Care needed with Classic Shell

kemical

kemical

Windows Forum Admin
Staff member
Premium Supporter
It has been reported that classic shell or associated files can or could be infected:

Classic Shell (and reportedly audacity) version 4.3 was hacked. Do not update it as it will overwrite your Master Boot Record.
Click to expand...

Classic Shell itself wasn't compromised. FossHub was and some download links were replaced by another program, not signed, that do only one thing: overwrite the MBR. It's not an infected version of Classic Shell, Audacity or whatever, it's only a small program that targets your MBR. If at the end of the installation process nothing happens beside a short cmd window then you have downloaded the malware.

Oh and MBR can be fixed. On ClassicShell forum someone used TestDisk:Classic Shell • View topic - W10 anniversary update, installed CS4.3 , had to repair OS
Click to expand...
Reference

For an uninfected copy, download the utility directly from the author's website here.
 
this thread initiated by kemical really is to serve as a stark reminder … always be diligent in your online commerce … even websites you trust. owning a computer is a responsibility (not a privilege).
  1. keep your os up to date with security fixes.
  2. maintain the most recent data-reference files for your av-arsenal.
  3. as member neemobeer suggested … might be beneficial to disable/uninstall java 'n flash.
  4. check the file with online service before downloading (virustotal.com).
  5. understand, going forward, even trusted sites can be hacked.
  6. when downloading, verify file-name/size reflects what is posted on the website.
  7. and, of course, scan file once it's downloaded (before installation).
  8. prior to installation, create windows "restore-point".
  9. when installing … careful you do not install other choices in the installation window. ***
*** as incredulous as this may sound … early this year, one program i was installing offered the generic install-window which included the typical "next/back" buttons (bottom of window). at one point, i chose the "back" button … and, only then, the install-other-software choices (enabled by default) appeared within that window.

very sneaky/duplicitous! had i not clicked the "back" button … i would have inadvertently unleashed something sinister! malware installs can also be hidden in the advanced/custom-install venue.

as always, thanks to kemical for the late-breaking news. just this past sunday (07-31) i had upgraded my classic-shell via it's homepage … direct from fosshub. since the incident, it appears classicshell.net revised the link to point toward mediafire for download.

Image6.png
 
You must log in or register to reply here.

Similar threads

News
AA21-336A: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus
Replies
0
Views
6K
News
News
News
Announcing Windows 11 Insider Preview Build 22572
Replies
0
Views
1K
News
News
News
AA21-209A: Top Routinely Exploited Vulnerabilities
Replies
0
Views
3K
News
News
News
AA21-321A: Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activi
Replies
0
Views
4K
News
News
News
AA21-287A: Ongoing Cyber Threats to U.S. Water and Wastewater Systems
Replies
0
Views
2K
News
News
Back
Top