It is currently Thu Mar 28, 2024 9:36 am

All times are UTC - 8 hours [ DST ]




Post new topic Reply to topic  [ 13 posts ] 
Author Message
 Post subject: Cult of Peggle Virus
PostPosted: Tue Aug 02, 2016 6:48 pm 
Offline

Joined: Tue Aug 02, 2016 4:58 pm
Posts: 9
I figured I'd create a thread on this, as this was the cause of my system never rebooting.

It seems according to another user in the forums the Classic Shell download links were misdirected or somehow included this virus.

Your machine will boot up with a 'spade' character bottom left at startup - and a flashing cursor - nothing else

While I am not sure what OTHER damage exists to my Windows 10 installation after installing the latest Classic Shell?

Unfortunately, I bought the retail version of Windows 8.1, so I can NOT upgrade if I choose to do a complete clean install.

I COULD argue that ClassicShell and this breach of security has cost me the price of Windows 10, which is what I now have to buy if I want to do a clean install.

Could someone from Class Shell dev team please follow up on this thread and my other one?

I would like to know just what happened here.

Post Windows Anniversary update I went to re-install Classic Shell and my machine crashed, never came back.

The screen shot this group called Cult of Peggle shows is EXACTLY what I see, and the LAST thing I did was install classic shell.

Unfortunately I am not sure I can trust ClassicShell ever again.

I have never had my master boot record written over by hostile software.

The WORST I expected was maybe it wouldn't work with Windows 10.

Classic Shell NEEDS to address this problem very fast and ASSURE users it is safe.


Top
 Profile  
Reply with quote  
 Post subject: Re: Cult of Peggle Virus
PostPosted: Tue Aug 02, 2016 7:06 pm 
Offline
Site Admin
User avatar

Joined: Wed Jan 02, 2013 11:38 pm
Posts: 5333
Here's what happened.

The download mirror service called FossHub, where Classic Shell stores its downloads, got hacked earlier today. This was intended to coincide with the release of Windows 10 Anniversary Update, which would cause many people to have to download the latest Classic Shell.

The installer got replaced with a malicious software that corrupts your MBR (which is where the PC stores its drive information).

As soon as the hack was reported, I replaced the download links with clean ones. The FossHub page is down, pending investigation.

I understand if you are reluctant to trust Classic Shell again, however a simple test can show you if the download is legitimate - look at the file properties and check for digital certificate. The fake file doesn't have a certificate.

Check out this forum post for possible remedy: viewtopic.php?f=12&t=6434#p27967


Top
 Profile  
Reply with quote  
 Post subject: Re: Cult of Peggle Virus
PostPosted: Tue Aug 02, 2016 7:38 pm 
Offline
User avatar

Joined: Sun Jan 06, 2013 1:44 pm
Posts: 1996
Maybe this news should be placed on the homepage aswell as a link to the forum posted fix? not everyone even knows the forums exist, or how to find the right post. I know it looks bad to post a big 'site was hacked; right on the homepage, but for a week or so it should probably be posted


Top
 Profile  
Reply with quote  
 Post subject: Re: Cult of Peggle Virus
PostPosted: Tue Aug 02, 2016 8:30 pm 
Offline

Joined: Tue Aug 02, 2016 4:58 pm
Posts: 9
Ivo wrote:
Here's what happened.

The download mirror service called FossHub, where Classic Shell stores its downloads, got hacked earlier today. This was intended to coincide with the release of Windows 10 Anniversary Update, which would cause many people to have to download the latest Classic Shell.

The installer got replaced with a malicious software that corrupts your MBR (which is where the PC stores its drive information).

As soon as the hack was reported, I replaced the download links with clean ones. The FossHub page is down, pending investigation.

I understand if you are reluctant to trust Classic Shell again, however a simple test can show you if the download is legitimate - look at the file properties and check for digital certificate. The fake file doesn't have a certificate.

Check out this forum post for possible remedy: viewtopic.php?f=12&t=6434#p27967



Thank you for the update.

This leaves me in good confidence.

Could you post a ClassicShell verified link as to where I can download it again?

I managed to restore the MBR - but I dare say- I've not had to even worry about MBR issues for 10+ years, and going back nearly 15 years, there was a more common MBR infection, where a virus was placed IN the MBR, nearly impossible to remove.

So, fingers crossed it was JUST the MBR that was wiped.

My FINAL solution was to use an older Windows 7 Emergency Boot CD, where none of the command line tools fixed it?

I finally noticed the top 1 of 6 menu items 'Fix Startup Problems' - and phew - even though it's Windows 10 (as I thought 8 and 10 were major changes with MBR from 7), it did fix it.

I absolutely have loved (still do) Classic Shell.

Microsoft somehow just doesn't get it, who knows, maybe MS will buy CS at some point (and hopefully not can it).

Of course Windows 8 was the worst - standard desktop wasn't default.

Somehow Microsoft seems to want to turn the desktop into the phone, and funny enough, as a MS Phone Developer who observes Microsoft has all but ABANDONED the MS Phone? Of course only after I put some serious intellectual investment into it? even though it only ever had a 2% market share? Makes me a bit puzzled why they want to turn Windows experience into Phone App Store land.

Gone are the days perhaps.

BEOS never made it, either way- I WILL try the NEW Classic Shell for the Anniversary edition.

Lucky me- since I bought the RETAIL version of Windows 8.1? As of July 29th - although I'm upgraded already? If I ever DO have to rebuild ? ONLY OEM can continue to get the Windows 10 upgrade.

So, long story short, had I not repaired the MBR? and lost quite a bit of dev work? I would have had to BUY Windows 10, all because of this pesky group that has nothing better to do than make peoples lives more difficult- The CultOfRazor etc.

Whoever did this, is not welcomed in any emerging global society until they change their ways.

The hack I mean.

So SAD it happened to such a wonderful product, let alone it's users also on the DAY that most people would be saying 'hey - What's this Windows Anniversary update ? WHERE'S MY CLASSIC SHELL? ' - to which they went and downloaded it.

Fingers crossed I don't have an MBR virus lurking, I will have to explore deeper forensics and will certainly update pending what I find if there is more damage than JUST the MBR being wiped.

Again Admin - thank you for the very prompt update.

Do post a link if you can for a 'safe' download, I did read what you said about signatures, but I wouldn't know a real one from a fake one at first glance- and something tells me the culprits who did this probably read the forums and will be adding a fake signature - uh oh- my Explorer /Windows background is flashing as I write this - augh! That normally happens with a silent install going on- I better hit Send before my system crashes.

Tragic though, I do wonder though if it's in the 10,000's or 100,000's of classic shell users who only know - they get a blank screen with that 'spade' bottom left and the blinking cursor wondering, what happened?

All those people who will just re-install- lose all their family photos etc, projects from their work - just sad...


Top
 Profile  
Reply with quote  
 Post subject: Re: Cult of Peggle Virus
PostPosted: Tue Aug 02, 2016 8:36 pm 
Offline
User avatar

Joined: Sun Jan 06, 2013 1:44 pm
Posts: 1996
Well luckily Ivo is fairly active, so he was able to catch this quickly; sadly because of the popularity and timing, its probably a few hundred or so that got infected :( but the link on the homepage should be valid now (the infected link was remove : here is a valid one for your convenience http://www.mediafire.com/download/dbbil746gavpirr/ClassicShellSetup_4_3_0.exe


Top
 Profile  
Reply with quote  
 Post subject: Re: Cult of Peggle Virus
PostPosted: Tue Aug 02, 2016 8:44 pm 
Offline
Site Admin
User avatar

Joined: Wed Jan 02, 2013 11:38 pm
Posts: 5333
tim miltz wrote:
My FINAL solution was to use an older Windows 7 Emergency Boot CD, where none of the command line tools fixed it?

I finally noticed the top 1 of 6 menu items 'Fix Startup Problems' - and phew - even though it's Windows 10 (as I thought 8 and 10 were major changes with MBR from 7), it did fix it.


Can you please summarize the steps you took to fix the problem? I want to put some instructions on the main page.


Top
 Profile  
Reply with quote  
 Post subject: Re: Cult of Peggle Virus
PostPosted: Tue Aug 02, 2016 8:59 pm 
Offline
User avatar

Joined: Tue Aug 02, 2016 8:21 pm
Posts: 21
Ivo wrote:
tim miltz wrote:
My FINAL solution was to use an older Windows 7 Emergency Boot CD, where none of the command line tools fixed it?

I finally noticed the top 1 of 6 menu items 'Fix Startup Problems' - and phew - even though it's Windows 10 (as I thought 8 and 10 were major changes with MBR from 7), it did fix it.


Can you please summarize the steps you took to fix the problem? I want to put some instructions on the main page.


This! Please, please! Also, please keep in mind that not everyone is tech savvy. The simplest, most easy-to-follow directions (explain like I'm five) would incredibly appreciated. Thank you so very much!


Top
 Profile  
Reply with quote  
 Post subject: Re: Cult of Peggle Virus
PostPosted: Tue Aug 02, 2016 10:23 pm 
Offline

Joined: Tue Aug 02, 2016 4:58 pm
Posts: 9
Ivo wrote:
tim miltz wrote:
My FINAL solution was to use an older Windows 7 Emergency Boot CD, where none of the command line tools fixed it?

I finally noticed the top 1 of 6 menu items 'Fix Startup Problems' - and phew - even though it's Windows 10 (as I thought 8 and 10 were major changes with MBR from 7), it did fix it.


Can you please summarize the steps you took to fix the problem? I want to put some instructions on the main page.



I sure can

Very simple in fact.

Having taken the free network Windows 10 upgrade, I didn't make an ISO- nor a Windows 10 Emergency Boot disk.

My first thoughts were to use this UltimateCD Tools boot disk. This was not the path for me :)

I then explored some users talking about rebuilding MBR on Windows using the BOOTREC.EXE utility

But where to get it ? I had made a Windows 7 emergency boot disk in the past. I read it's on there.

I ran it at command prompt booting with the Emergency boot CD which involved 3 executions, all of which did not do anything.

---------------------------------------------The simple solution that worked ---------------------------------------------------

(of course I set my motherbord BIOS to boot from CD) pressing Delete (typically F2)

Very first of 6 options the Windows 7 Emergency Boot CD gives you ?

#1 - 'Repair Windows Startup Problems'

Clicked it - and viola - There is my Windows 10 boot screen.

It took about 3 minutes to do what it did.

If I had the time I'd find out just what this malicious version did, IDA Pro is a fine tool for stepping through opcode to see exactly what a program is doing.


Sorry I wasn't able to be of more help than 'Use a Windows Emergency boot CD you can generate from the OS, and select 'fix startup problems'.

Key being I don't know what THAT did under the hood.

But the problem is EASILY resolved using an emergency boot CD and selecting Fix Startup Problems.


Top
 Profile  
Reply with quote  
 Post subject: Re: Cult of Peggle Virus
PostPosted: Tue Aug 02, 2016 10:35 pm 
Offline

Joined: Tue Aug 02, 2016 4:58 pm
Posts: 9
SquaredCircle84 wrote:
Ivo wrote:
tim miltz wrote:
My FINAL solution was to use an older Windows 7 Emergency Boot CD, where none of the command line tools fixed it?

I finally noticed the top 1 of 6 menu items 'Fix Startup Problems' - and phew - even though it's Windows 10 (as I thought 8 and 10 were major changes with MBR from 7), it did fix it.


Can you please summarize the steps you took to fix the problem? I want to put some instructions on the main page.


This! Please, please! Also, please keep in mind that not everyone is tech savvy. The simplest, most easy-to-follow directions (explain like I'm five) would incredibly appreciated. Thank you so very much!




In the case your Master Boot Record has been altered, or removed (as happened to me with the fake version of Classic Shell), you can fix it.

If you never made an Emergency Boot Disk from your operating system? and in that you can't boot up? You will have to find someone with a Windows OS - 7 worked for me - that will make one for you.

You burn it to disk - You can google 'how to make a Windows X (they should have called it X instead of 10, since 10 is their last version # - another LOUSY marketing move from MS). It's quite simple.

My Windows 7 Emergency disk doesn't ask me for serial - it was made from a working Windows 7 install when it was made.

But even though I'm using Windows 10? I only had this one Windows 7 Emergency Boot disk(cd) around, I popped it in - I then went to command prompt - tried many examples using bootrec.exe etc, did not work.

FINALLY - I noticed the Emergency boot disk - option #1 was simply 'Fix Startup problems'

THAT fixed the damage caused by the false version of Classic Shell.

Took a few minutes tops.

I3 here- nothing fast here.

Surely anyone who had their master boot record wiped out is suffering right now - looking at a blank screen.

Oh - ALSO - in order to GET your machine to BOOT UP to that disk - when you turn on your machine- press Delete - or F2 on many machines as well -

that takes you to the BIOS menu

find BOOT SEQUENCE - or anything resembling that.

And for Boot #1 - change that to your CD ROM drive

remember- your hard drive is unable to boot up right now - changing it to CD ROM says- hey- when the machine is turned on - look HERE - ON CD for a bootable OS (since yours is not able to be booted)

(you did say explain as if 5- total respect here too, I understand when reading solutions that just expect someone knows things not so evident sometimes)

don't forget to change that BACK after you click 'Fix Startup problems' - it's okay if you don't at first

but of course- otherwise it will keep booting to that CD - instead of the HD.

But you should see your normal windows screen after than - for me it's the person - which always looks like a broken #8 (windows 10)

I'm JUST SO HAPPY to have my machine back after this nightmare earlier - I've not had problems like this for - sheesh- 15 years ? maybe ever.

Problems as in - caused by malicious software - playing with MBR can really take out a machine.

Hope that helps

I was NOT looking forward to command prompt this - that - read 25 articles etc.

Just get an Emergency Boot Disk for Windows 7 or higher - pop it in - and click Fix Startup Problems - it's #1 on the list

will solve it.


Top
 Profile  
Reply with quote  
 Post subject: Re: Cult of Peggle Virus
PostPosted: Tue Aug 02, 2016 10:48 pm 
Offline
User avatar

Joined: Tue Aug 02, 2016 8:21 pm
Posts: 21
tim miltz wrote:
In the case your Master Boot Record has been altered, or removed (as happened to me with the fake version of Classic Shell), you can fix it.

If you never made an Emergency Boot Disk from your operating system? and in that you can't boot up? You will have to find someone with a Windows OS - 7 worked for me - that will make one for you.

You burn it to disk - You can google 'how to make a Windows X (they should have called it X instead of 10, since 10 is their last version # - another LOUSY marketing move from MS). It's quite simple.

My Windows 7 Emergency disk doesn't ask me for serial - it was made from a working Windows 7 install when it was made.

But even though I'm using Windows 10? I only had this one Windows 7 Emergency Boot disk(cd) around, I popped it in - I then went to command prompt - tried many examples using bootrec.exe etc, did not work.

FINALLY - I noticed the Emergency boot disk - option #1 was simply 'Fix Startup problems'

THAT fixed the damage caused by the false version of Classic Shell.

Took a few minutes tops.

I3 here- nothing fast here.

Surely anyone who had their master boot record wiped out is suffering right now - looking at a blank screen.

Oh - ALSO - in order to GET your machine to BOOT UP to that disk - when you turn on your machine- press Delete - or F2 on many machines as well -

that takes you to the BIOS menu

find BOOT SEQUENCE - or anything resembling that.

And for Boot #1 - change that to your CD ROM drive

remember- your hard drive is unable to boot up right now - changing it to CD ROM says- hey- when the machine is turned on - look HERE - ON CD for a bootable OS (since yours is not able to be booted)

(you did say explain as if 5- total respect here too, I understand when reading solutions that just expect someone knows things not so evident sometimes)

don't forget to change that BACK after you click 'Fix Startup problems' - it's okay if you don't at first

but of course- otherwise it will keep booting to that CD - instead of the HD.

But you should see your normal windows screen after than - for me it's the person - which always looks like a broken #8 (windows 10)

I'm JUST SO HAPPY to have my machine back after this nightmare earlier - I've not had problems like this for - sheesh- 15 years ? maybe ever.

Problems as in - caused by malicious software - playing with MBR can really take out a machine.

Hope that helps

I was NOT looking forward to command prompt this - that - read 25 articles etc.

Just get an Emergency Boot Disk for Windows 7 or higher - pop it in - and click Fix Startup Problems - it's #1 on the list

will solve it.


I cannot tell you how much I appreciate you taking the time to write this guide. I'm currently following the steps, but using a flash drive instead of a CD. Before you posted this, I tried using Ultimate Boot CD on my flash drive, but I still ended up with the black screen and the spade. I actually know enough about the BIOS to get it to boot from the flash drive first (that's about the extent of my BIOS knowledge!), so I either mounted the flash drive incorrectly, or my computer is screwed more than I thought. Hopefully it's the former.

Currently at 35% writing to the flash drive. I'll check back later and let you know the results.

Again, thank you!


Top
 Profile  
Reply with quote  
 Post subject: Re: Cult of Peggle Virus
PostPosted: Tue Aug 02, 2016 10:52 pm 
Offline

Joined: Tue Aug 02, 2016 4:58 pm
Posts: 9
SquaredCircle84 wrote:
tim miltz wrote:
In the case your Master Boot Record has been altered, or removed (as happened to me with the fake version of Classic Shell), you can fix it.

If you never made an Emergency Boot Disk from your operating system? and in that you can't boot up? You will have to find someone with a Windows OS - 7 worked for me - that will make one for you.

You burn it to disk - You can google 'how to make a Windows X (they should have called it X instead of 10, since 10 is their last version # - another LOUSY marketing move from MS). It's quite simple.

My Windows 7 Emergency disk doesn't ask me for serial - it was made from a working Windows 7 install when it was made.

But even though I'm using Windows 10? I only had this one Windows 7 Emergency Boot disk(cd) around, I popped it in - I then went to command prompt - tried many examples using bootrec.exe etc, did not work.

FINALLY - I noticed the Emergency boot disk - option #1 was simply 'Fix Startup problems'

THAT fixed the damage caused by the false version of Classic Shell.

Took a few minutes tops.

I3 here- nothing fast here.

Surely anyone who had their master boot record wiped out is suffering right now - looking at a blank screen.

Oh - ALSO - in order to GET your machine to BOOT UP to that disk - when you turn on your machine- press Delete - or F2 on many machines as well -

that takes you to the BIOS menu

find BOOT SEQUENCE - or anything resembling that.

And for Boot #1 - change that to your CD ROM drive

remember- your hard drive is unable to boot up right now - changing it to CD ROM says- hey- when the machine is turned on - look HERE - ON CD for a bootable OS (since yours is not able to be booted)

(you did say explain as if 5- total respect here too, I understand when reading solutions that just expect someone knows things not so evident sometimes)

don't forget to change that BACK after you click 'Fix Startup problems' - it's okay if you don't at first

but of course- otherwise it will keep booting to that CD - instead of the HD.

But you should see your normal windows screen after than - for me it's the person - which always looks like a broken #8 (windows 10)

I'm JUST SO HAPPY to have my machine back after this nightmare earlier - I've not had problems like this for - sheesh- 15 years ? maybe ever.

Problems as in - caused by malicious software - playing with MBR can really take out a machine.

Hope that helps

I was NOT looking forward to command prompt this - that - read 25 articles etc.

Just get an Emergency Boot Disk for Windows 7 or higher - pop it in - and click Fix Startup Problems - it's #1 on the list

will solve it.


I cannot tell you how much I appreciate you taking the time to write this guide. I'm currently following the steps, but using a flash drive instead of a CD. Before you posted this, I tried using Ultimate Boot CD on my flash drive, but I still ended up with the black screen and the spade. I actually know enough about the BIOS to get it to boot from the flash drive first (that's about the extent of my BIOS knowledge!), so I either mounted the flash drive incorrectly, or my computer is screwed more than I thought. Hopefully it's the former.

Currently at 35% writing to the flash drive. I'll check back later and let you know the results.

Again, thank you!



I sometimes have to wonder when I'm being played

SquareCircle is an alias of the past for me :)


I don't even want to GET into the rest heh


Top
 Profile  
Reply with quote  
 Post subject: Re: Cult of Peggle Virus
PostPosted: Tue Aug 02, 2016 10:56 pm 
Offline
User avatar

Joined: Tue Aug 02, 2016 8:21 pm
Posts: 21
tim miltz wrote:
I sometimes have to wonder when I'm being played

SquareCircle is an alias of the past for me :)


I don't even want to GET into the rest heh


And I won't ask, but I assure you I am way too stressed right now to mess with anyone! :D

SquaredCircle is a wrestling term. I assume SquareCircle (without the D, unless that was a typo) would be more mathematical, no? Either way, I'm taking this "connection" between us as a good sign! Fingers crossed.

75% now...


Top
 Profile  
Reply with quote  
 Post subject: Re: Cult of Peggle Virus
PostPosted: Wed Aug 03, 2016 3:12 am 
Offline
User avatar

Joined: Thu Jan 03, 2013 12:38 am
Posts: 5374
Please see this thread to verify if the installer you downloaded was infected or genuine: viewtopic.php?f=17&t=6441 It also has links to repair your MBR and recover your partitions if they were destroyed.

_________________
Links to some general topics:

Compare Start Menus

Read the Search box usage guide.

I am a Windows enthusiast and helped a little with Classic Shell's testing and usability/UX feedback.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 13 posts ] 

All times are UTC - 8 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 14 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group, Almsamim WYSIWYG Classic Shell © 2010-2016, Ivo Beltchev.
All right reserved.