⭠ Back to MegaDB Search

iPhunwa2 | 390 points | Dec 16 2017 00:46:02

[ANNOUNCEMENT] Requirements to post Games or Applications | Megalinks MegaDB [ANNOUNCEMENT] Requirements to post Games or Applications

In order to post executable files from now on, it is mandatory | Megalinks MegaDB mandatory to include a VirusTotal scan of the EXE file, similar to this. The executable can only be posted if it passes all | Megalinks MegaDB all the tests (barring some false positives for Keygens, etc), and the MD5 Checksum (under 'Details' tab) matches that to the original file.

If you see a post without a virus scan or a tampered file (md5 mismatch), do report it.

That being said, you can never be 100% sure. In the event that you do get a malware or a virus, here are some guides to help you out;

  1. The Ultimate Malware Removal Guide: Detect and Remove Any Malware
  2. Keep your PC healthy! AdWare/Malware/Junkware removal guide (thanks to /r/buildapc)
  3. Official Malware Removal Guide (thanks to /r/techsupport)

Also, I'm willing to flair up users as TRUSTED for added visibility and ease of use. If you feel like you deserve the flair, or would like to nominate a user comment below or send me a message.

E: | Megalinks MegaDB E: In the case of an ISO, mention the MD5 hash of the ISO. It is the responsibility of the person downloading the files to double check and confirm whether the mentioned hash and other details match with the file downloaded or not. If they don't, report the post and remove the files.

E2: | Megalinks MegaDB E2: Sometimes key-generators and cracks can flag a false positive report.

E3: | Megalinks MegaDB E3: Same applies for Android APKs

E4: | Megalinks MegaDB E4: If the file size is too large for VirusTotal, post a screenshot of the scan results for the file on your computer's antivirus software.


[-] burndogy | 80 points | Dec 16 2017 01:33:11

fuck that guy, x10 force curse on that bitch.


[-] dryshirt | 53 points | Dec 16 2017 01:58:50

We should put up a wall of shame in the wiki lmao

First spot goes to /u/pcgamer21


[-] montr2229 | 8 points | Dec 16 2017 02:07:31

Whitch uploads were his? I had only seen that the Cuphead one was his


[-] RentalSuperhero | 16 points | Dec 16 2017 02:25:01

He also had an Okami one


[-] alakaboem | -32 points | Dec 16 2017 03:24:47

which I am literally playing rn with no ill effects on my computer? bc FYI there is a looong history of steam game .exe's naturally showing that one "issue" bc of a kaspersky detection glitch they never bothered to patch out. don't blame the uploader.


[-] [deleted] | 31 points | Dec 16 2017 03:32:20

Oh I played it too and it worked wonderfully... for the first half hour. And then I tried downloading something and my top speed was 200 kbps when it's normally 2-3mbps. And then it took 10 minutes for my computer to boot up. And then I couldn't even open up a chrome window. Just because the ill effects aren't immediate doesn't mean you won't see them, or that it isn't hiding in the shadows. This was malicious. OP did it on purpose.

Use your anti-virus programs, scan your computer.


[-] alakaboem | -42 points | Dec 16 2017 03:49:20

I've had it for a full 24 hours at this point, run every scan imaginable with Norton, Malwarebytes, and Kaspersky. No issues outside normal Steam game issues. I think your computer might just be fucky.


[-] aykyle | 48 points | Dec 16 2017 04:53:54

You're literally trying to defend something that was proven already. Just stop. Keep the trojan on your PC, no one gives a fuck what you do. But there was a trojan if you downloaded his game. Plain and simple. You didn't magically get a download without one. That's not how it works.


[-] RentalSuperhero | 7 points | Dec 16 2017 07:28:29

It has been shown to have a backdoor that passed through a Vietnamese ISP. Also, they deleted their account after they were accused. If they weren't malicious there was no reason for him to delete his account.


[-] Epzilepzi | 3 points | Dec 16 2017 02:13:39

I just clicked on the link and apparently their profile doesn’t exist anymore? Did they get banned?

Edit: things


[-] RentalSuperhero | 10 points | Dec 16 2017 02:25:27

He deleted his account after he got found out


[-] Epzilepzi | 19 points | Dec 16 2017 02:25:44

Wow what a coward.


[-] Lightning777666 | -16 points | Dec 16 2017 16:08:43

assuming gender i see


[-] doctorwho6904 | 2 points | Dec 28 2017 05:36:41



[-] MTFlava | 25 points | Dec 16 2017 02:21:33

Running virus scans on any .exe file (trusted or not) is a good rule of thumb. Kudos to the proactive steps being taken in light of pcgamer21's tomfuckery.


[-] [deleted] | 17 points | Dec 16 2017 03:28:40

I think discussion among the community is also important. When I commented that the Okami file had a Trojan, the only person to talk to me about it was OP, and he convinced me that it was a false positive. Other people mentioned that they found it suspicious but didn't want to say anything about it. Obviously me trusting /u/pcgamer21 was my own fault but I hope that in the future we look out for each other.


[-] AabidS10 | 14 points | Dec 16 2017 03:43:23

Remember the days when you could download something here without any worries. I never even thought about viruses when downloading something here.


[-] Akoustyk | 26 points | Dec 16 2017 04:57:21

Ya those days were right before this post.


[-] alphaAlbert | 27 points | Dec 16 2017 05:04:45

I remember it like it was yesterday... wait.


[-] IgnoreMyName | 5 points | Dec 16 2017 08:57:13

I ALWAYS run a Malwarebytes scan on EVERYTHING I download. If I can automate a scan for every download like with InternetDownloadManager, I do. I would recommend people to build that habbit as well. You never know when malware will make it through.


[-] rivinhal | 4 points | Dec 16 2017 11:36:13

Same. Malwarebytes = your friend.

I'd like to be able to trust people without worry, but the fact is that sometimes people just suck. It's easier to say "better safe than sorry" and run some scans anyhow.


[-] AabidS10 | 3 points | Dec 16 2017 10:16:02

yeah. thnx for the tip


[-] shunabuna | 14 points | Dec 16 2017 01:16:54

How would someone know that the virustotal they posted is associated with their exe?


[-] iPhunwa2 | 15 points | Dec 16 2017 01:25:32

Yes, that is why I’ve mentioned links to guides which should help you in the case its a malware. We’re looking into implementing a rule where there is a certain account age and karma required to post executable files, but you’ll still have to be proactive and careful yourself regardless of how strict the rules are.


[-] nuvpr | 3 points | Dec 16 2017 16:31:04

minimum age to post executables

flair up users as TRUSTED

I think that's a bit too much, and will only divide the user base as anyone who isn't "blessed" by the mod team becomes a potential suspect...

The VirusTotal/Hash procedure should suffice, in my opinion, although some antivirus programs on VT will inevitably false-flag a lot of keygens/cracks especially in the case of operating systems (e.g. Windows activators and the like).


[-] DeathtotheCavalry | 2 points | Dec 16 2017 17:24:50

based on my reading of the new policy, the [trusted] flair is a badge of honor. I don't see the mods banning a post for not having the [trusted] badge.


[-] confesstoyou | 10 points | Dec 16 2017 04:58:29

How does this work when any keygen or crack is going to raise a bunch of false positives?


[-] Jhfm | 6 points | Dec 16 2017 08:03:19

Yep. I use couple of keygen and cracking apps....been using them for over a year now without any problem. VirusTotal shows them as Trogan, malware or hacktool.


[-] zbxr81 | 9 points | Dec 16 2017 04:32:59

I'm a big fan of the VirusTotal website and for many years have used it on stuff I downloaded, but I fear these requirements may be too stringent.

Regarding the requirement that all tests be passed, a lot of times there is some crappy, non-reputable anti-virus program(s) that I have never even heard of that detects something as a virus when it is not. For example, there may be a couple of incorrect virus detections, but the file may nevertheless have a good community score on VirusTotal and lots of comments saying that the file is clean. Also a reputable, well-known antivirus package will say it's clean.

Some antivirus programs may fail to complete the scan for whatever reason, in which case the file will have an incomplete report (can't pass all the tests).

Some antivirus software flags pirated software as bad. It's usually possible to tell that it is not a real virus because it will be flagged as a weird category of supposed malware, like "Keygen.Generic" or something.

Also, just FYI, there are programs that can calculate a file's sha256 hash, which is more secure than md5 and is also listed on VirusTotal (at the very top, right above the file name and below "engines detected this file").

Lastly, I may be wrong, but I thought there was file size limit with VirusTotal.


[-] greenmky | 7 points | Dec 16 2017 04:45:43

MD5 file hash collision is incredibly rare, basically if someone uses it to fool you into executing another fille, it's a Nation state attack. Individual users shouldn't worry about that, really. They would likely save that kinda stuff for enterprises, to circumvent app whitelisting and the like (normally that uses sha256 though for the above reason).

A lot of software cracks are gonna flag heuristics because the kinds of things they are doing (process injection, encryption defeating, etc) look like malware.

And a lot of legit software flags one or two scanners' heuristic engines, especially the crummier AV. I tend to look at the big AV companies...Symantec, mcAfee (shudder), NOD32, Kaspersky (despite Russian state influence), Trend Micro, etc when analyzing a file.

Oh, and brand new viruses (often compiled from a DIY kit) will often show 0/50ish or whatever on VT until they are detected. VT is often useless for freshly packed malware. Don't trust brand new hashes either. Hard for new release cracked software.

Just some input from your friendly Cyber Security Incident Response lurker.


[-] zbxr81 | 3 points | Dec 16 2017 05:16:00

One thing I sometimes look at on VT is Details -> History, where it lists dates for First Submission | Megalinks MegaDB First Submission and Last Submission and Last Analysis. I figure if it was submitted a long time ago, then it's more likely that the antivirus community would have figured out by now whether it's a virus or not. I notice that one of pcgamer21's files was first submitted a few days ago and already is detected by more than 50% of engines, so in the case of this file it is now super-obvious that it is malware that should be removed (but it would not be obvious malware if the file only had one or two detections from obscure antivirus software, especially if the first submission was long ago, so I think maybe such posts should not be removed from this sub).


[-] pmjm | 1 points | Jan 03 2018 13:37:10

Not just software cracks. I'm a developer and many of the exe's I compile raise heuristics positives. Every time I issue an update I get a bunch of emails saying that xyz virus scanner is raising a fuss. Virustotal confirms.


[-] KawaiiDango | 6 points | Dec 16 2017 03:17:03

Is or was this an issue with the recent Adobe apps posted recently? I have a friend who downloaded them but haven't installed them yet.


[-] ASentientBot | 12 points | Dec 16 2017 04:15:18

fwiw, for the Adobe apps, it's often simpler to get the actual installers from Adobe and then just patch them with amtemu or similar, is it not?


[-] Akoustyk | 3 points | Dec 16 2017 05:02:32

Whats amtemu?


[-] ASentientBot | 5 points | Dec 16 2017 05:33:16

Quick search either on Google or /r/megalinks or /r/mstoolkit will bring up some results. Basically it's a crack that involves replacing a library in the Adobe app which bypasses the license key check.


[-] Akoustyk | 2 points | Dec 16 2017 22:41:24

Well wouldn't you need a specific one like that for each version? Idk how to make those. If you download the most recent version, it might have a fix for whatever crack has already been released.


[-] iPhunwa2 | 11 points | Dec 16 2017 03:24:20

Yes, they were malicious as well and the user was banned


[-] Akoustyk | 3 points | Dec 16 2017 04:56:25

I have found that cracked software, especially if there is a key generator sometimes gets flagged by anti-virus software, but there isn't actually a virus.

What gets flagged with the adobe software?


[-] groundnutstew | 2 points | Dec 16 2017 13:03:25

i had downloaded them but hadnt installed yet. im very grateful for this.


[-] shampeh | 3 points | Dec 16 2017 02:21:27

md5 the iso..... and you dont have to worry about tampered releases.


[-] heatproofmatt | 3 points | Dec 16 2017 02:29:59

I have a Bunch of mac games from humble bundle. what should i use to show they are safe?


[-] ThatOneDudeHere | 3 points | Dec 16 2017 06:38:49

I'd like to see the original NFO files for the releases included if people have them as well. I'm far more likely to trust a known group than some random post. Usually you can google the release and confirm the MD5 that way.


[-] HarukaJPN | 2 points | Dec 16 2017 04:03:12

Thank you for this announcement. I joined cuz I saw u/pcgamer21 posting nice releases, so I decided to take up the spot. Didn't know we was suspicious. Now, I'll try extra hard to make my releases easy and suitable.


[-] elijah369 | 2 points | Dec 16 2017 04:34:09

you are a godsend


[-] Akoustyk | 2 points | Dec 16 2017 05:00:46

Can we get a list of the software that was recently considered to be malicious?


[-] [deleted] | 4 points | Dec 16 2017 05:31:47

Okami HD and Cuphead posts by /u/pcgamer21. You can read more about it here https://www.reddit.com/r/megalinks/comments/7jz6mx/psa_cuphead_okami_hdwatch_out_for_malicious/


[-] oeffoeff | 2 points | Dec 16 2017 12:05:43

Does anyone know sites where we can get proper filehashes? Just posting a filehash isn't enough if you don't know what the filehash of the original is.

I only know xrel.to. Often people post the hashes in the comments there.

E.g. https://www.xrel.to/comments/1438270/Wolfenstein-II-The-New-Colossus-CODEX.html


[-] FosheeVFX | 2 points | Dec 16 2017 16:11:17

This sub is nothing but great communities and awesome posters. Then one fuck head had to go ruin it.

Def a step in the right direction though, forcing virustotal and md5 is a must anyway, this is why I haven't downloaded applications from this sub, sucks that there were indeed repercussions from a fuck up of a poster, but hey, we move on, and we get better and grow because of it.

Love you r/megalinks


[-] Mrfrodough | 2 points | Dec 16 2017 16:47:23

So im pretty new and still learning. How does md5 checksum work and how do you do it? Trying to avoid issues in the future after getting burned by pcgamer21 myself. Im wiping and reinstalling windows after work today. Losing out on stuff i cant safely backup


[-] DeathtotheCavalry | 2 points | Dec 16 2017 17:22:11

I want your [trusted] flair to work. To ensure the nomination is valid, I suggest only acknowledging nominations to reddit accounts with 150 karma points or more. Last thing we want is to have a bunch of sham accounts made by the same user promoting one dominant account to pursue harming this community.


[-] extremebs | 2 points | Dec 16 2017 20:53:06

If you see a post without a virus scan or a tampered file (md5 mismatch), do report it.

u/iPhunwa2 Does this include older posts?

I've uploaded quite a few games in the past couple of years, some GoG others iso and I always test run them on my PC before posting them here to make sure they run well with no bugs, viruses, or problems. When I feel they are good and non-buggy I Zipp & RAR them multiple times to decrease takedown. All of the original games and their files I have uploaded I have deleted from my PC since I have purchased the majority of them from online stores so I don't have any real access to the exe files. Trying to redownload them and test them will take a few weeks for me to do so because I'm out of town possibly until mid-January and the only real connection I have right now is from the 3G coming into my crappy cell phone.

Since all of my game posts have already had the most download traffic they will probably ever see and have not yet been reported to me or mods for viruses, should I just edit the text on my game posts telling anyone in the future (if any) that if they are downloading that game that they should scan them with the Virus Total link?

Keep up the good work on this sub.

-- extremebs


[-] TRUMP2016BUILDWALL | 1 points | Dec 16 2017 08:33:57

What's with everyone posting applications now that this post came out?

Maybe people didn't really think to post any here prior to this?


[-] sirin3 | 1 points | Dec 16 2017 11:46:29

What if someone has a MD5 collision?


[-] ZacZackk | 1 points | Dec 16 2017 12:55:14

Thank you very much for this!


[-] F00F-C7C8 | 1 points | Dec 16 2017 19:24:02

It leaves a "side door" for a whole range of attacks called binary planting, aka DLL hijacking, unsafe DLL preloading, etc.


[-] pmjm | 1 points | Jan 03 2018 13:35:01

What about exe's that exceed the VirusTotal allowed size (128mb)? I have a setup.exe that's 425 mb that I've been considering sharing.


[-] iPhunwa2 | 2 points | Jan 03 2018 13:36:19

Scan the file on your system using your antivirus scanner and paste a screenshot of the result


[-] pmjm | 1 points | Jan 03 2018 13:46:32

Thanks. I'm glad Mega doesn't have integrated virus scanning like MediaFire, which blocks uploads that fail, including the false positives.