[Other] BEWARE OF MALWARE IN Vaio's SHARES!!

azurebalmung · Nov 29, 2017

BEWARE OF VAIO's SHARES!

Inside the link, it has a self extracting archive. However, inside the archive you might find an additional folder called "Data". Some games may have this folder, but there are some files to beware of.

DSETUP.dll, dsetup32.dll, Jun2010_d3dcsx_43_x64.cab, Jun2010_d3dx10_43_x64.cab, Jun2010_d3dx11_43_x64.cab, Jun2010_XACT_x32.cab, run.exe

During self extraction, THESE FILES WILL INSTALL MALWARE INTO YOUR COMPUTER! BE CAREFUL!!! Check your Task Manager for "ErrorCheck" to see if you have been compromised!!!

P.S. I did not test ALL his shares, so download at your own risk

pizzamargherita · Nov 30, 2017

Checked same other archives, they're self extracting but you can just extract the content with winrar and examine the files;
even if the antivirus won't trigger a warning there are suspect executables or dll without certificate or version;
The games probably can be cleaned by deleting all directx related files (the real executables/dll of the games contain technical informations that exclude tampering but i suggest a quarantena period anyway or just delete everything).

edit: looks like all releases are tampered.
Today releases contain all the suspect files in the directx folder where the file run.exe is highly suspected containing a virus, in previously releases there was both suspect run.exe and dsetup.dll; the dll at this moment can trigger Avast.

BlurredExistence · Nov 30, 2017

Thought so, i kept getting the warning with each of his shares and it was just too big a coincidence to ignore so i haven't unpacked any of them. Will the Admin be removing his stuff? I mean to be spreading this many infected shares is beyond malicious ain't it?

Windborne · Nov 30, 2017

Yes it is, hopefully an admin will ban his ass.

Checkmate · Nov 30, 2017

More than likely. But can you link me to one of the said infected release or is it everything?

Longhairdontcare · Nov 30, 2017

This is what I've found so far via ESET nod32

Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
11/27/2017 6:11:11 PM;Real-time file system protection;file;G:\C Drive Old Downloads\Sakurako Quest [exposed RPG].exe;a variant of Win32/GenKryptik.BFTG trojan;cleaned by deleting;Event occurred on a file modified by the application:
C:\Program Files\qBittorrent\qbittorrent.exe (891DCA2FAE77B374A22FB97317487AC1E67756D3).;10E313EB619DA5BE9847DF9D6259707A5A27BB07;11/27/2017 6:04:10 PM
11/27/2017 6:23:26 PM;Real-time file system protection;file;G:\C Drive Old Downloads\Lost Kingdom Of Princess Knight Alicia.exe;a variant of Win32/GenKryptik.BFTG trojan;cleaned by deleting;Event occurred on a file modified by the application:
C:\Program Files\qBittorrent\qbittorrent.exe (891DCA2FAE77B374A22FB97317487AC1E67756D3).;FF2F983BE99BE5A62873BBCAA769CF88E455E3EC;11/27/2017 6:04:21 PM
11/28/2017 3:56:16 PM;Real-time file system protection;file;G:\C Drive Old Downloads\Town of Passion - Beta 0.2.2.exe;a variant of Win32/GenKryptik.BFTG trojan;cleaned by deleting (after the next restart);
Event occurred on a file modified by the application: C:\Program Files\qBittorrent\qbittorrent.exe (891DCA2FAE77B374A22FB97317487AC1E67756D3).;FF004CA8FEF56AC2D61BE998ADC56853E89E5D88;11/28/2017 3:39:26 PM
11/28/2017 3:56:44 PM;Real-time file system protection;file;G:\C Drive Old Downloads\Elf Crisis ~ Elf Of Princess Miko Of Adventure ~.exe;a variant of Win32/GenKryptik.BFTG trojan;cleaned by deleting (after the next restart);
Event occurred on a file modified by the application: C:\Program Files\qBittorrent\qbittorrent.exe (891DCA2FAE77B374A22FB97317487AC1E67756D3).;0E012367C04411085A9DFDB240FC926BC9405931;11/28/2017 3:38:51 PM
11/28/2017 4:45:22 PM;Real-time file system protection;file;G:\C Drive Old Downloads\Town of Passion - Beta 0.2.2.exe;a variant of Win32/GenKryptik.BFTG trojan;cleaned by deleting (after the next restart);
Event occurred during an attempt to access the file by the application: C:\Program Files\qBittorrent\qbittorrent.exe (891DCA2FAE77B374A22FB97317487AC1E67756D3).;6643EA91EDE9AE591A9ED34D66FAA36AB2E5B90E;11/28/2017 3:39:26 PM

Animefan_09 · Dec 1, 2017

Damn, i downloaded Sword princess and got a warning when usin winrar on it, antivirus moved the file and all, i ignored it because it always jumps with games and aparently the file removed didn't fuck the game, just erased the others myself, i haven't noticed anything but is there a way i can check for malware on my own?

amaimono · Dec 1, 2017

Animefan_09 said:
Damn, i downloaded Sword princess and got a warning when usin winrar on it, antivirus moved the file and all, i ignored it because it always jumps with games and aparently the file removed didn't fuck the game, just erased the others myself, i haven't noticed anything but is there a way i can check for malware on my own?

Install Malwarebytes and run a scan on your OS drive.

Animefan_09 · Dec 1, 2017

amaimono said:
Install Malwarebytes and run a scan on your OS drive.

How precise is that? i mean i have various games (hentai and not) and my antivirus while good tends to see the cracks as virus.

Paprika · Dec 1, 2017

Avast gives the same report Win32/GenKryptik.BFTG trojan found and eliminated. Looks like we have an asshole spreading viruses for a botnet.

Longhairdontcare · Dec 1, 2017

Let's burn the witch and celebrate.

View attachment 17959

pizzamargherita · Dec 1, 2017

Checkmate said:
More than likely. But can you link me to one of the said infected release or is it everything?

All his releases are infected, but also all those releases can be fixed easily.

amaimono · Dec 1, 2017

Animefan_09 said:
How precise is that? i mean i have various games (hentai and not) and my antivirus while good tends to see the cracks as virus.

It usually detects cracks as cracktools, but when it's not, well, years of downloading pirated stuff usually wisen someone up a bit.

karunow · Dec 1, 2017

Is there a list of his archives ? I want to check if I got infected.

Edit: Couldn't find his post since it must have been deleted along with his ban.

azurebalmung · Dec 1, 2017

Animefan_09 said:
Damn, i downloaded Sword princess and got a warning when usin winrar on it, antivirus moved the file and all, i ignored it because it always jumps with games and aparently the file removed didn't fuck the game, just erased the others myself, i haven't noticed anything but is there a way i can check for malware on my own?

The ones from Vaio will have a task called "ErrorCheck" if you open Task Manager. If you see this, you have been infected. Not sure if this is the only one tho.

To remove the malware from Vaio:
1) Open Task Manager
2) Look for "ErrorCheck", but do not end task yet. Instead, right click it and "Open file location". It should bring you to a flashplayer folder.
3) End the "ErrorCheck" task, and delete the flash folder(s). I think its macromedia or something, but if you are unsure, just delete them all.
4) Check that it does not come back. And yes, probably its time to get an antivirus or antimalware. Though I still don't like either :p

Animefan_09 · Dec 1, 2017

azurebalmung said:
The ones from Vaio will have a task called "ErrorCheck" if you open Task Manager. If you see this, you have been infected. Not sure if this is the only one tho.

To remove the malware from Vaio:
1) Open Task Manager
2) Look for "ErrorCheck", but do not end task yet. Instead, right click it and "Open file location". It should bring you to a flashplayer folder.
3) End the "ErrorCheck" task, and delete the flash folder(s). I think its macromedia or something, but if you are unsure, just delete them all.
4) Check that it does not come back. And yes, probably its time to get an antivirus or antimalware. Though I still don't like either :p

Looks like Avast saved me this time, i see nothing and haven't noticed any irregularities so far, i did find the file in the virus chest, already erased all of them.

karunow · Dec 1, 2017

Animefan_09 said:
Looks like Avast saved me this time, i see nothing and haven't noticed any irregularities so far, i did find the file in the virus chest, already erased all of them.

Did you download all of Vaio shares ? Cause I wanted to see if I download them too :/

Animefan_09 · Dec 1, 2017

karunow said:
Did you download all of Vaio shares ? Cause I wanted to see if I download them too :/

Nahh, only the princes cistina or something, the one that was made by the same circle as Treasure Hunter Mai.

karunow · Dec 1, 2017

Animefan_09 said:
Nahh, only the princes cistina or something, the one that was made by the same circle as Treasure Hunter Mai.

Ah ok thanks, I'll just have to check the specific files OP mentioned then.

corocoro · Dec 1, 2017

List of deleted threads (click on the images to see all threads and assume all were infected):

amaimono · Dec 2, 2017

konekokica <- vaio's new account?

JorgeFFC · Dec 2, 2017

People get banned and they create other accounts anyway... beware cause this guy returned as konekokica since his last post/game is also infected...

My recommendations on times such as this when bullshit people appears trying to mess with others peace:
- Check if user who posted the game or stuff have more than at least 500 posts.
- Check user story if it's a non-trusted one.
- Only trust releases from older/active members who posted a lot and we already kinda trust their releases anyway(New Dragon, girlcelly, otokosomething, flower trade winds, etc). Avoid new posters for a while ti'll stuff becomes safe again. Usually one of the mentioned posts most(if not all) newest releases from the pages anyway... sometimes vaka-vong(i think was his name) also post some clean releases. During these times i recommend downloading only from these guys/sharers, ignore all else.

Animefan_09 · Dec 2, 2017

JorgeFFC said:
People get banned and they create other accounts anyway... beware cause this guy returned as konekokica since his last post/game is also infected...

My recommendations on times such as this when bullshit people appears trying to mess with others peace:
- Check if user who posted the game or stuff have more than at least 500 posts.
- Check user story if it's a non-trusted one.
- Only trust releases from older/active members who posted a lot and we already kinda trust their releases anyway(New Dragon, girlcelly, otokosomething, flower trade winds, etc). Avoid new posters for a while ti'll stuff becomes safe again. Usually one of the mentioned posts most(if not all) newest releases from the pages anyway... sometimes vaka-vong(i think was his name) also post some clean releases. During these times i recommend downloading only from these guys/sharers, ignore all else.

For new games is always gircerly or FTW, New dragon also makes torrent but mostly of older games, kind of like a backup and reseding, and the same for New Dragon but i think he mostly doe sit with rpgs and Ovas.

pizzamargherita · Dec 2, 2017

amaimono said:
konekokica <- vaio's new account?

Now is Ozone, only a single post, infected.

RPG.Junkie · Dec 3, 2017

Let´s not get hysterical about warnings from your AV-Software ...
Cracks and key-generators often trigger malware or "unwanted software" alerts ... because publishers do not want them ... they are not a viruses or trojans or bots or whatever ...
Nonetheless you should always use common sense, when sharing files ... for those cases, when someone tries to trick/infest you ...

Just don´t panic ... keep calm and sensible ...

[Other] BEWARE OF MALWARE IN Vaio's SHARES!!

Member

Pizza the Hutt

New member

One borne upon the Wind

ピュア＆イノセント

New member

Elite Member

Active member

Elite Member

Paprika

Guest

New member

Pizza the Hutt

Active member

New member

Member

Elite Member

New member

Elite Member

New member

I Am Admin, Hear Me Roar!

Active member

New member

Elite Member

Pizza the Hutt

New member

Similar threads

Users who are viewing this thread

Recent posts