iPhunwa2 | 390 points
In order to post executable files from now on, it is
If you see a post without a virus scan or a tampered file (md5 mismatch), do report it.
That being said, you can never be 100% sure. In the event that you do get a malware or a virus, here are some guides to help you out;
Also, I'm willing to flair up users as TRUSTED for added visibility and ease of use. If you feel like you deserve the flair, or would like to nominate a user comment below or send me a message.
Running virus scans on any .exe file (trusted or not) is a good rule of thumb. Kudos to the proactive steps being taken in light of pcgamer21's tomfuckery.
[-] [deleted] | 17 points
I think discussion among the community is also important. When I commented that the Okami file had a Trojan, the only person to talk to me about it was OP, and he convinced me that it was a false positive. Other people mentioned that they found it suspicious but didn't want to say anything about it. Obviously me trusting /u/pcgamer21 was my own fault but I hope that in the future we look out for each other.
Remember the days when you could download something here without any worries. I never even thought about viruses when downloading something here.
Ya those days were right before this post.
[-] alphaAlbert | 27 points
I remember it like it was yesterday... wait.
[-] IgnoreMyName | 5 points
I ALWAYS run a Malwarebytes scan on EVERYTHING I download. If I can automate a scan for every download like with InternetDownloadManager, I do. I would recommend people to build that habbit as well. You never know when malware will make it through.
Same. Malwarebytes = your friend.
I'd like to be able to trust people without worry, but the fact is that sometimes people just suck. It's easier to say "better safe than sorry" and run some scans anyhow.
How would someone know that the virustotal they posted is associated with their exe?
Yes, that is why I’ve mentioned links to guides which should help you in the case its a malware. We’re looking into implementing a rule where there is a certain account age and karma required to post executable files, but you’ll still have to be proactive and careful yourself regardless of how strict the rules are.
minimum age to post executables
flair up users as TRUSTED
I think that's a bit too much, and will only divide the user base as anyone who isn't "blessed" by the mod team becomes a potential suspect...
The VirusTotal/Hash procedure should suffice, in my opinion, although some antivirus programs on VT will inevitably false-flag a lot of keygens/cracks especially in the case of operating systems (e.g. Windows activators and the like).
[-] DeathtotheCavalry | 2 points
based on my reading of the new policy, the [trusted] flair is a badge of honor. I don't see the mods banning a post for not having the [trusted] badge.
[-] confesstoyou | 10 points
I'm a big fan of the VirusTotal website and for many years have used it on stuff I downloaded, but I fear these requirements may be too stringent.
Regarding the requirement that all tests be passed, a lot of times there is some crappy, non-reputable anti-virus program(s) that I have never even heard of that detects something as a virus when it is not. For example, there may be a couple of incorrect virus detections, but the file may nevertheless have a good community score on VirusTotal and lots of comments saying that the file is clean. Also a reputable, well-known antivirus package will say it's clean.
Some antivirus programs may fail to complete the scan for whatever reason, in which case the file will have an incomplete report (can't pass all the tests).
Some antivirus software flags pirated software as bad. It's usually possible to tell that it is not a real virus because it will be flagged as a weird category of supposed malware, like "Keygen.Generic" or something.
Also, just FYI, there are programs that can calculate a file's sha256 hash, which is more secure than md5 and is also listed on VirusTotal (at the very top, right above the file name and below "engines detected this file").
Lastly, I may be wrong, but I thought there was file size limit with VirusTotal.
MD5 file hash collision is incredibly rare, basically if someone uses it to fool you into executing another fille, it's a Nation state attack. Individual users shouldn't worry about that, really. They would likely save that kinda stuff for enterprises, to circumvent app whitelisting and the like (normally that uses sha256 though for the above reason).
A lot of software cracks are gonna flag heuristics because the kinds of things they are doing (process injection, encryption defeating, etc) look like malware.
And a lot of legit software flags one or two scanners' heuristic engines, especially the crummier AV. I tend to look at the big AV companies...Symantec, mcAfee (shudder), NOD32, Kaspersky (despite Russian state influence), Trend Micro, etc when analyzing a file.
Oh, and brand new viruses (often compiled from a DIY kit) will often show 0/50ish or whatever on VT until they are detected. VT is often useless for freshly packed malware. Don't trust brand new hashes either. Hard for new release cracked software.
Just some input from your friendly Cyber Security Incident Response lurker.
One thing I sometimes look at on VT is Details -> History, where it lists dates for
[-] KawaiiDango | 6 points
Is or was this an issue with the recent Adobe apps posted recently? I have a friend who downloaded them but haven't installed them yet.
[-] ASentientBot | 12 points
fwiw, for the Adobe apps, it's often simpler to get the actual installers from Adobe and then just patch them with amtemu or similar, is it not?
Whats amtemu?
[-] ASentientBot | 5 points
Quick search either on Google or /r/megalinks or /r/mstoolkit will bring up some results. Basically it's a crack that involves replacing a library in the Adobe app which bypasses the license key check.
Yes, they were malicious as well and the user was banned
I have found that cracked software, especially if there is a key generator sometimes gets flagged by anti-virus software, but there isn't actually a virus.
What gets flagged with the adobe software?
[-] groundnutstew | 2 points
i had downloaded them but hadnt installed yet. im very grateful for this.
[-] heatproofmatt | 3 points
I have a Bunch of mac games from humble bundle. what should i use to show they are safe?
[-] ThatOneDudeHere | 3 points
I'd like to see the original NFO files for the releases included if people have them as well. I'm far more likely to trust a known group than some random post. Usually you can google the release and confirm the MD5 that way.
Thank you for this announcement. I joined cuz I saw u/pcgamer21 posting nice releases, so I decided to take up the spot. Didn't know we was suspicious. Now, I'll try extra hard to make my releases easy and suitable.
Can we get a list of the software that was recently considered to be malicious?
[-] [deleted] | 4 points
Okami HD and Cuphead posts by /u/pcgamer21. You can read more about it here https://www.reddit.com/r/megalinks/comments/7jz6mx/psa_cuphead_okami_hdwatch_out_for_malicious/
Does anyone know sites where we can get proper filehashes? Just posting a filehash isn't enough if you don't know what the filehash of the original is.
I only know xrel.to. Often people post the hashes in the comments there.
E.g. https://www.xrel.to/comments/1438270/Wolfenstein-II-The-New-Colossus-CODEX.html
This sub is nothing but great communities and awesome posters. Then one fuck head had to go ruin it.
Def a step in the right direction though, forcing virustotal and md5 is a must anyway, this is why I haven't downloaded applications from this sub, sucks that there were indeed repercussions from a fuck up of a poster, but hey, we move on, and we get better and grow because of it.
Love you r/megalinks
[-] Mrfrodough | 2 points
So im pretty new and still learning. How does md5 checksum work and how do you do it? Trying to avoid issues in the future after getting burned by pcgamer21 myself. Im wiping and reinstalling windows after work today. Losing out on stuff i cant safely backup
[-] DeathtotheCavalry | 2 points
I want your [trusted] flair to work. To ensure the nomination is valid, I suggest only acknowledging nominations to reddit accounts with 150 karma points or more. Last thing we want is to have a bunch of sham accounts made by the same user promoting one dominant account to pursue harming this community.
If you see a post without a virus scan or a tampered file (md5 mismatch), do report it.
u/iPhunwa2 Does this include older posts?
I've uploaded quite a few games in the past couple of years, some GoG others iso and I always test run them on my PC before posting them here to make sure they run well with no bugs, viruses, or problems. When I feel they are good and non-buggy I Zipp & RAR them multiple times to decrease takedown. All of the original games and their files I have uploaded I have deleted from my PC since I have purchased the majority of them from online stores so I don't have any real access to the exe files. Trying to redownload them and test them will take a few weeks for me to do so because I'm out of town possibly until mid-January and the only real connection I have right now is from the 3G coming into my crappy cell phone.
Since all of my game posts have already had the most download traffic they will probably ever see and have not yet been reported to me or mods for viruses, should I just edit the text on my game posts telling anyone in the future (if any) that if they are downloading that game that they should scan them with the Virus Total link?
Keep up the good work on this sub.
-- extremebs
[-] TRUMP2016BUILDWALL | 1 points
What's with everyone posting applications now that this post came out?
Maybe people didn't really think to post any here prior to this?
It leaves a "side door" for a whole range of attacks called binary planting, aka DLL hijacking, unsafe DLL preloading, etc.
What about exe's that exceed the VirusTotal allowed size (128mb)? I have a setup.exe that's 425 mb that I've been considering sharing.
[-] burndogy | 80 points | Dec 16 2017 01:33:11
fuck that guy, x10 force curse on that bitch.
permalink
[-] dryshirt | 53 points | Dec 16 2017 01:58:50
We should put up a wall of shame in the wiki lmao
First spot goes to /u/pcgamer21
permalink
[-] montr2229 | 8 points | Dec 16 2017 02:07:31
Whitch uploads were his? I had only seen that the Cuphead one was his
permalink
[-] RentalSuperhero | 16 points | Dec 16 2017 02:25:01
He also had an Okami one
permalink
[-] alakaboem | -32 points | Dec 16 2017 03:24:47
which I am literally playing rn with no ill effects on my computer? bc FYI there is a looong history of steam game .exe's naturally showing that one "issue" bc of a kaspersky detection glitch they never bothered to patch out. don't blame the uploader.
permalink
[-] [deleted] | 31 points | Dec 16 2017 03:32:20
Oh I played it too and it worked wonderfully... for the first half hour. And then I tried downloading something and my top speed was 200 kbps when it's normally 2-3mbps. And then it took 10 minutes for my computer to boot up. And then I couldn't even open up a chrome window. Just because the ill effects aren't immediate doesn't mean you won't see them, or that it isn't hiding in the shadows. This was malicious. OP did it on purpose.
Use your anti-virus programs, scan your computer.
permalink
[-] alakaboem | -42 points | Dec 16 2017 03:49:20
I've had it for a full 24 hours at this point, run every scan imaginable with Norton, Malwarebytes, and Kaspersky. No issues outside normal Steam game issues. I think your computer might just be fucky.
permalink
[-] aykyle | 48 points | Dec 16 2017 04:53:54
You're literally trying to defend something that was proven already. Just stop. Keep the trojan on your PC, no one gives a fuck what you do. But there was a trojan if you downloaded his game. Plain and simple. You didn't magically get a download without one. That's not how it works.
permalink
[-] RentalSuperhero | 7 points | Dec 16 2017 07:28:29
It has been shown to have a backdoor that passed through a Vietnamese ISP. Also, they deleted their account after they were accused. If they weren't malicious there was no reason for him to delete his account.
permalink
[-] Epzilepzi | 3 points | Dec 16 2017 02:13:39
I just clicked on the link and apparently their profile doesn’t exist anymore? Did they get banned?
Edit: things
permalink
[-] RentalSuperhero | 10 points | Dec 16 2017 02:25:27
He deleted his account after he got found out
permalink
[-] Epzilepzi | 19 points | Dec 16 2017 02:25:44
Wow what a coward.
permalink
[-] Lightning777666 | -16 points | Dec 16 2017 16:08:43
assuming gender i see
permalink
[-] doctorwho6904 | 2 points | Dec 28 2017 05:36:41
Coward.
permalink