Paynamia
-
Posts
7 -
Joined
-
Last visited
Content Type
Blog
Screenshot Slider
Forums
Downloads
Gallery
Calendar
Posts posted by Paynamia
-
-
Got it, thanks. If I come across any more, I'll swap 'em out ASAP.
-
Some articles, such as The Suffering, include links to files hosted on FilePlanet. The problem is, FilePlanet seems to no longer be a safe website to use. All downloads redirect to their 'Install Manager' which is a bundle installer and apparently some derivative of InstallCore, which has been classified as a PUP since 2014. Additionally, all downloads are exactly the same file, with the SHA256 hash of a2aac45b6ae5a09bfa9e4ecdd90c5caa42acbe53588160fa6aa3f357ec6035bf, and are in no way customized for downloading any requested file. This is the VirusTotal report for a file downloaded as 'the-suffering_VVgK-01.exe'. As you can see further down the page, the website has offered the same file for many downloads, including non-executable files and apparently non-free files.
I suggest that FilePlanet urls be either replaced with more trustworthy file hosts or removed outright.
-
3 hours ago, dei_do said:
That might indicate that whoever originally uploaded it to VT had their PC infected.
Seems not, I uploaded a freshly downloaded copy of sadx_installer.exe and the SHA256 matched what was already online.
-
541c6aa57ddd7da0c6902aa1e92155eb.virus seems to drop and execute various files, including what seems to be an infected copy of Chocolatey which drops this executable disguised as a changelog, an executable called Zombie.exe which is dropped into the system folder and is also dropped by various other *.virus files, a fake version of an Acrobat Reader installer, and a couple of executables disguised as log files.
Along this web there are various outside connections to seemingly-random websites, various IPs, several bitcoin-related URLs and many connections to trojans purporting to be things like Acrobat Reader, logs or temporary files.
EDIT: I ran the installer with any.run, I took it as far as possible in a sandbox without a copy SADX and up to then, nothing malicious occurs.
-
This is the scan for 7zr.exe extracted.
https://www.virustotal.com/gui/file/73628e0b1566de03c0d846cb774bf5ae02cb5c363988ced5be23aeba3275b72e
No idea what VT is finding, but apparently it's a file named "541c6aa57ddd7da0c6902aa1e92155eb.virus".I'd say make an issue report on Github about it.
EDIT: Made an issue myself.
-
Brilliant, now people who would pirate it anyway just wait a day for the crack, while people who would've bought it on GOG instead never buy their games. Meanwhile, people who oppose this ridiculous stance may also stop purchasing their games. Good work, looks like lost sales all around to me.
Staff Ruling for Article Edit Required
in Articles and troubleshooting
Posted
I recently added a fixbox for running The Sims under Windows 10 to the game's article. Due to the necessity of DRM removal, I followed relevant site policy and mentioned the required fix without providing further instructions or links.
Ten minutes later, my revisions were removed with the edit note claiming "don't place general information *which is already handled at the top of this very article*". I object to this on these positions:
I personally spent longer than would otherwise be necessary trying to make my retail copy of The Sims: Complete Collection work due to the total lack of any fix information in this article, and strongly feel that a point in the right direction is necessary.
Thank you for your time.
EDIT: Just realized I put this in Development instead of Articles. My mistake. As there doesn't seem to be any user-facing way to move or delete the topic, I guess I'll leave it as is for now. Sorry.