Winstep Forums
http://forums.winstep.net/phpBB2/

Can themes be infected with a virus?
http://forums.winstep.net/phpBB2/viewtopic.php?f=2&t=10787
Page 1 of 2

Author:  nexter [ Fri Aug 17, 2018 3:24 pm ]
Post subject:  Can themes be infected with a virus?

The Winstep themes 'Black' and/or 'Hal 2030' are highly likely to be contaminated. I downloaded these themes from Wincustomize and installed and ran these today (only to promptly delete them again). That was the only thing that changed on my Win 10 laptop today.

ESET did not detect/report anything when downloading nor when installing/running these themes.

After deleting these themes I tried to switch user accounts, only to find that the keyboard mapping had been right royally f***** up and I was unable to complete any user names (let alone passwords!). I tried every conceivable key/key combination in the hope of finding the correct letters etc. but to no avail.

So I am now effectively locked out and face the prospect of likely having to wipe the system and start restoring from backup. Grrrrr!

I'll certainly never download anything from WC again. Somebody flush the damn thing - it stinks! ;)

Author:  winstep [ Fri Aug 17, 2018 3:50 pm ]
Post subject:  Re: WARNING!!! Likely Virus/Malware in Themes!!!

Ric, themes with the .xtreme extension are just renamed zip files. When a theme is installed, NOTHING is run or executed.

If you double click a .xtreme file, it's the same as double clicking a text file, it will open the document with the associated executable (notepad for a text file, winstep.exe for a .xtreme zip file).

So, I doubt it very much that it had anything to do with the themes.

Author:  nexter [ Fri Aug 17, 2018 4:18 pm ]
Post subject:  Re: WARNING!!! Likely Virus/Malware in Themes!!!

winstep wrote:
Ric, themes with the .xtreme extension are just renamed zip files. When a theme is installed, NOTHING is run or executed.

If you double click a .xtreme file, it's the same as double clicking a text file, it will open the document with the associated executable (notepad for a text file, winstep.exe for a .xtreme zip file).

So, I doubt it very much that it had anything to do with the themes.

I know they're renamed zip files. :)

But, I regularly re-scan the drive with my recent downloads, ESET reports nothing. Other than installing and running these two themes briefly, nothing else changed on the system at all all day. (Which is since about 3am, on and off, working on my gfx.) So it had to be something in connection with these themes. KB mapping does not suddenly mess up itself on logging out.

Fortunately, all my data are safe. I only ever keep a few immediate working files on a (separate from sys) partition, never ever (and never have!) in Win user folders except where an app demands it (e.g., Winstep - we used to be able to choose this in the past), and generally I use a USB drive for work/data which is regularly backed up to its own backup USB disk, which in turn gets backed up to the backup disks. Belts and braces. And a piece of string as well! ;)

Author:  Gregory2001 [ Fri Aug 17, 2018 7:05 pm ]
Post subject:  Re: WARNING!!! Likely Virus/Malware in Themes!!!

Wincustomize is the ONLY place where one should download themes. They are checked before they are available and there has never been a problem. I have been downloading from there for seventeen years.

Author:  nexter [ Sat Aug 18, 2018 2:17 am ]
Post subject:  Re: WARNING!!! Likely Virus/Malware in Themes!!!

Gregory2001 wrote:
Wincustomize is the ONLY place where one should download themes. They are checked before they are available and there has never been a problem. I have been downloading from there for seventeen years.

Doesn't mean their systems are infallible. Nothing ever is. Nobody ever is.

Author:  Gregory2001 [ Sat Aug 18, 2018 11:40 am ]
Post subject:  Re: WARNING!!! Likely Virus/Malware in Themes!!!

What it means is, the problem you're having is not Wincustomize. I downloaded the two themes you mentioned. No problems.

Author:  nexter [ Sat Aug 18, 2018 1:41 pm ]
Post subject:  Re: WARNING!!! Likely Virus/Malware in Themes!!!

Gregory2001 wrote:
What it means is, the problem you're having is not Wincustomize. I downloaded the two themes you mentioned. No problems.

Might have been cleaned up since I d/l'd them a while back.

However, it's since occurred to me that something's very odd about the whole thing. And that is that it's only the right, uiop, side of the KB that's affected, the left, qwerty, side's perfectly normal. I'm beginning to wonder if it might perhaps be a hardware failure of some sort and just a very odd sort of coincidence that it only happened after a log-off.

Anyway, shall try recovery later today if I can make time and sit still long enough.

Author:  winstep [ Sat Aug 18, 2018 4:27 pm ]
Post subject:  Re: WARNING!!! Likely Virus/Malware in Themes!!!

More likely than not either hardware failure, a driver problem, or some other coincidence (there was a Windows 7 update this week).

Which goes to show you should be careful before crying Wolf and scaring everyone up. :wink:

Author:  DesertDwarf [ Sat Aug 18, 2018 8:37 pm ]
Post subject:  Re: WARNING!!! Likely Virus/Malware in Themes!!!

I'd suggest deleting this entire thread in case it can scare new customers away.

Author:  nexter [ Sat Aug 18, 2018 9:17 pm ]
Post subject:  Re: WARNING!!! Likely Virus/Malware in Themes!!!

winstep wrote:
More likely than not either hardware failure, a driver problem, or some other coincidence (there was a Windows 7 update this week).

Which goes to show you should be careful before crying Wolf and scaring everyone up. :wink:

This was under Win 10 (I'm on the Win 7 sys now) and there too was an update this week (which actually seemed to improve things slightly - very slightly! - for once. But this seems an unlikely cause of the problem, more than likely it would have happened after the restart already which of course it didn't.

It's hardly a matter of crying wolf though. As installing and running those themes was the only thing that occurred prior to logging out and the problem manifesting, it did seem the most likely explanation of a likely cause (and still can't be entirely discounted). Therefore, a warning is always appropriate in such circumstances even if it proves to be a false positive in the end. Better to err on the side of caution with any download, no matter what the source.
DesertDwarf wrote:
I'd suggest deleting this entire thread in case it can scare new customers away.

I really don't see how this could scare anybody away Ric. As malware/virus/whatever still can't be eliminated, it remains a valid caution. (See above also.) However, what I would suggest is perhaps changing the topic to something like "A Caution...", if that's possible.

I can't - at least currently, maybe doing something wrong? - get recovery to work as the admin password gets all garbled up of course! OTOH, my friend whose gift the machine was got back to me to say to do nothing, his supplier is sending someone to check the system out Monday and if it is a major hardware problem they might have to take it back to base and either repair or replace it.

Author:  winstep [ Sun Aug 19, 2018 10:31 pm ]
Post subject:  Re: WARNING!!! Likely Virus/Malware in Themes!!!

DesertDwarf wrote:
I'd suggest deleting this entire thread in case it can scare new customers away.

nexter wrote:
I really don't see how this could scare anybody away Ric.


Sorry, Ric, the other Ric is right. :) It's a bit like crying 'Fire!' in a crowded theater. Anyway, I've changed the title of the topic to something more suitable.

Author:  nexter [ Mon Aug 20, 2018 2:19 am ]
Post subject:  Re: WARNING!!! Likely Virus/Malware in Themes!!!

winstep wrote:
DesertDwarf wrote:
I'd suggest deleting this entire thread in case it can scare new customers away.

nexter wrote:
I really don't see how this could scare anybody away Ric.

Sorry, Ric, the other Ric is right. :) It's a bit like crying 'Fire!' in a crowded theater. Anyway, I've changed the title of the topic to something more suitable.

Fine with me Jorge. :)

Interesting though that of the five identical systems that my friend has at his business, none show any problems. Although, all that really proves that the problem can't be related to the Windows update anyway.

Author:  Gregory2001 [ Mon Aug 20, 2018 2:46 pm ]
Post subject:  Re: Can themes be infected with a virus?

Or Wincustomize.

Author:  nexter [ Mon Aug 20, 2018 8:23 pm ]
Post subject:  Re: Can themes be infected with a virus?

Gregory2001 wrote:
Or Wincustomize.

That is, quite frankly and bluntly, total BS. It does *NOT* eliminate WC.

On the contrary, the latest points very much to the problem having arrived from WC. After fairly extensive tests, the suppliers of the system could not detect any inherent hardware problem. They were able to bypass user accounts (with the aid of a special DVD) and get into the system, everything seemed OK there but further checks are needed so they had to take it with them. Most likely apparently is some kind of bootsector bug and the only source that could have come from were the themes d/l'd from WC.

I'll wait till I get a definite diagnostic before commenting further. If it turns out not to be connected to those downloads, fine and good. But for now, it's still a distinct possibility.

Shit happens. Something we have to live with.

Author:  Gregory2001 [ Mon Aug 20, 2018 9:07 pm ]
Post subject:  Re: Can themes be infected with a virus?

Jorge can explain it to you.

Page 1 of 2 All times are UTC
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/