Last Active: Jul 15, 2020
Threads: 1
Posts: 3
Reputation:
0
Hi everyone, I have pre-activated Turbotax for you, and as you can see about 700 people have downloaded so far. https://1337x.to/torrent/4496210/Intuit-...41-33-249/ I filed this year myself using this version and cracked .dll included. I would like to either get a TPB registration ASAP to upload it to thepiratebay.org...or perhaps someone can grab my torrent and upload it on the pirate bay? The problem is that I'm finding not too many torrent index search engines are finding it yet. Please help before taxes are due July 15th!!!!
Thanks,
ShtitAnQutIt
Last Active: Oct 01, 2020
Threads: 0
Posts: 2
Reputation:
0
Refer to other thread regarding 1337x version of TT here: https://pirates-forum.org/Thread-Turbota...t=turbotax. Even with the crack, this can't be used. After installing and applying manual update included, and patching the .dll, now the next step is to prevent it from auto-updating. Problem here is that it won't allow you into the program (to go into settings to prevent future auto-update attempts) UNLESS you allow updates. Tried disabling network adapter (to cut off internet connection), but it still seemed to be 'downloading...' something. After several tries, now it finally opens program, but it still prompts for activation.
Even worse, it appears that one of the 3 app components (original install file, update file or patch .dll) contains a malware payload. Checked services and several of them have been renamed with the same random char sequence appended to the service names. In a prior attempt with a different TPB Turbotax download (with no crack, just an .exe), it ran OK, but apparently Intuit has no found a way to detect 'cracks' or other altered .exe - it allow program to be run, but won't allow filing, it pops up bogus 'forms not available...' prompts on common forms, but when you attempt to 'update', it replies 'you have latest version'. This TPB download contained a somewhat similar, but worse malware payload. Not only does it add random suffixes, disabled them and prevented any system config of Windows Defender (WD) and prevented any patching of TT files from the 1337x version.
Should have run VirusTotal scan, but thought MalwareBytes (which triggers WD scan) was enough for both of these TT attempts - obviously not. Fortunately, I had created a system image, so I was able to restore. Also, Tweaking.com Windows Repair is a good tool (use the repair option to restore Windows Services and default file permissions) for recovery.
Looks like game over for TT cracks until someone has found a specific way around these problems.
Last Active: Jul 15, 2020
Threads: 1
Posts: 3
Reputation:
0
(Jul 14, 2020, 10:46 am)bobbh3 Wrote: Refer to other thread regarding 1337x version of TT here: https://pirates-forum.org/Thread-Turbota...t=turbotax. Even with the crack, this can't be used. After installing and applying manual update included, and patching the .dll, now the next step is to prevent it from auto-updating. Problem here is that it won't allow you into the program (to go into settings to prevent future auto-update attempts) UNLESS you allow updates. Tried disabling network adapter (to cut off internet connection), but it still seemed to be 'downloading...' something. After several tries, now it finally opens program, but it still prompts for activation.
Even worse, it appears that one of the 3 app components (original install file, update file or patch .dll) contains a malware payload. Checked services and several of them have been renamed with the same random char sequence appended to the service names. In a prior attempt with a different TPB Turbotax download (with no crack, just an .exe), it ran OK, but apparently Intuit has no found a way to detect 'cracks' or other altered .exe - it allow program to be run, but won't allow filing, it pops up bogus 'forms not available...' prompts on common forms, but when you attempt to 'update', it replies 'you have latest version'. This TPB download contained a somewhat similar, but worse malware payload. Not only does it add random suffixes, disabled them and prevented any system config of Windows Defender (WD) and prevented any patching of TT files from the 1337x version.
Should have run VirusTotal scan, but thought MalwareBytes (which triggers WD scan) was enough for both of these TT attempts - obviously not. Fortunately, I had created a system image, so I was able to restore. Also, Tweaking.com Windows Repair is a good tool (use the repair option to restore Windows Services and default file permissions) for recovery.
Looks like game over for TT cracks until someone has found a specific way around these problems. Bobbh3: Wow it's sounds like you faced a lot of difficulty from an infected torrent. To test validity, always check against a known Intuit 'manual update' source file and using VirusTotal will give the best confidence of non-infection. So, believe it or not, there are often false positives in these extremely thorough virus scanners found online. But they are the best, so to test them most accurately, always measure against a known 'clean' file. The secret is that Intuit when it releases 'updates' just gives you the whole program in their 'update'. I verified all my torrents' files in VirusTotal, and was at first shocked to find the claimed TrojanDropper.Agent.lxk and Adware.Presenoker were present. So after obtaining a valid, Intuit direct download and testing it, I saw the exact same results. See them here if you want: https://www.virustotal.com/gui/file/0d8f.../detection It goes without saying, bobbh3, but if you saw any more viruses or positives, then it's a safe bet that they are real malware as you experienced. Besides just trusting me, I can tell you I received my IRS refund in about 14 days after I filed with this exact torrent above. And also I can share my crack method with you if you want to know exactly how I decompiled the activation code using a C# decompiler on the main executable file, and searched within the .dll's until I found activation code. It's just a simple delete and true/false modification, nothing more and nothing less has been changed.
Last Active: Oct 01, 2020
Threads: 0
Posts: 2
Reputation:
0
(Jul 15, 2020, 04:13 am), ShtitAnQutIt Wrote: (Jul 14, 2020, 10:46 am)bobbh3 Wrote: Refer to other thread regarding 1337x version of TT here: https://pirates-forum.org/Thread-Turbota...t=turbotax. Even with the crack, this can't be used. After installing and applying manual update included, and patching the .dll, now the next step is to prevent it from auto-updating. Problem here is that it won't allow you into the program (to go into settings to prevent future auto-update attempts) UNLESS you allow updates. Tried disabling network adapter (to cut off internet connection), but it still seemed to be 'downloading...' something. After several tries, now it finally opens program, but it still prompts for activation.
Even worse, it appears that one of the 3 app components (original install file, update file or patch .dll) contains a malware payload. Checked services and several of them have been renamed with the same random char sequence appended to the service names. In a prior attempt with a different TPB Turbotax download (with no crack, just an .exe), it ran OK, but apparently Intuit has no found a way to detect 'cracks' or other altered .exe - it allow program to be run, but won't allow filing, it pops up bogus 'forms not available...' prompts on common forms, but when you attempt to 'update', it replies 'you have latest version'. This TPB download contained a somewhat similar, but worse malware payload. Not only does it add random suffixes, disabled them and prevented any system config of Windows Defender (WD) and prevented any patching of TT files from the 1337x version.
Should have run VirusTotal scan, but thought MalwareBytes (which triggers WD scan) was enough for both of these TT attempts - obviously not. Fortunately, I had created a system image, so I was able to restore. Also, Tweaking.com Windows Repair is a good tool (use the repair option to restore Windows Services and default file permissions) for recovery.
Looks like game over for TT cracks until someone has found a specific way around these problems. Bobbh3: Wow it's sounds like you faced a lot of difficulty from an infected torrent. To test validity, always check against a known Intuit 'manual update' source file and using VirusTotal will give the best confidence of non-infection. So, believe it or not, there are often false positives in these extremely thorough virus scanners found online. But they are the best, so to test them most accurately, always measure against a known 'clean' file. The secret is that Intuit when it releases 'updates' just gives you the whole program in their 'update'. I verified all my torrents' files in VirusTotal, and was at first shocked to find the claimed TrojanDropper.Agent.lxk and Adware.Presenoker were present. So after obtaining a valid, Intuit direct download and testing it, I saw the exact same results. See them here if you want: https://www.virustotal.com/gui/file/0d8f.../detection It goes without saying, bobbh3, but if you saw any more viruses or positives, then it's a safe bet that they are real malware as you experienced. Besides just trusting me, I can tell you I received my IRS refund in about 14 days after I filed with this exact torrent above. And also I can share my crack method with you if you want to know exactly how I decompiled the activation code using a C# decompiler on the main executable file, and searched within the .dll's until I found activation code. It's just a simple delete and true/false modification, nothing more and nothing less has been changed.
ShtitAnQutIt: Thanks for the info - I'm aware of false positives with VirusTotal, but that's a good idea to compare with a known, 'officlal' binary. It appears that the update file is not exactly the 'whole program', since it appears to contain code that detects whether or not TT is installed. Therefore, the VirusTotal results is a comparison of their update file vs the update file in the torrent. That leaves the original install 'setup h&b.exe' file or the patched .dll as possibly infected. Tested 'setup h&b.exe', same results as yours here: https://www.virustotal.com/gui/file/6b7b.../detection, and the patch .dll came up completely clean.
Did some more research on this - apparently this is by design (?!): https://www.tenforums.com/performance-ma...ndows.html - seeing doubled/duplicate essential Windows services. Strange - I assumed you checked services.msc on your computer and didn't see any strange service names with random suffixes and/or 'failed to read...' in the service descriptions.
So now that this apparently was never an infection from your 1337x posting, there still is a functionality problem as I mentioned in the first paragraph of my original post (can't get past auto-update - it won't let you start without it, or it ends up requiring activation).
Fortunately, I filed an extension.
Last Active: Nov 19, 2024
Threads: 615
Posts: 7,941
Reputation:
86
Apr 17, 2023, 04:15 am
(This post was last modified: Apr 17, 2023, 19:06 pm by RobertX. Edited 3 times in total.)
Now that shithead's post is gone, I'll redact the comments of this post.
Happy downloading!
|