Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Classic Shell False Positive Or Infected?


  • Please log in to reply
4 replies to this topic

#1 Mike_Soda

Mike_Soda

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:18 AM

Posted 21 May 2017 - 09:08 PM

I've just about got my new first built PC (which I'm using right now to reply with), almost ready to switch over from the old one for full time use. As always I've been scanning everything I download with not only Malwarebytes & Windows Defender but also checking the download links with VirusTotal, Norton Safeweb & Google Transparency Report. In addition if possible, I also scan the downloaded installer with VirusTotal's file scanner. Upon trying to get Classic Shell from either the official mediafire or fosshub links, uploading the installer to VirusTotal gives some unnerving results. All but one of them claim it's safe by the name of "nProtect" which states it's a "Trojan/W32.DiskWriter 7220496". I immediately deleted the file before installing although I did perform the double-checks listed here prior. The digital signature matches up but I didn't get any further because I wanted to ask y'all first.

 

Is Classic Shell downloaded via either MediaFire or FossHub safe & if not, where should I get it from that is?

 

Since I can't upload a screenshot of the result to here I'll just type out what it looks like to the best of my ability.

 

(VirusTotal logo)

 

SHA256: 4ee910b283871ab31ef03eeb15d9557e89b55eda8f0580340b4dd2fc90305ac8

 

File Name: ClassicShellSetup_4_3_0.exe

 

Detection Ratio: 1 / 61


Ryzen 5 1500X @ 3.9GHz On 1.3625V | MSI B350M Gaming Pro | 16GB G.Skill Ripjaws V DDR4 3200MHz | 3GB MSI GTX 1060 Gaming X 2063MHz Core 9408MHz Mem | EVGA G2 550W | 250GB Samsung 850 EVO | Windows 10 Home 64-bit Version 1803 (OS Build 17134.112) | MasterCase Pro 3


BC AdBot (Login to Remove)

 


#2 saw101

saw101

  • Members
  • 437 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Great Pacific Northwest
  • Local time:05:18 AM

Posted 22 May 2017 - 01:17 PM

Official website: http://www.classicshell.net/


I never make the same mistake twice....I always make it 5 or 6 times just to be sure!


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:18 AM

Posted 22 May 2017 - 05:54 PM

When there is only one detection at virustotal, that generally indicates a false positive. It's not the first time...Class Shell was detected as malware a few months ago and reported here.

Further, I don't consider nProtect one of the major players in the security world.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Mike_Soda

Mike_Soda
  • Topic Starter

  • Members
  • 155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:05:18 AM

Posted 22 May 2017 - 10:14 PM

Official website: http://www.classicshell.net/

 

 

When there is only one detection at virustotal, that generally indicates a false positive. It's not the first time...Class Shell was detected as malware a few months ago and reported here.

Further, I don't consider nProtect one of the major players in the security world.

Thank you both so much, I'm going to get it now :).


Ryzen 5 1500X @ 3.9GHz On 1.3625V | MSI B350M Gaming Pro | 16GB G.Skill Ripjaws V DDR4 3200MHz | 3GB MSI GTX 1060 Gaming X 2063MHz Core 9408MHz Mem | EVGA G2 550W | 250GB Samsung 850 EVO | Windows 10 Home 64-bit Version 1803 (OS Build 17134.112) | MasterCase Pro 3


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,609 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:18 AM

Posted 23 May 2017 - 05:08 AM

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users