Check Nulled for malware, backdoor, base64, etc.

mflaza

Member
XNullUser
Joined
Dec 2, 2022
Messages
54
Reaction score
2
Points
8
Location
Novi Sad
NullCash
35
If template have spam links, they won't be usually in index.php but in some "view", like in category articles or something less obvious. When checkingfor infected codes, always watch for file change dates, if just a few files are newer than the rest, that's big red flag.
 

yasbro

Member
XNullUser
Joined
Jul 22, 2022
Messages
76
Reaction score
5
Points
8
NullCash
9
Hi,

How do you check Nulled files you download on this forum? before using it?
We all know Nulled are likely infested of virus and stuffs.


I guess you make a first basic check

Then check files for base64, and malicious code manually?
Then maybe install those on a staging to test? on local? check firewall?
Then install it on production site?

What's your method? The admins here are checking files for us?

Thanks

View attachment 16039
On a couple of occasions, I've copied a member's link they paste under the asset they post only to find that those links either want you to pay a fee to download "faster" or wait for an indeterminant amount of time, usually 3-4 minutes to download the items. I've also found when trying to download from external sites that my Brave browser will block it from being downloaded, so I then discard/delete the download.

I've never experienced any issues when downloading a file directly from this site, which begs the question: should we trust external download links? I believe that when a member is posting an external download link to, for example, nitro/Rapidgator/etc., the member is trying to save other members nulled cash. While this may be the case, I don't feel that it's in our best interest to download from an external source.

From what I understand, nulledfrm admins use an automated tool that scans all uploads to ensure they don't have any malicious code.

That being said, what are your thoughts about whether or not we should trust external download link sites?

I found this in the Terms & Rules section of this site:

5.6) uploading files:
If you are uploading files to a thread please post files ONLY in rar or zip format. Threads can not contain a referral link or will be instantly deleted (a warning will be given to the offending user as well). This counts for monetization links and/or URL shorteners as well.

##

I wonder, how exactly are these referral links instantly deleted or a warning given if no one reports them? Is it required that members report them or is it the responsibility of the admins to address this issue? Thoughts?
 

mo1373

Member
XNullUser
Joined
Aug 29, 2020
Messages
990
Reaction score
1
Points
18
NullCash
9
Thank you bro, will try it directly. Keep up nice
 

silencedgd

New member
XNullUser
Joined
Jan 23, 2023
Messages
3
Reaction score
0
Points
1
Location
Roma
NullCash
6
Thanks for sharing. This is very useful as many scripts are, unfortunately, full of viruses and backdoors.
 

Mruborka

Member
XNullUser
Joined
Jun 18, 2021
Messages
114
Reaction score
0
Points
16
NullCash
3
Thank you for sharing this information, i will check everything from now on!
 

stratcha

New member
XNullUser
Joined
Jan 4, 2022
Messages
6
Reaction score
0
Points
1
NullCash
1
You must proceed very cautiously. The only way you can be sure that the code is 100% safe is to fully understand the code. I recommend never using software from unknown sources in the production environment, but only for private testing.
 

flashpino

New member
XNullUser
Joined
Mar 9, 2023
Messages
2
Reaction score
0
Points
1
Location
uruguai
NullCash
1
aguem sabe se existe um modulo do prestashop que ja faça essa verificação? ou só com ferramentas de terceiros?
 

anakein

New member
XNullUser
Joined
Mar 6, 2023
Messages
21
Reaction score
0
Points
1
Location
madrid
NullCash
14
https://github.com/marcocesarato/PHP-Antimalware-Scanner/

This doesn't really remove malware, but it DOES scan all files for potentially malicious code, that makes system calls, uses eval in php, and many other things. Some are false positives, but in the command line option, it shows you each dangerous file, and asks you what to do.

It scans all the files and according to your selection, it generates a report (I will give an example)

[2023-03-02 14:32:06] [SUCCESS] Scan finished!
[2023-03-02 14:32:06] [INFO] Files scanned: 11903
[2023-03-02 14:32:06] [INFO] Files edited: 0
[2023-03-02 14:32:06] [INFO] Files quarantined: 0
[2023-03-02 14:32:06] [INFO] Files whitelisted: 0
[2023-03-02 14:32:06] [INFO] Files ignored: 34
[2023-03-02 14:32:06] [INFO] Malware detected: 34

danger file....

[2023-03-02 12:31:18] [DANGER] PROBABLE MALWARE FOUND!
[2023-03-02 12:31:18] [WARNING] Checksum: 8cb62808eb8b38384baf40fb9944b218
[2023-03-02 12:31:18] [WARNING] File path: C:/xampp/htdocs/****************************************************.php
[2023-03-02 12:31:18] [DANGER] Evil code found: [!] Signature (11413268) [line 13] - Malware Signature (hash: 11413268) => Exploit [!] Signature (11413268) [line 522] - Malware Signature (hash: 11413268) => exploit
[2023-03-02 12:31:25] [SUCCESS] File 'C:/xampp/htdocs/****************************************************.php' skipped!
 

Aeton

Member
XNullUser
Joined
May 15, 2022
Messages
64
Reaction score
1
Points
8
NullCash
2
I've always used virustotal + antywirus on pc ;)
 

wazzupXX

New member
XNullUser
Joined
May 13, 2023
Messages
11
Reaction score
0
Points
1
Location
Vancouver
NullCash
27
On a couple of occasions, I've copied a member's link they paste under the asset they post only to find that those links either want you to pay a fee to download "faster" or wait for an indeterminant amount of time, usually 3-4 minutes to download the items. I've also found when trying to download from external sites that my Brave browser will block it from being downloaded, so I then discard/delete the download.

I've never experienced any issues when downloading a file directly from this site, which begs the question: should we trust external download links? I believe that when a member is posting an external download link to, for example, nitro/Rapidgator/etc., the member is trying to save other members nulled cash. While this may be the case, I don't feel that it's in our best interest to download from an external source.

From what I understand, nulledfrm admins use an automated tool that scans all uploads to ensure they don't have any malicious code.

That being said, what are your thoughts about whether or not we should trust external download link sites?

I found this in the Terms & Rules section of this site:

5.6) uploading files:
If you are uploading files to a thread please post files ONLY in rar or zip format. Threads can not contain a referral link or will be instantly deleted (a warning will be given to the offending user as well). This counts for monetization links and/or URL shorteners as well.

##

I wonder, how exactly are these referral links instantly deleted or a warning given if no one reports them? Is it required that members report them or is it the responsibility of the admins to address this issue? Thoughts?
Very helpful response! As a newbie, it's good to see people sharing their experience on this issue, cuz I'm also worried about being scammed. I googled and found a reddit post suggesting an online virus scan VirusTotal. Hope this helps.
 

dni150

New member
XNullUser
Joined
Jul 29, 2023
Messages
18
Reaction score
0
Points
1
Location
Королев
NullCash
24
Я постоянно использую вирустотал и антивирус на своем ПК, иногда для оперативности Jotti. Также в обязательном порядке смотрю *.php на предмет eval и base64, это если явно косяк. То что приходилось скачивать на этом ресурсе проблем своими методами не обнаружил.
 

ciko3650

Active member
XNullUser
Joined
Jul 8, 2021
Messages
207
Reaction score
27
Points
28
NullCash
224
why does someone share a file full of malicious code?
 

activ8

Well-known member
Master
Diamond
Elite
XNullUser
Joined
Feb 16, 2022
Messages
516
Reaction score
796
Points
93
NullCash
6,725
If there is anything malicious found please tell everyone in comments it can be investigated further.
 

XleowX

New member
XNullUser
Joined
Jul 1, 2021
Messages
13
Reaction score
0
Points
1
NullCash
11
Virus total it, every time, just in case i guess.
 

synaptium

New member
XNullUser
Joined
Jun 15, 2022
Messages
15
Reaction score
1
Points
3
NullCash
1
I run with antivirus. Or some times i got through the code myself. But there are some online scanning services
 

activ8

Well-known member
Master
Diamond
Elite
XNullUser
Joined
Feb 16, 2022
Messages
516
Reaction score
796
Points
93
NullCash
6,725
If I find any users sharing virus files I block them straight away so they don’t get a chance for me to get them again.

I check in multiple virus scanning sites before using the plug-in and then test on a staging site.

admins and mods don’t care. I’ve asked multiple questions on here and not a single reply by them. There’s too much spam but I guess that creates traffic for them. Or they are just understaffed and don’t have the time or resources to control the site any more.
 
Top