|
|
Post by OrthodoxWin32 on Aug 20, 2024 2:06:36 GMT -8
He’s talking about the udwm patch, don’t tell me Alcatel has not learnt from his lesson, because of that everyone stay away from all alcatels stuff, apart from the wind hawk mods, they are fine The main problem is that all this has created a general confusion about the trust to give to this or that program, or to this or that type of file. The situation was already confusing because of antiviruses that systematically detect certain customization tools, but now some people have come to believe that a font file can contain malicious code! Finally, it is perhaps on this level that Alcatel has done the most harm, its attack/revenge has created confusion among some less experienced users of this community. And Brawlux's post has not helped to reduce this confusion... In the case of patched uDWMs they have just been redistributed by Alcatel, but Alcatel is not the creator. This is a good example of the confusion I am talking about above. |
|
technicalissues
Sophomore Member
Windows 10 that is 1:1 to 7; coming soon
Posts: 157
OS: Windows 10 22H2
Theme: Windows 7 Visuals and functions
CPU: Intel i5-13400F
RAM: 16GB DDR5
GPU: NVIDIA RTX 4060
|
Post by technicalissues on Aug 20, 2024 2:28:07 GMT -8
The wind hawk mod, I KNOW IT MUST BE APPROVED BY RAMEN BUT IN AN ALAYNSIS and checking files I found that it got detected as b something, I’ll check that when I get home, but it’s the same thing as what dwm fake is: a logger for stuff. So it was the wind hawk mod since as mentioned as soon as I installed it a credential and crypto folder popped up in a hidden location… so it is the wind hawk mod and I have official dwmblurglass so it is the wind hawk mod. I also use aero10 so it isn’t his theme mod edit: to clarify this is for the thick frames mod and I’m typing on phone so typing is bad Anyway, the thick frames mod is obsolete now, I think there are better versions of it. However, sorry but your problems can only come from another program. I just reread the current code of the thick frames mod, and there is nothing that is able to do what you describe. On the other hand, Aclatel had not created its malware from scratch, it had used a tool for this, which others can also use... Your PC may be infected by something similar.
No, because ONLY when I had that defender started telling me that there was malware. I know false-positives exist but I know for a fact that was NOT a false-positive, because back before this happened it didnt show it, but when this happened and the 2.0 version got updated, only then defender started annoying me |
|
technicalissues
Sophomore Member
Windows 10 that is 1:1 to 7; coming soon
Posts: 157
OS: Windows 10 22H2
Theme: Windows 7 Visuals and functions
CPU: Intel i5-13400F
RAM: 16GB DDR5
GPU: NVIDIA RTX 4060
|
Post by technicalissues on Aug 20, 2024 2:29:36 GMT -8
And I know for a fact I have installed nothing malicious except for that. I've went through everything else and found nothing unusual.
|
|
|
|
Post by OrthodoxWin32 on Aug 20, 2024 2:41:03 GMT -8
technicalissues The mod was updated to version 2.0 when? Could you provide me with a screenshot of the Windows Defender report?
EDIT: I just saw that version 2.0 is there from the initial deposit of the mod in the official Windhawk library. There has been no update in the meantime.
|
|
technicalissues
Sophomore Member
Windows 10 that is 1:1 to 7; coming soon
Posts: 157
OS: Windows 10 22H2
Theme: Windows 7 Visuals and functions
CPU: Intel i5-13400F
RAM: 16GB DDR5
GPU: NVIDIA RTX 4060
|
Post by technicalissues on Aug 20, 2024 2:49:57 GMT -8
technicalissues The mod was updated to version 2.0 when? Could you provide me with a screenshot of the Windows Defender report? Absolutely, I can. Not sure when, but it has a new version since I remember it saying 1.0 before this. imgur.com/a/threat-so5zOGWAnd I know that it IS it because it quite literally mentions its the mod itself  |
|
|
|
Post by enderboy on Aug 20, 2024 2:51:04 GMT -8
technicalissues The mod was updated to version 2.0 when? Could you provide me with a screenshot of the Windows Defender report? Absolutely, I can. Not sure when, but it has a new version since I remember it saying 1.0 before this. imgur.com/a/threat-so5zOGWAnd I know that it IS it because it quite literally mentions its the mod itself Oh yes, this is urgent everyone UNINSTALL FORCE THICK FRAMES MOD IMMEDIATELY!!! |
|
technicalissues
Sophomore Member
Windows 10 that is 1:1 to 7; coming soon
Posts: 157
OS: Windows 10 22H2
Theme: Windows 7 Visuals and functions
CPU: Intel i5-13400F
RAM: 16GB DDR5
GPU: NVIDIA RTX 4060
|
Post by technicalissues on Aug 20, 2024 2:56:30 GMT -8
Absolutely, I can. Not sure when, but it has a new version since I remember it saying 1.0 before this. imgur.com/a/threat-so5zOGWAnd I know that it IS it because it quite literally mentions its the mod itself Oh yes, this is urgent everyone UNINSTALL FORCE THICK FRAMES MOD IMMEDIATELY!!! is that sarcastic? |
|
|
|
Post by OrthodoxWin32 on Aug 20, 2024 2:59:20 GMT -8
Absolutely, I can. Not sure when, but it has a new version since I remember it saying 1.0 before this. imgur.com/a/threat-so5zOGWAnd I know that it IS it because it quite literally mentions its the mod itself Thanks for the screenshot. Having the same mod installed, I could see that the mod name differs, since I have : force-thick-frames_715957.dll It was never detected by Windows Defender. However, there has clearly been no update to the official repository, so I don't quite understand this difference in name. Is there still the code for the mod in question (uncompiled) in your Windhawk library? If so, you can send it to me. This is all the more strange since the code of my version indicates version 2, and is identical to the current version of the repository. If there is a difference, it is after compilation.
|
|
|
|
Post by enderboy on Aug 20, 2024 3:01:46 GMT -8
Oh yes, this is urgent everyone UNINSTALL FORCE THICK FRAMES MOD IMMEDIATELY!!! is that sarcastic? No |
|
technicalissues
Sophomore Member
Windows 10 that is 1:1 to 7; coming soon
Posts: 157
OS: Windows 10 22H2
Theme: Windows 7 Visuals and functions
CPU: Intel i5-13400F
RAM: 16GB DDR5
GPU: NVIDIA RTX 4060
|
Post by technicalissues on Aug 20, 2024 3:02:13 GMT -8
Absolutely, I can. Not sure when, but it has a new version since I remember it saying 1.0 before this. imgur.com/a/threat-so5zOGWAnd I know that it IS it because it quite literally mentions its the mod itself Thanks for the screenshot. Having the same mod installed, I could see that the mod name differs, since I have : force-thick-frames_715957.dll However, there has clearly been no update to the official repository, so I don't quite understand this difference in name. Is there still the code for the mod in question (uncompiled) in your Windhawk library? If so, you can send it to me. Unfortunately I deleted everything for my safety. I cannot find it since I removed it with defender. However, check for any updates. Either way I am positive it is malware. |
|
|
|
Post by OrthodoxWin32 on Aug 20, 2024 3:12:05 GMT -8
Unfortunately I deleted everything for my safety. I cannot find it since I removed it with defender. However, check for any updates. Either way I am positive it is malware. This is all really strange, because there are things that are as certain as the fact that the Earth is round: - I have the same uncompiled mod as the current official version (the 2) - The mod has never been updated (unless Alcatel hacked Ramen's Github account, which seems pretty unlikely to me) - The current uncompiled mod does not contain any malicious code - My compiled DLL of the mod does not have the same name as yours, and has never been detected by Windows Defender. I will try to install the mod in a virtual machine, and see what happens. |
|
technicalissues
Sophomore Member
Windows 10 that is 1:1 to 7; coming soon
Posts: 157
OS: Windows 10 22H2
Theme: Windows 7 Visuals and functions
CPU: Intel i5-13400F
RAM: 16GB DDR5
GPU: NVIDIA RTX 4060
|
Post by technicalissues on Aug 20, 2024 3:15:57 GMT -8
Unfortunately I deleted everything for my safety. I cannot find it since I removed it with defender. However, check for any updates. Either way I am positive it is malware. This is all really strange, because there are things that are as certain as the fact that the Earth is round: - I have the same uncompiled mod as the current official version (the 2) - The mod has never been updated (unless Alcatel hacked Ramen's Github account, which seems pretty unlikely to me) - The current uncompiled mod does not contain any malicious code - My compiled DLL of the mod does not have the same name as yours, and has never been detected by Windows Defender. I will try to install the mod in a virtual machine, and see what happens. That is... really strange? It is definitely possible that his github was hacked, and if he was involved in any loggers at all here I would say so. However as you said that's unlikely. I am not sure why I have a different file but I have to assume that it could be something to do with a windows version, symbols or something. I am not sure since I'm not very experienced with this |
|
|
|
Post by OrthodoxWin32 on Aug 20, 2024 3:43:30 GMT -8
That is... really strange? It is definitely possible that his github was hacked, and if he was involved in any loggers at all here I would say so. However as you said that's unlikely. I am not sure why I have a different file but I have to assume that it could be something to do with a windows version, symbols or something. I am not sure since I'm not very experienced with this I just tested on a Windows 10 virtual machine, the mod works correctly, the DLL I get seems close to that of my system (there is no "2" in the name) and it is not detected by Windows Defender.  |
|
technicalissues
Sophomore Member
Windows 10 that is 1:1 to 7; coming soon
Posts: 157
OS: Windows 10 22H2
Theme: Windows 7 Visuals and functions
CPU: Intel i5-13400F
RAM: 16GB DDR5
GPU: NVIDIA RTX 4060
|
Post by technicalissues on Aug 20, 2024 3:50:31 GMT -8
That is... really strange? It is definitely possible that his github was hacked, and if he was involved in any loggers at all here I would say so. However as you said that's unlikely. I am not sure why I have a different file but I have to assume that it could be something to do with a windows version, symbols or something. I am not sure since I'm not very experienced with this I just tested on a Windows 10 virtual machine, the mod works correctly, the DLL I get seems close to that of my system (there is no "2" in the name) and it is not detected by Windows Defender. Very odd, as defender on my system acted up and showed me that bulldog thing infront of a computer... I dont know what is going on... But as you said it is a different DLL too! Maybe it could be because i have vc 2019 and net 3.5 installed, or its because tis a different DLL |
|
|
|
Post by OrthodoxWin32 on Aug 20, 2024 3:58:44 GMT -8
Very odd, as defender on my system acted up and showed me that bulldog thing infront of a computer... I dont know what is going on... But as you said it is a different DLL too! Maybe it could be because i have vc 2019 and net 3.5 installed, or its because tis a different DLL Indeed all this is strange, I will continue to think about the problem. If the compiler is not quite the same, it can indeed lead to false positives (even if I think I also have VisualStudio 2019, in its core versions). But what makes me say that it was not necessarily a false positive is the "2" present in the name of the DLL, as well as the presence of the credential and crypto folder in your system...
For other users, if you have not had a Windhawk mod detected by Windows Defender, you do not have to worry, even if you use the Tick Frames mod. |
|
technicalissues
Sophomore Member
Windows 10 that is 1:1 to 7; coming soon
Posts: 157
OS: Windows 10 22H2
Theme: Windows 7 Visuals and functions
CPU: Intel i5-13400F
RAM: 16GB DDR5
GPU: NVIDIA RTX 4060
|
Post by technicalissues on Aug 20, 2024 4:04:56 GMT -8
Very odd, as defender on my system acted up and showed me that bulldog thing infront of a computer... I dont know what is going on... But as you said it is a different DLL too! Maybe it could be because i have vc 2019 and net 3.5 installed, or its because tis a different DLL Indeed all this is strange, I will continue to think about the problem. If the compiler is not quite the same, it can indeed lead to false positives (even if I think I also have VisualStudio 2019, in its core versions). But what makes me say that it was not necessarily a false positive is the "2" present in the name of the DLL, as well as the presence of the credential and crypto folder in your system...
For other users, if you have not had a Windhawk mod detected by Windows Defender, you do not have to worry, even if you use the Tick Frames mod. Still, either way everyone there are alternatives, so I'd recommend either way uninstalling that and using a different one. |
|
|
|
Post by OrthodoxWin32 on Aug 20, 2024 4:10:19 GMT -8
Still, either way everyone there are alternatives, so I'd recommend either way uninstalling that and using a different one. Regardless of security, there is an alternative that is normally more efficient (it targets DWM, not all processes).
Otherwise, have you used DWMBlurGlass 3.0 or another alcatel program in the past?
|
|
technicalissues
Sophomore Member
Windows 10 that is 1:1 to 7; coming soon
Posts: 157
OS: Windows 10 22H2
Theme: Windows 7 Visuals and functions
CPU: Intel i5-13400F
RAM: 16GB DDR5
GPU: NVIDIA RTX 4060
|
Post by technicalissues on Aug 20, 2024 4:11:12 GMT -8
Still, either way everyone there are alternatives, so I'd recommend either way uninstalling that and using a different one. Regardless of security, there is an alternative that is normally more efficient (it targets DWM, not all processes).
Otherwise, have you used DWMBlurGlass 3.0 or another alcatel program in the past?
No, never. Atleast that I do not recall or have used on my current system, and previous 11 one |
|
