A44CE8C492D224EF420A789136A1F17BEF4504CBF1302C130D

o Hackman suite
Copy, cut, paste, save, print
Compare files.
Change offset values.
Jump to desired address.
Insert file, byte, random numbers
Encrypt and decrypt files.
Calculator.
<https://www.technologismiki.com/prod.php?id=31>
<https://www.technologismiki.com/uplx/hack930.zip>
Name: hack930.zip
Size: 9016679 bytes (8805 KiB)
SHA256: 256D2E49FC0F026E350F6C2DF2F247E923330AF9393760B0C701CC549E283FBD

o Hex-Ed (aka Hex Edit, need canonical site expert commercial software)
Import and export hex files.
Add append.
Add other hex files.
Find and replace any hex code.
Highlight specific codes.
Bookmark codes.
Jump to any offset value or address.
Can change Various font styles.
Encrypt and decrypt file.
Apply operations like: assignment, logical, addition, subtraction
Calculator.
Easy to use and reliable binary file editor.
Autofit, INS/OVR modes, fast search/compare, highlighter, bookmarks,
Change tracking, EBCDIC, colour schemes.
Display/change over 70 properties:
<http://www.hexedit.com/>
<https://www.softpedia.com/get/Programming/File-Editors/Hex-Edit.shtml>
<https://download.cnet.com/Hex-Edit-Free/3000-2352_4-10046060.html>
<https://www.softpedia.com/get/Office-tools/Text-editors/Hex-Ed.shtml>
<https://download.cnet.com/HexEdit/3000-2352_4-10208432.html>
Name: HexEdit4_binary.zip
Size: 10411334 bytes (10167 KiB)
SHA256: 6946042CAC703CA52BB383C050351B215272D9188FE9792A3F6DF943151B0000

o Hexinator
Cross platform, Windows, Linux, and Mac
Powerful free Hex Editor for Windows and Linux
Saves Time with Automatic File Decoding
Compare binary files
<https://hexinator.com/>
<https://hexinator.com/downloads/windows/hexinator-64-1.12.msi>
Name: hexinator-64-1.12.msi
Size: 108023296 bytes (103 MiB)
SHA256: C7E22A0C2D54B5639C6D38B88B3EF395B9CB2499C9EE0238B29B2A4EBBFF94F3

o Hexplorer
Open, view, edit, print, and save hex files.
Import and export codes: Ascii Hex, Atmel Genric, Intel Hex, RCA Cosmoc,
Spectrum, SPASM, MOS Technology, Signetics, Wilson, DEC Binary (XXDP),
LSI Logic Fast Load
Change Date, time and attribute, copy a chain of text or hex codes,
Find and replace a code.
XOR, AND, OR, Increment bytes, Decrement bytes, swap bytes, flip bytes
Copy and paste MRU and external text.
Encrypt hex files with a password to save private information.
Search and find a definite pattern of codes in open hex file.
<https://sourceforge.net/projects/hexplorer/>
<https://phoenixnap.dl.sourceforge.net/project/hexplorer/hexplorer/hexplorer%202.6/hex_setup26.exe>
Name: hex_setup26.exe
Size: 490249 bytes (478 KiB)
SHA256: 341F388118C24AD337B0A6A2A141D3518CE15C264060D5327485D71155D2DEC3

o Hextreme Hex Editor
Open multiple hex files simultaneously in different tabs.
Search any hex code, go to any desired address line, & go to decimal place.
<http://www.dreamsyssoft.com/hextreme-hex-editor/>
<http://www.dreamsyssoft.com/download/hextreme.msi>
Name: hextreme.msi
Size: 384000 bytes (375 KiB)
SHA256: 60B93C6D13CF7680155D6014A77FEBD605C6E3E33766D8C42F35FEA447574A71
<http://www.dreamsyssoft.com/download/hextreme1.zip>
Name: hextreme1.zip
Size: 395147 bytes (385 KiB)
SHA256: 161189EA335D43753A6AE72A24A868F44F35B69223A0EB64356D54E91C0A3EB7

o HT Hex Editor (need canonical site)
Inspect and edit any file, main memory, or disk/disk image
Opens hex file in read-only mode.
You make it writable to edit it.
<https://www.softpedia.com/get/Programming/File-Editors/HT-Hex-Editor.shtml>
<https://download.cnet.com/HxD-Hex-Editor/3000-2352_4-10891068.html>
Name: HxDSetup.zip
Size: 3271994 bytes (3195 KiB)
SHA256: 06860E17FA2DC943A2F8E1D2B6CA0AB534CD4C456418E804610DB7E866CF717D

o HxD hex editor:
Compare two hex files.
Search and replace a specific code.
Jump to any address line.
Insert bytes in any open file.
<https://mh-nexus.de/en/hxd/>

o iBored (originally named rohPod)
Cross platform Mac OS X, Windows and Linux.
A hex editor for disk sectors
Can also be used to edit files, including disk images.
Can view disks in custom block sizes.
Deals gracefully with read errors:
You can copy a partially-damaged disk to an image file
(bad blocks will become zero-filled in the copy)
in order to use recovery tools on the error-free copy then.
When modifying data, a "journal" file is written to your desktop
that contains the previous data of the altered blocks,
and it can be used to undo your changes.
Can view partitions and other subranges as containers with their own start,
length and block size.
Can be re-launched with admin (root) rights to access non-removable disks
Detects connected iPods, showing their firmware partition contents.
Can access disks remotely over a network connection.
Can save a range of blocks to a file and write a file back to disk.
Has a powerful template system to view and analyse disk structures.
Can edit MBR and GPT partition tables.
Can install a PC BIOS bootloader dealing with both MBR and GPT.
<https://apps.tempel.org/iBored/>
<https://files.tempel.org/iBored/iBored-Windows_1.2.zip>
Name: iBored-Windows_1.2.zip
Size: 22498668 bytes (21 MiB)
SHA256: 58E55547EAC8F10BBC48A3CADF39A115ED1E3A3BBE9B0C6A908959C3B921139D

o ihex
Cross-platform hex editor.
Doesn't load all the file at once.
Just a pane of 1 MiB is loaded at any given time
Thus it can edit/view very large files almost instantly.
Visualiser tool for binary structures.
View data as text tool.
Cross platform: Windows, Linux and Mac.
Able to compare two files.
Open source.
Search for hex or plain text.
Copy data as hex, text or source code.
Paste data as hex or binary.
Save the selection to a file.
Psuedo random byte generator available.
Doesn't use the registry (Portable).
<http://www.memecode.com/ihex/>
<http://www.memecode.com/ihex/data/ihex-win64-v1.2.exe>
Name: ihex-win64-v1.2.exe
Size: 748493 bytes (730 KiB)
SHA256: 6C23B49D38F21C6C8F5783E15C29D1874E39A74AE504451116F53547A84F05CA

o Java Hex Editor
Available as stand-alone application on multiple platforms
Available as an Eclipse plugin
Support for very large files
Hex, ASCII and Unicode find.
Overwrite/insert modes
Binary and text cut/copy/paste
Undo/redo
<https://sourceforge.net/projects/javahexeditor/>
<https://master.dl.sourceforge.net/project/javahexeditor/javahexeditor/current/javahexeditor-win32-x86_64.zip>
Name: javahexeditor-win32-x86_64.zip
Size: 3494775 bytes (3412 KiB)
SHA256: AC1F84BE7F693D93F3712BF71A8F052E0814480F1FCE196EA86123D3DEC1C379

o Microhex (discontinued)
hex view is highly configurable
two predefined type of columns are available
integers column can interpret data as bytes, words, double or quad words,
signed or unsigned, little or big endian;
characters column interpret data as sequence of characters
in one of >30 encodings including various Unicode formats
(UTF-16, UF-32, UTF-8) each column can have unlimited number of linked
address bars displaying absolute or relative to fixed position address
loading not entire file, but only specified range of bytes
freezing loaded data size
loading file in read-only and read-write mode
loading very large files without memory and time overhead
files can be loaded into RAM
undo and redo operations not limited to state where file was saved
<https://sourceforge.net/projects/microhex/>
<https://sourceforge.net/projects/microhex/files/latest/download>
<https://pilotfiber.dl.sourceforge.net/project/microhex/bin/microhex-0.0.2-win32-install.exe>
Name: microhex-0.0.2-win32-install.exe
Size: 9161413 bytes (8946 KiB)
SHA256: E8034611DDC362A853CC05E159D17312C5059E0033DAB6FEAF8836E325FB1951

o MiTeC Hexadecimal Editor
MDI interface
Data Inspector
Calculator
File Compare
Memory Dumper
Disk Dumper (NT only)
<http://www.mitec.cz/hex.html>
<http://www.mitec.cz/Downloads/HEXEdit.zip>
Name: HEXEdit.zip
Size: 1073438 bytes (1048 KiB)
SHA256: 941CEF7A55C0320131B84AD8EFB1270EE5792682F84E430A702F7C8FCDEB5589

o Neo hex editor
Insert other files and hex files.
Encrypt and decrypt a hex file.
Fill binary, octal, decimal, float, double, string, and hex file or pattern.
Save and print edited hex files.
Change file size in Bytes, KB, MB, GB, and TB.
Capable of handling large size binary files.
Supports multi tabs.
<https://www.hhdsoftware.com/free-hex-editor>
<https://www.hhdsoftware.com/download/free-hex-editor-neo.exe>
Name: free-hex-editor-neo.exe
Size: 15324376 bytes (14 MiB)
SHA256: 6A76FDD828AA9A41DE459C398E319A96CCEBE47D4ADA556C43DA128A1579A5D7

o OpenFreely (need canonical site)
Opens just about any file format (they say)
<https://www.softpedia.com/get/Office-tools/Other-Office-Tools/Open-Freely.shtml>
<https://download.cnet.com/Open-Freely/3000-2351_4-75567358.html>
Name: openfreely_setup.exe
Size: 30614160 bytes (29 MiB)
SHA256: 91A7309E46032F6D53ECD5C7546C59F84E55857D551D4973ABD0CF76086D3660

o Tiny Hexer (need canonical site)
Insert and delete nibble,
Find and replace, find and store, insert file, open drive,
Convert characters as per source and target,
Jump to any offset values directly, compare files, add bookmarks
<https://www.softpedia.com/get/Others/Miscellaneous/tiny-hexer.shtml>
<https://softpedia-secure-download.com/dl/1bb6b9dc4ec591596c0ff12b1b0dc75e/5fa7c172/100035737/software/programming/mpth_18.exe>
Name: mpth_18.exe
Size: 2520920 bytes (2461 KiB)
SHA256: 738FEE6C1488EFBCAD8FF46CA282A4341746BBD1AAE765499E6E548F21474EB6

o TrueSight (need mydatasoftware canonical site)
Open files of maximum size 18 exabyte.
Supports multiple tabs
Display hex as well as ASCII code.
Jump to any address, jump to previous modification,
Jump to next modification, find specific codes
<https://www.softpedia.com/get/Office-tools/Text-editors/UltraEdit.shtml>
<https://download.cnet.com/TrueSight/3000-2352_4-76471457.html>
Name: truesight-1.2-win64.7z
Size: 8432214 bytes (8234 KiB)
SHA256: 4CA951505181D532533EAD334D5112E7C5777D4EE0DB476FD908970206CB2546

o Tyrannosaurus Hex (need canonical site)
Supports multiple tabs.
Displays histogram.
Jump to any address value.
Find and replace.
Change background color and interface view.
Read Palette.
<https://www.softpedia.com/get/Programming/File-Editors/Tyrannosaurus-Hex.shtml>
Name: t_hex_alpha.zip
Size: 1711540 bytes (1671 KiB)
SHA256: 9F6F1FD38873AADEBA7FF6499D4DDB625DD7D211D3C0F8E09E35EE2855406A02

o WinVi
open, view, and edit Hex, ASCII, DOS, EBCDIC, UTF-8, and UTF-16
Search specific strings to edit them.
Insert File option to insert other files in an open hex file.
<http://www.winvi.de/en/>
<http://www.winvi.de/en/download.html>
<http://www.winvi.de/winvi302.zip>
Name: winvi302.zip
Size: 192512 bytes (188 KiB)
SHA256: D2ADFF0FA24C621200294DEFB5AA0F325F6DABC4742C28201E74CB384AC827B4

o wxHexEditor
Cross-platform hex editor (Windows, Linux, and MacOSX)
Multiple tabs to open and edit multiple hex files at a time
Displays offset, hexadecimal characters, and symbols.
View and edit dataInterpreter.
Search, replace, jump to any offset, change interface view,
<http://www.wxhexeditor.org/home.php>
<http://www.wxhexeditor.org/download.php>
<https://sourceforge.net/projects/wxhexeditor/>
<https://pilotfiber.dl.sourceforge.net/project/wxhexeditor/wxHexEditor/v0.24%20Beta/wxHexEditor-v0.24-Win32.zip>
Name: wxHexEditor-v0.24-Win32.zip
Size: 3182273 bytes (3107 KiB)
SHA256: 0E4C794231580B383D33477586C42B559220F75AC735D71A01D63E60BCC21F5E

o XVI32
Open files up to maximum size of 2 GB.
View ASCII & hexadecimal files.
Use two cursors simultaneously on its interface (hex & symbols or text)
Adjust font size and types, search text or hex code, insert any file,
Jump to any address line in hex and decimal codes,
<http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm>
<http://www.chmaas.handshake.de/delphi/freeware/xvi32/xvi32.htm#download>
<http://www.handshake.de/user/chmaas/delphi/download/xvi32.zip>
Name: xvi32.zip
Size: 571070 bytes (557 KiB)
SHA256: 4F7EECB1FABBBDE739D5D842468869217A427B8C91BAFDA19B465B0E9137AF3B

As always, if you know of other freeware hex editors, please update!
--

> F'up set to acf.

Added the original so that all benefit from the permanent achive value.

[VanguardLH]

Arlen Holder <arlen_...@newmachines.com> wrote:

> Do any of you use "PSPad" freeware editor?
> o Why does Windows Defender flag it as Win32/Lodi & Win32/Vigram.A?
>
> I was reading up how to find text in binary files such as:
> ";HKR,%EPattributePath%\EpSettings\StereoMixEnable,Enable,1,01"
> In any of the Windows binary files located in:
> "C:/Windows/System32/DriverStore/FileRepository/"
>
> Where one suggestion was to use "search" in the PSPad freeware editor:
> <http://www.pspad.com/en/download.htm>
> SHA1 checksums:
> aa790ef2039440e755eb1d4679eb4812d02ee832 pspad503_setup.exe
> 44c107de315c28ec302509b40c679d2cc82f37d0 pspad503en.zip
> As described in cut-and-paste detail in this tutorial:
> o How to Restore Missing Stereo Mix on Windows 10
> <https://appuals.com/how-to-restore-missing-stereo-mix-on-windows-10/>
>
> However when I downloaded PSPad & ran Windows Defender on it, it said:
> o Misleading: Win32/Lodi
> o Program: Win32/Vigram.A
>
> Googling, both of those seem to be generic warnings only.
>
> I looked for a review of PSPad to see if it's legit, but it's not easy to
> find as few people seem to know about it; so I don't know if it's legit.
>
> Do you?

Defender uses a signature database as do most anti-virus programs. I
just had it alert as a PUP (Probably Unwanted Program) a file that has
been on my computer for years, and for over a year on my Win10 setup.
It is an installation file, but for an old version of a program, so I
wouldn't install it, anyway, but use a later installer/program version.
It's been there for a very long time, and just now Defender flagged and
alerted on it as a PUP. I reported the false positive to Microsoft
(https://www.microsoft.com/en-us/wdsi/filesubmission/). They came back
that they will not update their database to remove the farked signature.
They don't care that it is an old file. They don't care that later
versioned installers install the same program (video stream capture).
They don't care.

So, I had to flag the file as okay (whitelist it) despite it's an
archived installer for a program that is already installed and obviously
not a PUP nor do they detect the installed programs as a PUP. If an
installer .exe is a PUP then so should whatever it installs. Microsoft
cannot figure that out.

Did you submit the file to Virus Total? You gave the download web page,
but not which program you downloaded. You said you ran a Defender scan
on it, but did not mention if that was before or after you installed it
(for the installer version) or on the .zip file (for the portable
version). I downloaded both. VirusTotal said 1 AV alerted on the .exe
installer: SecureAgeAPEX. Never heard of it. Just because VirusTotal
uses it doesn't mean it is a good AV. They include many crappy AV
programs in their suite to scan a submitted file. With a suite of 63
AVs, some are going to be excellent, and some will be crap. The .zip
file didn't cause any alerts at VirusTotal. That was on my submissions.
You should upload whatever .exe or .zip you got from the download site.
PsPad doesn't host the download files. They have them hosted elsewhere.

Win32/Lodi
https://www.2-spyware.com/remove-win32lodi.html

https://malwarefixes.com/threats/win32vigram-a/
Well, does PsPad handle URLs (to visit those sites)?

From their FAQ page, PsPad usurps many standard Windows key combos, like
Ctrl+C, Ctrl+X, etc for its Clipboard Monitor. That could be seen as
invasive behavior to alter operation of the OS and standard expected
behavior in apps.

Did you install *just* PsPad, or some bundleware that came with it?
Does its installer offer a custom install, so you can select what gets
installed and skip anything else? There are several extensions
(plug-ins) for PsPad. Did you scan against a pure install of PsPad, or
did you install extensions into it?

From their web site's download page:

I hereby declare, that PSPad installer, downloaded from PSPad page,
doesn't contains any bundled software or malware. PSPad installer and
PSPad.exe itself is digitaly signed with code signing certificate,
issued by Comodo certification authority.

That's their claim. I suspect extensions to PsPad are writting by
others, and the above claim does not cover someone else's code.

It'll be up to you if you want to whitelist the installer or the
installed program (or the portable version after extracting it from the
.zip file) in Defender. Not sure at what point Defender bitched this
was a PUP. I'm using Defender, too, and it didn't peep when I
downloaded both the .exe installer and .zip files.

No, I don't use PsPad. I downloaded the .exe installer and .zip
portable file without any alert from Defender. I didn't bother to
install the program or extract files from the .zip file since I won't be
using it.