On Fri, Apr 03, 2020 at 14:56:05 -0400, Nathan Stratton Treadway wrote: [mystery files found pre-installed on the computer with broken TAP-Windows:] > Directory of > C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_6d4bec28a2ef0cdf > 10/31/2019 02:11 AM 10,042 tap0901.cat > 10/31/2019 02:09 AM 30,720 tap0901.sys
> > The sha1sums of the two versions of the file are: > ===== > $ sha1sum *{program,system32}*tap09* > 42189b6a1b8c736397113bfc2283f5e1e1a44e8e failed_program-files_tap0901.sys > [the 39,920-byte file] > 841a86f416a882b0743fd6d9c9f29baf3ed06b6a failed_system32-drivers_tap0901.sys > [the 30,720-byte file] > ===== > > > So.. do you recognize this 30,720-byte file at all, or have any ideas > where it might have originated from? It occurred to me that even though we don't need to install OpenVPN on a Windows 7 box I could go ahead and download the Win7 installer and see if the embedded TAP driver files match the ones included there. Short answer: yes, the mystery files are exactly the same as the ones in that installer. So, that doesn't really tell us how those driver files got installed on the box before OpenVPN was ever installed -- but at least it tells us exactly which files were involved.... Nathan Here's the transcript of the check: First, the sha1sums of the "bad" files pulled out of the DriverStore\... directory: ==== $ sha1sum failed_system32-driverstore_* d85f4e65fe10f13ded1780ddbd074edfc75f2d25 failed_system32-driverstore_oemvista.inf d99e38968de1ca1850971a2b81bfdab49626aaed failed_system32-driverstore_tap0901.cat 841a86f416a882b0743fd6d9c9f29baf3ed06b6a failed_system32-driverstore_tap0901.sys ==== ... and the original Windows timestamps: ==== C:\Windows\System32\DriverStore\FileRepository\oemvista.inf_amd64_6d4bec28a2ef0cdf 03/27/2020 11:09 AM <DIR> . 03/27/2020 11:09 AM <DIR> .. 10/31/2019 02:09 AM 7,537 oemvista.inf 03/27/2020 11:09 AM 8,828 oemvista.PNF 10/31/2019 02:11 AM 10,042 tap0901.cat 10/31/2019 02:09 AM 30,720 tap0901.sys ==== Then, unpack the Win7 installer and check the files inside it: ==== $ sha1sum openvpn-install-2.4.8-I602-Win7.exe 8c9f28d7bdbb4613777a9741809e34b91fd45a0f openvpn-install-2.4.8-I602-Win7.exe $ 7z e openvpn-install-2.4.8-I602-Win7.exe '$TEMP/tap-windows.exe' 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18 p7zip Version 9.20 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,8 CPUs) Processing archive: openvpn-install-2.4.8-I602-Win7.exe Extracting $TEMP/tap-windows.exe Everything is Ok Size: 575288 Compressed: 4322568 $ ls -l total 4788 -rw-rw-r-- 1 nathanst nathanst 4322568 Apr 4 14:28 openvpn-install-2.4.8-I602-Win7.exe -rw-rw-r-- 1 nathanst nathanst 575288 Oct 31 03:34 tap-windows.exe $ sha1sum tap-windows.exe f0fd7873544739a0cac4cf93e446efe629c00668 tap-windows.exe $ 7z x tap-windows.exe 7-Zip [64] 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18 p7zip Version 9.20 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,8 CPUs) Processing archive: tap-windows.exe [ ... bunch of files extracted; once again, I had to choose the "A(u)to rename all" option because the various flavors all try to unpack into the same subdirectories ... ] $ cd */driver [ ... the first-level subdirectory name is non-ascii, so use a wildcard to get down into the second-level "driver" subdirectory ... ] $ grep amd *.inf OemVista.inf: %Provider% = tap0901, NTamd64 OemVista.inf:[tap0901.NTamd64] $ file tap0901.* tap0901.cat: data tap0901.sys: PE32+ executable (native) x86-64, for MS Windows $ ls -l {OemVista,tap0901}.* -rw-rw-r-- 1 nathanst nathanst 7537 Oct 31 02:09 OemVista.inf -rw-rw-r-- 1 nathanst nathanst 10042 Oct 31 02:11 tap0901.cat -rw-rw-r-- 1 nathanst nathanst 30720 Oct 31 02:09 tap0901.sys $ sha1sum {OemVista,tap0901}.* d85f4e65fe10f13ded1780ddbd074edfc75f2d25 OemVista.inf d99e38968de1ca1850971a2b81bfdab49626aaed tap0901.cat 841a86f416a882b0743fd6d9c9f29baf3ed06b6a tap0901.sys ==== So, the unpacked-from-archive timestamps and the sha1sums match for all three files. ---------------------------------------------------------------------------- Nathan Stratton Treadway - natha...@ontko.com - Mid-Atlantic region Ray Ontko & Co. - Software consulting services - http://www.ontko.com/ GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239 Key fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239 _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users