Infesting you with Virus News
 

News

Contributed by: Nono
Date: May 6, 2009
Nono
19
Vote
0

Trojans Lurking in Pirated Copies of Windows 7 RC
 

win7RC.jpgThe Windows 7 Release Candidate is finally out! Released to testers on Tuesday the Windows 7 RC is now available for comprehensive user downloading. Unfortunately, as often as times of celebration come so do times of sadness, cyber-criminals could just not let this big event pass without adding their input. From late last month cyber-criminals somehow managed to obtain illegal copies of  the release candidate and made it available on, free file-sharing site, BitTorrent. To add insult to injury a large number of the pirated copies had a Trojan attached to them.

The infected pirated copies got quite a few users in trouble and expressing their concerns on several forum sites. Frank Fontaine, a user that did some research on the infection, found the Trojan was embedded in the setup.EXE file which, on its own, is simply a program utilized when installing new software on your computer. Further investigation showed that setup.EXE file is in fact a self-extracting executable container that contained two files inside it, Setup.exe and codec.exe.

The security software used by Fontaine identified the second file in the container,codec.exe, as the Win32.Trojan-gen infection. This is a backdoor Trojan horse that can give an attacker access to a targeted users' computer by exploiting security holes. This Trojan also has the ability to record and steal private information such as passwords from an infected computer.

Alias Names of Win32.Trojan-gen
Backdoor.Rbot!IK
DR/Agent2.dfj
Worm/Generic_r.DU.dropper
Generic.dx
Trojan.Dropper-18604
MemScan:Backdoor.RBot.YBJ
TrojanDropper.Agent.yyg
BackDoor.IRC.Sdbot.3762
Win32.VirToolCeeInje
W32/Agent2.DFJ!tr
Trojan.Win32.Agent2.dfj
VirTool:Win32/CeeInject.gen!J
Win32/IRCBot.AGP
Ircbot.AMAM.dropper
Trj/Zlob.KH
Mal/Behav-243
Trojan.DR.Agent.Gen.15
Trojan.Win32.Agent2.dfj

Table 1.  Alias names of the Trojan

If you are concerned that you might have installed the infected version of Windows 7 RC, it would be a good idea to check the MD5 of the ISO file. The clean MD5 should be; 8867C13330F56A93944BCD46DCD73590 for the x86 version and 98341af35655137966e382c4feaa282 for the x64 version. The MD5 of the infected version was 838F96D945C9554835A96CF41DEC9453, so if that's what you have it's time to do some cleaning up.

Here are other symptoms you can look out for if you suspect that your computer is infected:

  • Changes in your internet settings,
  • Slow performance of your computer,
  • The  constant appearance of irritating pop-ups,
  • Unknown Additional shortcuts on your desktop,
  • E-mails being sent out from your mailbox without your knowledge.
Resources:
Virus Total
Generic Trojan
Windows 7 Release Candidate

User Comments

Charles D. Forester I October 27, 2009
Hurr durrr... DURRR!!!
Charles D. Forester II October 19, 2009
@ Charles D. Forester III
Son... I am dissapoint
Charles D. Forester III October 9, 2009
Yea, pirating software of any kind is no different from storming a bank - guns blazing, and demanding the teller to stuff your bag full of money. And while robber one is taking the cash, robber two if pistol whipping any person that attempts to sneak a peek at said robbers - and gropping the heavy chested supervising manager who has bigger curves than a mountain highway!!!! Pirates are perverted, barbaric thieves that deserve to ROT ON THE SUNNY BEACHES OF RIO DE JINERO.
DanyalDenyo October 4, 2009
paying for software? never!
Nerdful September 16, 2009
Is anyone surprised? Pirates have been doing this now since the old DOS days...
marcr555 May 14, 2009
Nono: the x65 sum is missing a D at the end.
David May 7, 2009
But, of course, in this case it's absurd. The program is literally free direct from Microsoft. Honestly. Just how "cheap" can you get! I've helped people out time and again only to find they had pirated software on their machine that they managed to pick up in Asia somewhere. Bargain it was not when you count the wasted time and frustration. Still, they never learned.
Pencho Slaveikov May 6, 2009
Or you could protect yourself from this problem by paying for your software
Name:
Email:
Website:
Comment:
Please type 5-digit security code below:
Captcha image for spam protection

Featured Videos

Registry Tutorials
From: PC1News Videos
Added: November 11, 2008
more videos

Software Downloads

SpyHunter V.4
Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.
Download now
Registry Mechanic 8
Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.
Download now
SpywareBlaster 4.1
The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.
Download now

Latest Comments

sdfsdf.exe
September 3, 2010
how can i remove sdfsdf, i cannot get into windows? more..
Fake Profiles On Fakebook/Facebook!
September 3, 2010
hi here is parteek kaushal i just want to tell that smone has copied my pics with my frnd n she is abusing... more..
Trojan.Agent.IPB
September 3, 2010
Hello I am new here. Im sorry if this is not the right place for this post. My name... more..
more comments..
rss
Home | Files | Programs | Latest Comments | About us | Privacy Policy | Contributors | Write For Us | Contact Us
© 2008 - 2010 pc1news.com - All rights reserved.
Home  Tips  Downloads Videos Virus List Vulnerabilities
Home > Trojans > Trojans Lurking in Pirated Copies of Windows 7 RC