|
|
Post #1
Apr 27 2009, 22:41
|
Would you kindly...
Group: Registered
Posts: 4,907
Joined: 25-March 09
From: Kent, England
Member No.: 286,512
|
Just a warning for anyone downloading the new RC builds of windows 7. Quiet a lot of the downloads have a trojan inbedded in the setup EXE. This should not be an issue if you booted from the DVD and installed, but if you upgraded it may have infected you. How to get rid: Extract contents of disk to hard disk then: The Setup EXE is actually a container, it appears to be a self-extracting EXE. There are 2 files inside, Setup.exe and codec.exe Codec.exe is the trojan. Extract setup.exe, and then delete the original. The setup.exe inside the container is actually the real install EXE, and I have verified it is clean, and that there are no other infected files on the disk. Then put the real setup.exe into the root of the folder, and build a bootable ISO with vLite. I cannot guarantee that this Virus is present in every leak, but it appears to be present in a lot of them 
This post has been edited by warwagon: Apr 28 2009, 03:47
|
Log In or Register · Advertise on Neowin
|
|
|
Post #2
Apr 27 2009, 22:45
|
BlackBerry Tour
Group: Registered
Posts: 2,663
Joined: 20-August 07
Member No.: 234,799
|
or it could be a FALSE positive
|
|
|
Post #3
Apr 27 2009, 22:46
|
Resident Elite
Group: +SubscriberČ
Posts: 1,981
Joined: 14-August 02
From: Philadelphia, PA
Member No.: 16,763
|
What is the MD5 on the ISO you downloaded? I think that is an important way to help people sift.
|
|
|
Post #4
Apr 27 2009, 22:47
|
Would you kindly...
Group: Registered
Posts: 4,907
Joined: 25-March 09
From: Kent, England
Member No.: 286,512
|
No, I can assure you isn't a false positive. You cannot open the real setup.exe in WinRar
|
|
|
Post #5
Apr 27 2009, 22:48
|
Neowinian Senior
Group: Registered
Posts: 2,479
Joined: 20-January 05
From: Calgary, AB
Member No.: 91,851
|
Mine must be clean then. I couldn't open the setup.exe with WinRAR, or anything else for that matter.
|
|
|
Post #6
Apr 27 2009, 22:51
|
Would you kindly...
Group: Registered
Posts: 4,907
Joined: 25-March 09
From: Kent, England
Member No.: 286,512
|
I believe it may be the X64 edition only, just getting the X86 to check if its clean
|
|
|
Post #7
Apr 27 2009, 22:54
|
BlackBerry Tour
Group: Registered
Posts: 2,663
Joined: 20-August 07
Member No.: 234,799
|
Quote - (Frank Fontaine @ Apr 27 2009, 18:47)  No, I can assure you isn't a false positive. You cannot open the real setup.exe in WinRar ahh well that just sucks ! some people just live to be assclowns
|
|
|
Post #8
Apr 27 2009, 22:58
|
Programmer & Web Developer
Group: Registered
Posts: 1,019
Joined: 24-March 08
From: Washington State
Member No.: 250,262
|
No problems here. Mounted/checked the ISO and scanned with Kaspersky to be sure. Running x64 here.
|
|
|
Post #9
Apr 27 2009, 22:58
|
make this your day
Group: Registered
Posts: 2,466
Joined: 30-December 03
From: Australia
Member No.: 43,974
|
Always check that the checksum on the file matches the untainted one (which you should be doing regardless for something like an OS ISO...)
|
|
|
Post #10
Apr 27 2009, 22:58
|
Neowinian
Group: Registered
Posts: 24
Joined: 14-November 06
Member No.: 187,318
|
Hi Frank
What is the size of your setup file and has it a digital signatures?
|
|
|
Post #11
Apr 27 2009, 22:59
|
Would you kindly...
Group: Registered
Posts: 4,907
Joined: 25-March 09
From: Kent, England
Member No.: 286,512
|
Quote - ((Spork) @ Apr 27 2009, 23:54) ahh well that just sucks !
some people just live to be assclowns Yep and the hysteria over 7 makes it an wasy target. The MD5 of the infected image is 838F96D945C9554835A96CF41DEC9453 Quote - (Luke777 @ Apr 27 2009, 23:58) Hi Frank
What is the size of your setup file and has it a digital signatures? Here's a screenshot of the properties page 
Hmm.jpg ( 29.9K )
Number of downloads: 34
|
|
|
Post #12
Apr 27 2009, 23:01
|
Neowinian
Group: Registered
Posts: 55
Joined: 30-March 09
Member No.: 287,068
|
Details of Windows 7 RC Build 7100 x64
Build String: 7100.0.winmain_win7rc.090421-1700
File Name: 7100.0.090421-1700_x64fre_client_en-us_Retail_Ultimate-GRC1CULFRER_EN_DVD.iso
Size: 3.04GB
MD5 Hash: 8867C13330F56A93944BCD46DCD73590
Torrent Hash: CA767EC8 D2D07ED9 ADDBAE37 89C45CC3 5761E4C5
Details of Windows 7 RC Build 7100 x86
Build String: 7100.0.winmain_win7rc.090421-1700
File Name: 7100.0.090421-1700_x86fre_client_en-us_Retail_Ultimate-GRC1CULFRER_EN_DVD.iso
Size: 2.35GB
MD5 Hash: 8867C13330F56A93944BCD46DCD73590 (x86 only)
CRC32: E8A1C394
SHA-1: 7D1F486CA569EFFFFB719CFB48355BB7BF499712
Torrent Hash: C738F422D 6C36C36A 655BEFB3 21E51E4A 2C84B7EE // A4835C20 4C7FC504 704C9376 73A8762A B9F2E761
|
|
|
Post #13
Apr 27 2009, 23:04
|
Would you kindly...
Group: Registered
Posts: 4,907
Joined: 25-March 09
From: Kent, England
Member No.: 286,512
|
Quote - (kukubau @ Apr 28 2009, 00:01) Details of Windows 7 RC Build 7100 x64
Build String: 7100.0.winmain_win7rc.090421-1700
File Name: 7100.0.090421-1700_x64fre_client_en-us_Retail_Ultimate-GRC1CULFRER_EN_DVD.iso
Size: 3.04GB
MD5 Hash: 8867C13330F56A93944BCD46DCD73590
Torrent Hash: CA767EC8 D2D07ED9 ADDBAE37 89C45CC3 5761E4C5 Yep, the MD5 of my ISO is different.
|
|
|
Post #14
Apr 27 2009, 23:06
|
BlackBerry Tour
Group: Registered
Posts: 2,663
Joined: 20-August 07
Member No.: 234,799
|
i got the x86 its clean .... sucks about the x64
yea win7 is a massive target atm
|
|
|
Post #15
Apr 27 2009, 23:08
|
Neowinian
Group: Registered
Posts: 24
Joined: 14-November 06
Member No.: 187,318
|
The original Setup file for build 7100 is 105 KB (64 bit) and is digital signed
|
