It is currently March 29th, 2024, 2:36 pm

Beware of "screenstyler" (VirusTotal link included)

Post reviews, recommendations and questions about other software.
Favitwink
Posts: 2
Joined: April 11th, 2021, 11:29 pm

Beware of "screenstyler" (VirusTotal link included)

Post by Favitwink »

This package appears to use Rainmeter 4.3.1 and other software to pretend to be an original customization tool, to actually spread virus, I can't claim it's intentional, but that it's there is a fact, and trust is earned, not given.

Don't take my word for it, look at what this scan reveals or analyze it yourself:

https://www.virustotal.com/gui/file/51b88314fe340fd8c489c6b88dd831bc805e6ee420b57a4de05f98852889883b/relations


On a semi-unrelated note, is that Discord client styling actually posible without getting banned by them?
Favitwink
Posts: 2
Joined: April 11th, 2021, 11:29 pm

Re: Beware of "screenstyler" (VirusTotal link included)

Post by Favitwink »

OK, so searching a bit more, it seems ScreenStyler is by fediaFedia on DA, who's been a deviant for 14 years and is an admin of several big groups, two of them Rainmeter ones.

Is this actually legit then?

Then why the VirusTotal results?
I'd analyze it with other tools, but it's too big for hybrid-analysis; any.run requires a login and I'm not sure if it'd be worth it creating an account just yet; and I'm not sure what's the deal with malwr.
(Cyber security is hard).
MyNameIsPhip
Posts: 1
Joined: May 5th, 2021, 9:10 pm

Re: Beware of "screenstyler" (VirusTotal link included)

Post by MyNameIsPhip »

I just came across Screen Styler and this thread was helpful. Also I saw someone comment for help on the official overview video on Youtube (https://www.youtube.com/watch?v=3K21kLqIBEk) and they replied asking "Do you have Rainmeter?" - that implies you need Rainmeter as the base program. Why not just make a Rainmeter skin then? Why make a whole website advertising it as a standalone program...?
Bekarfel
Posts: 217
Joined: May 16th, 2012, 5:38 am

Re: Beware of "screenstyler" (VirusTotal link included)

Post by Bekarfel »

Hello. The Virus Total results look to me like they're heuristic results, a lot of Generic, AI, Artemis GTI Technology results. Basically they're saying "This file does naughty things, but we don't know what it's called". This makes sense for a program that hooks into other programs to modify their behavior, because that's what a virus does. I would not call this a virus, just virus-like. It can be dangerous to your software because essentially a third party is injecting code into your software that may not have gone through the same rigorous testing as your software.
moshi wrote:there are many Rainmeter skins that aren't really useful, so let's add another one.
jsmorley wrote:I have good news and bad news.
First the bad news. [...] We would be happy to have this happen and would love to work with anyone who is feeling ambitious.
Now the good news.
I lied, there isn't any good news...
User avatar
Jeff
Posts: 326
Joined: September 3rd, 2018, 11:18 am

Re: Beware of "screenstyler" (VirusTotal link included)

Post by Jeff »

literally all .rmskin packages have some false positive on virus total because .rmskin files are just zips ok scrap this, only steam is the problem, it's probably giving trojan score because it needs to access files in program files, and reading that folder needs elevated permissions

they are allowed to share rainmeter under the gpl license, #LinkingWithGPL and are most likely doing it because you can't silently install rainmeter