Sign in to follow this  
Followers 0

Windows 7 RC build 7100 Download: Warning

42 posts in this topic

Posted (edited)

Just a warning for anyone downloading the new RC builds of windows 7. Quiet a lot of the downloads have a trojan inbedded in the setup EXE. This should not be an issue if you booted from the DVD and installed, but if you upgraded it may have infected you.

How to get rid:

Extract contents of disk to hard disk then:

The Setup EXE is actually a container, it appears to be a self-extracting EXE. There are 2 files inside, Setup.exe and codec.exe

Codec.exe is the trojan. Extract setup.exe, and then delete the original. The setup.exe inside the container is actually the real install EXE, and I have verified it is clean, and that there are no other infected files on the disk. Then put the real setup.exe into the root of the folder, and build a bootable ISO with vLite.

I cannot guarantee that this Virus is present in every leak, but it appears to be present in a lot of them

win7virus.jpg

Edited by warwagon

Share this post


Link to post
Share on other sites

Posted

or it could be a FALSE positive

Share this post


Link to post
Share on other sites

Posted

What is the MD5 on the ISO you downloaded? I think that is an important way to help people sift.

Share this post


Link to post
Share on other sites

Posted

No, I can assure you isn't a false positive. You cannot open the real setup.exe in WinRar

Share this post


Link to post
Share on other sites

Posted

Mine must be clean then. I couldn't open the setup.exe with WinRAR, or anything else for that matter.

Share this post


Link to post
Share on other sites

Posted

I believe it may be the X64 edition only, just getting the X86 to check if its clean

Share this post


Link to post
Share on other sites

Posted

No, I can assure you isn't a false positive. You cannot open the real setup.exe in WinRar

ahh well that just sucks !

some people just live to be assclowns

Share this post


Link to post
Share on other sites

Posted

No problems here. Mounted/checked the ISO and scanned with Kaspersky to be sure. Running x64 here.

Share this post


Link to post
Share on other sites

Posted

Always check that the checksum on the file matches the untainted one (which you should be doing regardless for something like an OS ISO...)

Share this post


Link to post
Share on other sites

Posted

Hi Frank

What is the size of your setup file and has it a digital signatures?

Share this post


Link to post
Share on other sites

Posted

ahh well that just sucks !

some people just live to be assclowns

Yep and the hysteria over 7 makes it an wasy target.

The MD5 of the infected image is 838F96D945C9554835A96CF41DEC9453

Hi Frank

What is the size of your setup file and has it a digital signatures?

Here's a screenshot of the properties page

post-286512-1240873271_thumb.jpg

Share this post


Link to post
Share on other sites

Posted

Details of Windows 7 RC Build 7100 x64

Build String: 7100.0.winmain_win7rc.090421-1700

File Name: 7100.0.090421-1700_x64fre_client_en-us_Retail_Ultimate-GRC1CULFRER_EN_DVD.iso

Size: 3.04GB

MD5 Hash: 8867C13330F56A93944BCD46DCD73590

Torrent Hash: CA767EC8 D2D07ED9 ADDBAE37 89C45CC3 5761E4C5

Details of Windows 7 RC Build 7100 x86

Build String: 7100.0.winmain_win7rc.090421-1700

File Name: 7100.0.090421-1700_x86fre_client_en-us_Retail_Ultimate-GRC1CULFRER_EN_DVD.iso

Size: 2.35GB

MD5 Hash: 8867C13330F56A93944BCD46DCD73590 (x86 only)

CRC32: E8A1C394

SHA-1: 7D1F486CA569EFFFFB719CFB48355BB7BF499712

Torrent Hash: C738F422D 6C36C36A 655BEFB3 21E51E4A 2C84B7EE // A4835C20 4C7FC504 704C9376 73A8762A B9F2E761

Share this post


Link to post
Share on other sites

Posted

Details of Windows 7 RC Build 7100 x64

Build String: 7100.0.winmain_win7rc.090421-1700

File Name: 7100.0.090421-1700_x64fre_client_en-us_Retail_Ultimate-GRC1CULFRER_EN_DVD.iso

Size: 3.04GB

MD5 Hash: 8867C13330F56A93944BCD46DCD73590

Torrent Hash: CA767EC8 D2D07ED9 ADDBAE37 89C45CC3 5761E4C5

Yep, the MD5 of my ISO is different.

Share this post


Link to post
Share on other sites

Posted

i got the x86 its clean .... sucks about the x64

yea win7 is a massive target atm

Share this post


Link to post
Share on other sites

Posted

The original Setup file for build 7100 is 105 KB (64 bit) and is digital signed

post-187318-1240873689_thumb.jpg

Share this post


Link to post
Share on other sites

Posted

Yeah, as I said, the correct setup file is actually contained in the dodgy EXE. You can extract it from the dodgy EXE without triggering the virus, seems like the people who packaged this wern't overly intelligent.

Share this post


Link to post
Share on other sites

Posted

ahh well that just sucks !

some people just live to be assclowns

Unfortunately that's true.

Below the specs of the original isos: if the check sums match those of your isos you've got the real stuff - unaltered.

Windows 7 RC 1 Build 7100 Compiled

The build is correct. The rumor is incorrect. The RC build 7100 was leaked and it is the real thing. Here are the CRC32 and SHA1 for the authentic ISO images.

7100.0.090421-1700_x86fre_client_en-us_Retail_Ultimate-GRC1CULFRER_EN_DVD.iso Size: 2.35GB MD5: 8867C13330F56A93944BCD46DCD73590 SHA-1: 7D1F486CA569EFFFFB719CFB48355BB7BF499712 CRC32: E8A1C394

7100.0.090421-1700_x64fre_client_en-us_Retail_Ultimate-GRC1CULXFRER_EN_DVD.iso Size: 3.04GB MD5: 98341af35655137966e382c4feaa282d SHA-1: fc867fe1ab2e0a9796f9e4d155b44ea6998f4874 CRC32: 58fb2be0

PS: You cannot upgrade from any WIN7 Beta release to the RC1 (unless you manipulate some registry keys) and there is a good reason to that. Some new features are not compatible with the beta releases.

Share this post


Link to post
Share on other sites

Posted

Unfortunately that's true.

Below the specs of the original isos: if the check sums match those of your isos you've got the real stuff - unaltered.

PS: You cannot upgrade from any WIN7 Beta release to the RC1 (unless you manipulate some registry keys) and there is a good reason to that. Some new features are not compatible with the beta releases.

You can just edit cversion.ini and it will upgrade fine. No registry key editing. The windows blog had information why this was done.

Share this post


Link to post
Share on other sites

Posted

How can we check our MD5 hash keys?

This thread has me worried now and im sure there might be a few more people who are going to ask how to check as well...

Share this post


Link to post
Share on other sites

Posted

you can try the freeware "universal extractor",

to extract the "dodgy" file from setup.exe.

Share this post


Link to post
Share on other sites

Posted

If the setup.exe on the DVD has a digital signature in its properties then you're fine...

Share this post


Link to post
Share on other sites

Posted

How can we check our MD5 hash keys?

This thread has me worried now and im sure there might be a few more people who are going to ask how to check as well...

I have attatched an application to this post for you. Put kukubau's MD5 appliccable to your ISO (X86 or X64) into the top box, and then locate your ISO, it will compare the hashes and tell you if there is a mismatch. Note, I still haven't checked the X86 but there are definately a few narked X64 ISO's floating about. However, having scanned the rest of the files, as long as you haven't installed the build by launching setup.exe I believe you should be safe

MD5.zip

Share this post


Link to post
Share on other sites

Posted

Odd.... 7100 must not be the RC according to this logic since I upgraded from 7000 to 7100 just fine and all my hashes match the that of the ones for the original iso.

Share this post


Link to post
Share on other sites

Posted

Stuff like this tarnishes torrents' reputation of efficiently distributing large disc images. Obvious solution is to get the torrent header file from a trusted source (for instance, Canonical's servers if you were to get a copy of Ubuntu), but that won't hold with large corporations like MS.

I did run across this same problem in an earlier leaked build. Lesson learned: check to make sure setup.exe has a digital signature intact before burning or copying to a USB drive.

Share this post


Link to post
Share on other sites

Posted

it's only a few days away, might as well just wait to get it from the real source...

Share this post


Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.