RESOLVED/CLOSED: Fixing the Shares from 02-04 AUG

Home Page Forums General Chat RESOLVED/CLOSED: Fixing the Shares from 02-04 AUG

Viewing 15 posts - 1 through 15 (of 46 total)
  • Author
    Posts
  • #1620369
    AnjaBear
    Moderator
    Rank: Rank Overload

    Hi Everyone.

    As many of you are aware a MEGA space was shared between August 01 and August 03 containing many products all at once, which were labeled "BOGUS" Files, with warnings about downloading them. They ended up being downloaded and spread to every other download site, filled with added files in the /data/ folders of the installers with code in them to add and install MalWare and Viruses onto your PCs. We tried to verify this and to remove the offending files, but they managed to be shared not only in the BLOG but spread over all the other share sites.

    I had some help from @legolas18 and @sonytony to find the malware files and to fix them. However, I am not sure which files now are CLEAN and which are still virus/malware installer infected.

    This is the list of files that contained the images files labeled "Bogus" and another name, identifying the affected files, and the two assisting users could only identify a handful of infected files to remove.

    Here are the image files inside:

    In the TEXTURES folders or in the DATA folders, there are files with the date 02-08-2020, those are the common denominator in these files, here is an example of two files which throw an invalid image file error, and are identically dated on the 2nd August 2020, note all other items are from much earlier dates.
    bad image files

    If you highlight the files listed under 02-Aug-2020 they will throw an error like this:
    Image Error

    I would like help in either getting CLEAN INSTALLERS directly from the vendor source, or have clean files we can safely post on the blog to replace the infected ones.

    Here is the list of files:

    Affected File Listing

    If you have any of these you PURCHASED yourself and have the original DIM installers for, please contact me, and I will make sure I get you points for these fixed products.

    Your help is greatly appreciated.

    AnjaBear
    Moderator

    cc: @Hunter @monkseye @eelgoo

    #1620372
    NobunagaOda
    Participant
    Rank: Rank-1

    Anja, considering that some of us most certainly have these files, some from here and some from somewhere else, it would be difficult who got an infected file or not just by names, although it does a great job at narrowing the suspiscious files. Has a way to test the files and possibly clean them up been found at all? And concerning the malware itself, has it been identified? πŸ™‚

    #1620373
    eelgoo
    Moderator
    Rank: Rank 7

    If you are using Win 10, a Defender manual quick scan should pick them up.
    It did for me.
    πŸ™‚

    #1620374
    regularguy
    Participant
    Rank: Rank-1

    I have had a Rose HD with bogus nipples from a different site, just putting that out there.

    Moderator:
    What did you do to resolve it? The nipples were unrelated images or what exactly?

    #1620375
    AnjaBear
    Moderator
    Rank: Rank Overload

    @eelgoo did it resolve EVERY issue in yours? I've tried Malwarebytes, AVG etc and got a few but not everything that @SonyTony listed in one thread.

    I want to clear this crap up ASAP, it's been a thorn in my side now for a while. I could just simply let it be - but this makes our combined experience here at ZoneGFX miserable and I don't like that at all.

    Anja

    #1620376
    eelgoo
    Moderator
    Rank: Rank 7

    Well all I can say is that, whilst I found maybe half a dozen infected files I had downloaded. Defender was able to quarantine & fix the issues.
    πŸ™‚

    #1620377
    AnjaBear
    Moderator
    Rank: Rank Overload

    So @eelgoo is the solution to get this resolved ASAP to run defender over all the installer files and let defender quarantine the files, then re-upload them with the files removed from them? And everything will work?

    Or would it be safer to replace everything with REAL files from the source?

    Just for safety's sake.

    Anja

    #1620378
    eelgoo
    Moderator
    Rank: Rank 7

    Well, the quick fix would be to do that.
    There may be the odd missing file as a result though.
    Your approach is more thorough, labour intensive & time consuming.
    Personally, I am OK with my quick fix.
    πŸ™‚

    #1620379
    Anonymous
    Inactive
    Rank:

    @AnjaBear - @eelgoo

    Please don't rely on Windows defender alone. Some of this malware may just be ransomware. It's all over the place now and attacks are random in the 3D community.

    Can I suggest KIS 2020 free trial. Pretty sure they do a free AV but it might have been discontinued. I suggested KIS because it is the best on the market.

    #1620380
    Elim
    Participant
    Rank: Rank 7

    I brought superhero suit for Genesis 8 female. I can download a new version from daz3d when I wake up.

    #1620381
    eelgoo
    Moderator
    Rank: Rank 7

    @joelj

    You are sleep posting?? πŸ˜‰

    #1620383
    AnjaBear
    Moderator
    Rank: Rank Overload

    I just ran Malwarebytes over 71611_101 Series - Soldier of Fortune Poses and Prop for Genesis 8

    this result came up:

    RiskWare.ExtensionMismatch

    Short bio
    RiskWare.ExtensionMismatch is Malwarebytes’ generic detection name for files that are executable, but have extensions that are not associated with executable files. The reasons for this can be numerous, but users should handle files detected like this with care, unless they are aware of their origin and use.

    #1620384
    Anonymous
    Inactive
    Rank:

    hxxps://www.bleepingcomputer.com/forums/t/622207/both-pcs-hacked-1350-taken-from-bank-frst-log/page-3

    #1620385
    Anonymous
    Inactive
    Rank:

    Just a heads up.
    Jpeg images can be a good source for hackers to hide malware.
    Some customers of Ad**e were victims in 2018.
    Nice of them to widely report it......Which they didn't.

    #1620386
    AnjaBear
    Moderator
    Rank: Rank Overload

    @norbertz there were 2 image files in most of the affected files, one was a PNG the other was a JPG. They were in the CONTENT folder where they should not have been. Possible those files were loaded, I don't know.

    Anja

Viewing 15 posts - 1 through 15 (of 46 total)
  • The topic ‘RESOLVED/CLOSED: Fixing the Shares from 02-04 AUG’ is closed to new replies.

 

Post You Might Like