Trojans
#1
Whenever I try and download a program from your site I always get it stopped by my antivirus program and I mean always.
I know that this may be a false positive as it happens on serial numbers and cracks.....what should I do?
I continue to admire the work you do and it is of great help.
Long may you all continue.
Ron
Reply
#2
You don't download anything from TPB. If you are actually downloading things from a site claiming to be TPB, it isn't, and that's why your antivirus is going crazy.
Reply
#3
Rules of thumb for newbies in particular;

1. NEVER download anything newer than a day or two, particularly if the poster is sporging (sending a bunch of posts around the same time). ALWAYS take a look at the poster link first. If he is posting a bunch of shit but the history, which may be many pages long - is for only ONE day, it IS booger infested. TPB mods generally delete crap when they get around to it - usually 24-48 hrs.

2. If downloading media ALWAYS pay attention to media extensions. Avi, Mp4, etc - fine.
Exe, cmd. scr,, lnk = booger.

3. Nearly all AV programs will flag keygens and cracks as boogers. Its corporate bullshit, and if you look closely it will generally say something like trojan.generic.xxxxxx - people who release cracks and keygens often encrypt their work to keep other folks from reverse engineering the code. Its stupid, but its done, and encryption is also used by boogers.
HOWEVER if it says something different like trojan.cephas.variant, or something where a particular name is given then google the name, and in any case delete the program if a crack, but you can run the keygen in a sandbox if there are any doubts.
If the booger is found in an .exe/msi file that is part of the actual install delete it forthwith. NB - this does not apply to cracks/keygens.

4. Do NOT rely on AV scanners to detect malware. It will only detect garbage from low level script kiddies. At the top of the food chain the boogers will often take monts to years to be detected. Some will never be found at all. All new malware is tested against ALL the major scarners on places like VirusTotal, even before they are released!!!!

5. Use a sandbox or VM for anything in doubt. In general, posters with skulls are reliable, though there are some good ones without.
NB - Many boogers will not activate in a sandbox if it uses one processor. A VM with packet sniffer and firewall, set to two processors is probably the best way to test. But BEWARE - some boogers can detect VMs, though they are probably on the high end.
Reply
#4
(Apr 16, 2019, 19:59 pm)waregim Wrote: Rules of thumb for newbies in particular;

1. NEVER download anything newer than a day or two, particularly if the poster is sporging (sending a bunch of posts around the same time). ALWAYS take a look at the poster link first. If he is posting a bunch of shit but the history, which may be many pages long - is for only ONE day, it IS booger infested. TPB mods generally delete crap when they get around to it - usually 24-48 hrs.  

2. If downloading media ALWAYS pay attention to media extensions. Avi, Mp4, etc - fine.
Exe, cmd. scr,, lnk = booger.

3. Nearly all AV programs will flag keygens and cracks as boogers. Its corporate bullshit, and if you look closely it will generally say something like trojan.generic.xxxxxx - people who release cracks and keygens often encrypt their work to keep other folks from reverse engineering the code. Its stupid, but its done, and encryption is also used by boogers.  
HOWEVER if it says something different like trojan.cephas.variant, or something where a particular name is given then google the name, and in any case delete the program if a crack, but you can run the keygen in a sandbox if there are any doubts.
If the booger is found in an .exe/msi file that is part of the actual install delete it forthwith. NB - this does not apply to cracks/keygens.

4. Do NOT rely on AV scanners to detect malware. It will only detect garbage from low level script kiddies. At the top of the food chain the boogers will often take monts to years to be detected. Some will never be found at all. All new malware is tested against ALL the major scarners on places like VirusTotal, even before they are released!!!!

5. Use a sandbox or VM for anything in doubt. In general, posters with skulls are reliable, though there are some good ones without.
NB - Many boogers will not activate in a sandbox if it uses one processor. A VM with packet sniffer and firewall, set to two processors is probably the best way to test. But BEWARE - some boogers can detect VMs, though they are probably on the high end.

Thank you so much.you are so helpful especially to newbies like myself.
Keep up the good work and have a good Easter.
Thank you again...........I love you all.
Reply
#5
just quick question..is it true that someone could infect you with trojan virus,with hiding it into movie or music file what i downloaded and played.what chances for that?i heard stories,where people get infected with perfectly working music/movie files..or is it just scare talk??
Reply
#6
There's the "CODEC needed to play not found - click here to download" trick. Nowadays, nearly everything is risky, but if you block auto-execute and media access to Internet, and learn to use a good firewall and anti-malware, you should be safe.
Reply
#7
A recent variation seen here goes something like:
MELANIA BOINKED (1080p)

The main file downloaded is MELANIABOINKED.lnk

Windows will *execute* a lnk file (its supposed to be a link) - but in this case its a nasty booger.

Media files are not *supposed* to be able to execute, but if crafted right might be able to pull up scripts which can.
Just think of PDF files loaded with VB scripts to access sites or download crap.

ALWAYS use a file manager that displays files extensions, and even better one which has a VIEW function that can see the beginning of the files code section. AVIs, PDFs, and others have similar 'header sections.
MZ at the beginning of any file not labelled as a EXE or DLL *is* a booger.
Reply
#8
Hey, the new "May 2019" update for Windows 10 will contain a sandboxi, ain't that awsome?
Reply
#9
Well..... no.

The problem is that you can be certain it will not block telemetry.
Reply
#10
It does though, if you disconnect from the internet.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  30,000 ‘Pirates’ Receive Fake ‘Fines’ With Trojans Attached Ernesto 0 9,945 Jul 08, 2014, 12:57 pm
Last Post: Ernesto



Users browsing this thread: 1 Guest(s)