Windows Malicious Software Tool removes 7Loader

Discussion in 'Windows 7' started by ioniancat21, Nov 11, 2009.

  1. ioniancat21

    ioniancat21 MDL Member

    Apr 27, 2008
    106
    31
    10
    I had been reading about this in another forum so I tested the theory out with my VMware Windows 7 Ultimate with the loader and they were right. Upon reboot, my activation was back counting again. It looks as if this update should be avoided. Just to make sure, are others here having similar problems or is this a mistake on my part?

    Thanks, CAT
     
  2. MrXSpekta

    MrXSpekta MDL Junior Member

    Oct 7, 2009
    51
    0
    0
    Thx for the update!

    I wonder if the Malicious Software Removal Tool will have the ability to find DAZ's loader in the future? Guess only time will tell.
     
  3. genuine555

    genuine555 MDL Expert

    Oct 3, 2009
    1,639
    56
    60
    7loader was one of the first to be used for win7 activation, so it's no surprise it also one of the first to be disabled by m$.


    loaders like Daz's have a more in-depth devellopment and ongoing support and improvements, so IF they are to be detected by m$ some day, it's gonna take them a long time. I suspect they can be used for quite some time to come.
     
  4. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,773
    1,080
    60
  5. genuine555

    genuine555 MDL Expert

    Oct 3, 2009
    1,639
    56
    60
    My thoughts , it deletes the grldr. Not sure though. Gonna ask google :p
     
  6. eaponte23

    eaponte23 MDL Member

    Sep 29, 2008
    120
    0
    10
    Is this the first documented case of MS disabling a loader? I never used Vista so have no idea...
     
  7. DLock

    DLock MDL Novice

    Dec 17, 2008
    47
    0
    0
    #7 DLock, Nov 11, 2009
    Last edited: Nov 11, 2009
    Just installed the update on both of my boxes and still activated, using daz on one and 1.6 loader on the other......;)
     
  8. Lice

    Lice MDL Novice

    Nov 11, 2009
    7
    0
    0
    Thanks for heads up, I will check mine tonight.
     
  9. JAHL

    JAHL MDL Novice

    Nov 4, 2009
    28
    0
    0
    No Problem Here (1.7.5).

    Jahl
     
  10. dragonfire665

    dragonfire665 MDL Member

    Sep 17, 2008
    248
    0
    10
    im using daz 1.6 and after the update it still activates. but is good to stay one step ahead and aware of all tries from M$
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. nononsence

    nononsence MDL Addicted

    Aug 18, 2009
    809
    802
    30
    the easiest way to find a booloader is to look at the bootsector,
    random names and SLIC encryption is not going to stop MS from
    finding out you are using stolen software. if anything it only makes
    it easier to single out the theif from someone using GRLDR for
    ligit reasons.
     
  12. Daz

    Daz MDL Developer / Admin
    Staff Member

    Jul 31, 2009
    9,437
    66,409
    300
    #13 Daz, Nov 11, 2009
    Last edited: Nov 11, 2009
    @ nononsence
    Not true, it's very hard to do as shown in version 1.7.3 and 1.7.4 of my loader. Theres far too many false positives and mixups.

    The whole point in randomization and encryption is to better hide the GRLDR from Windows Defender or software alike. MS has no proof that you are simply using a different boot manager which is perfectly legal and allowed so a simple file scan won't detect nothing were as it can and will on the original GRLDR with SLIC in clear view (and in most cases they have the same checksum).
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  13. nononsence

    nononsence MDL Addicted

    Aug 18, 2009
    809
    802
    30
    look at the bootsector to find the bootloader
    then search the file for 174 bytes of encrypted data
    or "Daz" or "secdata", look for the tag file, look for a
    leaked key installed, then set the machine as non genuine


    lol I doubt MS is going to checksum anything.
     
  14. Daz

    Daz MDL Developer / Admin
    Staff Member

    Jul 31, 2009
    9,437
    66,409
    300
    @ nononsence
    Tag doesn't prove a loader is installed, and I have explained the strings will be encrypted in upcoming builds so keep guessing ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. nononsence

    nononsence MDL Addicted

    Aug 18, 2009
    809
    802
    30
    the system partition is not normaly user accessible so any files
    that were not installed by MS would be suspect. fear of wide spread
    false positives will maintain the status quo for now.
     
  16. babygiorgio1

    babygiorgio1 MDL Novice

    Jan 23, 2008
    2
    0
    0
    does microsoft security essentials/virus scanner automatically removes the loader or you have to do a scan?
     
  17. Daz

    Daz MDL Developer / Admin
    Staff Member

    Jul 31, 2009
    9,437
    66,409
    300
    @ nononsence
    Any good boot manager would want to install to the active partition though. If the file is not exactly readable and random then not much can be done about it, MS couldn't block it for that reason. Plus its not a system modification and it's perfectly legal to change your boot manager.

    It's just easy for MS to target a static file called GRLDR vs one thats random in many ways. It's not that I'm saying it's impossible, it's just much harder at the moment and I'm only working on making it harder still.

    From SLIC detection I can say MS have little to no chance of finding out the difference between the two, allot of the stuff about WAT comes from over-worried users.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. 911medic

    911medic MDL Guru

    Aug 13, 2008
    5,778
    490
    180
    Time will tell, but I think you will find the majority of loaders and other WAT type cr**ks nullified..

    I think a simple reinstall(of the loader) will be necessary to regain activation, but I wouldn't do it every update..If the fix is not to update then it is simply not worth the activation..Windows NEEDS updates..its too froggy as it is...:eek::cool:

    I think it is a bit on the arrogant side to think that M$ will not target the popular loaders for deactivation. There is surely no shortage of links and data available to do so..

    I think nononsence is on the right track here...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  19. tuvi123

    tuvi123 MDL Addicted

    Jul 29, 2009
    629
    85
    30
    #20 tuvi123, Nov 11, 2009
    Last edited: Nov 11, 2009
    Daz
    haha Microsoft can use your v1.7.4 loader program to determine if it's emulated slic, if it is then not genuine.

    also if you can tell the difference between emulated slic and bios slic then Microsoft also can..

    they can also detect the mother board/computer brand and the slic brand and if it's computer/mb that sold without slic in the bios then - not genuine.
    this way they can even block bios mods..