Jump to content



Photo

Windows 7 RC build 7100 Download: Warning


  • This topic is locked This topic is locked
41 replies to this topic

#1 Subject Delta

Subject Delta

    Father...it's me, Eleanor

  • Joined: 25-March 09
  • Location: Kent, England

Posted 27 April 2009 - 22:41

Just a warning for anyone downloading the new RC builds of windows 7. Quiet a lot of the downloads have a trojan inbedded in the setup EXE. This should not be an issue if you booted from the DVD and installed, but if you upgraded it may have infected you.

How to get rid:

Extract contents of disk to hard disk then:

The Setup EXE is actually a container, it appears to be a self-extracting EXE. There are 2 files inside, Setup.exe and codec.exe

Codec.exe is the trojan. Extract setup.exe, and then delete the original. The setup.exe inside the container is actually the real install EXE, and I have verified it is clean, and that there are no other infected files on the disk. Then put the real setup.exe into the root of the folder, and build a bootable ISO with vLite.

I cannot guarantee that this Virus is present in every leak, but it appears to be present in a lot of them

Posted Image

Edited by warwagon, 28 April 2009 - 03:47.



#2 (Spork)

(Spork)

    ANDROID-APPLE

  • Joined: 20-August 07

Posted 27 April 2009 - 22:45

or it could be a FALSE positive

#3 +LogicalApex

LogicalApex

    Software Engineer

  • Tech Issues Solved: 8
  • Joined: 14-August 02
  • Location: Philadelphia, PA
  • OS: Windows 7 Ultimate x64
  • Phone: Nexus 5

Posted 27 April 2009 - 22:46

What is the MD5 on the ISO you downloaded? I think that is an important way to help people sift.

#4 OP Subject Delta

Subject Delta

    Father...it's me, Eleanor

  • Joined: 25-March 09
  • Location: Kent, England

Posted 27 April 2009 - 22:47

No, I can assure you isn't a false positive. You cannot open the real setup.exe in WinRar

#5 Kaze23

Kaze23

    Neowinian Senior

  • Joined: 20-January 05
  • Location: Calgary, AB
  • OS: Windows 8.1 Pro x64 w/Update 1
  • Phone: iPhone 4S

Posted 27 April 2009 - 22:48

Mine must be clean then. I couldn't open the setup.exe with WinRAR, or anything else for that matter.

#6 OP Subject Delta

Subject Delta

    Father...it's me, Eleanor

  • Joined: 25-March 09
  • Location: Kent, England

Posted 27 April 2009 - 22:51

I believe it may be the X64 edition only, just getting the X86 to check if its clean

#7 (Spork)

(Spork)

    ANDROID-APPLE

  • Joined: 20-August 07

Posted 27 April 2009 - 22:54

No, I can assure you isn't a false positive. You cannot open the real setup.exe in WinRar




ahh well that just sucks !



some people just live to be assclowns

#8 svnO.o

svnO.o

    Programmer & Web Developer

  • Joined: 24-March 08
  • Location: Washington State

Posted 27 April 2009 - 22:58

No problems here. Mounted/checked the ISO and scanned with Kaspersky to be sure. Running x64 here.

#9 +Audien

Audien

    Software Eng.

  • Joined: 30-December 03
  • Location: Seattle, WA
  • OS: Windows 8.1/Mac OSX
  • Phone: iPhone 5S

Posted 27 April 2009 - 22:58

Always check that the checksum on the file matches the untainted one (which you should be doing regardless for something like an OS ISO...)

#10 Luke777

Luke777

    Neowinian

  • Joined: 14-November 06

Posted 27 April 2009 - 22:58

Hi Frank

What is the size of your setup file and has it a digital signatures?

#11 OP Subject Delta

Subject Delta

    Father...it's me, Eleanor

  • Joined: 25-March 09
  • Location: Kent, England

Posted 27 April 2009 - 22:59

ahh well that just sucks !



some people just live to be assclowns


Yep and the hysteria over 7 makes it an wasy target.

The MD5 of the infected image is 838F96D945C9554835A96CF41DEC9453

Hi Frank

What is the size of your setup file and has it a digital signatures?



Here's a screenshot of the properties page

Hmm.jpg

#12 kukubau

kukubau

    Neowinian

  • Joined: 30-March 09
  • Location: Corpus Callosum above the Medula Oblongata

Posted 27 April 2009 - 23:01

Details of Windows 7 RC Build 7100 x64

Build String: 7100.0.winmain_win7rc.090421-1700
File Name: 7100.0.090421-1700_x64fre_client_en-us_Retail_Ultimate-GRC1CULFRER_EN_DVD.iso
Size: 3.04GB
MD5 Hash: 8867C13330F56A93944BCD46DCD73590
Torrent Hash: CA767EC8 D2D07ED9 ADDBAE37 89C45CC3 5761E4C5



Details of Windows 7 RC Build 7100 x86

Build String: 7100.0.winmain_win7rc.090421-1700
File Name: 7100.0.090421-1700_x86fre_client_en-us_Retail_Ultimate-GRC1CULFRER_EN_DVD.iso
Size: 2.35GB
MD5 Hash: 8867C13330F56A93944BCD46DCD73590 (x86 only)
CRC32: E8A1C394
SHA-1: 7D1F486CA569EFFFFB719CFB48355BB7BF499712
Torrent Hash: C738F422D 6C36C36A 655BEFB3 21E51E4A 2C84B7EE // A4835C20 4C7FC504 704C9376 73A8762A B9F2E761

#13 OP Subject Delta

Subject Delta

    Father...it's me, Eleanor

  • Joined: 25-March 09
  • Location: Kent, England

Posted 27 April 2009 - 23:04

Details of Windows 7 RC Build 7100 x64

Build String: 7100.0.winmain_win7rc.090421-1700
File Name: 7100.0.090421-1700_x64fre_client_en-us_Retail_Ultimate-GRC1CULFRER_EN_DVD.iso
Size: 3.04GB
MD5 Hash: 8867C13330F56A93944BCD46DCD73590
Torrent Hash: CA767EC8 D2D07ED9 ADDBAE37 89C45CC3 5761E4C5


Yep, the MD5 of my ISO is different.

#14 (Spork)

(Spork)

    ANDROID-APPLE

  • Joined: 20-August 07

Posted 27 April 2009 - 23:06

i got the x86 its clean .... sucks about the x64


yea win7 is a massive target atm

#15 Luke777

Luke777

    Neowinian

  • Joined: 14-November 06

Posted 27 April 2009 - 23:08

The original Setup file for build 7100 is 105 KB (64 bit) and is digital signed

Attached Images

  • Setup.jpg