hacked win 10 install from MCT-created media

This thread is about a clean Win 10 install, base on Media Creatio Tool, that resulted in a hacked install.

What happened to result in this hacked install? Was Microsoft's server hacked? Was the MCT itself hacked? Did my laptop where I ran the MCT have a security vulnerability that wet undetected? Should I do a clean Windows install on the laptop?

By way of background, in late April just the night before our vacation trip, I finally, finally managed to get a clean Windows 10 install. These threads discuss my hassles in the week before the trip, trying unsuccessfully to get that Win 10 install. Note that I first tried Win 11, then decided that I was better off with Win 10. media creation tool Win 10 doesn't complete clean install and Why I decided against a Win 11 clean install for now.

I just got back from vacation, so I have this install issue to deal with. The home screen had this unknown folder, and there were these weird text files inside the unknown folder.

So no way Jose am I going to keep this install. As with previous installs (the ones that worked) I am going to use diskpart to complete clean up the NVMe drive. No GPT config with a non-partitions drive. Windows install will create the GPT and do the installs.

I will use an old, scratcharound Win 10 machine to do a MCT install USB.

Sorry, haven't time to find the important point amongst all the help you've already had.

Certainly very odd to find that folder.

When you clean installed Win 10, did you..
a. boot from install disk
b. before the install process started, delete all O/S related partitions on the target system disk?
Around steps 13/14 of the clean install Tutorial (just click Tutorials at the top and you'll see it).


Note that you can usually install Win 10 offline (no internet connection) -if you think connecting to MS servers represents a risk. E.g.
How to Set up Windows 10 Without Internet

Here's how:
Create Bootable USB Flash Drive to Install Windows 10
Option 1

then (and the above is linked from this):

Clean Install Windows 10

RickC said:

The text file shows nothing but very dubious links.

If you didn't create the MCT from the official Microsoft site directly then I'm not surprised you are now seeing dodgy results.

You don't need to use 'diskpart' for anything. Just do a clean install, including deleting any existing partitions, and follow the tutorials on here.

RickC

Actually when I doing repeated Win 11 and then Win 10 installs, the Win 10 installs failed to complete until I used diskpart. I was also deleting all partitions using the Windows install program, but apparently that missed something. Sorry, but I can't find that thread right now (search yielding no results)

I did use the MCT from the MS site.

- - - Updated - - -

dalchina said:

Sorry, haven't time to find the important point amongst all the help you've already had.

Why do you think it was 'hacked'? Evidence?

That Team OS folder is something I've never seen before. And the text files were all dodgy or sketchy.

When you clean installed Win 10, did you..
a. boot from install disk
b. before the install process started, delete all O/S related partitions on the target system disk?
Around steps 13/14 of the clean install Tutorial (just click Tutorials at the top and you'll see it).


Note that you can usually install Win 10 offline (no internet connection) -if you think connecting to MS servers represents a risk. E.g.
How to Set up Windows 10 Without Internet

@dalchina


Yes I booted from an install USB created by the MCT, running on another Win10 system.

Please see my reply just above to @RickC about deleting all OS-related partitions.

Could the folder have come from being synched with some cloud service or other PC?

x509 said:

1. What happened to result in this hacked install?
2. Was Microsoft's server hacked?
3. Was the MCT itself hacked?
4. Did my laptop where I ran the MCT have a security vulnerability that wet undetected?
5. Should I do a clean Windows install on the laptop?

1. IF and focus on IF the install media was hacked/infected.
what can happen is that your computer becomes a zombie(part of a botnet) or for crypto-mining. You wont see stuff in the open that reveal it, as folders on desktop and files with links and those kind of obvious things.

1:1.Custom made ISO's as those you get from HP, Acer, Asus and so on. they does have a lot of bloatware you will see as programs they want their customers to use. that is not bad stuff, just irritating. *lol*

1:2.Then you have custom ISO's that people like you and i make and they can be hacked so you don't need a license or they can be just friendly stripped of Telemetry and Bloatware and the one that did it leave a folder with some document to get credit

Never trust an ISO that you don't download your self from Microsoft directly not even from friendly users in here


2. extremely highly unlikely, even if it isn't impossible but almost.
and IF microsofts servers had been hacked, we had known about by now, as that had made big headlines in every news paper around the world within a day or three.

3. Same as 2. as the Media Creation tool is downloaded from Microsofts servers.


4. an security vulnerability don't mess with things that way... Malware, Viruses does... and others that might use your computer.
and yes, it is possible that an infected computer can infect the USB drive you made or plug in to an infected computer..... But then we are back to answer 1. Hackers dont want users to see if things is infected.... unless it is ransomware so you get a big screen that says your files has been encrypted.


5. That is up to you and how you feel about spending an hour or three re-installing the computer...... If you don't mind... Then go for it, then being going around and wondering if it might or not be infected.. It can be a irritating nagging thought to have for many people..... Even if the probability is low. It is never zero. as no OS in the world is 100% safe. You got two good links in Post #4 by @dalchina to follow if you do.


As @dalchina Mention... (Could the folder have come from being synched with some cloud service or other PC?)
Do you have sync and using a Microsoft account instead of local user account?

Have someone else access to your computer, so they can have downloaded something to it, or created those folders?

Do you have more then one windows computer in your network?
If yes, Run an antivirus scan on them all just to be safe.


It is really rare to get hacked... and if Big OS company's /software Company's get hacked, that make headlines, and it would make big posts on this forum about it then as it is a windows forum.
Infected by Malware and Viruses.. Yeah that is common among users.... and it should not been taken lightly.. There is good online-scanners and MS-Defender, Malware-bytes and a dozen more, so that is easy to scan for :)

dalchina said:

Could the folder have come from being synched with some cloud service or other PC?

The laptop that I was using is not synced to any cloud services as such, but I do visit a fair number of forums, includin thus one. This laptop also sync's to other systems in my home network.

Now I'm getting paranoid.

- - - Updated - - -

Marie SWE said:

1. IF and focus on IF the install media was hacked/infected.
what can happen is that your computer becomes a zombie(part of a botnet) or for crypto-mining. You wont see stuff in the open that reveal it, as folders on desktop and files with links and those kind of obvious things.

1:1.Custom made ISO's as those you get from HP, Acer, Asus and so on. they does have a lot of bloatware you will see as programs they want their customers to use. that is not bad stuff, just irritating. *lol*

1:2.Then you have custom ISO's that people like you and i make and they can be hacked so you don't need a license or they can be just friendly stripped of Telemetry and Bloatware and the one that did it leave a folder with some document to get credit

Never trust an ISO that you don't download your self from Microsoft directly not even from friendly users in here


2. extremely highly unlikely, even if it isn't impossible but almost.
and IF microsofts servers had been hacked, we had known about by now, as that had made big headlines in every news paper around the world within a day or three.

3. Same as 2. as the Media Creation tool is downloaded from Microsofts servers.


4. an security vulnerability don't mess with things that way... Malware, Viruses does... and others that might use your computer.
and yes, it is possible that an infected computer can infect the USB drive you made or plug in to an infected computer..... But then we are back to answer 1. Hackers dont want users to see if things is infected.... unless it is ransomware so you get a big screen that says your files has been encrypted.


5. That is up to you and how you feel about spending an hour or three re-installing the computer...... If you don't mind... Then go for it, then being going around and wondering if it might or not be infected.. It can be a irritating nagging thought to have for many people..... Even if the probability is low. It is never zero. as no OS in the world is 100% safe. You got two good links in Post #4 by @dalchina to follow if you do.


As @dalchina Mention... (Could the folder have come from being synched with some cloud service or other PC?)
Do you have sync and using a Microsoft account instead of local user account?

MS account.

Have someone else access to your computer, so they can have downloaded something to it, or created those folders?

My wife, but she would never hack my machine,

[quote]
Do you have more then one windows computer in your network?

If yes, Run an antivirus scan on them all just to be safe.

Three other systems, which I will scan

It is really rare to get hacked... and if Big OS company's /software Company's get hacked, that make headlines, and it would make big posts on this forum about it then as it is a windows forum.
Infected by Malware and Viruses.. Yeah that is common among users.... and it should not been taken lightly.. There is good online-scanners and MS-Defender, Malware-bytes and a dozen more, so that is easy to scan for :)

Agreed

x509 said:

The laptop that I was using is not synced to any cloud services as such, but I do visit a fair number of forums, includin thus one. This laptop also sync's to other systems in my home network.

Now I'm getting paranoid.

Nothing to get Paranoid about.. Grab a cup of coffee/tea then calm sit down with your computer and investigate. Start with a virus scan. :)
Panic mode is when you start seeing files starts to be encrypted in front of your eyes. (been there, done that) (Wannacry ransomware in May 7th 2017) I have never been as quick as then to pull the power. *LOL*

x509 said:

MS account.

My wife, but she would never hack my machine,

Three other systems, which I will scan

Agreed

MS accounts, don't they sunk as default.. The others can answer that... as i have never used an MS account my self as local account is better in every way.

Who knows... Your wife might be a super hacker... that is the best in the world (I'm joking of course)
What i meant was if some one has saved some interesting things to read.. or clicked on a bad link.... When you are more users on the same device it is not easy to keep track on things so to speak.
When was the folders and document created? (right click and properties) Then you can figure out when they popped up.... and if you might have saved it from another place or installed some program at the date and time, that might have created it.

Grab the coffee and start the scans
I have my cup beside me right now as i go thru some logs. Coffee and IT goes together. *smiling*