Something to know if you get beta builds the "other" way.


Recommended Posts

An Important Message To All Neowinians and Fellow Computer Users Alike!

I'd like to point out, although it is certainly against the rules as to point out that we're all getting these Win7 builds from "other places", i'd like to point out a dire warning to all members of Neowin, if possible, maybe even get this stuck at the top of the forum. You are in no way admitting to downloading it from external sources by reading this thread. You don't even have to reply. In fact, it might be better than you don't. Just please read this!

The recent RC that many people weren't willing to wait for Microsoft to publicly release, a lot of the ones hosted on "external" areas are loaded with a botnet trojan.

This news came as a total shocker to me. Several of my friends have been bragging to me about having the RC before everyone else, but I was shifty about it when I first saw them with it.

A week later, these news stories start popping up:

Source

Source # 2

Source # 3

I URGE you all to check your installation isos against the following MD5s:

Official Legitimate Hashes:

x64 (64bit Build)

Build String: 7100.0.winmain_win7rc.090421-1700

File Name: 7100.0.090421-1700_x64fre_client_en-us_Retail_Ultimate-GRC1CULFRER_EN_DVD.iso

Size: 3.04GB

MD5 Hash: 98341AF35655137966E382C4FEAA282D

CRC32: 58FB2BE0

SHA-1: FC867FE1AB2E0A9796F9E4D155B44EA6998F4874

x86/x32 (32bit Build)

Build String: 7100.0.winmain_win7rc.090421-1700

File Name: 7100.0.090421-1700_x86fre_client_en-us_Retail_Ultimate-GRC1CULFRER_EN_DVD.iso

Size: 2.35GB

MD5 Hash: 8867C13330F56A93944BCD46DCD73590 (x86 only)

CRC32: E8A1C394

SHA-1: 7D1F486CA569EFFFFB719CFB48355BB7BF499712

Please, I've seen two of these posts on Neowin, and ask that a moderator combine these posts together with this one and stick this at the top of the thread.

Other Neowin forum threads which contain similar news and more information on detection and removal of the botnet, if needed.

Thread

Frank Fontaine's Excellent Guide on Removal

To ALL Neowin readers, please, just wait for Microsoft to release these builds, it's really not worth the hassle and vulnerability, especially since I'm sure most of you have been using Windows 7 full-time.

Edited by LiquidSolstice
Link to comment
Share on other sites

You've used the same MD5 hashes for the x86 and x64 builds. The x64 MD5 hash should be 98341AF35655137966E382C4FEAA282D ;)

Link to comment
Share on other sites

Correct Hashes for

7100.0.090421-1700_x64fre_client_en-us_Retail_Ultimate-GRC1CULXFRER_EN_DVD.iso

CRC32: 58FB2BE0

MD5: 98341AF35655137966E382C4FEAA282D

SHA-1: FC867FE1AB2E0A9796F9E4D155B44EA6998F4874

Link to comment
Share on other sites

You've used the same MD5 hashes for the x86 and x64 builds. The x64 MD5 hash should be 98341AF35655137966E382C4FEAA282D ;)

Ah, thank you so much :) Verified and fixed.

Correct Hashes for

7100.0.090421-1700_x64fre_client_en-us_Retail_Ultimate-GRC1CULXFRER_EN_DVD.iso

CRC32: 58FB2BE0

MD5: 98341AF35655137966E382C4FEAA282D

SHA-1: FC867FE1AB2E0A9796F9E4D155B44EA6998F4874

SHA-1 verified and added, thank you!

Link to comment
Share on other sites

This has already been said before and anyone who knows enough to get the builds from non official sources should be smart enough to check the hash i never trust anything from torrents unless i can verify the hash.

Link to comment
Share on other sites

What are the hashes for 7127?

x32

0xF691687F 7127.0.090507-1820_x86fre_client_en-us_Retail_Ultimate-GRMCULFRER_EN_DVD.iso

MD5 Hash : 4045CB2A8E50B65ED9E1C2B8D6026B2F

SHA1 Hash : F2D615E674B64053D299CFA5E80B777269F0DFF2

CRC-32 : F691687F

X64

0?460FAD4E 7127.0.090507-1820_x64fre_client_en-us_Retail_Ultimate-GRMCULXFRER_EN_DVD.iso

MD5 Hash : F805A6595DDC6D12956588BB0F1B9B83

SHA1 Hash : 9BEB69BE3C2D113ECEB944145951A2123FBBBBF8

CRC-32 : 460FAD4E

Link to comment
Share on other sites

x32

0xF691687F 7127.0.090507-1820_x86fre_client_en-us_Retail_Ultimate-GRMCULFRER_EN_DVD.iso

MD5 Hash : 4045CB2A8E50B65ED9E1C2B8D6026B2F

SHA1 Hash : F2D615E674B64053D299CFA5E80B777269F0DFF2

CRC-32 : F691687F

X64

0?460FAD4E 7127.0.090507-1820_x64fre_client_en-us_Retail_Ultimate-GRMCULXFRER_EN_DVD.iso

MD5 Hash : F805A6595DDC6D12956588BB0F1B9B83

SHA1 Hash : 9BEB69BE3C2D113ECEB944145951A2123FBBBBF8

CRC-32 : 460FAD4E

The ISO images for Windows 7 build 7127, as described in this thread, were leaked by a user after acquiring them through Microsoft Connect. If you have downloaded ISO files, either x86 or x64, and the CRC/hash values for those ISO images MATCH those described above then you have the real deal. You can then feel comfortable installing because you have the authentic build. If they DO NOT MATCH, I would highly recommend that you NOT install them. Hash/CRC values can be calculated using Hashtab,Hash Calc, or a number of other free programs on the internet.

Microsoft is doing a fantastic job with Windows 7. They have put more work into this OS than any other product in the past. So, I feel they should get a good ROI for their development work and I plan to purchase a copy once it is available as retail. I hope each of you will also.

Link to comment
Share on other sites

X64

0?460FAD4E 7127.0.090507-1820_x64fre_client_en-us_Retail_Ultimate-GRMCULXFRER_EN_DVD.iso

MD5 Hash : F805A6595DDC6D12956588BB0F1B9B83

SHA1 Hash : 9BEB69BE3C2D113ECEB944145951A2123FBBBBF8

CRC-32 : 460FAD4E

From the mini exploding star, matching here:yes::

post-276924-1242528393_thumb.jpg

Link to comment
Share on other sites

LOL. This doesn't seem overly helpful at all, nor do any of the links. We're talking about a build leaked weeks ago; one has to assume that (obviously) many, many people installed this "modified" build. Still, there is nothing stating what danger there is in installing it, if anything. The trojan obviously installs when you download it, sure, but that's on the OS that's going to be wiped when you install 7. What happens to the post-install Windows, is it infected as well? How do you clean it, or can you? Is there even a way to identify the task, or does it simply show as something innocuous, like svchost.exe? There's a lot to read and all it says is check the hash on the ISO, assuming you still even have it, and nothing regarding what to do after the fact if you didn't. I guess thanks for the warning (at this point when you can get it publicly and freely from Microsoft), just a tad late or there wouldn't be this "epidemic" going on.

Link to comment
Share on other sites

The trojan obviously installs when you download it, sure, but that's on the OS that's going to be wiped when you install 7. What happens to the post-install Windows, is it infected as well?

The trojan was hidden in the setup.exe which you would use to upgrade as opposed to a fresh install. So if you did a clean install you were fine, but those who upgraded (even though MS themselves recommended a fresh install) you became infected. And yes, the trojan survived the upgrade process in fact the whole process gave the trojan means to deeply embed itself in almost ideal conditions.

Some people ran the setup.exe just to take screenshots of the "Install Now" screen, they could have become infected as well.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.