Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

1455 readers

36 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):

💰 Please help cover server costs.


Ko-fi	Liberapay

founded 2 years ago

MODERATORS

db0@lemmy.dbzer0.com

sunbrothersco@lemmy.dbzer0.com

dataprolet@lemmy.dbzer0.com

Flatworm7591@lemmy.dbzer0.com

RandomLegend@lemmy.dbzer0.com

is z-library safe? Am i infected after running pdf from there? (sopuli.xyz)

submitted 1 day ago* (last edited 20 hours ago) by reksas@sopuli.xyz to c/piracy@lemmy.dbzer0.com

16 comments fedilink hide all child comments

Specificially https://en.z-lib.gs/

I downloaded some pdfs from there and according to virustotal and some pdf online scanner i tried, they have something possibly malicious going on in them. I already deleted them but i opened them in firefox pdf reader. I dont have acrobat installed.

Scanning my system with malwarebytes now, but nothing is finding anything wrong and I havent seen any suspicious activity.

Here is the analysis itself.

https://www.virustotal.com/gui/file/f3140c932ab57256a8438eba31d18e4baee1413e7ec23d93b1c1f5194b6dea95/behavior

I'm starting to panic, please help if you have any advice

Thank you all, you are wonderful people

you are viewing a single comment's thread
view the rest of the comments

[–] LEVI@feddit.org 4 points 1 day ago* (last edited 1 day ago) (1 children)

The first rule of dealing with malware and exploits, don't panic, you'll make things worse, the second rule is, isolate the machine from your other machines ( so make sure it doesn't communicate with anything, Bluetooth, Hotspots, and obviously the Internet ), thirdly, boot into safe mode with networking off, and delete the files.. check the event viewer, check the task manager, check the installed apps, check for hidden files in the C directory, check for installed Extensions in your browser, if anything seem unusual, revert the changes, by restoring to a previous restore point ( you do have a restore point set right ? )

If the problem ( the change that has been done by the malware ) doesn't go away, it's time to backup your data to an external drive, and reimage the machine

Edit : don't blindly trust files from Z Lib, some uploaders are evil, unfortunately.. If the file seem bigger than it should be then it's shady, also read the reviews, as far as opening PDFs in Firefox goes, Firefox PDF viewer is secure as far as I know, the last major vulnerability was in 2015

[–] reksas@sopuli.xyz 1 points 1 day ago

I'm not sure what to look for if there is something hidden. I cant tell if there are any odd processes but everything seems to be signed correctly. There is nothing odd in C root either and i wouldnt know what to look for from the folders. There are no odd installed applications either.

I have had similar scare before when I installed a game I downloaded from skidrow reloaded website.(over year ago) The installer did something with cmd window, something about system image, i dont remember anymore. The file was also too big for scanner to scan and I dont think virustotal accepted it either due to size. However, I did system restore after that.

I also asked an acquittance who works in some tech company to help, even showed the install process to him, but he said it didnt seem dangerous. I have also been running r-kill occasionally and doing scans with hitmanpro's early detection but they havent found anything either. I have also been occasionally monitoring things with tools from sysinternals but I'm not sure if i would even notice if anything was odd.