Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: Trojan Found in Setup.exe on Build 16385 x86 ISO Image!

22 Jul 2009   #1

Peanut Butter & Jelly.
 
 
Trojan Found in Setup.exe on Build 16385 x86 ISO Image!

Well, maybe that LeBlanc fellow had a point about bogus ISO images. I just fired up setup.exe from an image of the x86 Build 7600.16385 leak under my current build 7264 installation and look what Microsoft Security Essentials found (see attached image).

Note: The ISO in question has the following Filename and Hash Info:

7600.16385.090713-1255_x86fre_client_en-us_Retail_Ultimate-GRMCULFRER_EN_DVD.iso
SHA1: 2ebdb1f65fbf5aaf38d4fb39ea4e658389a25ea3
MD5: b49d1c065de9be078abe5bbafc5a304d
CRC32: 65b9f574

So, I guess we all still need to be careful after all. Needless to say, stay FAR AWAY from this image.

RCK



Attached Images
 
My System SpecsSystem Spec
.

22 Jul 2009   #2

Windows 7 RTM Ultimate - Activated (Technet)
 
 

Quote   Quote: Originally Posted by rck01 View Post
Well, maybe that LeBlanc fellow had a point about bogus ISO images. I just fired up setup.exe from an image of the x86 Build 7600.16385 leak under my current build 7264 installation and look what Microsoft Security Essentials found (see attached image).

Note: The ISO in question has the following Filename and Hash Info:

7600.16385.090713-1255_x86fre_client_en-us_Retail_Ultimate-GRMCULFRER_EN_DVD.iso
SHA1: 2ebdb1f65fbf5aaf38d4fb39ea4e658389a25ea3
MD5: b49d1c065de9be078abe5bbafc5a304d
CRC32: 65b9f574

So, I guess we all still need to be careful after all. Needless to say, stay FAR AWAY from this image.

RCK
Did you check that the hash values match what was quoted....do those hash values match others that are easilly found out there?

The good thing is that Microsoft Security Essentials found it I guess.
As with all the leaks up till now....it is always best to check them thoroughly before installing...as you have found.
My System SpecsSystem Spec
22 Jul 2009   #3

Windows 7 Home Premium x64 - Mac OS X 10.6.4 x64
 
 

This is strange...When I thorughly tested this build MSE popped up with nothing...where did you get the build from...there are alot of fakes flying around...
My System SpecsSystem Spec
.


22 Jul 2009   #4

Peanut Butter & Jelly.
 
 
I'm normally pretty careful...

...about this sort of thing. In fact, I checked the hash values for the x64 build I installed on my Lenovo W700ds and they matched up fine. I guess I just got lazy with this build - the x86 version was so hard to find, and there were so many different permutations (assembled from either the Chinese dude or Wzor), that when I finally did get a working torrent I assumed any hash mismatches were the result of too many copies from too many sources. That, and it runs just fine under VMware Workstation - version stamps on explorer.exe and others looked good (7600.16385). No real reason to doubt it was a working build...until now!

Oh well, lesson learned!

RCK
My System SpecsSystem Spec
22 Jul 2009   #5

Windows 7 Home Premium x64 - Mac OS X 10.6.4 x64
 
 

Quote   Quote: Originally Posted by rck01 View Post
...about this sort of thing. In fact, I checked the hash values for the x64 build I installed on my Lenovo W700ds and they matched up fine. I guess I just got lazy with this build - the x86 version was so hard to find, and there were so many different permutations (assembled from either the Chinese dude or Wzor), that when I finally did get a working torrent I assumed any hash mismatches were the result of too many copies from too many sources. That, and it runs just fine under VMware Workstation - version stamps on explorer.exe and others looked good (7600.16385). No real reason to doubt it was a working build...until now!

Oh well, lesson learned!

RCK
Hey no big deal...The fact you posted your results and you tried to warn people overshadows the mistake...well done for spending the time to post
My System SpecsSystem Spec
22 Jul 2009   #6

 
 

The main issue is that because there was never an actual ISO released the hash values can change all over the gaff so tracing it is like trying to find a needle in a hay stack (so to say).

Unfortunately, as you say
Quote:
lesson learned!
My System SpecsSystem Spec
22 Jul 2009   #7

64-bit Windows 8.1 Pro
 
 

I guess the moral of the story is ..... The price of freedom is vigilance...
My System SpecsSystem Spec
22 Jul 2009   #8

Peanut Butter & Jelly.
 
 
Very weird!

@Zidane24,

Well, I just re-scanned setup.exe directly on my x64 system and, again, it got a hit on the Trojan. You're saying you've used this same build without incident? Very odd, indeed! I'm going to fire-up that VM I tested it in originally (prior to launching it directly on its intended upgrade target, my HP Mini 2140) and see if installed MSE into the "infected" VM triggers another hit.

RCK
My System SpecsSystem Spec
22 Jul 2009   #9

Windows 7
 
 

If I installed it, Will a antivirus search find it still?
My System SpecsSystem Spec
22 Jul 2009   #10

Windows 7 Build 7600.16385 (Clean Install)
 
 

People need to be careful and get there builds from a reputable source. If you just grab any old iso from the internet with a build number your gonna get grief.
My System SpecsSystem Spec
Reply

 Trojan Found in Setup.exe on Build 16385 x86 ISO Image!





Thread Tools



Similar help and support threads for2: Trojan Found in Setup.exe on Build 16385 x86 ISO Image!
Thread Forum
cannot update windows 7 build 7600.16385 Installation & Setup
BSOD in RTM build 7600.16385.090713-1255 x64 BSOD Help and Support
Moving to Build 7600 16385 Installation & Setup
Windows 7 RTM Build 7600.16385 Already Shipping To OEMs News
Now I believe that W7 build 7600 [16385] is Final RTM! General Discussion
Build 7600.16385 x86 Blue-screen of Death BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:53 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33