Upgrading Build 9879 to 9888

Discussion in 'Windows 10' started by ajitem, Dec 2, 2014.

  1. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    4,656
    1,361
    150

    Attached Files:

  2. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    7,202
    2,269
    240
    Logically: if my Hardware would be infected, all OS'es would be infected as well!

    Fact is, as I wrote in post you also quoted, the machine used for install and checking the install.wim later on, were scanned with the same software and didn't showed up anything!

    Last but not least, I'm just curious in the moment it come to security because I work mainly with very high secured systems and data which didn't leave any room for to accept any unknown!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    4,656
    1,361
    150

    Attached Files:

  4. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    7,202
    2,269
    240
    Don't worry, I've the same problem! Normal use is +175 while reading I need +300 and sometimes I forget to change to the reading Glasses which results in reading mistakes. Hey, we're just humans and imperfect!!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    7,202
    2,269
    240
    That files are NOT in the System32 Folder, they're in SysWOW64 and WinSXS folders. Maybe after install in System 32, but I didn't have an install anymore, HDD's are already Low Level formatted!! I scanned the content of the install.wim file from Sources!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    7,202
    2,269
    240
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    7,202
    2,269
    240
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. abbodi1406

    abbodi1406 MDL KB0000001

    Feb 19, 2011
    17,190
    90,654
    340
    SysWOW64 is system folder just like system32
    WinSXS contains all system files, the one in system32 and syswow64 are merely hardlinks
    so you actually scanned one same file (which is clean btw)

    for the love of humanity, skip using 9888, delete its iso and move on
     
  9. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,093
    24,397
    340
    #110 s1ave77, Dec 5, 2014
    Last edited: Dec 5, 2014
    WARNING!

    In case of 1/55 findings on virustotal.com, and from that concoction named Dr Web CureIt (name already implies snake oil in my ears) it's definitly recommended to dump the ISO!!!!


    [editorial note: that post might include some grains of irony and they are definitely deliberately]

    If you found you can use, don't need it back, i have a vast amount here :D
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    7,202
    2,269
    240
    I know that, it was just (again) to clarify that I used the files extracted from install.wim for the scanning, the source, because Mr. MS User many times assumed that my Hardware (my Laptop) were infected and others.

    First, my question of the Where About of that ISO still remains, mine are downloaded from Paul's Juke Box and an ISO link from MDL, both are identical with the same checksum. If your didn't has that infection may your download were from different source. If you'd read all my post you already know exactly what way I was going. If you didn't use CureIt, may your result differs, I didn't would deny that. But, if you downloaded from the same source, you should use the same way for to check as I did, before assume there isn't an infection. All infos from my side with screenshots are posted above already!

    Second, this problem with the 9888 infection, will force me to more deep checking the security of future "Leaks"! I don't mind what others or you'll do, that's totally up to each single user.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,093
    24,397
    340
    #113 s1ave77, Dec 5, 2014
    Last edited: Dec 5, 2014
    Hashes are byte-precise so same hash same file (and i know CRC for instance is crap, for that reason no-one sane uses it, SHA1/256 are the way)

    And there is no infection, even if you search 'deeper'.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. MS_User

    MS_User MDL Guru

    Nov 30, 2014
    4,656
    1,361
    150

    will never truly know were the ISO came from, that the risk u take when u download illegal software from the web, u run the chance of getting compromise ....im willing to bet it came from someone inside MS;)
     
  13. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,093
    24,397
    340
    Believe me (if possible for you), if there would be a virus, you would definitely notice that, it would be info spreading like a TSUNAMI!

    As long you don't notice this ... i would simply move on :D.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    7,202
    2,269
    240
    As that files are compared with SHA256, getting the same checksum, they are the same file! The infection CureIt found, are NOT my dream(!) there're simply true! Why didn't you do the test than I did and post the results? And it wasn't only I who done that test's with findings of infection! Or am I wrong? Than everybody who get that result must be wrong?! Except you for sure because you didn't done the test the same way! Your word in the Lord's ear but mine!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,093
    24,397
    340
    #117 s1ave77, Dec 5, 2014
    Last edited: Dec 5, 2014
    True is, it found a suspicious file, from it's POV. Rest is mostly your imagination. Btw, tool is alone with this meaning, offers a diffuse name and i only know it for F/Ps (mostly by purpose to scare the user, that fact it has in common with other AVs sometimes).

    Iirc one of them already stated he needed to update his AV and the file was correctly recognised as clean :cool2:.

    You should consider your 'tool' could be confused due to new signatures or something similiar.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  16. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    7,202
    2,269
    240
    If that ISO came from someone inside MS, it has already gone within someone else's hand! You would never know what that someone else would have done with that ISO!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,093
    24,397
    340
    Oh man ... you really think something infected is spreading here and only 2 users notice this? ORLY...:hmm:?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. pisthai

    pisthai Imperfect Human

    Jul 29, 2009
    7,202
    2,269
    240
    I couldn't or wouldn't deny that! Still think I've my point if I stay to the rules of security! I'm simply not willing to take just an extra risk, know that there is already an 'weakpoint'! I haven't denied that it may is an False Positive, that's just an Maybe as well as it is an maybe to be more than just that! If you don't like such information, just ignore them! I will never ignore such maybe existing risks.

    Fact anyway is that, to use your explanation, there is an suspicious file within an ISO. That there maybe more if use more and different scanners, could be simply a fact as well.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...