A few days ago a company was tossing out old computers and a few others were there for whoever wanted them. I spotted a Windows 7 Prof computer and thought it would provide an opportunity to learn about what XP mode does and see what 7 was like - if nothing else. Specs are Asus Mobo P5G41T-M LX - 4Gigs Ram - 500GB WD Caviar Green - DualCore Pentium E6500 @ 2.93GHz - PSU 350W ISO - 450PP (my searches revealed not a very good brand) The mid tower just says Foxconn case so I suppose it's a custom build. The COA sticker is on the case (OEM). Seems to be this computer hasn't been used for a few years and the OS was installed around mid 2009 The specs are pretty low end by todays standards but exceeds anything else I've got at present. So, I've been just fiddling around on it and seeing what state the OS is in since the computer came "as is" ie, no fresh install and there's stuff left on there from the last user. Bottom line - Even if reading the W7 telemetry thread wasn't enough to give me the severe jitters, I wouldn't put this near the internet in its current state and I would keep it isolated from other computers. The HD didn't have much space used but the person had installed the usual junk such as a number of freebie games. Not a good sign. Anyway I've uninstalled all that I can see that is of no use such as programs, and other things lying around. Looking a bit deeper has me wondering about a few things. 1/ Specs taken into account, how long would you expect this computer to boot Windows7Pro? Currently it boots in 45 seconds (quickly clicking through the login screen ) It shuts down quickly. 2/ Are ziober.exe and ziober.scr legitimate files or some type of virus/scumware? I noticed Task Manager showed the CPU consistently hovered around 36% and spiking to around 50% when I wasn't doing anything and had nothing opened except TM. I know that W7 is much more resource hungry than XP but surely this is not right. There were 2 processes running, ziober.exe *32 and ziober.scr *32 - I searched online and couldn't find any reference to this being a virus or whatever. Anyway I terminated the exe entry and the CPU went to zero. The .scr was ziober screensaver. They came back on reboots. I plugged in an old USB drive to the said computer to transfer Sandboxie, FF, Lastactivityview and other utilities to do some cleaning up. I noticed some desktop shortcuts were put on the thumb drive. I deleted them. They installed again when I replugged it in. I got hidden OS files to show, and sure enough here was an instance of the 2 ziober files plus an autorun.inf. I looked in that and it referred to ziober. I logged into another user I'd set up beforehand and the CPU was fine. The entries weren't in TM. I searched in the registry and there was an entry there. Ideas advice and thoughts appreciated. If I could, I'd just ditch this whole install and re-install 7Pro clean but I have no install disks and from what Ive seen from searching, M$ is no longer accepting COAs allowing ISO downloads of 7Pro OEMs.
@Reality With a quick Google search I found a link to VirusTotal which indicated that ziober.exe may be malware. I suggest you do do scans with Zemana AntiMalware, Malwarebytes and Hitman Pro. I'm not sure about Microsoft not accepting COAs to download Windows 7 ISOs. I wasn't aware they had stopped this, but I could be wrong. However, if you want to do a clean install of Windows, you can download Windows ISOs from getintopc.com
... Or if it is a legit Win7 installation you could always do a clean Win10 installation. Yeah I know not everyone wants Win10 but it is just a thought.
Thanks guys for your responses. Forgot to say there's no way I want Windows 10. I'm not keen on anything above XP but it's just I was given this Computer and I've heard about XP mode. I do know a bit about the machines history in that I know people at the company. I agree that it's risky letting such a machine get near my others, hence my post. @ roger_m I use Startpage, and it didn't give me any results of any use, but what you've said makes sense. If this isn't scum, it sure acts like it. From what Ive read, its apparently only OEMs MS isn't supplying ISOs for now. Not 100% sure though. Hopefully I'm wrong and I can DL the ISO from MS, but I'll check out the site you said.
Get a utility that'll retrieve the W7 license. Download the W7P iso. Nuke the HDD, format & fresh install.
Check for a recovery partition. They are usually hidden. I've often found old computers with full recovery partitions. If it has a Windows 7 sticker with the product key, that will work. You will need to burn a Windows 7 ISO. They used to be easy to get from Digital River but MS took it down when Windows 10 came out. These are some possible sources I got from a hardware forum. Here is a page that has ISO links. http://mirror.corenoc.de/digitalrivercontent.net/ And the page I took it from that has more information. http://www.pcsteps.com/45-download-windows-7-iso-legally-free-digital-river/
Thanks guys. @zapjb I have the product key on the case. I went to M$ site, punched in the COA key and it said the product key is eligible for W7Pro COEM, BUT when I clicked on a further link I got an error, like I'd seen others say. What does the C stand for? Also, if I DL an ISO from one of these sites, will a COEM license make any difference when I go to activate 7? @MisterB , theres a small partition about 96MBs, whats that? Looking in disk manager it doesn't say anything about it being a recovery partition. I assume that enabling hidden OS files in the Folder options will have any recovery partition show, right? @Robin A, would that script show all product keys or just OS. There's quite a few MS programs - Excel, Word, Publisher, Powerpoint etc. I'm sure they would come under some "edition". I'll see if I can find out what it is.
96mb would not be the recovery partition. They are usually at least 4gbs or more and are well hidden from the OS but will show up with any partitioning software. I've run across some that won't even mount with a driver letter. The recovery partition contains a complete image of the system and is restored like any other image. The key on the case is the one you want for a clean install with a generic ISO. The systems installed by the OEM manufacturer used a different product key that uses a different activation method that uses a certificate in the OS and a string in the BIOS combined with the product key to activate and these keys won't activate by any other method. In Xp, Vista and Win7 these keys are unique to each OEM manufacturer and all computers from the same OEM use the same product key.
If you restart this machine and tap either F10 or F11 while booting it should bring up the Recovery options.
Well I've been busy chasing up info in this thread. The DL place to get qbittorrent is sourceforge and like many others they have gone the way of putting excess baggage in their installers. Is there a trusted DL site anyone knows of? @MisterB thanks for explaining that. I installed Aomei Partition Assistant. If a partition is hidden, do you have to unhide it from a menu somewhere or would it still show in the UI as hidden? Other than that, I can't see anything extra except that small partition. @zapjb is gparted free -- would it show up anything that Aomei doesn't.? @Krusty tapped F7 and it just showed up just 2 things - the OS and had (recovered) in brackets and something about memory diagnostics. Been playing around with it, and it appears all the office programs are 2002 and they all have the same product number. They are Word- Excel- PowerPoint- MS Access- MS Outlook (no publisher as I mistakenly said before) I see Folders in Microsoft Office- they are Office10 and OFFICE11. Which one would I refer to if I have to activate it? Im curious - Would altering a filename -- ie scumware.exe to scumwarexxx.exe stop it from running or would I have to alter the extension to something like scumware.exexxxxx After early on having to use the USB stick hopefully nothing untoward has happened to main computer. Theres nothing showing up in the taskmanager. Anyway I dug into the system and disabled system Wide Autoplay. Found out in Sandboxie how to make a Windows Explorer shortcut but not sure if I can make a USB drive or more specifically a drive letter Sandboxed on the free version.
GParted is FREE. Don't know if it's better. But it's better & more straight forward than everything else I've tried.
Partition assistant will show any hidden partitions. It looks like the 96mb partition is the boot partition and will just have boot and recovery files. Partition assistant will work fine for anything you have to do to a Windows system. I use it for Windows partitions and gparted for Linux partitions. There are many programs for downloading torrents, many open source GPL, so there are other options if qbittorrent doesn't work out. I would get the product keys for Windows and any MS software on the system that requires activation. I am assuming that the system is the original OEM installation but it could easily be a later install that used the product key on the box. A quick way of checking, is to look at the system properties by right clicking the My computer icon and selecting Properties. The OEM installs usually have the manufacturers logo right next to the Microsoft one.
MisterB theres just the MS logo - Running a few things like LastActivityView dated back to 2009. Seems this computer has just been stuck in a corner somewhere not doing anything for a couple of years. Cant find any logs etc that indicate usage later than 2012 or 13. I went and found the portable qbittorrent but it still came from sourceforge but I used Sandboxie to install it and of course Kerio complained about it. I didn't see any excess baggage. Never really used one of these torrent programs before so Im DUBIOUS I'm also super paranoid about having to upload or leave my computer "available" (if Im understanding it correctly) as part of their netiqeutte which I can understand, but Im not really into setting all that up. BTW I tried a second time to get that ISO off MS but nope - said legit license but threw an error. I sure get it about people complaining about MS's convoluted confusing licensing system. zapjb, I heard so much about gparted but just haven't had time to explore it. One of these days ........
