Jump to content

Malware is allowed here?

antiqque

By antiqque
in Discussion

 Share

Recommended Posts

wyaa Newbie

wyaa

Posted
Posted

Did it delete any of your files? I also downloaded it yesterday, ran it and watched it try to open up 127.0.0.1 in firefox (luckily I was offline so it couldn't callback to its host and do real damage). But it did manage to deleted some small (<1mb) txt and zip files in my documents (thankfully, just gaming related stuff as I rarely use this PC and is up for sale). Managed to find it in Appdata and delete it immediately followed by a deep AV scan.

 

I'm wondering about the other 3k+ people who also downloaded it though... If you see this thread let us know.

 

How I deleted it:

1. Kill your internet connection

2. Open up taskmanager

3. Look for "trainer.data"

4. Right click and select "open file location"

5. Delete entire folder named "Localserver ver(?)"

6. Run AV scan

Link to comment
Share on other sites
CubeCat Rookie

CubeCat

Posted
Posted

I feel like this really needs to be bumped or stickied, for anyone who downloaded that so that if they google it or check, at least they get a heads up, because nexus is trusted so few people even would consider they would get a keylogger from here.

Link to comment
Share on other sites
wyaa Newbie

wyaa

Posted
Posted

I feel like this really needs to be bumped or stickied, for anyone who downloaded that so that if they google it or check, at least they get a heads up, because nexus is trusted so few people even would consider they would get a keylogger from here.

 

This is one of the reasons I didn't think twice before downloading it. I thought mods uploaded here would at least be checked before they were approved for sharing. Guess I'll have to be more cautious on here next time. Also, it did install a keylogger literally called "PasswordStealer" that hid itself in Appdata/Roaming.

Link to comment
Share on other sites
UhuruNUru Community Regular

UhuruNUru

Posted
Posted

 

I feel like this really needs to be bumped or stickied, for anyone who downloaded that so that if they google it or check, at least they get a heads up, because nexus is trusted so few people even would consider they would get a keylogger from here.

 

This is one of the reasons I didn't think twice before downloading it. I thought mods uploaded here would at least be checked before they were approved for sharing. Guess I'll have to be more cautious on here next time. Also, it did install a keylogger literally called "PasswordStealer" that hid itself in Appdata/Roaming.

 

Nexus does check for known viruses, but Virus checkers only check for known malware, and as mods can do a lot of the same things as a virus might, it's not really possible to use Heuristics (Look for suspicious behaviour) with legit mods, doing the same sort of things. So Nexus doesn't do heuristic checks.

 

This wasn't technically malware, It scanned parts of your drives, copied game (steam), document files, all things legit mods have also done on my PC, only when it tried to send the collected data did it really show it's intent.

Closer inpection of what data it gathered, makes it's intent clear, but you had to let it collect that data first, and block the connection attempt, before you could inspect the files it gathered.

I suspected this might be malicous, a first time user, with no site history, uploading a trainer, is suspicious to me, where Nexus automation wouldn't pick up, and this site gets way to many uploads to do manual checks, unless we report the mod.

I downloaded it to see if it was, watched what it created, and blocked it from the internet.

Then reported it, as others did.

 

You should have security set to alert you to new connection requests, and have blocked it yourself.

 

People are taking advantage of the fact that players are requesting modders to make mods for Cyberpunk 2077 when there isn't even modding tools for it yet, so when someone posts Malware, they know tons of people will download it.

 

It took over a year for Bethesda to release mod tools for Skyrim SE.

Got nothing to do with modding tools, Chaet Engine is often the starting point for sussing out new games, whether they get mod support later, or not.

Cheat Engine uses text based Cheat Table files (*.CT) these CANNOT be replaced by malware, and Cheat Engine itself is a well known program

Cheat Engine

 

The main Cheat Table site is FearLess Revolution AKA FearLess Cheat Engine

Tables - FearLess Cheat Engine

 

There is a well established community, with wide knowledge of finding hard coded elements of new games within the Exe, while mainly focused on creating "Cheats", it often includes elements of modding.

Some of the most difficult to mod games, with no dev tools ever provided owe the establishment of now thriving communities, got their first indications of how these games might be modded, from the cheat engine communities.discoveries.

 

While I only recommend using Cheat Engine, the existence of legitimate Trainers is another option

 

Trainers

These are stand alone executables, for specific games that do the same job as Cheat Engine, but in a more idiot proof format, they need no basic knowldege, from the user.

Cheat Tables are not complex to use, but Cheat Engine is also used to create the cheat tables, so it can intimidate new users, that just want to run an existing Table.

 

Trainers offer an easy alternative, but as each game requires a new executable, it's much easier to abuse by the malicious attacker like this fake Trainer did.

Even when Trainers do what they say, they may take the work that Cheat Table makers freely provided, and sell their Trainer without even creditting the sources.

Reputable Trainer makers exist, even some of those that sell the trainers, but when money gets involved, morals get set aside.

 

Alternative

 

Another option for those intimidated by Cheat Tables, is the FearlessRevolution App, a multi-game Trainer controlled by the Fearless Cheat Engine Site.

Download FearlessRevolution App

 

I still recommend Cheat Engine, but this is a safe easy option.

Link to comment
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...