It is currently Fri Nov 17, 2017 9:11 pm

All times are UTC - 8 hours [ DST ]




Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 47 posts ] 
Author Message
PostPosted: Tue Aug 02, 2016 11:08 pm 
Offline
Site Admin
User avatar

Joined: Wed Jan 02, 2013 11:38 pm
Posts: 5278
In early August (specifically only on one day, Aug 2nd, 2016) and only for a few hours, the download mirror for Classic Shell version 4.3.0 got hacked by some hackers calling themselves Peggle Crew. They managed to replace the installer file with a trojan that when launched, corrupts the MBR (Master Boot Record) of the PC. This renders the computer unbootable.

As soon as the hack was detected, the download link on the main site http://www.classicshell.net was fixed to link to a clean file. Classic Shell became once again safe to download immediately after the hack was detected within a few hours and the fake installer replaced with a genuine one.

Here is a FAQ for those of you whose PC got affected by malware when they accidentally downloaded and ran the hacked installer on August 2nd, 2016. Anyone else downloading the current installer after August 2 or now should rest assured that it is clean and free of malware. You can verify this by checking the digital signature of the installer's properties.

How do I know I have downloaded the correct file?
There are few things to watch for:
  • Check the file properties in Explorer – right-click -> Properties. Look for a tab named “Digital Signatures”. It should list “Ivaylo Beltchev” as the signer. The hacked file doesn’t even display the “Digital Signatures” tab.
  • When you run the real installer it will not immediately ask you for admin permissions. Only after you finish selecting your settings you will be asked. The hacked file asks right away.
  • The prompt for permissions will be blue for the real file and say "Verified publisher: Ivaylo Beltchev". The fake file will show a yellow prompt and say "Publisher: Unknown".
  • The fake file will of course not install Classic Shell. It will just flicker once and exit. So if you managed to install Classic Shell 4.3.0, then you had the right file and you are safe

What do I do if I launched the fake file and got infected?
If you haven’t rebooted yet, save your work and back up your important files. If things go very wrong you may have to reinstall Windows and will lose your files.
Also make sure you have a working Windows 10 disk before rebooting. You can make one using the instructions here: https://www.microsoft.com/en-us/softwar ... /windows10
To repair the MBR, follow the instructions here:
viewtopic.php?f=12&t=6440
Also in video form:
https://www.youtube.com/watch?v=DD9CvHVU7B4

There are also few forum threads with useful information:
viewtopic.php?f=12&t=6434
viewtopic.php?f=12&t=6437

Reddit thread about the hack and possible fixes:
https://www.reddit.com/r/pcmasterrace/c ... shell_read

Once again, we assure you that except for a few hours on August 2nd, 2016 when Classic Shell's installer was hacked, Classic Shell is completely safe to use again.


Attachments:
UAC Prompt.png
UAC Prompt.png [ 230.67 KiB | Viewed 114294 times ]
Clean installer verification.png
Clean installer verification.png [ 145.68 KiB | Viewed 114306 times ]
Top
 Profile  
 
PostPosted: Wed Aug 03, 2016 1:24 am 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5338
Here's a recap of what exactly happened for those who are worried about the hack:


● This was a very new malware. At the time when it was being spread, very few anti-virus apps detected it - only Kaspersky, AVG and something else and that too, only as a generic threat, not as a specific trojan -

Classic Shell is safe once again to download. The main download is currently from another hosting service called MediaFire which was not hacked. The website hosting it at that time (FossHub) was hacked and only for a few hours on 1 particular day. Ever since, Classic Shell's installer is clean and you don't have to be worried about getting infected as long as you don't ignore the UAC prompt which shows a blue band for signed executables.

● The attack was timed by whoever hacked the installer to coincide with the release of Windows 10 Anniversary Update which was removing older versions of Classic Shell without giving any details except some unexplained "incompatibility" message in the Action Center. So users would head to the main download site and the compromised installer would infect their PC.

● This affects UEFI/GPT partitions too and makes them unbootable just like BIOS/MBR partitions. Secure Boot should not be affected. Whether your MBR is infected or GPT, it is easy to recover/fix and your data is not erased or encrypted. But the fact that it makes the PC unbootable scares novice users who have no idea how to fix it.


● This attack occurred because of a breach in FossHub's security and not due to a vulnerability in Classic Shell's website or installer. They have rectified the situation. They posted an apology on Reddit: https://www.reddit.com/r/sysadmin/comments/4vzovk/fosshub_statement_regarding_2nd_august_security/ Still, Classic Shell's main hosting now uses another service, MediaFire.

● If you always use the built-in updater to update Classic Shell, it downloads from another location (MediaFire) that was not compromised. Also it is digitally signed so its authenticity can be verified.


● The impact of the attack was limited. We noticed that Windows 10 was removing Classic Shell as "incompatible" and wasn't giving any details about what the incompatibility was. So an updated version of Classic Shell for Windows 10 Anniversary Update was released 2 days before the attack (2 days before the Anniversary Update became publicly available). This was done so that Windows 10 would not remove the compatible version. Classic Shell gets millions of downloads per month. Because the update was rolled out in advance, the fake installer (which did not have Classic Shell at all) was downloaded approximately around 300 times, not thousands or millions of times.

● The Classic Shell installer is digitally signed so when you download it from the official website or from another download service that the website links to, you can verify the genuine vs fake installer using the Windows UAC prompt. The genuine installer will be digitally signed by Ivaylo Beltchev who is the developer of Classic Shell.

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
 
PostPosted: Wed Aug 03, 2016 1:37 am 
Offline

Joined: Wed Aug 03, 2016 1:30 am
Posts: 2
Hi, I am on business laptop and very precious data for us.

In morning, I got update option and I did so.

But I don't know, is it fake one or original one ?

but I have check in folder and than property > digital signature > Ivaylo Beltchev

now I am in dobt.

am I safe now ? or still need anything to do it ?

I have more than 2 TB data on it.


Top
 Profile  
 
PostPosted: Wed Aug 03, 2016 1:41 am 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5338
If the installer properties has a tab called "Digital signatures" and if after clicking "Details", you see that the digital signature is OK and the signer is Ivaylo Beltchev, then it is the genuine installer and is safe to run:

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
 
PostPosted: Wed Aug 03, 2016 1:52 am 
Offline

Joined: Wed Aug 03, 2016 1:30 am
Posts: 2
Please check below file.


Attachments:
001.jpg [177.88 KiB]
Not downloaded yet
001.jpg [177.88 KiB]
Not downloaded yet
Top
 Profile  
 
PostPosted: Wed Aug 03, 2016 2:02 am 
Offline

Joined: Wed Aug 03, 2016 1:58 am
Posts: 1
Why would anyone do this? There's no point in messing with some random person's PC, it's just evil.

I downloaded literally right after this was resolved and had a pretty huge panic attack when I learned.


Top
 Profile  
 
PostPosted: Wed Aug 03, 2016 2:11 am 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5338
@ankupan, download the installer from http://www.classicshell.net/downloads/latest. That is clean and safe. Install it on top of your version which is just an older one with an expired certificate.

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
 
PostPosted: Wed Aug 03, 2016 2:30 am 
Offline

Joined: Wed Aug 03, 2016 2:27 am
Posts: 1
Hi guys, quick question.. my boot drive seems to be ok, but I seem to have lost my secondary drive, which was partitioned into E and F. Is this possible ? Btw, shows up as unallocated in Computer Management


Top
 Profile  
 
PostPosted: Wed Aug 03, 2016 2:51 am 
Offline

Joined: Tue Aug 02, 2016 6:20 pm
Posts: 2
I have a clean Windows 10 installation with UEFI/GPT partitions, and my system was not able to boot. It simply showed no entry in the bios boot menu. I'm sure it's UEFI/GPT. The bios boot menu says it is UEFI what I'm booting, and diskpart list disk says it's GPT.

Windows recovery was not able to fix the boot problem, so I tried the integrated system image restore function of Windows 10 by booting from my Windows 10 install USB stick. The USB stick was created by the Microsoft Media Creation tool. The system image was created by me before the update with the "Backup and Restore (Windows 7)" tool from within Windows.

It worked this way. I don't know what else that malware overwrote to ruin the system, so this was the most safe solution for me. Fortunately, I had that system image - I created it right before Windows 10 started to download the Anniversary update that evening.


Top
 Profile  
 
PostPosted: Wed Aug 03, 2016 3:04 am 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5338
For anyone who is not able to boot their PC or has lost secondary drive partitions, if the instructions by Ivo: viewtopic.php?f=12&t=6440 which are pretty simple to restore your MBR do not work for some reason, then with access to another clean computer, you could try creating a bootable USB or CD from any of the Live CD images with Testdisk: http://www.cgsecurity.org/wiki/TestDisk_Livecd . One of our forum members reported that using Testdisk they could fix the partition table on the compromised drive and restore the partition table completely with no issues. Do a quick scan using Testdisk and then add back the partition it finds and write it to disk. You also must rewrite the drive's infected MBR code with the Windows MBR code: https://tweakhound.com/2012/11/13/how-t ... ootloader/

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
 
PostPosted: Wed Aug 03, 2016 4:49 am 
Offline

Joined: Wed Aug 03, 2016 4:47 am
Posts: 2
FYI the readme file for 4.3.0 says 4.2.5.


Top
 Profile  
 
PostPosted: Wed Aug 03, 2016 4:54 am 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5338
w0z wrote:
FYI the readme file for 4.3.0 says 4.2.5.



For me it says Version 4.3.0 –general release. Maybe the installer didn't update your files correctly.

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
 
PostPosted: Wed Aug 03, 2016 6:10 am 
Offline

Joined: Wed Aug 03, 2016 4:47 am
Posts: 2
I just installed on a second computer and it shows the correct readme file. Not a big deal but strange.


Top
 Profile  
 
PostPosted: Wed Aug 03, 2016 12:22 pm 
Offline

Joined: Wed Aug 03, 2016 12:16 pm
Posts: 1
The hack is apparently not fixed or you were hacked again. I downloaded your update on August 3rd, approximately 11:00 AM Moutain time (US). I experienced the problems related below and the recommended repair worked after a couple of additional reboots. No messages on screen--just a blank screen with the cursor showing before repair.


Top
 Profile  
 
PostPosted: Wed Aug 03, 2016 12:28 pm 
Offline
Site Admin
User avatar

Joined: Wed Jan 02, 2013 11:38 pm
Posts: 5278
Where exactly did you download it from? The link on the main page points to Mediafire, and I just checked it still works.
If you look at the file properties, do you see a "Digital Signatures" tab?


Top
 Profile  
 
PostPosted: Wed Aug 03, 2016 12:53 pm 
Offline

Joined: Wed Aug 03, 2016 12:34 am
Posts: 1
Luke7777 wrote:
Hi guys, quick question.. my boot drive seems to be ok, but I seem to have lost my secondary drive, which was partitioned into E and F. Is this possible ? Btw, shows up as unallocated in Computer Management



This is what happened to me. That drive probably had an unused MBR. My system continued to boot but a second drive was "unallocated". It can be repaired but the Windows troubleshooting command-line method (bootrec /fixmbr) will not do it. It only works on your boot disk. I tried it and it wiped out my Linux boot menu, so beware.

I used the open source tool TestDisk to fix my partition but it is not for the faint of heart. I tried other tools but they did not correctly handle my 3TB drive or they cost too much or they did not address the actual problem. I'm sorry I can't recommend an easy fix but there may be some listed in these forums or elsewhere.

Your files should be safe but be careful with the tools you use. I used MiniTool Partition Wizard and it malfunctioned. By all appearances it was going to fix the problem but when the fix was applied, it did not correctly handle my 3TB drive. I was able to recover using TestDisk.

One final note: I ran CHKDSK on the drive after I got it working again. It reported "corrupt basic file structure" for 179 files. The files appeared to be perfectly usable and showed no problems. When CHKDSK "repaired" them, all their data was erased. Be careful. If you see these kinds of errors reported, try to backup the affected files before attempting to repair them. If you can, I advise transferring all of your files to a new drive and then reformatting your damaged disk to clear out any remaining weirdness.

Good luck.


Top
 Profile  
 
PostPosted: Wed Aug 03, 2016 3:09 pm 
Offline
User avatar

Joined: Sun Nov 30, 2014 7:14 pm
Posts: 11
Audacity got hit too, by the same people. According to the tweets from the people who claim responsibility for it, it was done to demonstrate Fosshub's weak security.


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 3:50 am 
Offline
User avatar

Joined: Sun Feb 22, 2015 3:09 pm
Posts: 655
Is there any way to find out if the MBR is toast or not without restarting? I'm 99% sure I wasn't hit, but due to being slightly paranoid, it'd be nice to have some solid proof...is that possible? ._.

EDIT: I don't mean the installer, I mean what I've actually installed. I...may or may not have frantically deleted the installer as soon as I read the OP.

Also, what exactly is being done to prevent this from happening again? ._._._.

_________________
TILES WOOOOOO


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 4:24 am 
Offline

Joined: Fri Aug 07, 2015 4:04 am
Posts: 8
@Splitwirez

If Windows boots then nothing happened to you...if don't need to be afraid for restarting fixing it is pretty easy. (and I wouldn't wonder if there would be an instant BSOD after the MBR is overwritten but I'm not sure of that)

And if you want no risk to get modified software: check if the app is signed, if available on the official website calculate and compare the md5 or sha hashes (this won't help e.g. on Fosshub if the hackers also changed those values on Fosshub) and check e.g. the size of the programm, if it is ridicilous small (< 1mb) then it could be virus in stead of a programm like classic shell with lots of features.


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 5:33 am 
Offline
User avatar

Joined: Sun Feb 22, 2015 3:09 pm
Posts: 655
Clemens wrote:
@Splitwirez

If Windows boots then nothing happened to you...if don't need to be afraid for restarting fixing it is pretty easy. (and I wouldn't wonder if there would be an instant BSOD after the MBR is overwritten but I'm not sure of that)

And if you want no risk to get modified software: check if the app is signed, if available on the official website calculate and compare the md5 or sha hashes (this won't help e.g. on Fosshub if the hackers also changed those values on Fosshub) and check e.g. the size of the programm, if it is ridicilous small (< 1mb) then it could be virus in stead of a programm like classic shell with lots of features.


What I mean is I have no idea if I ran the installer I had, I don't have the installer, and I'm not too keen on restarting to find out. Can I somehow examine the intactness of the MBR itself?

_________________
TILES WOOOOOO


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 5:36 am 
Offline
User avatar

Joined: Sun Jan 06, 2013 1:44 pm
Posts: 1822
no it doesn't instantly BSOD when you delete/change the MBR; it waits till you restart your pc...

as far as knowing if you were hit before restarting. you might be able to find out by running msconfig (just type msconfig into the start menu)
and checking the boot tab. I would Imagine that your OS wouldnt be listed there with a broken MBR; though I havn't confirmed


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 7:08 am 
Offline
User avatar

Joined: Sun Feb 22, 2015 3:09 pm
Posts: 655
Jcee wrote:
no it doesn't instantly BSOD when you delete/change the MBR; it waits till you restart your pc...

I gathered that much.

Jcee wrote:
as far as knowing if you were hit before restarting. you might be able to find out by running msconfig (just type msconfig into the start menu)
and checking the boot tab. I would Imagine that your OS wouldnt be listed there with a broken MBR; though I havn't confirmed

Well my OS does show up...

_________________
TILES WOOOOOO


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 7:56 am 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5338
@Splitwirez, while there is no quick way to see if the MBR is infected, you can open boot.wim from \sources folder of your Windows Setup disk and extract bootrec.exe from C:\Windows\system32 inside boot.wim to your current Windows installation. Then run bootrec.exe /fixmbr from within Windows.

The way to avoid getting infected from such a hack is to pay attention to the UAC prompt shown by the installer and make sure it's signed by Ivo.

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 8:30 am 
Offline

Joined: Thu Aug 04, 2016 8:22 am
Posts: 1
I know is already fixed but I wonder why antivirus/antimalware programs didn't detect it at first.


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 8:44 am 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5338
hjroman wrote:
I know is already fixed but I wonder why antivirus/antimalware programs didn't detect it at first.



For any malware to be detected, its signature has to be present in the AV vendor's app. This malware was new. AVG, Kaspersky and some other AV vendor detected it as a generic threat. And Windows UAC prompt showed it with a yellow band and as coming from an unknown publisher.

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 10:07 am 
Offline
User avatar

Joined: Sun Feb 22, 2015 3:09 pm
Posts: 655
Gaurav wrote:
@Splitwirez, while there is no quick way to see if the MBR is infected, you can open boot.wim from \sources folder of your Windows Setup disk and extract bootrec.exe from C:\Windows\system32 inside boot.wim to your current Windows installation. Then run bootrec.exe /fixmbr from within Windows.

...k...I didn't quite follow that...

Gaurav wrote:
The way to avoid getting infected from such a hack is to pay attention to the UAC prompt shown by the installer and make sure it's signed by Ivo.

Problem is, I don't even remember if I ran the installer, nevermind what the UAC prompt showed. I checked the signature after reading the OP and it showed that it was legit...but I'm still feeling really uneasy about this...I think I'll just skip this update and wait for 4.3.1 or whatever ;~;


Also,
Splitwirez wrote:
what exactly is being done to prevent this from happening again?

_________________
TILES WOOOOOO


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 10:32 am 
Offline
Site Admin
User avatar

Joined: Wed Jan 02, 2013 11:38 pm
Posts: 5278
Well, no, you can't skip the update if you already ran the installer...
If you are infected, the next reboot will fail. If you are not that confident everything is OK, I would back up the important files to an external drive, cloud, or whatever, and then do a test restart.

I have not done anything to prevent further attacks. The compromised FossHub site is down, and as far as I can tell Mediafire hasn't been hacked. Since I don't host the files on my home machine (it would require terabytes of bandwidth each month), there is very little I can do to control the security of the download service.


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 12:38 pm 
Offline

Joined: Thu Aug 04, 2016 12:37 pm
Posts: 2
Do you have a checksum for the 4.3.0 release?


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 12:41 pm 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5338
Classic Shell 4.3.0's installer has:
CRC32: A63C4C3F
MD5: E10881B65C27C6E09E5A33CD8BCD99C6
SHA-1: A6B06D07FE3B1A7204B1B62C67FBF3C602385364

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 12:51 pm 
Offline

Joined: Thu Aug 06, 2015 9:01 pm
Posts: 19
Just an idea, while it is good to have the warning on the main website I feel like it would make a crap ton more sense for it to be moved from the "What is Classic Shell?" section to the "News" section to the right. Where it is currently is very crowded with other information and it just doesn't seem that important.

It also makes sense because this is a newsworthy event!

_________________
Windows 10 Pro x64


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 3:39 pm 
Offline
User avatar

Joined: Sun Feb 22, 2015 3:09 pm
Posts: 655
Ivo wrote:
Well, no, you can't skip the update if you already ran the installer...
If you are infected, the next reboot will fail. If you are not that confident everything is OK, I would back up the important files to an external drive, cloud, or whatever, and then do a test restart.

I'm pretty sure I didn't run the installer, and I was implying that if I did, I don't plan to run any installer for this update again ._.

Also I fished the installer out of my recycle bin to check the signature. This is what it said:

is that okay? And should I restart just to be sure?

Ivo wrote:
I have not done anything to prevent further attacks. The compromised FossHub site is down, and as far as I can tell Mediafire hasn't been hacked. Since I don't host the files on my home machine (it would require terabytes of bandwidth each month), there is very little I can do to control the security of the download service.

...switching hosts sure sounds like action to prevent future problems to me... .-.

_________________
TILES WOOOOOO


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 3:50 pm 
Offline
Site Admin
User avatar

Joined: Wed Jan 02, 2013 11:38 pm
Posts: 5278
Yes, your file is fine, and I recommend you install it. There are some fixes and new skin features.

As for service providers, there aren't that many that offer multi-terabyte bandwidth at a price I can afford. Mediafire is still pricy, but not unreasonably so. FossHub is free but shows one ad per download. Everything else is either prohibitively expensive or has tons of ads where you can easily click on the wrong thing and get an extra browser toolbar or two.


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 3:55 pm 
Offline
User avatar

Joined: Sat Dec 14, 2013 11:20 am
Posts: 33
Wow, m*therf*ckers... Why on hell would some random guys do that?

I installed CS about 2-3 days ago, but I downloaded it from here, the main page, and I didn't got this malware thing.

By the way, you should edit the main message. Hackers are the GOOD guys, Cyber Criminals are the BAD guys.
Hackers = Police
Cyber Criminals = Robbers


So saying "a hacker did this bad thing" is a contradiction. A cyber criminal did.


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 4:07 pm 
Offline
User avatar

Joined: Sun Feb 22, 2015 3:09 pm
Posts: 655
Ivo wrote:
Yes, your file is fine, and I recommend you install it. There are some fixes and new skin features.

...err...yeah, if I can get myself to do so without worrying like crazy afterwards. Honestly I trust everything you say, but that doesn't make a darned bit of difference to how scared I was and still am.

Ivo wrote:
As for service providers, there aren't that many that offer multi-terabyte bandwidth at a price I can afford. Mediafire is still pricy, but not unreasonably so. FossHub is free but shows one ad per download. Everything else is either prohibitively expensive or has tons of ads where you can easily click on the wrong thing and get an extra browser toolbar or two.


...what about Mega? AFAIK they don't show any ads and are pretty much all about security or encryption or whatever...then again I've yet to see anything about pricing, so idk .-.

_________________
TILES WOOOOOO


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 4:14 pm 
Offline
Site Admin
User avatar

Joined: Wed Jan 02, 2013 11:38 pm
Posts: 5278
Last time I checked Mega they had a relatively low monthly bandwidth.

Do the math - the installer is 7MB. 1 million downloads per month equals 7TB/month. And Classic Shell easily gets more than 1 million/month, especially following a new release.


Top
 Profile  
 
PostPosted: Thu Aug 04, 2016 5:18 pm 
Offline
User avatar

Joined: Sun Nov 30, 2014 7:14 pm
Posts: 11
Okay so, for anyone who needs some extra confidence, I got hit by it. I was stupid and didn't stop when the digital signature wasn't there. Though I did acknowledge it by thinking "wasn't this signed last time I updated? Oh well."
Unfortunately for me, something else happened when I got infected. Avast, my antivirus, caused me to bluescreen due to an incompatibility with the Anniversary update on newer Intel CPUs. So even when I fixed my master boot record, I was stuck in a boot loop and had no idea what to do.

But the only reason I discovered the boot loop is because I fixed my master boot record, and it's really easy.
I simply borrowed a family member's laptop to make myself a boot disk (just download the Windows ISO of your system and slap it on a disk or USB drive), used it to get into the recovery environment for Windows, opened the command prompt, and used the command "bootec /fixmbr". That got me to the windows loading screen, which gave me a BSOD every time because of Avast.

All in all, don't panic. The boot record is really easy to fix with little technical knowledge, and none of your personal files will be tampered with.


Top
 Profile  
 
PostPosted: Fri Aug 05, 2016 12:39 am 
Offline

Joined: Thu Aug 06, 2015 9:01 pm
Posts: 19
rambomhtri wrote:
Wow, m*therf*ckers... Why on hell would some random guys do that?

I installed CS about 2-3 days ago, but I downloaded it from here, the main page, and I didn't got this malware thing.

By the way, you should edit the main message. Hackers are the GOOD guys, Cyber Criminals are the BAD guys.
Hackers = Police
Cyber Criminals = Robbers


So saying "a hacker did this bad thing" is a contradiction. A cyber criminal did.
Get your terminology right. "hacker" is a generic term for people that modify software typically without acces to the source code.

Black Hat Hackers = Bad Guys
White Hat Hackers = Good Guys

_________________
Windows 10 Pro x64


Top
 Profile  
 
PostPosted: Fri Aug 05, 2016 1:38 am 
Offline
User avatar

Joined: Sun Jan 06, 2013 1:44 pm
Posts: 1822
Franpa wrote:
rambomhtri wrote:
Wow, m*therf*ckers... Why on hell would some random guys do that?

I installed CS about 2-3 days ago, but I downloaded it from here, the main page, and I didn't got this malware thing.

By the way, you should edit the main message. Hackers are the GOOD guys, Cyber Criminals are the BAD guys.
Hackers = Police
Cyber Criminals = Robbers


So saying "a hacker did this bad thing" is a contradiction. A cyber criminal did.
Get your terminology right. "hacker" is a generic term for people that modify software typically without acces to the source code.

Black Hat Hackers = Bad Guys
White Hat Hackers = Good Guys

Was just about to comment on this :P

Though 'white hat' hackers are 'good' most of what they do is still illegal.. and obviously subjectively good.... Its even possible that the recent hackers that hacked classic shell see themselves as white-hats because they supposedly did it to draw attention to a major hole in Fosshubs security. Yes rendering thousands of computers Inoperable is bad, but the fix is fairly simple; and causing a splash is sometimes the only way to get noticed. Also it could have been way worse.. (like wiping the whole hard drive, or stealthily stealing credit-card info)


Top
 Profile  
 
PostPosted: Fri Aug 05, 2016 1:51 am 
Offline
User avatar

Joined: Sat Dec 14, 2013 11:20 am
Posts: 33
Franpa wrote:
Get your terminology right. "hacker" is a generic term for people that modify software typically without access to the source code.

Black Hat Hackers = Bad Guys
White Hat Hackers = Good Guys



Yeah, I know exactly what a hacker is. And a hacker is "good" because he modifies things in order to learn or just for fun, legal or illegal. A hacker never tries to mess other people computer, a hacker never tries to do evil things.

So, hacker = police, and cyber criminal = robber.

You could say "but a police can be corrupted and be a bad guy". Yeah, you're right, that's your "black hat hacker", but you know, that¡s atypical, and normally police do good things.

This attack was intended to damage computer's all over the world, so a hacker does not fit in that category.


Top
 Profile  
 
PostPosted: Fri Aug 05, 2016 2:13 am 
Offline
User avatar

Joined: Sun Jan 06, 2013 1:44 pm
Posts: 1822
Personally I would define a hacker as: Anyone who changes or modifies anything through un-conventional means, often to gain an un-anticipated result

Webster however defines a hacker as : a person who secretly gets access to a computer system in order to get information, cause damage, etc. : a person who hacks into a computer system
(Really a stupid, and simplified answer, but it definitely has a negative connotation)


Because the definition of hacker is so hard to pin down.. lets just agree to disagree :P


Top
 Profile  
 
PostPosted: Fri Aug 05, 2016 4:38 am 
Offline
User avatar

Joined: Sat Dec 14, 2013 11:20 am
Posts: 33
Jcee wrote:
Personally I would define a hacker as: Anyone who changes or modifies anything through un-conventional means, often to gain an un-anticipated result

Webster however defines a hacker as : a person who secretly gets access to a computer system in order to get information, cause damage, etc. : a person who hacks into a computer system
(Really a stupid, and simplified answer, but it definitely has a negative connotation)


Because the definition of hacker is so hard to pin down.. lets just agree to disagree :P



Well, that's one horrible definition, which is totally wrong.

If you ask any hacker out there, they will always say "we're sick of explaining that hackers are just normal people who just mess around devices to create or invent something new, add features it didn't have, do things the manufacturer didn't want us to do, many times kind of "illegal" because they break some terms or whatever. But the ultimate goal is just adding things for fun and use devices in a way they weren't intended to be used. For example, a hacker would modify the Wii so it can read PS3 games, or modify a PS4 so it can be used as a toaster, or add a WiFi card to a PS1 so you can watch YouTube through it. A hacker would never try to hurt anyone's devices or steal your information, just like a policeman would never rob a bank.

To sum up, hacker can't have any negative connotation, as police can't have any negative connotation by definition. Sure a police can commit a crime or a hacker can commit a cyber attack like this one, but then automatically the hacker wouldn't be considered a hacker anymore, but a cyber criminal.

It's like saying an innocent man killed a kid last night. That's exactly what we are saying. The time you kill someone, you automatically stop being innocent and you become a criminal.


Top
 Profile  
 
PostPosted: Fri Aug 05, 2016 11:53 am 
Offline

Joined: Thu Aug 04, 2016 12:37 pm
Posts: 2
@Gaurav

Gaurav wrote:
Classic Shell 4.3.0's installer has:
CRC32: A63C4C3F
MD5: E10881B65C27C6E09E5A33CD8BCD99C6
SHA-1: A6B06D07FE3B1A7204B1B62C67FBF3C602385364



Might I suggest adding this information to future release announcements? It's standard practice for many open-source projects.


Top
 Profile  
 
PostPosted: Mon Aug 22, 2016 12:18 am 
Offline

Joined: Mon Aug 22, 2016 12:08 am
Posts: 1
you should run all unknown and known software under Sandboxie control to see if it is nasty in nature,at least if it is bad you can easy remove it with out any system changes made.Also you should run your browser under sandboxie control at all times. ;) http://www.sandboxie.com/


Top
 Profile  
 
PostPosted: Mon Aug 22, 2016 2:48 am 
Offline

Joined: Sun Jul 24, 2016 6:46 am
Posts: 7
I will need to check as I did download a copy recently on a machine and not sure which one it was..


Top
 Profile  
 
PostPosted: Tue Aug 23, 2016 9:15 am 
Offline

Joined: Tue Aug 23, 2016 9:11 am
Posts: 1
I had problems yesterday (August 22, 2016). I kept getting a pop up saying I needed to update Classic Shell, and I will admit we were driving and I wasn't paying alot of attention, was just trying to get some work done (I was a passenger), so clicked yet, then got stopped because an admin had to approve the upgrade. It didn't look like either of the examples shown from the original problem, but after 3 reboots yesterday I suddenly had no internet, airplane mode was stuck in on. I THINK this had something to do with the stupid Windows 10 Anniversary update and possibly Classic Shell being hacked as well, but in the end I had to restore my software to it's original factory standards and am now downloading all my software again. Just wanted to mention this in case anyone else had something similar going on now.


Top
 Profile  
 
PostPosted: Thu Aug 25, 2016 7:23 am 
I just had an issue of a similar nature (8-24-16) where the recent windows 10 update removed the software without any warning due to some 'incompatibility'. I double-checked the file signature from the download as recommended above and forced the install (windows 10 start menu destroys my workflow, it's just so distracting and obnoxious to use) and it's working just fine on a Dell XPS 13. No issues so far.


Top
  
 
PostPosted: Sun Aug 28, 2016 3:13 am 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5338
Windows 10 Anniversary Update and future builds may remove Classic Shell. This is not related to the hack. If Windows 10 removes it, you can reinstall a compatible version.

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and Classic Shell tester.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic This topic is locked, you cannot edit posts or make further replies.  [ 47 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: Google Feedfetcher and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group, Almsamim WYSIWYG Classic Shell © 2010-2016, Ivo Beltchev.
All right reserved.