Check Nulled for malware, backdoor, base64, etc.

[mflaza]

If template have spam links, they won't be usually in index.php but in some "view", like in category articles or something less obvious. When checkingfor infected codes, always watch for file change dates, if just a few files are newer than the rest, that's big red flag.

 

[zugdidski]

Thank you for this topic. It's helpfull

 

[yasbro]

Hi,

How do you check Nulled files you download on this forum? before using it?
We all know Nulled are likely infested of virus and stuffs.

I guess you make a first basic check

VirusTotal

VirusTotal

www.virustotal.com

VirScan - 多引擎文件在线检测平台

Then check files for base64, and malicious code manually?
Then maybe install those on a staging to test? on local? check firewall?
Then install it on production site?

What's your method? The admins here are checking files for us?

Thanks

View attachment 16039

On a couple of occasions, I've copied a member's link they paste under the asset they post only to find that those links either want you to pay a fee to download "faster" or wait for an indeterminant amount of time, usually 3-4 minutes to download the items. I've also found when trying to download from external sites that my Brave browser will block it from being downloaded, so I then discard/delete the download.

I've never experienced any issues when downloading a file directly from this site, which begs the question: should we trust external download links? I believe that when a member is posting an external download link to, for example, nitro/Rapidgator/etc., the member is trying to save other members nulled cash. While this may be the case, I don't feel that it's in our best interest to download from an external source.

From what I understand, nulledfrm admins use an automated tool that scans all uploads to ensure they don't have any malicious code.

That being said, what are your thoughts about whether or not we should trust external download link sites?

I found this in the Terms & Rules section of this site:

5.6) uploading files:
If you are uploading files to a thread please post files ONLY in rar or zip format. Threads can not contain a referral link or will be instantly deleted (a warning will be given to the offending user as well). This counts for monetization links and/or URL shorteners as well.

##

I wonder, how exactly are these referral links instantly deleted or a warning given if no one reports them? Is it required that members report them or is it the responsibility of the admins to address this issue? Thoughts?

 

[mo1373]

Thank you bro, will try it directly. Keep up nice

 

[silencedgd]

Thanks for sharing. This is very useful as many scripts are, unfortunately, full of viruses and backdoors.

 

[Mruborka]

Thank you for sharing this information, i will check everything from now on!

 

[stratcha]

You must proceed very cautiously. The only way you can be sure that the code is 100% safe is to fully understand the code. I recommend never using software from unknown sources in the production environment, but only for private testing.

 

[flashpino]

aguem sabe se existe um modulo do prestashop que ja faça essa verificação? ou só com ferramentas de terceiros?

 

[anakein]

https://github.com/marcocesarato/PHP-Antimalware-Scanner/

This doesn't really remove malware, but it DOES scan all files for potentially malicious code, that makes system calls, uses eval in php, and many other things. Some are false positives, but in the command line option, it shows you each dangerous file, and asks you what to do.

It scans all the files and according to your selection, it generates a report (I will give an example)

[2023-03-02 14:32:06] [SUCCESS] Scan finished!
[2023-03-02 14:32:06] [INFO] Files scanned: 11903
[2023-03-02 14:32:06] [INFO] Files edited: 0
[2023-03-02 14:32:06] [INFO] Files quarantined: 0
[2023-03-02 14:32:06] [INFO] Files whitelisted: 0
[2023-03-02 14:32:06] [INFO] Files ignored: 34
[2023-03-02 14:32:06] [INFO] Malware detected: 34

danger file....

[2023-03-02 12:31:18] [DANGER] PROBABLE MALWARE FOUND!
[2023-03-02 12:31:18] [WARNING] Checksum: 8cb62808eb8b38384baf40fb9944b218
[2023-03-02 12:31:18] [WARNING] File path: C:/xampp/htdocs/****************************************************.php
[2023-03-02 12:31:18] [DANGER] Evil code found: [!] Signature (11413268) [line 13] - Malware Signature (hash: 11413268) => Exploit [!] Signature (11413268) [line 522] - Malware Signature (hash: 11413268) => exploit
[2023-03-02 12:31:25] [SUCCESS] File 'C:/xampp/htdocs/****************************************************.php' skipped!

 

[Aeton]

I've always used virustotal + antywirus on pc

 

[wazzupXX]

On a couple of occasions, I've copied a member's link they paste under the asset they post only to find that those links either want you to pay a fee to download "faster" or wait for an indeterminant amount of time, usually 3-4 minutes to download the items. I've also found when trying to download from external sites that my Brave browser will block it from being downloaded, so I then discard/delete the download.

I've never experienced any issues when downloading a file directly from this site, which begs the question: should we trust external download links? I believe that when a member is posting an external download link to, for example, nitro/Rapidgator/etc., the member is trying to save other members nulled cash. While this may be the case, I don't feel that it's in our best interest to download from an external source.

From what I understand, nulledfrm admins use an automated tool that scans all uploads to ensure they don't have any malicious code.

That being said, what are your thoughts about whether or not we should trust external download link sites?

I found this in the Terms & Rules section of this site:

5.6) uploading files:
If you are uploading files to a thread please post files ONLY in rar or zip format. Threads can not contain a referral link or will be instantly deleted (a warning will be given to the offending user as well). This counts for monetization links and/or URL shorteners as well.

##

I wonder, how exactly are these referral links instantly deleted or a warning given if no one reports them? Is it required that members report them or is it the responsibility of the admins to address this issue? Thoughts?

Very helpful response! As a newbie, it's good to see people sharing their experience on this issue, cuz I'm also worried about being scammed. I googled and found a reddit post suggesting an online virus scan VirusTotal. Hope this helps.

 

[dni150]

Я постоянно использую вирустотал и антивирус на своем ПК, иногда для оперативности Jotti. Также в обязательном порядке смотрю *.php на предмет eval и base64, это если явно косяк. То что приходилось скачивать на этом ресурсе проблем своими методами не обнаружил.

 

[ciko3650]

why does someone share a file full of malicious code?

 

[activ8]

If there is anything malicious found please tell everyone in comments it can be investigated further.

 

[Essencesoftware]

Lets hope for the best, always a big change for malware with nulled files, sadly.

 

[soniaweb]

Thank you so much for this wonderful share

 

[XleowX]

Virus total it, every time, just in case i guess.

 

[formetesting]

Yup, for me it is Virustotal as well. Sometimes it actually finds malware.

 

[synaptium]

I run with antivirus. Or some times i got through the code myself. But there are some online scanning services

 

[activ8]

If I find any users sharing virus files I block them straight away so they don’t get a chance for me to get them again.

I check in multiple virus scanning sites before using the plug-in and then test on a staging site.

admins and mods don’t care. I’ve asked multiple questions on here and not a single reply by them. There’s too much spam but I guess that creates traffic for them. Or they are just understaffed and don’t have the time or resources to control the site any more.