Check Nulled for malware, backdoor, base64, etc.

mflaza

Member
XNullUser
Joined
Dec 2, 2022
Messages
48
Reaction score
2
Points
8
Location
Novi Sad
NullCash
18
If template have spam links, they won't be usually in index.php but in some "view", like in category articles or something less obvious. When checkingfor infected codes, always watch for file change dates, if just a few files are newer than the rest, that's big red flag.
 

yasbro

Member
XNullUser
Joined
Jul 22, 2022
Messages
76
Reaction score
4
Points
8
NullCash
2
Hi,

How do you check Nulled files you download on this forum? before using it?
We all know Nulled are likely infested of virus and stuffs.


I guess you make a first basic check

Then check files for base64, and malicious code manually?
Then maybe install those on a staging to test? on local? check firewall?
Then install it on production site?

What's your method? The admins here are checking files for us?

Thanks

View attachment 16039
On a couple of occasions, I've copied a member's link they paste under the asset they post only to find that those links either want you to pay a fee to download "faster" or wait for an indeterminant amount of time, usually 3-4 minutes to download the items. I've also found when trying to download from external sites that my Brave browser will block it from being downloaded, so I then discard/delete the download.

I've never experienced any issues when downloading a file directly from this site, which begs the question: should we trust external download links? I believe that when a member is posting an external download link to, for example, nitro/Rapidgator/etc., the member is trying to save other members nulled cash. While this may be the case, I don't feel that it's in our best interest to download from an external source.

From what I understand, nulledfrm admins use an automated tool that scans all uploads to ensure they don't have any malicious code.

That being said, what are your thoughts about whether or not we should trust external download link sites?

I found this in the Terms & Rules section of this site:

5.6) uploading files:
If you are uploading files to a thread please post files ONLY in rar or zip format. Threads can not contain a referral link or will be instantly deleted (a warning will be given to the offending user as well). This counts for monetization links and/or URL shorteners as well.

##

I wonder, how exactly are these referral links instantly deleted or a warning given if no one reports them? Is it required that members report them or is it the responsibility of the admins to address this issue? Thoughts?
 

mo1373

Member
XNullUser
Joined
Aug 29, 2020
Messages
917
Reaction score
0
Points
18
NullCash
13
Thank you bro, will try it directly. Keep up nice
 

silencedgd

New member
XNullUser
Joined
Jan 23, 2023
Messages
3
Reaction score
0
Points
1
Location
Roma
NullCash
6
Thanks for sharing. This is very useful as many scripts are, unfortunately, full of viruses and backdoors.
 

Mruborka

Member
XNullUser
Joined
Jun 18, 2021
Messages
112
Reaction score
0
Points
16
NullCash
3
Thank you for sharing this information, i will check everything from now on!
 

stratcha

New member
XNullUser
Joined
Jan 4, 2022
Messages
5
Reaction score
0
Points
1
NullCash
7
You must proceed very cautiously. The only way you can be sure that the code is 100% safe is to fully understand the code. I recommend never using software from unknown sources in the production environment, but only for private testing.
 

flashpino

New member
XNullUser
Joined
Mar 9, 2023
Messages
2
Reaction score
0
Points
1
Location
uruguai
NullCash
1
aguem sabe se existe um modulo do prestashop que ja faça essa verificação? ou só com ferramentas de terceiros?
 

anakein

New member
XNullUser
Joined
Mar 6, 2023
Messages
21
Reaction score
0
Points
1
Location
madrid
NullCash
14
https://github.com/marcocesarato/PHP-Antimalware-Scanner/

This doesn't really remove malware, but it DOES scan all files for potentially malicious code, that makes system calls, uses eval in php, and many other things. Some are false positives, but in the command line option, it shows you each dangerous file, and asks you what to do.

It scans all the files and according to your selection, it generates a report (I will give an example)

[2023-03-02 14:32:06] [SUCCESS] Scan finished!
[2023-03-02 14:32:06] [INFO] Files scanned: 11903
[2023-03-02 14:32:06] [INFO] Files edited: 0
[2023-03-02 14:32:06] [INFO] Files quarantined: 0
[2023-03-02 14:32:06] [INFO] Files whitelisted: 0
[2023-03-02 14:32:06] [INFO] Files ignored: 34
[2023-03-02 14:32:06] [INFO] Malware detected: 34

danger file....

[2023-03-02 12:31:18] [DANGER] PROBABLE MALWARE FOUND!
[2023-03-02 12:31:18] [WARNING] Checksum: 8cb62808eb8b38384baf40fb9944b218
[2023-03-02 12:31:18] [WARNING] File path: C:/xampp/htdocs/****************************************************.php
[2023-03-02 12:31:18] [DANGER] Evil code found: [!] Signature (11413268) [line 13] - Malware Signature (hash: 11413268) => Exploit [!] Signature (11413268) [line 522] - Malware Signature (hash: 11413268) => exploit
[2023-03-02 12:31:25] [SUCCESS] File 'C:/xampp/htdocs/****************************************************.php' skipped!
 

Aeton

Member
XNullUser
Joined
May 15, 2022
Messages
59
Reaction score
0
Points
6
NullCash
3
I've always used virustotal + antywirus on pc ;)
 

wazzupXX

New member
XNullUser
Joined
May 13, 2023
Messages
11
Reaction score
0
Points
1
Location
Vancouver
NullCash
27
On a couple of occasions, I've copied a member's link they paste under the asset they post only to find that those links either want you to pay a fee to download "faster" or wait for an indeterminant amount of time, usually 3-4 minutes to download the items. I've also found when trying to download from external sites that my Brave browser will block it from being downloaded, so I then discard/delete the download.

I've never experienced any issues when downloading a file directly from this site, which begs the question: should we trust external download links? I believe that when a member is posting an external download link to, for example, nitro/Rapidgator/etc., the member is trying to save other members nulled cash. While this may be the case, I don't feel that it's in our best interest to download from an external source.

From what I understand, nulledfrm admins use an automated tool that scans all uploads to ensure they don't have any malicious code.

That being said, what are your thoughts about whether or not we should trust external download link sites?

I found this in the Terms & Rules section of this site:

5.6) uploading files:
If you are uploading files to a thread please post files ONLY in rar or zip format. Threads can not contain a referral link or will be instantly deleted (a warning will be given to the offending user as well). This counts for monetization links and/or URL shorteners as well.

##

I wonder, how exactly are these referral links instantly deleted or a warning given if no one reports them? Is it required that members report them or is it the responsibility of the admins to address this issue? Thoughts?
Very helpful response! As a newbie, it's good to see people sharing their experience on this issue, cuz I'm also worried about being scammed. I googled and found a reddit post suggesting an online virus scan VirusTotal. Hope this helps.
 

dni150

New member
XNullUser
Joined
Jul 29, 2023
Messages
12
Reaction score
0
Points
1
Location
Королев
NullCash
53
Я постоянно использую вирустотал и антивирус на своем ПК, иногда для оперативности Jotti. Также в обязательном порядке смотрю *.php на предмет eval и base64, это если явно косяк. То что приходилось скачивать на этом ресурсе проблем своими методами не обнаружил.
 
Top