LiquidSolstice Posted May 15, 2009 Share Posted May 15, 2009 (edited) An Important Message To All Neowinians and Fellow Computer Users Alike! I'd like to point out, although it is certainly against the rules as to point out that we're all getting these Win7 builds from "other places", i'd like to point out a dire warning to all members of Neowin, if possible, maybe even get this stuck at the top of the forum. You are in no way admitting to downloading it from external sources by reading this thread. You don't even have to reply. In fact, it might be better than you don't. Just please read this! The recent RC that many people weren't willing to wait for Microsoft to publicly release, a lot of the ones hosted on "external" areas are loaded with a botnet trojan. This news came as a total shocker to me. Several of my friends have been bragging to me about having the RC before everyone else, but I was shifty about it when I first saw them with it. A week later, these news stories start popping up: Source Source # 2 Source # 3 I URGE you all to check your installation isos against the following MD5s: Official Legitimate Hashes: x64 (64bit Build) Build String: 7100.0.winmain_win7rc.090421-1700 File Name: 7100.0.090421-1700_x64fre_client_en-us_Retail_Ultimate-GRC1CULFRER_EN_DVD.iso Size: 3.04GB MD5 Hash: 98341AF35655137966E382C4FEAA282D CRC32: 58FB2BE0 SHA-1: FC867FE1AB2E0A9796F9E4D155B44EA6998F4874 x86/x32 (32bit Build) Build String: 7100.0.winmain_win7rc.090421-1700 File Name: 7100.0.090421-1700_x86fre_client_en-us_Retail_Ultimate-GRC1CULFRER_EN_DVD.iso Size: 2.35GB MD5 Hash: 8867C13330F56A93944BCD46DCD73590 (x86 only) CRC32: E8A1C394 SHA-1: 7D1F486CA569EFFFFB719CFB48355BB7BF499712 Please, I've seen two of these posts on Neowin, and ask that a moderator combine these posts together with this one and stick this at the top of the thread. Other Neowin forum threads which contain similar news and more information on detection and removal of the botnet, if needed. Thread Frank Fontaine's Excellent Guide on Removal To ALL Neowin readers, please, just wait for Microsoft to release these builds, it's really not worth the hassle and vulnerability, especially since I'm sure most of you have been using Windows 7 full-time. Edited May 15, 2009 by LiquidSolstice Link to comment Share on other sites More sharing options...
Lee G. Veteran Posted May 15, 2009 Veteran Share Posted May 15, 2009 You've used the same MD5 hashes for the x86 and x64 builds. The x64 MD5 hash should be 98341AF35655137966E382C4FEAA282D ;) Link to comment Share on other sites More sharing options...
dfuk Posted May 15, 2009 Share Posted May 15, 2009 Correct Hashes for 7100.0.090421-1700_x64fre_client_en-us_Retail_Ultimate-GRC1CULXFRER_EN_DVD.iso CRC32: 58FB2BE0 MD5: 98341AF35655137966E382C4FEAA282D SHA-1: FC867FE1AB2E0A9796F9E4D155B44EA6998F4874 Link to comment Share on other sites More sharing options...
LiquidSolstice Posted May 15, 2009 Author Share Posted May 15, 2009 You've used the same MD5 hashes for the x86 and x64 builds. The x64 MD5 hash should be 98341AF35655137966E382C4FEAA282D ;) Ah, thank you so much :) Verified and fixed. Correct Hashes for 7100.0.090421-1700_x64fre_client_en-us_Retail_Ultimate-GRC1CULXFRER_EN_DVD.iso CRC32: 58FB2BE0 MD5: 98341AF35655137966E382C4FEAA282D SHA-1: FC867FE1AB2E0A9796F9E4D155B44EA6998F4874 SHA-1 verified and added, thank you! Link to comment Share on other sites More sharing options...
Examinus Posted May 15, 2009 Share Posted May 15, 2009 THANK YOU FOR THAT. Link to comment Share on other sites More sharing options...
Aero_Rising Posted May 15, 2009 Share Posted May 15, 2009 This has already been said before and anyone who knows enough to get the builds from non official sources should be smart enough to check the hash i never trust anything from torrents unless i can verify the hash. Link to comment Share on other sites More sharing options...
briangw Posted May 15, 2009 Share Posted May 15, 2009 What are the hashes for 7127? Link to comment Share on other sites More sharing options...
LiquidSolstice Posted May 15, 2009 Author Share Posted May 15, 2009 What are the hashes for 7127? x32 0xF691687F 7127.0.090507-1820_x86fre_client_en-us_Retail_Ultimate-GRMCULFRER_EN_DVD.iso MD5 Hash : 4045CB2A8E50B65ED9E1C2B8D6026B2F SHA1 Hash : F2D615E674B64053D299CFA5E80B777269F0DFF2 CRC-32 : F691687F X64 0?460FAD4E 7127.0.090507-1820_x64fre_client_en-us_Retail_Ultimate-GRMCULXFRER_EN_DVD.iso MD5 Hash : F805A6595DDC6D12956588BB0F1B9B83 SHA1 Hash : 9BEB69BE3C2D113ECEB944145951A2123FBBBBF8 CRC-32 : 460FAD4E Link to comment Share on other sites More sharing options...
mail Posted May 15, 2009 Share Posted May 15, 2009 http://msdn.microsoft.com/en-us/subscripti...ds/default.aspx Link to comment Share on other sites More sharing options...
pasty2k2 Posted May 15, 2009 Share Posted May 15, 2009 Thanks for that buddy! All verified, and glad too - its running like a beast at the moment! Link to comment Share on other sites More sharing options...
LiquidSolstice Posted May 16, 2009 Author Share Posted May 16, 2009 No problem :) Link to comment Share on other sites More sharing options...
wguimb Posted May 16, 2009 Share Posted May 16, 2009 x320xF691687F 7127.0.090507-1820_x86fre_client_en-us_Retail_Ultimate-GRMCULFRER_EN_DVD.iso MD5 Hash : 4045CB2A8E50B65ED9E1C2B8D6026B2F SHA1 Hash : F2D615E674B64053D299CFA5E80B777269F0DFF2 CRC-32 : F691687F X64 0?460FAD4E 7127.0.090507-1820_x64fre_client_en-us_Retail_Ultimate-GRMCULXFRER_EN_DVD.iso MD5 Hash : F805A6595DDC6D12956588BB0F1B9B83 SHA1 Hash : 9BEB69BE3C2D113ECEB944145951A2123FBBBBF8 CRC-32 : 460FAD4E The ISO images for Windows 7 build 7127, as described in this thread, were leaked by a user after acquiring them through Microsoft Connect. If you have downloaded ISO files, either x86 or x64, and the CRC/hash values for those ISO images MATCH those described above then you have the real deal. You can then feel comfortable installing because you have the authentic build. If they DO NOT MATCH, I would highly recommend that you NOT install them. Hash/CRC values can be calculated using Hashtab,Hash Calc, or a number of other free programs on the internet. Microsoft is doing a fantastic job with Windows 7. They have put more work into this OS than any other product in the past. So, I feel they should get a good ROI for their development work and I plan to purchase a copy once it is available as retail. I hope each of you will also. Link to comment Share on other sites More sharing options...
Lord Ba'al Posted May 17, 2009 Share Posted May 17, 2009 X640?460FAD4E 7127.0.090507-1820_x64fre_client_en-us_Retail_Ultimate-GRMCULXFRER_EN_DVD.iso MD5 Hash : F805A6595DDC6D12956588BB0F1B9B83 SHA1 Hash : 9BEB69BE3C2D113ECEB944145951A2123FBBBBF8 CRC-32 : 460FAD4E From the mini exploding star, matching here:yes:: Link to comment Share on other sites More sharing options...
Darrian Posted May 17, 2009 Share Posted May 17, 2009 LOL. This doesn't seem overly helpful at all, nor do any of the links. We're talking about a build leaked weeks ago; one has to assume that (obviously) many, many people installed this "modified" build. Still, there is nothing stating what danger there is in installing it, if anything. The trojan obviously installs when you download it, sure, but that's on the OS that's going to be wiped when you install 7. What happens to the post-install Windows, is it infected as well? How do you clean it, or can you? Is there even a way to identify the task, or does it simply show as something innocuous, like svchost.exe? There's a lot to read and all it says is check the hash on the ISO, assuming you still even have it, and nothing regarding what to do after the fact if you didn't. I guess thanks for the warning (at this point when you can get it publicly and freely from Microsoft), just a tad late or there wouldn't be this "epidemic" going on. Link to comment Share on other sites More sharing options...
08993 Posted May 17, 2009 Share Posted May 17, 2009 The trojan obviously installs when you download it, sure, but that's on the OS that's going to be wiped when you install 7. What happens to the post-install Windows, is it infected as well? The trojan was hidden in the setup.exe which you would use to upgrade as opposed to a fresh install. So if you did a clean install you were fine, but those who upgraded (even though MS themselves recommended a fresh install) you became infected. And yes, the trojan survived the upgrade process in fact the whole process gave the trojan means to deeply embed itself in almost ideal conditions. Some people ran the setup.exe just to take screenshots of the "Install Now" screen, they could have become infected as well. Link to comment Share on other sites More sharing options...
Recommended Posts