Jump to content

Windows 7 Extended Kernel

xpandvistafan

By xpandvistafan
in Windows 7

 Share

Recommended Posts


vinifera

vinifera

Posted
Posted (edited)

well TrendMicro and Webroot and ClamWin didn't find anything in extracted files
anyone care to scan with MBAM or something else ?

Edited by vinifera
D.Draker

D.Draker

Posted
Posted
11 hours ago, vinifera said:

well TrendMicro and Webroot didn't find anything in extracted files
anyone care to scan with MBAM or something else ?

Sorry can't help, MBAM for Vista is very old, makes no sense.

1
AstragonQC

AstragonQC

Posted
Posted (edited)

This case is more and more weird as time files.

So we have:
- An impersonator who have claimed vx handle and does weird stuff with it
- A guy called i486 that reuploaded vx's work, now accused to being a fake repo by the guy that take vx's handle.
- That same i486 uploaded a random build tagged as "1.1.2.1428", allegedly coming from vx himself from early October.
    - The reading of the source code committed on the i486 repo does not seems to contain malicious code, but here I won't confirm as my ability to read C is limited by the fact my knowledge of C is kinda basic.

So question : Did someone have any factual information coming from an actual source about what the fridge is going on there?

Edited by AstragonQC
AstragonQC.exe has stopped working
NotHereToPlayGames

NotHereToPlayGames

Posted
Posted

To each their own, of course.  I've always been a bit weary of the hackery behind extended kernels and I only use them within VMs and never on my real hardware.

Not to be read as a blanket statement, of course.  These "extensions" seem to always be best of intentions.  But they do do DO break terms of use agreements and can can CAN be taken to court by the owner of the software being hacked.

These laws are different from country to country, of course.  So again, not a blanket statement.  But a "shady" business by any stretch of the imagination.

Even MSFN admins will REMOVE/BAN members for stepping over the line in regards to these extended kernels.  They cannot be hosted HERE.  But we can "discuss" them here.  That is MSFN protecting themselves from legal fallout.

D.Draker

D.Draker

Posted
Posted
21 hours ago, NotHereToPlayGames said:

To each their own, of course.  I've always been a bit weary of the hackery behind extended kernels and I only use them within VMs and never on my real hardware.

Not to be read as a blanket statement, of course.  These "extensions" seem to always be best of intentions.  But they do do DO break terms of use agreements and can can CAN be taken to court by the owner of the software being hacked.

These laws are different from country to country, of course.  So again, not a blanket statement.  But a "shady" business by any stretch of the imagination.

Even MSFN admins will REMOVE/BAN members for stepping over the line in regards to these extended kernels.  They cannot be hosted HERE.  But we can "discuss" them here.  That is MSFN protecting themselves from legal fallout.

Lol, they asked to scan with AV, not to get a lesson on "legality". You failed to mention portable Kernels, like the Vista Kernel was, for example.

And I don't know whether this one is portable, any ideas?

And as for installing, I 100% agree with you, I never installed those. Too much risk.

1
KittyMaster

KittyMaster

Posted
Posted (edited)

I am the guy behind i486 handle and the following repository
https://github.com/i486/VxKex

Here are the facts and timeline about VxKex:

July 22, 2024
The account of vxiiduu (the original author of VxKex) and all of their repositories, including VxKex, were wiped for unknown reasons.
This led to various rumors in different communities. Some suggested it was due to a ban by Microsoft, while others suspected malware or other issues.

Around the same time, someone created fake repositories and began impersonating vxiiduu. They added a fake changelog, fake supported applications, their own Bitcoin donation address, and even claimed they were planning to release "VxKex 2.0."

Fake repositories:
https://github.com/VxKex/VxKex
https://github.com/vxiiduu1/VxKex

BTC Donation

Fake changelog

July 22 2024
Later that day, vxiiduu revealed that he had intentionally wiped their online presence (including Github) due to being doxxed. He clarified that the doxxing was unrelated to VxKex or any computer-related matters. I (i486) independently confirmed this information.

vxiiduu.png.c1aacaec02fee5b74d17e26f9b5a74af.png

July 23, 2024
vxiiduu confirmed that they had no connection to the fake repositories.

0vOZvzz.png

I and many others reported these fake repositories to GitHub.

image.png.34784773b937bf21c7aac2a06717ae05.png

At this point, I made the decision to upload the original VxKex installers and source code to my own repository, aiming to preserve the project and provide a space for users to discuss VxKex and download the authentic installers. To ensure I had the most accurate data, I used Software Heritage to obtain a complete bare clone of the original VxKex repository.

5FsYuch.jpeg

image.png.569faed74aa78b2be1b78715cf59a572.png

A few days later, the fake repositories were archived and eventually deleted. It’s unclear if this was due to our reports or if the impersonator deleted them themselves.

October 10 2024

vxiiduu silently released VxKex 1.1.2.1428 on a Discord channel they’ve always used for discussions about VxKex and Windows. 

rGVmorH.png

November 2024

The impersonator exploited GitHub’s policy of reusing handles 90 days after deletion. They registered vxiiduu’s old handle and created another fake VxKex repository under the original URL. They included a fabricated story about taking care of a sick mother and added another Bitcoin donation address.

CBj8uqJ.png

W9TkzfU.png

November 9 2024

Vxiiduu confirms there is no connection between his previous GitHub handle and the recently created fake repository.

baIV4L6.png

TVW7xsP.jpeg

Around December 2024

I discovered that vxiiduu had silently released a new version of VxKex on Discord back in October, and the impersonator had returned as well. Since vxiiduu has not returned to GitHub, and only a few Chinese sites and one fork were aware of the new VxKex 1.1.2.1428 release, I felt it was important to update my repository. I also thought it was a good opportunity to ensure people knew about the fake repository to avoid potential harm and future infections, especially given that my repository has the most followers and a place for a discussion.

The original repository's URL now belongs to an impersonator, and the new version still contains links pointing to the now fake repository.

To solve this issue, I initially replaced the fake repository references in the source code and compiled a new version. However, I decided against this approach to avoid any skepticism about the binary changes. Instead, I chose to hex-edit the references in binaries and repack the installer. This way, when you compare my binaries with the original setup files from vxiiduu’s Discord, the only difference you’ll find is the GitHub link – everything else remains the same.

It’s worth mentioning that the fake repository isn’t only referenced in the copyright field; there's also a "Report Bug" button in the VxKex options that links to the fake repository. I felt it was critical to address this issue.

December 22, 2024

I updated my repository with the source files from the new version and released VxKex 1.1.2.1428 with a warning about the impersonator and their fake repository.

The impersonator responded to being called-out by pushing various changes to their repository.

At one point, it was like this:

Pn2Bjz0.png

Now it says that my repository is the fake one and contains malware.

You can read more details in this issue thread:  
https://github.com/i486/VxKex/issues/43

Hope these clears things up. If something is not clear, please ask i'll try to answer.
And of course, I'd greatly appreciate if anyone here could report the impersonator/fake repo to Github.

...

 

 

 

Edited by KittyMaster
2
D.Draker

D.Draker

Posted
Posted
11 hours ago, KittyMaster said:

suspected malware or other issues

Hi, can we get those reports of the alleged viruses, so we could decide ourselves, thank you.

1
D.Draker

D.Draker

Posted
Posted
11 hours ago, KittyMaster said:

July 22 2024
Later that day, vxiiduu revealed that he had intentionally wiped their online presence (including Github) due to being doxxed.

How do we know it's him, and not an impostor, I mean, since the original accounts were totally wiped.

1
KittyMaster

KittyMaster

Posted
Posted
18 minutes ago, D.Draker said:

Hi, can we get those reports of the alleged viruses, so we could decide ourselves, thank you.

There were no reports about viruses.  I was simply referring various speculations made by others regarding why the VxKex repository had disappeared. While I don’t recall the exact forum or site where all these discussions took place, one comment that stood out to me was along the lines of: “I always knew VxKex was sketchy. The author probably nuked the project after someone discovered malware.”

Additionally, many people suggested that the project might have been taken down by Microsoft, which was another theory that turned out to be false. You can even find such speculation in threads like one here:
https://msfn.org/board/topic/186333-vxkex-extended-kernel-project-dissapeared/

1 hour ago, D.Draker said:

How do we know it's him, and not an impostor, I mean, since the original accounts were totally wiped.

Neither I nor vxiiduu have ever stated that he deleted his Discord account, and there has never been any speculation or evidence suggesting that his account was compromised. If such a compromise had occurred, I’m confident we would have heard something from his well known online acquaintances, such as dotexe1337 (developer of Windows 7 Extended Kernel) or win32 (developer of Supermium), etc.

And more importantly, the new version (1.1.2.1428) of VxKex, released by the same account you’re questioning, actually includes the improvements it claimed to offer. For example, VxKex 1.1.1.1375 never worked on updated Windows 7 SP1 32-bit systems, but version 1.1.2.1428 functions without issues. Additionally, a fatal crash that occurred in the game Life is Strange has been resolved in this update. And, of course, the source code is available for verification.

1
D.Draker

D.Draker

Posted
Posted
16 hours ago, KittyMaster said:

I was simply referring various speculations made by others regarding why the VxKex repository had disappeared. While I don’t recall the exact forum or site where all these discussions took place, one comment that stood out to me was along the lines of: “I always knew VxKex was sketchy. The author probably nuked the project after someone discovered malware.”

Rumours then, just rumours. what about the portable kernel version?

And will we be able to use this kernel on Vista, just to run browsers, for example?

2

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...