Virus, Worms on a brand new installation of Windows 7

[TurboRyzen]

I've been searching the internet for an answer, but I just installed a brand new copy of Windows 7 on a virtual machine. Which I've done many times with no problems.

1. While it was downloading the updates it got stuck in one of the updates. 4 hrs later, it was still going, I had to cut the power to it.

2. It finally installed, but the Windows Malicious detected and removed a virus/worm called Wannacrypt.A!rsm
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Ransom:Win32/Wannacrypt.A!rsm

3. I did use an activation key tool since it's just a test machine, but I've never had trouble with that before.

4. I remember back in the Windows XP days, after a brand new install I would start getting spam messages, not from Microsoft. Clearly from a back door.

Since I wanted to install a wallet in that computer, I want to know how the hell did this all happen. I tried to search the internet to see if an un-patched exploit was found for Windows 7 that allowed whoever to inject something remotely, similar to the spam messages. I don't think it's the activation tool, since it's older than the virus, and I've used it many time.

[NeuroticFish]

Since I wanted to install a wallet in that computer, I want to know how the hell did this all happen. I tried to search the internet to see if an un-patched exploit was found for Windows 7 that allowed whoever to inject something remotely, similar to the spam messages. I don't think it's the activation tool, since it's older than the virus, and I've used it many time.

Since you didn't use a legit windows, really, it can be anything. Maybe the ones providing the install image have added a backdoor still in use; maybe the activation tool downloads some 0-day exploits; maybe Windows 7, since it's that old, it is this easy to infect. I don't think it's a false positive since we talk here about a known ransomware.


But I have an idea for you: legit windows 10. Many don't know that Windows 10 works very well without a key if you don't want to change the desktop image (and a few other minor restrictions and the watermark). Since it's a test computer, I think that this could be a very good option to think about. I have a laptop with unlicensed Win10 for at least 5 months now.
You download it from Microsoft and it should clearly be free of surprises. You don't have to believe me, research on the subject.

[TurboRyzen]

Since I wanted to install a wallet in that computer, I want to know how the hell did this all happen. I tried to search the internet to see if an un-patched exploit was found for Windows 7 that allowed whoever to inject something remotely, similar to the spam messages. I don't think it's the activation tool, since it's older than the virus, and I've used it many time.

Since you didn't use a legit windows, really, it can be anything. Maybe the ones providing the install image have added a backdoor still in use; maybe the activation tool downloads some 0-day exploits; maybe Windows 7, since it's that old, it is this easy to infect. I don't think it's a false positive since we talk here about a known ransomware.


But I have an idea for you: legit windows 10. Many don't know that Windows 10 works very well without a key if you don't want to change the desktop image (and a few other minor restrictions and the watermark). Since it's a test computer, I think that this could be a very good option to think about. I have a laptop with unlicensed Win10 for at least 5 months now.
You download it from Microsoft and it should clearly be free of surprises. You don't have to believe me, research on the subject.

I thought I used my original ISO, but now I remember that I couldn't use my original ISO because it was an upgrade one, so couldn't do a clean install. So it could be the disk, or the tool, but the thing is that I've used it before and never got that before. I just wish I knew the source, if it came with the disk, or if it was something similar to the Windows XP spam that used to take place after a new installation, before the updates.

[TurboRyzen]

I just created another virtual machine, this time without an internet connection to run the tool. I did not get the same worms, trojans, but doing a full system scan I did get a sever warning for the too in the APP directory. I don't know if it's legit or if it just get flagged because it's an activation tool. Better safe than sorry.

Since I'm not going to use these computer for that long, what I'm going to do is use the rearm feature, which will give me 4 months of use without having to use an activation tool.

What I'm going to try now do another installation with no activation tool, and rearm.

[nniecan001]

Guys, don't expect a secured operating system if you download it or came from nowhere or unknown source. The chain problem will continue, so please avoid those thing and take out the bad karma, to make sure the security of all your asset from you online wallet for cypto currencies business.

[FinalFury]

Don't be naive, it's not worth the risk. Just use a Linux distribution. Ubuntu is good.

[TurboRyzen]

I decided to download a Windows 8.1 ISO from MICROSOFT and use the rearm. I prefer Windows 7, but it seems that they only give out the Korean or French version.

This will be so much safer than using the activation tool, and I won't get the nagging pop up.

[Len_nin]

As it was said before,get reliable and secure windows iso,it may be the main problem(pirate Windows 7) which makes normal work of system impossible.

[rn4j0r]

Install Sophos Home. It's free.

Then go to the official MS site and get a copy of Windows 10 for free. You don't have to activate it.

[cellard]

Since I wanted to install a wallet in that computer, I want to know how the hell did this all happen. I tried to search the internet to see if an un-patched exploit was found for Windows 7 that allowed whoever to inject something remotely, similar to the spam messages. I don't think it's the activation tool, since it's older than the virus, and I've used it many time.

Since you didn't use a legit windows, really, it can be anything. Maybe the ones providing the install image have added a backdoor still in use; maybe the activation tool downloads some 0-day exploits; maybe Windows 7, since it's that old, it is this easy to infect. I don't think it's a false positive since we talk here about a known ransomware.


But I have an idea for you: legit windows 10. Many don't know that Windows 10 works very well without a key if you don't want to change the desktop image (and a few other minor restrictions and the watermark). Since it's a test computer, I think that this could be a very good option to think about. I have a laptop with unlicensed Win10 for at least 5 months now.
You download it from Microsoft and it should clearly be free of surprises. You don't have to believe me, research on the subject.

Windows 10 sucks even more, it is the most NSAware Windows yet, basically built in with remote control in mind and constant logging of stuff. You need to change a ton of things to unsuck it (not possible to unsuck Windows but at least by Windows terms)

Windows 7 shouldn't be getting infected by Wannacrypt out of nowhere on a fresh install. I recently did a fresh Windows 7 install without problems. You just need to wait for the updates to end before you browse anything. Once it's up to date, if you want to install it, look up Daz Loader and download it from the source (thread in a certain forum), check checksums and it will be activated for free.

PS: Of course i assume OP used a legit ISO.

[TurboRyzen]

Since I wanted to install a wallet in that computer, I want to know how the hell did this all happen. I tried to search the internet to see if an un-patched exploit was found for Windows 7 that allowed whoever to inject something remotely, similar to the spam messages. I don't think it's the activation tool, since it's older than the virus, and I've used it many time.

Since you didn't use a legit windows, really, it can be anything. Maybe the ones providing the install image have added a backdoor still in use; maybe the activation tool downloads some 0-day exploits; maybe Windows 7, since it's that old, it is this easy to infect. I don't think it's a false positive since we talk here about a known ransomware.


But I have an idea for you: legit windows 10. Many don't know that Windows 10 works very well without a key if you don't want to change the desktop image (and a few other minor restrictions and the watermark). Since it's a test computer, I think that this could be a very good option to think about. I have a laptop with unlicensed Win10 for at least 5 months now.
You download it from Microsoft and it should clearly be free of surprises. You don't have to believe me, research on the subject.

Windows 10 sucks even more, it is the most NSAware Windows yet, basically built in with remote control in mind and constant logging of stuff. You need to change a ton of things to unsuck it (not possible to unsuck Windows but at least by Windows terms)

Windows 7 shouldn't be getting infected by Wannacrypt out of nowhere on a fresh install. I recently did a fresh Windows 7 install without problems. You just need to wait for the updates to end before you browse anything. Once it's up to date, if you want to install it, look up Daz Loader and download it from the source (thread in a certain forum), check checksums and it will be activated for free.

PS: Of course i assume OP used a legit ISO.

The Windows ISO that I have is for upgrade only, and about a year and a half ago I downloaded a full ISO. It had good review from people who used it, and I've used that same ISO many times before with no issues. But I'm just going to buy a legit Windows 7 disk and use the rearm command. And I will also run some tests by installing the legit French version from Microsoft and seeing if the Wannacrypt installs. Since my curiosity is to see if this injects itself by itself, similar to the XP spams after a new install back in the day, with a legit XP disk.

[TurboRyzen]

Install Sophos Home. It's free.

Then go to the official MS site and get a copy of Windows 10 for free. You don't have to activate it.

I tried something similar, installing Windows 8 from the bad Windows 7 ISO, doing a clean install, which wipes away everything from the Windows 7 installation. Couldn't use Windows 10 because the machine had less than 2GB of ram.

[thiemthang]

Did you scan the entire computer? If other drives are infected then when you install new windown it will spread. You should carefully check the remaining drives. Copies important data and formats the entire hard drive. Then install a windown really standard star

[TurboRyzen]

Did you scan the entire computer? If other drives are infected then when you install new windown it will spread. You should carefully check the remaining drives. Copies important data and formats the entire hard drive. Then install a windown really standard star

Well, it was a virtual computer so I don't have to worry about any such things. On my main computers I have 100% retail versions of Windows. On my cousin's PC I had to use an activator because I couldn't find her Windows key.

[TurboRyzen]

I've been trying to use the French version and change the language. But I'm having trouble. I downloaded the Windows Update English language, individually, but I click on it, restart the computer, but nothing happens. The name of the update is windows6.1-kb2483139-x86-en-us_783d6dd59e2ec8fb0995a059c9c121795bde46c8