this post was submitted on 17 Jul 2024
36 points (87.5% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

53939 readers
249 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

💰 Please help cover server costs.

Ko-FiLiberapay

founded 1 year ago
MODERATORS
db0@lemmy.dbzer0.com
sunbrothersco@lemmy.dbzer0.com
dataprolet@lemmy.dbzer0.com
Flatworm7591@lemmy.dbzer0.com
RandomLegend@lemmy.dbzer0.com
36
Help me figure out if i downloaded something shady, please (lemmy.dbzer0.com)
submitted 2 months ago* (last edited 2 months ago) by astandimandi@lemmy.dbzer0.com to c/piracy@lemmy.dbzer0.com
21 comments fedilink hide all child comments
 

Hi everyone, i'd like to start off by saying that i've been pirating for a while and have always stuck to sites that are reccommended on various megathreads and considered safe. Sorry for the long winded explaination.

So i was downloading a game from gamdie (which i have before with no issue) and one from steamrip (i don't remember any issues there) and the gamdie file was almost immediately flagged by WD as trojan. i didn't even make it in time to click anything that all these other trojans started popping up and WD closed on its own. i panicked and deleted the files and tried to run malwarebytes which i thought was installed already (but apparently not) and it turns out i can't even install it, it says the app can't run and to check different versions. I checked on taskmanager and it seems nothing immediately fishy was there, WD gave me back a list of the trojans it found and i deleted them, firefox has acted weird a couple times (duplicating tab instead of opening new one, or opening settings instead), and some of my login info is gone from my browser. i still can't install malwarebytes, and i'm kinda not handling this well, so any help is appreciated.

i couldn't read what all the trojans are and WD won't tell me what they are now, but i remember having seen trojan wacaca (or somehing) and trojan malmar (or something like that). Thank you!

Edit: thank you to everyone that replied, between your advice and the sources I found here (linked below) I apparently found a cryptominer and it seems my system should be clean now. I'll run some extra stuff to be sure and hopefully that will be that. Have a nice day!

https://www.reddit.com/r/antivirus/comments/jh3s0g/virus_deleted_or_not/

top 21 comments
sorted by: hot top controversial new old
[–] HeavyRaptor@lemmy.zip 22 points 2 months ago (1 children)

While it's best to be safe, many of the cracks are flagged as false-positives by WD. Just because it is flagged as a Trojan, it doesn't 100% mean it is.

[–] astandimandi@lemmy.dbzer0.com 3 points 2 months ago* (last edited 2 months ago)

Yeah I remember that happening a couple times as well, and thought it was probably nothing until I started to get some weird behaviors, it bothers me I couldn't check all the Trojan and that apparently I can't install malwarebytes and that WD isn't doing an offline scan, it just reboots the pc immediately

[–] jet@hackertalks.com 22 points 2 months ago (1 children)

In the future, you might want to use a virtual machine when you're unpacking new payloads.

At this point, use Windows defender to do a offline scan, so it reboots and scans the entire computer from a special operating environment.

If you're not using Windows, mount the drive on a different computer and do a scan that way.

It's likely the computer is not tainted, cuz your virus scanner caught it before you ran it. But if you're very paranoid, or if the computer is very sensitive, it doesn't hurt to reinstall everything from scratch. And then in the future use virtual machines

[–] astandimandi@lemmy.dbzer0.com 3 points 2 months ago

Thank you for your reply! I will try the offline scan, it's a good idea! Yeah I'm definitely not gonna mess round on my native environment anymore, it's not worth the hassle really

[–] deadbeef79000@lemmy.nz 14 points 2 months ago* (last edited 2 months ago) (1 children)

In future, assume everything is a hostile payload until scanned.

Microsoft provides free VM images of various versions for developers to test with, use one of them, install whatever scanning tool you want, then install your suspicious payload.

Rinse repeat.

[–] astandimandi@lemmy.dbzer0.com 2 points 2 months ago

I will look into this, it's really not worth taking the chance...it's all well and good until it isn't lol

[–] zaknenou@lemmy.dbzer0.com 3 points 2 months ago (1 children)

hmm, I know you said that you couldn't install malwarebytes, but did you try Kaspersky? A friend of mine told me it saved his computer once

[–] astandimandi@lemmy.dbzer0.com 1 points 2 months ago (2 children)

Thank you, I'll try this as well!

[–] merde@sh.itjust.works 7 points 2 months ago* (last edited 2 months ago) (1 children)

free & open source ☞

ClamWin is a Free Antivirus program for Microsoft Windows 10 / 8 / 7 / Vista / XP / Me / 2000 / 98 and Windows Server 2012, 2008 and 2003.

ClamWin Free Antivirus is used by more than 600,000 users worldwide on a daily basis. It comes with an easy installer and open source code. You may download and use it absolutely free of charge.

[–] astandimandi@lemmy.dbzer0.com 2 points 2 months ago (2 children)

Thanks for the link! I haven't heard of it before, what makes you recommend it?

[–] ladfrombrad@lemdro.id 3 points 2 months ago* (last edited 2 months ago) (1 children)

While I've used ClamAV and knew they had a Windows app as well as other platforms I've never heard of the above website, and it smells funny to me.

https://www.clamav.net/downloads

ClamAV has been around for years, and I'd throw caution to the wind with the above Windows executable from ClamWin......

cc: @merde@sh.itjust.works

[–] merde@sh.itjust.works 3 points 2 months ago* (last edited 2 months ago) (1 children)
[–] ladfrombrad@lemdro.id 1 points 2 months ago

Ah I see, that's pretty cool. Suppose it's just the look of their website that reminded me of a knock off site or something.

[–] merde@sh.itjust.works 0 points 2 months ago

like ladfrombrad wrote, the project "has been around for years"

and most importantly it's free and open source

[–] zaknenou@lemmy.dbzer0.com 1 points 2 months ago

any luck ?

[–] kusivittula@sopuli.xyz 2 points 2 months ago (1 children)

if there's a chance something nasty got loose on your system, i wouldn't trust it anymore even if some antivitus succeeds in quaranteening something. if you didn't have a primary password in your browser, all of the saved passwords may have been compromised. i would reinstall OS and change all the saved passwords.

[–] astandimandi@lemmy.dbzer0.com 1 points 2 months ago (1 children)

I keep getting very conflicting info from my pc: some logins are gone but not all of them, the pc and firefox acted up with unpredictable minor glitches for the rest of the evening but then they cleared, so I just have no idea what to even begin thinking.

[–] kusivittula@sopuli.xyz 4 points 2 months ago (1 children)

a few years back i was pirating some movie after a bottle of captain morgan. i remember not being able to play the movie and suddenly the file was gone so i downloaded it again, same thing. the next day i noticed the whole system running a little sluggish and some things just wouldn't work. then i noticed that i had several notifications from windows defender, it had blocked the movie. checked the torrent again and it was a damn .exe... i ran malwarebytes and it found nothing. i didn't bother reinstalling because it felt normal after a reboot, but it bothered me for the next two years until i hopped into team penquin. just do a clean reinstall, and you can forget about it.

[–] astandimandi@lemmy.dbzer0.com 1 points 2 months ago

Lmao gotcha, I get your drift 😊 thanks for the help!

[–] k6sftoloat@r.nf 1 points 2 months ago (1 children)

Nothing shady imo

[–] astandimandi@lemmy.dbzer0.com 1 points 2 months ago

Can you expand on this? I'd like to hear both sides of the argument :)