VOGONS

Hiren's Boot CD 15.2 malware?

Topic actions

First post, by athlon_p0wer

Posted on 
User metadata
Rank Newbie
Rank
Newbie

I have been trying to get a copy of Hiren's Boot CD 15.2 burned to a CD so I can run MiniXP and use a portable version of HWiNFO32 to try and grab Northbridge temps of a Pentium 4 system with no HDD I recently changed the paste out on, and the ZIP containing the ISO apparently has a Trojan that is consistently detected by Windows 10's Microsoft Defender. I have never had this issue with Hiren's Boot CD before, so I have no clue as to why it's happening now. This is true for both the version from the home website as well as the version provided on MajorGeeks so I'm assuming it's this way for all of them as well. Did it come out that it always had that malware and I've just been out of the loop so long that I never heard about it? I tried looking it up and really wasn't ever able to find that much about it.

Reply 1 of 4, by BitWrangler

Posted on 
User metadata
Rank l33t++
Rank
l33t++

Sometimes they are detecting advance diagnostic probing techniques, BIOS flashers and CMOS tools. ... and MS is getting annoying about summarily deleting utilities, like powertoys can dissappear on you.

Unicorn herding operations are proceeding, but all the totes of hens teeth and barrels of rocking horse poop give them plenty of hiding spots.

Reply 2 of 4, by athlon_p0wer

Posted on 
User metadata
Rank Newbie
Rank
Newbie
BitWrangler wrote on 2023-06-26, 03:15:

Sometimes they are detecting advance diagnostic probing techniques, BIOS flashers and CMOS tools. ... and MS is getting annoying about summarily deleting utilities, like powertoys can dissappear on you.

It would not surprise me in the slightest if it was MS being shady, as they have a long record of that by now. I have always scanned every unfamiliar program or OS image I've downloaded with Malwarebytes, and I had done so with Hiren's Boot CD about two years ago. Assuming it was good as I had scanned and used it before, when I downloaded it from the same page I didn't bother scanning it before opening it- Windows Defender just blocked file explorer from accessing the ZIP instantly, and proceeds to describe this trojan as being able to provide a gateway for remote access to your system. I know I could use 7zip to open the archive, but with the potential for infection, even if it could be MS false-positive bullcrap, I don't feel very comfortable taking that risk until I can get a better grasp of what's going on.

If it does turn out that it's MS taking advantage of their hold on the PC market (again, like always), I will likely switch to Linux. The only reason why I've been using Windows on my CD/Floppy writing systems in the first place is because I've found ImgBurn to be more versatile and reliable in writing CDs from images than other Linux-based tools I've tried in the past. I know you can use Wine to run ImgBurn, but I've never quite been able to get it to work. Linux would be safer anyways because most malware is designed for Windows, as it holds the majority market share by a ridiculous amount.

Reply 3 of 4, by BitWrangler

Posted on 
User metadata
Rank l33t++
Rank
l33t++

Yeah, tough one, it might have actual legit concerns, it might be flagging tightVNC falsely.

Unicorn herding operations are proceeding, but all the totes of hens teeth and barrels of rocking horse poop give them plenty of hiding spots.

Reply 4 of 4, by DosFreak

Posted on 
User metadata
Rank l33t++
Rank
l33t++

Closed.
Vogons does not support so called "abandonware".
This issue isn't new I remember being deployed to Afghanistan and some dumbass was using this on the network, McAfee flagged it. It was likely a false positive but had to reimage the system anyway.
As with any report of malware, submit it to the Antivirus vendor so that they can analyze it otherwise you have nothing to complain about.

How To Ask Questions The Smart Way
Make your games work offline

Go to top of page Go to top of page
Back to Milliways
Close window
Close window