Care needed with Classic Shell

kemical

Windows Forum Admin
Staff member
Premium Supporter
Microsoft MVP
#1
It has been reported that classic shell or associated files can or could be infected:

Classic Shell (and reportedly audacity) version 4.3 was hacked. Do not update it as it will overwrite your Master Boot Record.
Classic Shell itself wasn't compromised. FossHub was and some download links were replaced by another program, not signed, that do only one thing: overwrite the MBR. It's not an infected version of Classic Shell, Audacity or whatever, it's only a small program that targets your MBR. If at the end of the installation process nothing happens beside a short cmd window then you have downloaded the malware.

Oh and MBR can be fixed. On ClassicShell forum someone used TestDisk:Classic Shell • View topic - W10 anniversary update, installed CS4.3 , had to repair OS
Reference

For an uninfected copy, download the utility directly from the author's website here.
 


pnamajck

Senior Member
#2
this thread initiated by kemical really is to serve as a stark reminder … always be diligent in your online commerce … even websites you trust. owning a computer is a responsibility (not a privilege).
  1. keep your os up to date with security fixes.
  2. maintain the most recent data-reference files for your av-arsenal.
  3. as member neemobeer suggested … might be beneficial to disable/uninstall java 'n flash.
  4. check the file with online service before downloading (virustotal.com).
  5. understand, going forward, even trusted sites can be hacked.
  6. when downloading, verify file-name/size reflects what is posted on the website.
  7. and, of course, scan file once it's downloaded (before installation).
  8. prior to installation, create windows "restore-point".
  9. when installing … careful you do not install other choices in the installation window. ***
*** as incredulous as this may sound … early this year, one program i was installing offered the generic install-window which included the typical "next/back" buttons (bottom of window). at one point, i chose the "back" button … and, only then, the install-other-software choices (enabled by default) appeared within that window.

very sneaky/duplicitous! had i not clicked the "back" button … i would have inadvertently unleashed something sinister! malware installs can also be hidden in the advanced/custom-install venue.

as always, thanks to kemical for the late-breaking news. just this past sunday (07-31) i had upgraded my classic-shell via it's homepage … direct from fosshub. since the incident, it appears classicshell.net revised the link to point toward mediafire for download.

Image6.png
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.