PetroleumBarbacoa
Freshman Member
Posts: 37
OS: Windows 7
Theme: Aero
CPU: AMD Sempron
RAM: 6 GB
GPU: NVIDIA GeForce 7025
|
Post by PetroleumBarbacoa on May 11, 2024 23:03:44 GMT -8
Also, in the hypothetical case i have the theme of "windows7themenew2" on my PC, what should i do to avoid getting affected?
|
|
|
|
Post by R.O.B. on May 11, 2024 23:05:11 GMT -8
This is extremely shocking and disappointing. We take the security of our users very seriously, and absolutely do not tolerate those who share malware with unsuspecting victims. To reiterate what others have said: if you ran the program on your machine, please, please, please make sure your accounts are secure and that your system is free from infection. Do whatever you need to do to ensure you are safe!
I sincerely hope this unprecedented behavior is not repeated again.
|
|
|
|
Post by enderboy on May 11, 2024 23:15:23 GMT -8
THATS WHY MY FORCE THICK FRAMES NEVER WORKED, GET THAT MAN OFF WINCLASSIC NOW
AND ALSO THAT IS WHY THERE ARE SOME STRANGE FOLDERS AND WINDOWS DEFENDER KEEPS FINDING THREATS WHEN I HAVEN’T EVEN DOWNLOADED ANYTHING
|
|
|
|
Post by OrthodoxWin32 on May 11, 2024 23:20:53 GMT -8
Also, in the hypothetical case i have the theme of "windows7themenew2" on my PC, what should i do to avoid getting affected? If you're talking about visual style, there's no risk. Same for the published Windhawk mods, I have personally verified it, there is no malicious code. |
|
|
|
Post by OrthodoxWin32 on May 11, 2024 23:22:38 GMT -8
THATS WHY MY FORCE THICK FRAMES NEVER WORKED, GET THAT MAN OFF WINCLASSIC NOW AND ALSO THAT IS WHY THERE ARE SOME STRANGE FOLDERS AND WINDOWS DEFENDER KEEPS FINDING THREATS WHEN I HAVEN’T EVEN DOWNLOADED ANYTHING Have you downloaded the modified DWMBlurGlass ? |
|
|
|
Post by enderboy on May 11, 2024 23:22:43 GMT -8
As giving everyone a right of reply seems important to me, I am posting the apology message from Alactel :
Officially, he seems to no longer want to have anything to do with the community.
Yeah, I've seen the malware they used, it's pretty nasty stuff. "Trust me, bro" doesn't really cut it. My advice to Alactel would be to stick to what you saying you're going to do and focus on sorting themselves out.
To anyone else who ran that file - change your passwords and contact your banks. Better to be safe than sorry. Do I have to change my WinClassic password? |
|
|
|
Post by enderboy on May 11, 2024 23:24:01 GMT -8
THATS WHY MY FORCE THICK FRAMES NEVER WORKED, GET THAT MAN OFF WINCLASSIC NOW AND ALSO THAT IS WHY THERE ARE SOME STRANGE FOLDERS AND WINDOWS DEFENDER KEEPS FINDING THREATS WHEN I HAVEN’T EVEN DOWNLOADED ANYTHING Have you downloaded the modified DWMBlurGlass ? I will check |
|
|
|
Post by enderboy on May 11, 2024 23:27:27 GMT -8
THATS WHY MY FORCE THICK FRAMES NEVER WORKED, GET THAT MAN OFF WINCLASSIC NOW AND ALSO THAT IS WHY THERE ARE SOME STRANGE FOLDERS AND WINDOWS DEFENDER KEEPS FINDING THREATS WHEN I HAVEN’T EVEN DOWNLOADED ANYTHING Have you downloaded the modified DWMBlurGlass ? Yes I have, because as soon as I opened the folder Windows Defender found this  |
|
|
|
Post by enderboy on May 11, 2024 23:44:52 GMT -8
Alcatel sent token loggers to lots of people and committed numerous cyber crimes. Literally leaked people's personal information and sent racist messages from their accounts. The program he used is a custom build of DWMBLURGLASS. If the build of DWMBLURGLASS you are using is NOT from the official repository or it's version is 3.0 delete it IMMEDIATELY,change all of your account passwords and do a full scan on your computer. Do not use any themes,Windhawk mods,dll patches or basically anything by Alcatel if you value your accounts security and your personal information.
Mods and Admins this is a pretty serious situation so please pin this if possible.
Stay away from these programs/mods/places:
Well, I am lucky because there is nothing in my email spam folder |
|
|
|
Post by OrthodoxWin32 on May 11, 2024 23:54:41 GMT -8
Well, I am lucky because there is nothing in my email spam folder I'm not sure, but maybe it's because Windows Defender correctly detected the malware, and you didn't open it. |
|
|
|
Post by Brawllux on May 12, 2024 0:16:52 GMT -8
Also, in the hypothetical case i have the theme of "windows7themenew2" on my PC, what should i do to avoid getting affected? If you're talking about visual style, there's no risk. Same for the published Windhawk mods, I have personally verified it, there is no malicious code. There are lots of people who does not check the codes of the programs/mods they install. That's why I told that his stuff should be deleted,if you wait for the time that they become harmful it might be over for these people. They do not check the forums as regular so they are at risk for every second that they use his stuff.It is good to raise awareness as early as possible so they can stay safe as well.And for "his" theme,the reason I said to not use it is that it is a stolen theme. Alcatel literally copied pane7 and just changed the author name and removed original credits,added a custom class just for his name. Everything from the theme atlas to textures used is the same. Attachments:
|
|
|
|
Post by theinsane101 on May 12, 2024 2:50:18 GMT -8
I was also stupid enough to fall for it and my Discord account got hacked. He leaked others' phone numbers on my account on multiple servers and thus I got banned from ClassicServ, Angelbruni's server and Florin's server. I've changed the password on my iPhone and the spamming stopped. How can I get back on the servers I've been banned from?
|
|
|
|
Post by OrthodoxWin32 on May 12, 2024 4:03:47 GMT -8
There are lots of people who does not check the codes of the programs/mods they install. That's why I told that his stuff should be deleted,if you wait for the time that they become harmful it might be over for these people. They do not check the forums as regular so they are at risk for every second that they use his stuff.It is good to raise awareness as early as possible so they can stay safe as well.And for "his" theme,the reason I said to not use it is that it is a stolen theme. Alcatel literally copied pane7 and just changed the author name and removed original credits,added a custom class just for his name. Everything from the theme atlas to textures used is the same. Regarding Windhawk, the problem is that you don't want to accept the obvious: any modification must be approved by Ramen. If the code becomes malicious, the update will simply be refused. |
|
|
|
Post by OrthodoxWin32 on May 12, 2024 4:10:22 GMT -8
I was also stupid enough to fall for it and my Discord account got hacked. He leaked others' phone numbers on my account on multiple servers and thus I got banned from ClassicServ, Angelbruni's server and Florin's server. I've changed the password on my iPhone and the spamming stopped. How can I get back on the servers I've been banned from? Regarding ClassicServ, perhaps you can contact leet
|
|
|
|
Post by leet on May 12, 2024 5:12:24 GMT -8
I was also stupid enough to fall for it and my Discord account got hacked. He leaked others' phone numbers on my account on multiple servers and thus I got banned from ClassicServ, Angelbruni's server and Florin's server. I've changed the password on my iPhone and the spamming stopped. How can I get back on the servers I've been banned from? The ban was purely to prevent spamming of the N word from Alcatel. Since you have regained control of your account, I have unbanned you. Permalink for the server: discord.gg/ggc2ysGpuG |
|
|
|
Post by enderboy on May 12, 2024 6:05:27 GMT -8
Alcatel sent token loggers to lots of people and committed numerous cyber crimes. Literally leaked people's personal information and sent racist messages from their accounts. The program he used is a custom build of DWMBLURGLASS. If the build of DWMBLURGLASS you are using is NOT from the official repository or it's version is 3.0 delete it IMMEDIATELY,change all of your account passwords and do a full scan on your computer. Do not use any themes,Windhawk mods,dll patches or basically anything by Alcatel if you value your accounts security and your personal information.
Mods and Admins this is a pretty serious situation so please pin this if possible.
Stay away from these programs/mods/places:
Better make an urgent update to your cpl pack to remove arukateru.com/ |
|
windowstransformation
Freshman Member
I quit Windows transforms, Just gotta use VM's.
Posts: 59
OS: Windows 10 22h2
Theme: Windows Vista Basic or Default Windows 10
CPU: NVIDIA GeForce GT 610
RAM: 16,0 GB
GPU: Intel(R) Core(TM) i5-2400 CPU
Computer Make/Model: Computer
|
Post by windowstransformation on May 12, 2024 6:34:42 GMT -8
Ok i just checked everything of what happend today. And yes i already know why Alcatel got way too far. And now i have a question. How did this happen? When did this start?
Was it from one of those Discord Servers that Alcatel are on?
|
|
|
|
Post by OrthodoxWin32 on May 12, 2024 9:49:40 GMT -8
Ok i just checked everything of what happend today. And yes i already know why Alcatel got way too far. And now i have a question. How did this happen? When did this start? Was it from one of those Discord Servers that Alcatel are on? Great questions. |
|
|
|
Post by OrthodoxWin32 on May 12, 2024 10:01:55 GMT -8
Giving my two cents on this matter. It's sad that Alactel ended up mentally broken by the WinClassic community, because that is definitely something someone should not feel like. A lot of us are brought together by our enjoyment of the Windows designs Microsoft abandoned over the years to get to where we're currently at with default Windows 10/11. At the same time, injecting code that can leak personal information and allow potentially Alactel to send nasty stuff to people as a form of revenge is a dangerous thing to do. And like you said OrthodoxWin32, this could affect the trust people have in other users. I hope Alactel is able to get help, and can recover, while also looking at this whole situation as what isn't a good way to get a one last, "forget you" on toxic people. I totally agree with you on everything you say. Personally, I have already noticed a form of toxicity within the Discord servers, so I understand quite well what Alcatel may have felt. Particularly, I remember a time when there was drama between Alcatel and Travis over Windows 7 style visual styles. Afterwards, I can't say much with certainty, because I'm not very active on Discord (precisely in part because I find the atmosphere too deleterious). For the future, I could wish for many unrealistic things, but I only wish for two realistic things: - Let this forum, which has always been protected from sterile controversies, remain so.
- That the members of the community can continue to trust each other, despite what has happened.The ideal for everyone would be for Alcatel to get rid of its resentment towards many members, and as a general rule, there is less resentment between members. Because otherwise, I think that this type of situation is likely to happen again, when the trauma of this event has passed (not by Alcatel, but by another member, impossible to predict which one). For several months, I have felt a progression towards more and more attacks ; without having been able to predict that it would go that far, this situation unfortunately does not surprise me. |
|
|
|
Post by ephemeralViolette on May 12, 2024 10:34:27 GMT -8
Ok i just checked everything of what happend today. And yes i already know why Alcatel got way too far. And now i have a question. How did this happen? When did this start? Was it from one of those Discord Servers that Alcatel are on? Here's the story that I'd picked up:
A few days ago, someone claiming to be the creator of the popular DWMBlurGlass program, Maplespe, had joined the official Windhawk Discord server and ClassicServ, the unofficial Discord server for this forum. This was pointed out by a member of one of the servers in which we - some of the core contributors to DWMBlurGlass such as kfh83 and aubymori, and some other community members such as Travis - frequent. The user masquerading as Maplespe, later revealed to be Alcatel, had posted invites into both servers to a so-called "official" DWMBlurGlass server for community discussion and easing communication between developers.
There were a few details which made this server seem legitimate, including another fake account of the co-developer, ALTaleX. ALTaleX, unlike Maplespe, already had verifiable contact with kfh83 on Discord. However, kfh83 overlooked the account details of this account in the server; he trusted the identity of the account without closely looking over the username to notice the subtle difference.
The server seemed convincing because people had trusted the identities of the developer accounts within the server. They had both talked in Chinese, their native language, and their use of English indeed seemed restricted by machine translation, akin to verifiable English messages by the developers on GitHub. However, there were a few odd ones. One such example I remember fondly: the Maplespe account had said something along the lines of "we would prefer to only give this role to those who support our work" when asked to give aubymori a contributor role; this seemed to be a suddenly rude reaction from Maplespe, who to my knowledge has only had amicable interactions with aubymori, but does closely resemble a comment that Alcatel had made to aubymori just two weeks ago.
Alcatel was also briefly in this "official" DWMBlurGlass server. None of us thought much of that at the time, but apparently some role in the server was insecure and Alcatel ended up creating a webhook in the server that ended up posting his own personal information, visible to other members, which revealed that he was on a virtual machine using illegal cookie-stealing tools and setting up webhooks in servers to receive notifications for it. We already had a pretty low opinion of Alcatel at the time, so we laughed at him for a bit for being a terrible script kiddie. But we still trusted the identities of the fake developer accounts in the server, so we disregarded this mistake. I assumed that they had accidentally given some role administrator access. After Alcatel's blunder, it was publicly announced that he was banned from the server.
Some time later, probably some 30 or so minutes, a new "test build" was distributed of DWMBlurGlass. This wasn't DWMBlurGlass at all, though. Attempting to open the program would bring up no GUI. This program was just the cookie stealer, and a bunch of eager people had opened it to see what was in store for the new build. This includes even some of the core contributors to the project, who were still fooled by the fake accounts. Nobody bothered checking the GitHub test branch to see if those changes were pushed upstream. Everyone simply disregarded any warnings because of the trust they had felt.
Fortunately, either this tool that Alcatel had distributed, or his own package of it, was poorly written and displayed error messages revealing a hidden Python source code file name cstealer.py. We realised immediately that not only was this a thinly-veiled cookie stealer, but it was the exact same one that Alcatel had accidentally revealed himself running the endpoint server of. It is undeniable since he was the first to have any notifications made of, from his virtual machine, in what he thought was a private channel, and he was the one to have set up the webhook; he was obviously trying to test the malware before deploying it upon the community.
In the immediate aftermath, we had urged others to change their passwords on all accounts immediately. This is when Alcatel decided to go even more mask off. He deleted every channel we started spamming the warning message in, and then we resorted to voice chat to discuss the situation. Despite our repeated warnings, some people didn't handle the situation immediately and had their accounts compromised. Alcatel then began to spam slurs in whatever remaining text channels had exist; those within which only administrators were allowed to send messages.
Eventually, Alcatel had just deleted the server outright. I guess he'd had his fun, and didn't want anyone saving extensive evidence of this behaviour. Not before attempting to commit financial crimes with the attached credit card information of the Discord accounts which he'd hacked into, though. It makes sense that he would vehemently deny such an extreme crime. For the record, it was an international thing and the person's bank had blocked any actions taken. I'm not sure how this is meant to be reported, but I think it should be known the financial nature of his behaviour.
This is just my recollection of the events. I was there for most of it, but I could've definitely missed some of the finer details, and I only joined the server on the same day that everything went down. It had existed for a couple of days prior, but it was recently promoted again within our circle the same day.
|
|
