|
|
Post by nonameneeded on Jul 10, 2022 9:40:07 GMT -8
I wonder if there is also a virus-free version of classicthemetray.exe available?
Now I know that not every file is really malicious just because one security vendor says so.
But 45 out of 69 security vendors think it's malicious so this file is kind of suspicious.
|
|
|
|
Post by OrthodoxWin32 on Jul 10, 2022 10:10:44 GMT -8
I wonder if there is also a virus-free version of classicthemetray.exe available?
Now I know that not every file is really malicious just because one security vendor says so.
But 45 out of 69 security vendors think it's malicious so this file is kind of suspicious. Classicthemetray.exe is completely clean. This is a false positive, because the file is not sufficiently known by antivirus editors. Just check the source code because the software is open-source. |
|
|
|
Post by nonameneeded on Jul 10, 2022 10:47:10 GMT -8
Well, 45 security vendors don't agree to that.
It deletes files, it establishes connections with 3 IP addresses in Seattle etc.
Why would it do that to enable the classic theme?
Even if I checked the source code I wouldn't actually see much, because I'm not a programmer.
|
|
|
|
Post by OrthodoxWin32 on Jul 10, 2022 10:57:18 GMT -8
Well, 45 security vendors don't agree to that. It deletes files, it establishes connections with 3 IP addresses in Seattle etc. Why would it do that to enable the classic theme? Even if I checked the source code I wouldn't actually see much, because I'm not a programmer. I have been using ClassicThemeTray for a long time, I have never had a deleted file problem, or unwanted connection. Can you prove your claims? And then, or did you download the file? Here is the subject dedicated to CTT : www.winclassic.net/thread/510/classicthemetray-quickly-toggle-classic-themeEDIT : I looked at the source code, I can't find anything malicious; afterwards, I am not an expert. But I am definitely surprised by your assertions (deleted files, unwanted connection), because none of the main members of the forum has complained until now. Finally, detection by 45 safety vendors does not mean much, because antiviruses imitate each other ; It is like the myth of the sheep that falls into a precipice, all the other sheep may follow it and fall in turn. |
|
|
|
Post by nonameneeded on Jul 10, 2022 11:27:52 GMT -8
Well, just go to virus total and drop the file there. You can see what it does after it analyzes the file (click on the "behavior" tab). I don't say that it does things like deleting important OS files or something that anyone would recognize (because I'm sure people would have noticed that) BUT it does things that don't seem to be necessary to apply the classic theme.
I don't think so.
Why would 45 security vendors who have nothing to do with each other claim that this file is a virus?
It doesn't help them in any way. The more likely it is that a security software detects false positives (and deletes them if you have this product installed) the worse it is for the company which sells this product. You don't want to copy the detection of false positives from another company, that would be a stupid thing to do.
EDIT:
But I have just found out that other files allegedly do that to (connect to IP addresses and delete files). So that really doesn't seem to mean much.
But still: 45 security products think it's a virus. That can't be a coincidence.
|
|
|
|
Post by nonameneeded on Jul 10, 2022 11:43:02 GMT -8
One more question.
Is it necessary to apply the classic theme or is it only necessary to switch between classic theme and the Windows 10 theme?
Because in the latter case I wouldn't need it anyway.
|
|
|
|
Post by OrthodoxWin32 on Jul 10, 2022 11:59:57 GMT -8
Well, just go to virus total and drop the file there. You can see what it does after it analyzes the file (click on the "behavior" tab). I don't say that it does things like deleting important OS files or something that anyone would recognize (because I'm sure people would have noticed that) BUT it does things that don't seem to be necessary to apply the classic theme.
I don't think so.
Why would 45 security vendors who have nothing to do with each other claim that this file is a virus?
It doesn't help them in any way. The more likely it is that a security software detects false positives (and deletes them if you have this product installed) the worse it is for the company which sells this product. You don't want to copy the detection of false positives from another company, that would be a stupid thing to do.
EDIT:
But I have just found out that other files allegedly do that to (connect to IP addresses and delete files). So that really doesn't seem to mean much.
But still: 45 security products think it's a virus. That can't be a coincidence.
Regarding modified files/unwanted connection, I too have just realized that many Windows programs seem to behave in the same way. I'm having a hard time explaining this for connections (Some IP addresses are the same for all programs), but for files, it's clearly temporary file changes, which is completely normal.
Concerning the number of detections, I maintain what I said; Antiviruses almost all use the same detection methods. So, in case of error, all antiviruses will make the same error. It's like a cooking recipe; if the recipe contains an error, all the cooks will be mistaken in the same way.
In this case, it is because classicthemetray intervenes in Windows memory to block access to the theme, in order to force DMW to use the classic theme; This is suspicious activity for antiviruses.
So I think I can safely say that ClassicThemeTray.exe is clean.
|
|
|
|
Post by OrthodoxWin32 on Jul 10, 2022 12:04:16 GMT -8
One more question. Is it necessary to apply the classic theme or is it only necessary to switch between classic theme and the Windows 10 theme? Because in the latter case I wouldn't need it anyway. Classicthemetray can be used for both purposes.
Anyway, all programs that activate the classic theme are detected by antivirus, for the reason I mentioned in my previous message.
|
|
|
|
Post by The Jackal on Jul 10, 2022 13:46:44 GMT -8
Some programs from Github contact their servers to establish if there is a new build available. Are you sure the IPs aren't owned by Github?
|
|
|
|
Post by nonameneeded on Jul 10, 2022 14:32:27 GMT -8
I edited my post above: The deleted files and the connections to certain IP-addresses don't seem to mean much.
It's "just" the 45 security applications which think the file is a virus.
|
|
