STAY AWAY FROM ANY CONTENT MADE BY ALCATEL!

ephemeralViolette
Regular Member

aa

Posts: 295

OS: Windows 10 (20H2), Windows 10 (22H2)
Theme: Windows XP Luna, Windows 7 Aero
CPU: AMD Ryzen 9 5900X
RAM: 64 GB
GPU: Radeon RX 580
Member is Online

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 12, 2024 10:35:58 GMT -8

Post by ephemeralViolette on May 12, 2024 10:35:58 GMT -8

May 12, 2024 10:01:55 GMT -8 OrthodoxWin32 said:

May 11, 2024 22:43:38 GMT -8 johnnyghost said:

Giving my two cents on this matter. It's sad that Alactel ended up mentally broken by the WinClassic community, because that is definitely something someone should not feel like.
A lot of us are brought together by our enjoyment of the Windows designs Microsoft abandoned over the years to get to where we're currently at with default Windows 10/11.

At the same time, injecting code that can leak personal information and allow potentially Alactel to send nasty stuff to people as a form of revenge is a dangerous thing to do. And like you said OrthodoxWin32, this could affect the trust people have in other users. I hope Alactel is able to get help, and can recover, while also looking at this whole situation as what isn't a good way to get a one last, "forget you" on toxic people.

I totally agree with you on everything you say.
Personally, I have already noticed a form of toxicity within the Discord servers, so I understand quite well what Alcatel may have felt. Particularly, I remember a time when there was drama between Alcatel and Travis over Windows 7 style visual styles.
Afterwards, I can't say much with certainty, because I'm not very active on Discord (precisely in part because I find the atmosphere too deleterious).

For the future, I could wish for many unrealistic things, but I only wish for two realistic things:
- Let this forum, which has always been protected from sterile controversies, remain so.
- That the members of the community can continue to trust each other, despite what has happened.

The ideal for everyone would be for Alcatel to get rid of its resentment towards many members, and as a general rule, there is less resentment between members. Because otherwise, I think that this type of situation is likely to happen again, when the trauma of this event has passed (not by Alcatel, but by another member, impossible to predict which one). For several months, I have felt a progression towards more and more attacks ; without having been able to predict that it would go that far, this situation unfortunately does not surprise me.

Fortunately, this community heavily trends towards open-source development, so I don't think that our mutual trust will be hampered by this event.

enderboy
Established Member

Fed up with some people on this forum

Posts: 675

OS: Windows 7 x64
Theme: 7 basic
CPU: I will find out
RAM: 2 gig
Computer Make/Model: Dell dimension 3100

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 12, 2024 10:49:34 GMT -8

Post by enderboy on May 12, 2024 10:49:34 GMT -8

May 11, 2024 23:27:27 GMT -8 enderboy said:

May 11, 2024 23:22:38 GMT -8 OrthodoxWin32 said:

Have you downloaded the modified DWMBlurGlass ?

Yes I have, because as soon as I opened the folder Windows Defender found this

View Attachment

It still shows the application.

School, why

OrthodoxWin32 Senior Member Save Europe by opposing ChatControl Posts: 1,593 OS: Windows 10 21H2 with File explorer and PowerPro - Debian 10 Buster with Trinity desktop environment Theme: Classic theme in Windows - CDE/Motif theme in Debian CPU: Intel Core i5-8265U RAM: 8,00 Go	STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 12, 2024 10:51:04 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by OrthodoxWin32 on May 12, 2024 10:51:04 GMT -8 May 12, 2024 10:49:34 GMT -8 enderboy said: It still shows the application. I think if you haven't opened it, you are not compromised. But I still advise you to delete everything.
	ThemeSwitcherScipts : github.com/OrthodoxWindows/ThemeSwitcherScripts Internet Archive : archive.org/details/@orthodoxwin32

enderboy
Established Member

Fed up with some people on this forum

Posts: 675

OS: Windows 7 x64
Theme: 7 basic
CPU: I will find out
RAM: 2 gig
Computer Make/Model: Dell dimension 3100

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 12, 2024 10:52:59 GMT -8

Post by enderboy on May 12, 2024 10:52:59 GMT -8

May 12, 2024 10:51:04 GMT -8 OrthodoxWin32 said:

May 12, 2024 10:49:34 GMT -8 enderboy said:

It still shows the application.

I think if you haven't opened it, you are not compromised. But I still advise you to delete everything.

I did delete it and replaced it with the official dwmblurglass application

School, why

windowstransformation
Freshman Member

I quit Windows transforms, Just gotta use VM's.

Posts: 59
OS: Windows 10 22h2
Theme: Windows Vista Basic or Default Windows 10
CPU: NVIDIA GeForce GT 610
RAM: 16,0 GB
GPU: Intel(R) Core(TM) i5-2400 CPU
Computer Make/Model: Computer

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 12, 2024 11:26:32 GMT -8

Post by windowstransformation on May 12, 2024 11:26:32 GMT -8

May 12, 2024 10:34:27 GMT -8 ephemeralViolette said:

May 12, 2024 6:34:42 GMT -8 windowstransformation said:

Ok i just checked everything of what happend today. And yes i already know why Alcatel got way too far. And now i have a question. How did this happen? When did this start?

Was it from one of those Discord Servers that Alcatel are on?

Here's the story that I'd picked up:

A few days ago, someone claiming to be the creator of the popular DWMBlurGlass program, Maplespe, had joined the official Windhawk Discord server and ClassicServ, the unofficial Discord server for this forum. This was pointed out by a member of one of the servers in which we - some of the core contributors to DWMBlurGlass such as kfh83 and aubymori, and some other community members such as Travis - frequent. The user masquerading as Maplespe, later revealed to be Alcatel, had posted invites into both servers to a so-called "official" DWMBlurGlass server for community discussion and easing communication between developers.

There were a few details which made this server seem legitimate, including another fake account of the co-developer, ALTaleX. ALTaleX, unlike Maplespe, already had verifiable contact with kfh83 on Discord. However, kfh83 overlooked the account details of this account in the server; he trusted the identity of the account without closely looking over the username to notice the subtle difference.

The server seemed convincing because people had trusted the identities of the developer accounts within the server. They had both talked in Chinese, their native language, and their use of English indeed seemed restricted by machine translation, akin to verifiable English messages by the developers on GitHub. However, there were a few odd ones. One such example I remember fondly: the Maplespe account had said something along the lines of "we would prefer to only give this role to those who support our work" when asked to give aubymori a contributor role; this seemed to be a suddenly rude reaction from Maplespe, who to my knowledge has only had amicable interactions with aubymori, but does closely resemble a comment that Alcatel had made to aubymori just two weeks ago.

Alcatel was also briefly in this "official" DWMBlurGlass server. None of us thought much of that at the time, but apparently some role in the server was insecure and Alcatel ended up creating a webhook in the server that ended up posting his own personal information, visible to other members, which revealed that he was on a virtual machine using illegal cookie-stealing tools and setting up webhooks in servers to receive notifications for it. We already had a pretty low opinion of Alcatel at the time, so we laughed at him for a bit for being a terrible script kiddie. But we still trusted the identities of the fake developer accounts in the server, so we disregarded this mistake. I assumed that they had accidentally given some role administrator access. After Alcatel's blunder, it was publicly announced that he was banned from the server.

Some time later, probably some 30 or so minutes, a new "test build" was distributed of DWMBlurGlass. This wasn't DWMBlurGlass at all, though. Attempting to open the program would bring up no GUI. This program was just the cookie stealer, and a bunch of eager people had opened it to see what was in store for the new build. This includes even some of the core contributors to the project, who were still fooled by the fake accounts. Nobody bothered checking the GitHub test branch to see if those changes were pushed upstream. Everyone simply disregarded any warnings because of the trust they had felt.

Fortunately, either this tool that Alcatel had distributed, or his own package of it, was poorly written and displayed error messages revealing a hidden Python source code file name cstealer.py. We realised immediately that not only was this a thinly-veiled cookie stealer, but it was the exact same one that Alcatel had accidentally revealed himself running the endpoint server of. It is undeniable since he was the first to have any notifications made of, from his virtual machine, in what he thought was a private channel, and he was the one to have set up the webhook; he was obviously trying to test the malware before deploying it upon the community.

In the immediate aftermath, we had urged others to change their passwords on all accounts immediately. This is when Alcatel decided to go even more mask off. He deleted every channel we started spamming the warning message in, and then we resorted to voice chat to discuss the situation. Despite our repeated warnings, some people didn't handle the situation immediately and had their accounts compromised. Alcatel then began to spam slurs in whatever remaining text channels had exist; those within which only administrators were allowed to send messages.

Eventually, Alcatel had just deleted the server outright. I guess he'd had his fun, and didn't want anyone saving extensive evidence of this behaviour. Not before attempting to commit financial crimes with the attached credit card information of the Discord accounts which he'd hacked into, though. It makes sense that he would vehemently deny such an extreme crime. For the record, it was an international thing and the person's bank had blocked any actions taken. I'm not sure how this is meant to be reported, but I think it should be known the financial nature of his behaviour.

This is just my recollection of the events. I was there for most of it, but I could've definitely missed some of the finer details, and I only joined the server on the same day that everything went down. It had existed for a couple of days prior, but it was recently promoted again within our circle the same day.

Oh i see. Thanks for telling me. Thats basiclly how this explains itself.

And i must say, i never used Discord. I only don`t want to get hacked by Alcatel. Because Alcatel has nothing to do against with my Device. I`m only trying to be careful whenever i see some types of malwares like these.

Last Edit: May 12, 2024 11:35:58 GMT -8 by windowstransformation

UWP must go away

OrthodoxWin32
Senior Member

Save Europe by opposing ChatControl

Posts: 1,593

OS: Windows 10 21H2 with File explorer and PowerPro - Debian 10 Buster with Trinity desktop environment
Theme: Classic theme in Windows - CDE/Motif theme in Debian
CPU: Intel Core i5-8265U
RAM: 8,00 Go

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 12, 2024 13:33:28 GMT -8

Post by OrthodoxWin32 on May 12, 2024 13:33:28 GMT -8

May 12, 2024 11:26:32 GMT -8 windowstransformation said:

Oh i see. Thanks for telling me. Thats basiclly how this explains itself.
And i must say, i never used Discord. I only don`t want to get hacked by Alcatel. Because Alcatel has nothing to do against with my Device. I`m only trying to be careful whenever i see some types of malwares like these.

If you have not downloaded fake DWMBlurGlass 3.0, there is normally no problem in this regard.

The message in large letters from brawllux is scary, but the reality is that only this program from Alcatel is malicious. In the current state of knowledge, anything published by alactel before this date does not present a risk.

Of course it is better to be careful (especially since malware of this type is probably on the rise at the moment), but we must not fall into paranoia either (I speak for everyone).

Last Edit: May 12, 2024 13:40:09 GMT -8 by OrthodoxWin32

ThemeSwitcherScipts : github.com/OrthodoxWindows/ThemeSwitcherScripts
Internet Archive : archive.org/details/@orthodoxwin32

kamuisuki Regular Member ~ Posts: 499 OS: Windows Me Theme: 5048 CPU: Intel Pentium III-S Tualatin RAM: 2048 GPU: GeForce 3Ti 500	STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 12, 2024 19:57:41 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by kamuisuki on May 12, 2024 19:57:41 GMT -8 oh god sankyu i didnt remember the version i'm using.. i downloaded it around more than one month ago...

leon04 Freshman Member Posts: 36 OS: Windows 11 Pro Theme: None CPU: Laptop: i5 11300H; Desktop: Xeon X5675 RAM: Laptop: 16GB DDR4; Desktop: 32GB DDR3 GPU: Laptop: RTX3050Ti; Desktop: GTX1070 Computer Make/Model: Laptop: HP; Desktop Mobo: SuperMicro x58	STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 13, 2024 2:28:29 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by leon04 on May 13, 2024 2:28:29 GMT -8 So annoying all I want is to have a good Windows 7 Theme and someone just has to ruin it. We definitely a replacement for the uDWM patch so the windows icon and title are placed properly with thick frames.

OrthodoxWin32
Senior Member

Save Europe by opposing ChatControl

Posts: 1,593

OS: Windows 10 21H2 with File explorer and PowerPro - Debian 10 Buster with Trinity desktop environment
Theme: Classic theme in Windows - CDE/Motif theme in Debian
CPU: Intel Core i5-8265U
RAM: 8,00 Go

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 13, 2024 2:41:41 GMT -8

Post by OrthodoxWin32 on May 13, 2024 2:41:41 GMT -8

May 13, 2024 2:28:29 GMT -8 leon04 said:

So annoying all I want is to have a good Windows 7 Theme and someone just has to ruin it.

We definitely a replacement for the uDWM patch so the windows icon and title are placed properly with thick frames.

Until proven otherwise, the only malicious program coming from Alcatel is the fake DWMBlurGlass.

ThemeSwitcherScipts : github.com/OrthodoxWindows/ThemeSwitcherScripts
Internet Archive : archive.org/details/@orthodoxwin32

leon04
Freshman Member

Posts: 36
OS: Windows 11 Pro
Theme: None
CPU: Laptop: i5 11300H; Desktop: Xeon X5675
RAM: Laptop: 16GB DDR4; Desktop: 32GB DDR3
GPU: Laptop: RTX3050Ti; Desktop: GTX1070
Computer Make/Model: Laptop: HP; Desktop Mobo: SuperMicro x58

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 13, 2024 2:58:38 GMT -8

Post by leon04 on May 13, 2024 2:58:38 GMT -8

May 13, 2024 2:41:41 GMT -8 OrthodoxWin32 said:

May 13, 2024 2:28:29 GMT -8 leon04 said:

So annoying all I want is to have a good Windows 7 Theme and someone just has to ruin it.

We definitely a replacement for the uDWM patch so the windows icon and title are placed properly with thick frames.

Until proven otherwise, the only malicious program coming from Alcatel is the fake DWMBlurGlass.

Well I hope that is the case but someone who once release malicious softare is not to be trusted.

OrthodoxWin32 Senior Member Save Europe by opposing ChatControl Posts: 1,593 OS: Windows 10 21H2 with File explorer and PowerPro - Debian 10 Buster with Trinity desktop environment Theme: Classic theme in Windows - CDE/Motif theme in Debian CPU: Intel Core i5-8265U RAM: 8,00 Go	STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 13, 2024 3:05:41 GMT -8 Select Post Deselect Post Link to Post Member Give Gift Back to Top Post by OrthodoxWin32 on May 13, 2024 3:05:41 GMT -8 May 13, 2024 2:58:38 GMT -8 leon04 said: Well I hope that is the case but someone who once release malicious softare is not to be trusted. Which Alcatel-related program is currently useful for you ?
	ThemeSwitcherScipts : github.com/OrthodoxWindows/ThemeSwitcherScripts Internet Archive : archive.org/details/@orthodoxwin32

leon04
Freshman Member

Posts: 36
OS: Windows 11 Pro
Theme: None
CPU: Laptop: i5 11300H; Desktop: Xeon X5675
RAM: Laptop: 16GB DDR4; Desktop: 32GB DDR3
GPU: Laptop: RTX3050Ti; Desktop: GTX1070
Computer Make/Model: Laptop: HP; Desktop Mobo: SuperMicro x58

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 13, 2024 3:10:45 GMT -8

Post by leon04 on May 13, 2024 3:10:45 GMT -8

May 13, 2024 3:05:41 GMT -8 OrthodoxWin32 said:

May 13, 2024 2:58:38 GMT -8 leon04 said:

Well I hope that is the case but someone who once release malicious softare is not to be trusted.

Which Alcatel-related program is currently useful for you ?

The uDWM patched

I got rid of thick framer.

OrthodoxWin32
Senior Member

Save Europe by opposing ChatControl

Posts: 1,593

OS: Windows 10 21H2 with File explorer and PowerPro - Debian 10 Buster with Trinity desktop environment
Theme: Classic theme in Windows - CDE/Motif theme in Debian
CPU: Intel Core i5-8265U
RAM: 8,00 Go

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 13, 2024 3:50:31 GMT -8

Post by OrthodoxWin32 on May 13, 2024 3:50:31 GMT -8

May 13, 2024 3:10:45 GMT -8 leon04 said:

The uDWM patched

I got rid of thick framer.

The uDWM patch does not come from Alcatel initially (it is just redistributed by). Afterwards, there is now a Windhawk mod that does the same thing, you can use it.

Regarding Thick framer, if you are talking about the Windhawk mod, it does not contain malicious code. I've been saying it since the beginning of this topic, and Ramen/m417z (the developer of Windhawk) has just proven me right :

Last Edit: May 13, 2024 3:58:13 GMT -8 by OrthodoxWin32

ThemeSwitcherScipts : github.com/OrthodoxWindows/ThemeSwitcherScripts
Internet Archive : archive.org/details/@orthodoxwin32

leon04
Freshman Member

Posts: 36
OS: Windows 11 Pro
Theme: None
CPU: Laptop: i5 11300H; Desktop: Xeon X5675
RAM: Laptop: 16GB DDR4; Desktop: 32GB DDR3
GPU: Laptop: RTX3050Ti; Desktop: GTX1070
Computer Make/Model: Laptop: HP; Desktop Mobo: SuperMicro x58

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 13, 2024 4:05:49 GMT -8

Post by leon04 on May 13, 2024 4:05:49 GMT -8

May 13, 2024 3:50:31 GMT -8 OrthodoxWin32 said:

May 13, 2024 3:10:45 GMT -8 leon04 said:

The uDWM patched

I got rid of thick framer.

The uDWM patch does not come from Alcatel initially (it is just redistributed by). Afterwards, there is now a Windhawk mod that does the same thing, you can use it.

Regarding Thick framer, if you are talking about the Windhawk mod, it does not contain malicious code. I've been saying it since the beginning of this topic, and Ramen/m417z (the developer of Windhawk) has just proven me right :

View Attachment

Well thats great i actually seareched for something that replaces the uDWM patch but didnt find it. I only found something that fixes the same issue for programs with ribbon like mspaint or wordpad.

What is it calleed?

OrthodoxWin32
Senior Member

Save Europe by opposing ChatControl

Posts: 1,593

OS: Windows 10 21H2 with File explorer and PowerPro - Debian 10 Buster with Trinity desktop environment
Theme: Classic theme in Windows - CDE/Motif theme in Debian
CPU: Intel Core i5-8265U
RAM: 8,00 Go

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 13, 2024 4:12:47 GMT -8

Post by OrthodoxWin32 on May 13, 2024 4:12:47 GMT -8

May 11, 2024 15:06:44 GMT -8 ephemeralViolette said:

Alcatel is not the author of BasicThemer5, but you should probably compile the upstream project from source rather than using his version. You don't know for a fact if he slipped malicious code into the binary that he built, but the upstream project is definitely safe.

The upstream project is identical in source code.

As for the binary, I have never had any problems with it, and apart from false positives from antivirus, there have never been any reports on it. In addition, the file dates from about a year before Alcatel was angry with certain members of the community; github date is times. It seems far-fetched to me that a file could retroactively contain malicious code.

For the rest, it would be good for Brawllux to modify his first message, because he is spreading false information, suggesting that certain non-malicious programs would be malicious.

Last Edit: May 13, 2024 4:13:03 GMT -8 by OrthodoxWin32

ThemeSwitcherScipts : github.com/OrthodoxWindows/ThemeSwitcherScripts
Internet Archive : archive.org/details/@orthodoxwin32

OrthodoxWin32
Senior Member

Save Europe by opposing ChatControl

Posts: 1,593

OS: Windows 10 21H2 with File explorer and PowerPro - Debian 10 Buster with Trinity desktop environment
Theme: Classic theme in Windows - CDE/Motif theme in Debian
CPU: Intel Core i5-8265U
RAM: 8,00 Go

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 13, 2024 4:16:58 GMT -8

Post by OrthodoxWin32 on May 13, 2024 4:16:58 GMT -8

May 13, 2024 4:05:49 GMT -8 leon04 said:

Well thats great i actually seareched for something that replaces the uDWM patch but didnt find it. I only found something that fixes the same issue for programs with ribbon like mspaint or wordpad.

What is it calleed?

You can find them here. They are not published on the official Windhawk list, so you have to compile the code with Windhawk. The author is the same as uDWM patches (Dulappy ).

Last Edit: May 13, 2024 4:17:10 GMT -8 by OrthodoxWin32

ThemeSwitcherScipts : github.com/OrthodoxWindows/ThemeSwitcherScripts
Internet Archive : archive.org/details/@orthodoxwin32

bhr23
New Member

Posts: 2
OS: Windows 11 23H2
Theme: As many as possible

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 13, 2024 5:42:58 GMT -8

Post by bhr23 on May 13, 2024 5:42:58 GMT -8

Hi there! I'm new to this forum, and in spite of these recent transgressions, I'm still pretty excited to be here! But I do have some possibly bad news: I just checked the other programs on Alcatel's github to see if they had any other viruses, and some seem to be loaded with them. Now, I'm not as tech savvy as many of you, so I used the VirusTotal.com website's detection feature in a virtual machine to analyze the download files from all of the Arukateru github repositories that weren't forked, but I don't know how to tell the difference between the security threats that are dangerous, and the ones that have to be in the software to inject code properly (or if there's even a way to tell the difference). Despite my semi-ignorance, what I've found is the following:

Below are the Programs analyzed that were detected as dangerous, then the Analyzers that detected them as dangerous, and in (parenthesis, the reason or specific virus it was detected as). Below each List of analyzers detecting the file as dangerous is the overall statement written on the top of the website, as a summary of the analysis all of the analyzers found.
All [brackets] next to the analyzer names were changed into [brackets] because they used to be (parentheses) that were part of the names of the analyzers, and I didn't want that to get too confusing.

their UWPUnarmer-main.zip was detected as by
MaxSecure (Trojan.Malware.300983.susgen), but not by nobody else.

The official statement on the top of the website for this file analysis was
1/68 security vendor and no sandboxes flagged this file as malicious.

their IncompatibilityErrorRestorer-main.zip file was labelled overall a Trojan, and labelled dangerous by Google's detection. It was specifically labelled a Trojan by
MaxSecure (Trojan.Malware.300983.susgen),
Varist (W64/Evilnum.A.gen!Eldorado),
and VBA32 (Trojan.Link.CmdRunner).

The official statement on the top of the website for this file analysis was
4/65 security vendors and no sandboxes flagged this file as malicious.

their WindowsThemeSwitcher-main.zip was detected to be dangerous by Google's detection and a Trojan by
ClamAV (Win.Trojan.Taskkill-2)

The official statement on the top of the website for this file analysis was
2/64 security vendors and no sandboxes flagged this file as malicious

their BasicThemer5-main.zip returned with it being detected by
DeepInstinct (MALICIOUS),
Elastic (Malicious (high Confidence)),
ESET-NOD32 (A Variant Of WinGo/Agent.OM),
Fortinet (Malicious_Behavior.SB),
Ikarus (Trojan.WinGo.Shellcoderunner),
McAfee (Artemis!240FDF3ABBB0),
McAfee-GW-Edition (BehavesLike.Generic.tc),
Sangfor Engine Zero (Trojan.Win32.Agent.Vl9s),
SentinelOne (Static ML),
and Static AI (Suspicious Archive)

The official statement on the top of the website for this file analysis was
9/65 security vendors and no sandboxes flagged this file as malicious.

their basicthemer2-detours-main.zip was detected overall as a trojan.lazy, with it being specifically detected by
ALYac (Gen:Variant.Lazy.256706),
Antiy-AVL (Trojan/Win32.SGeneric),
Arcabit (Trojan.Lazy.D3EAC2 [many]),
BitDefender (Gen:Variant.Lazy.256706),
DeepInstinct (MALICIOUS),
DrWeb (Trojan.Inject4.59781),
Emsisoft (Gen:Variant.Lazy.256706 (B)),
eScan (Gen:Variant.Lazy.256706),
Fortinet (PossibleThreat),
GData (Gen:Variant.Lazy.256706 (2x)),
Google (Detected), Lionic (Trojan.Win32.Generic.4!c),
Malwarebytes (Malware.AI.3388248531),
MAX (Malware (ai Score=86)),
MaxSecure (Trojan.Malware.191013703.susgen),
McAfee (Artemis!C43BAEB68E9B),
Panda (Trj/Chgt.AD),
Rising (Trojan.Generic@AI.83 (RDML:stPzYMVT4AqusOB2pr1Oiw)),
Skyhigh [SWG] (Artemis!Trojan),
Sophos (Mal/Generic-R),
Trellix [FireEye] (Gen:Variant.Lazy.256706),
TrendMicro-HouseCall (TROJ_GEN.R002H09DD24),
and finally, VIPRE (Gen:Variant.Lazy.256706).

The official statement on the top of the website for this file analysis was
23/66 security vendors and no sandboxes flagged this file as malicious.

Inside their basicthemer2-detours-main.zip:
In spite of a second analysis bringing this next program down to 18 virus analyzers detecting something dangerous, their BasicThemer2.exe originally had the highest amount of detection results back out of all of the files. It was detected overall as a trojan.lazy, with it being specifically detected by
ALYac (Gen:Variant.Lazy.256706),
Antiy-AVL (Trojan/Win32.SGeneric),
Arcabit (Trojan.Lazy.D3EAC2),
BitDefender (Gen:Variant.Lazy.256706),
Bkav Pro (W32.AIDetectMalware.CS),
CrowdStrike Falcon (Win/malicious_confidence_70% (W)),
Cylance (Unsafe),
DeepInstinct (MALICIOUS),
DrWeb (Trojan.Inject4.59781),
Emsisoft (Gen:Variant.Lazy.256706 (B)),
eScan (Gen:Variant.Lazy.256706),
Fortinet (PossibleThreat),
GData (Gen:Variant.Lazy.256706),
Google (Detected),
Malwarebytes (Generic.Malware/Suspicious),
MAX (Malware (ai Score=83)),
MaxSecure (Trojan.Malware.191013703.susgen),
McAfee (Artemis!C43BAEB68E9B),
Sangfor Engine Zero (Trojan.Win32.Lazy.Vbht),
Skyhigh [SWG] (Artemis!Trojan),
Sophos (Mal/Generic-R),
Symantec (Trojan.Gen.MBT),
Trellix [FireEye] (Generic.mg.c43baeb68e9bedcc),
TrendMicro-HouseCall (TROJ_GEN.R002H09DD24),
and finally, VIPRE (Gen:Variant.Lazy.256706)

The official statement on the top of the website for this file analysis was
25/70 security vendors and no sandboxes flagged this file as malicious.

Lastly, despite reanalyzing this next one on a whim and finding no issues, the original analysis of their BasicThemer3-main.zip was detected by
Kingsoft (Malware.kb.a.887).

The official statement on the top of the website for this file analysis was
1/68 security vendor and no sandboxes flagged this file as malicious.

Just to give some perspective, the original BasicThemer2-v0.5.2-Release-Final.zip that you download directly from the Github page had no issues whatsoever, and the basicthemer2.exe, in spite of being detected overall as a trojan, only had 7 detections in comparison to the 25 from Alcatel's version. The detections were from
Antiy-AVL (Trojan/Win32.Agent),
Bkav Pro (W32.AIDetectMalware.CS),
Cybereason (Malicious.b1e55f),
Google (Detected),
Gridinsoft [no cloud] (Trojan.Win32.Gen.cl),
Ikarus (Trojan.IL.MSILZilla),
and MaxSecure (Trojan.Malware.230446476.susgen)

The official statement on the top of the website for this file analysis was
7/72 security vendors and no sandboxes flagged this file as malicious.

And to top it off, I downloaded the official, most recent build of DWMBlurGlass from github.com/Ingan121/BasicThemer2/releases/tag/v0.5.2-Final and put it through the same VirusTotal analysis website, and it came out with only one detection,
Jiangmin (HackTool.Inject.csr)

The official statement on the top of the website for this file analysis was
1/67 security vendor and no sandboxes flagged this file as malicious.

Hopefully I'm just being paranoid and the majority of the analyzed holes in these programs' and zip files' security end up being false positives or are purposeful due to what these programs and themes need access to in the system to run normally, but if someone with more tech know-how could check the analysis above just to be safe, that would be great.

Anyway, I look forward to chatting with all of you on better terms in the future, and I'm excited to be part of this community. Thanks and all the best.

PS:
Also, as a side note, does anyone have the link to where the actual windows 7 theme Alcatel stole, pane7, will be released when it is eventually finished? Or at very least who's making it, so I can save their github/website/deviantart page? I'm super excited to see and support the final product when it's ready!

bhr23
New Member

Posts: 2
OS: Windows 11 23H2
Theme: As many as possible

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 13, 2024 7:12:32 GMT -8

Post by bhr23 on May 13, 2024 7:12:32 GMT -8

Also, I just realized I didn't run the actual windows 7/8 theme zip file through the VirusTotal analysis tool, so here's its most recent update's result.

their w7t_110_bugfix.7z was detected by
Jiangmin (HackTool.Inject.csr).

The official statement on the top of the website for this file analysis was
1/63 security vendor and no sandboxes flagged this file as malicious.

What's inside the w7t_110_bugfix.7z file:

their AeroGlassGUI.exe was detected by
Bkav Pro (W32.AIDetectMalware).

The official statement on the top of the website for this file analysis was
1/71 security vendor and no sandboxes flagged this file as malicious.

their setup-wrs-1.5.13.exe was detected by
Bkav Pro (W32.AIDetectMalware).

The official statement on the top of the website for this file analysis was
1/65 security vendor and 1 sandbox flagged this file as malicious.

vindasal
Freshman Member

Posts: 73
OS: Windows 10 Pro 22H2
Theme: XP Luna/Classic depending on mood

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 13, 2024 19:43:52 GMT -8

Post by vindasal on May 13, 2024 19:43:52 GMT -8

Can somebody either analyze this compile of BasicThemer5 to confirm it is safe, or compile a new copy?

Further to this point, is it possible for there to be 'silent' commits to the Github files, I.E. could a copy of a file downloaded a year apart be different even if there hasn't been a new version in that time span, or would GitHub force this to be reported?

Edit:

Awful grammatical errors

Last Edit: May 13, 2024 19:54:16 GMT -8 by vindasal

ephemeralViolette
Regular Member

aa

Posts: 295

OS: Windows 10 (20H2), Windows 10 (22H2)
Theme: Windows XP Luna, Windows 7 Aero
CPU: AMD Ryzen 9 5900X
RAM: 64 GB
GPU: Radeon RX 580
Member is Online

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL! May 13, 2024 20:07:33 GMT -8

Post by ephemeralViolette on May 13, 2024 20:07:33 GMT -8

May 13, 2024 19:43:52 GMT -8 vindasal said:

Can somebody either analyze this compile of BasicThemer5 to confirm it is safe, or compile a new copy?

Further to this point, is it possible for there to be 'silent' commits to the Github files, I.E. could a copy of a file downloaded a year apart be different even if there hasn't been a new version in that time span, or would GitHub force this to be reported?

Edit:

Awful grammatical errors

GitHub just shows information from the Git repository it hosts. The authors and dates of commits can be faked, as can be the commit history itself. You can even have commits that were made before GitHub or even Git itself were created. This can be seen on old repositories which were converted to Git from an older version control system. So, yes. Someone with malicious intent could simply modify the file in the repository, replace the commit in which the file was made with a new one of the same date, git push --force to override the existing upstream commit history, and it wouldn't appear to have been updated just going off the date. The commit hash would still differ and the repository's last updated time (visible on the repositories tab of the owner's account) would also be updated to the last push time.

The proper mechanism for releasing binaries on GitHub, releases, is not susceptible to this. Since the information there is a GitHub-specific feature, the information can be verified to be made by that exact author and published at that exact time. Releases can be edited, but they'll display the new date for modified files.

STAY AWAY FROM ANY CONTENT MADE BY ALCATEL!

Post by ephemeralViolette on May 12, 2024 10:35:58 GMT -8

Post by enderboy on May 12, 2024 10:49:34 GMT -8

Post by OrthodoxWin32 on May 12, 2024 10:51:04 GMT -8

Post by enderboy on May 12, 2024 10:52:59 GMT -8

Post by windowstransformation on May 12, 2024 11:26:32 GMT -8

Post by OrthodoxWin32 on May 12, 2024 13:33:28 GMT -8

Post by kamuisuki on May 12, 2024 19:57:41 GMT -8

Post by leon04 on May 13, 2024 2:28:29 GMT -8

Post by OrthodoxWin32 on May 13, 2024 2:41:41 GMT -8

Post by leon04 on May 13, 2024 2:58:38 GMT -8

Post by OrthodoxWin32 on May 13, 2024 3:05:41 GMT -8

Post by leon04 on May 13, 2024 3:10:45 GMT -8

Post by OrthodoxWin32 on May 13, 2024 3:50:31 GMT -8

Post by leon04 on May 13, 2024 4:05:49 GMT -8

Post by OrthodoxWin32 on May 13, 2024 4:12:47 GMT -8

Post by OrthodoxWin32 on May 13, 2024 4:16:58 GMT -8

Post by bhr23 on May 13, 2024 5:42:58 GMT -8

Post by bhr23 on May 13, 2024 7:12:32 GMT -8

Post by vindasal on May 13, 2024 19:43:52 GMT -8

Post by ephemeralViolette on May 13, 2024 20:07:33 GMT -8