How do you validate that what you torrented is clean/no malware/spyware? Specifically, I torrented two things:

  • Astute Graphics Plug-ins Elite Bundle 3.9.1.7z from teamos. *It is 678MB so I can’t upload to Virustotal
  • Master Collection 2025 from uztracker (which is listed on monkrus’s website’s list of trackers). It is 37.5GB so I can’t upload to Virustotal.

I’m not sure what I should to do to be honest.

Edit: Would splitting the 37.5GB file into 650MB pieces and then scanning with virustotal help? Not sure if downloaded files need to be whole for it to work properly.

This is the results from virustotal (I could only scan 4 files in the master collection without running the iso)

Thank you.

  • scoobford@lemmy.zip
    link
    fedilink
    English
    arrow-up
    21
    ·
    2 months ago

    AFAIK, you don’t. You might be able to validate the actual software package’s hash against official sources, but the crack won’t validate because it’s different from the unedited files.

    That’s why picking a site and uploader you know is important. You’re kind of just hoping for the best.

    • Yourname942@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      edit-2
      2 months ago

      I mean, is it safe to assume that the torrent from megathread > monkrus > uztracker is safe? I’ve read that you either go genp or monkrus for less chance of malware.

      Alternatively, do you think splitting the 37.5GB file into 650MB pieces and then scanning with virustotal would do much good?

      • scoobford@lemmy.zip
        link
        fedilink
        English
        arrow-up
        7
        ·
        2 months ago

        M0nkrus is probably safe, that’s why people recommend them so frequently.

        I lack the technical knowledge to say whether splitting the file to scan would work or not, but I suspect not.

    • Yourname942@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      edit-2
      2 months ago

      Wouldn’t it be different since non-official versions are cracked? I’m also not really sure how I would even do so for that plugin since it is a subscription, nor how to do so for the master collection, because it technically does not exist officially.

  • pirateKaiser@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    11
    ·
    2 months ago

    Run it inside a VM? If you’re suspicious or just worried, this would resolve most if not all of possible worries you may have.

    • 🖖USS-Ethernet@startrek.website
      link
      fedilink
      English
      arrow-up
      9
      ·
      edit-2
      2 months ago

      This is what I do. I have a VM for torrents and a VM sandbox to check stuff that I’m concerned about. At the host level I disable any type of sharing with the host, no copy paste, no sharing disks, nothing. The VM only gets the storage I assign to it and once I validate then I’ll detach and mount it to the host.

      • Yourname942@lemmy.dbzer0.comOP
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 months ago

        Hey thank you for the info. Which VM do you use? How do you disable the various types of sharing with the host? Also, how do you validate? Sorry for all the questions, but that seems like it may be my only option

        • 🖖USS-Ethernet@startrek.website
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          2 months ago

          I use Hyper-V because I run server 2022 and it’s free. Hyper-V allows you to disable any host resource sharing in the VM settings.

          On my sandbox VM I’ll scan the files then install and scan, then run the software and scan. I use both defender and I think malwarebytes. It’s a lot of extra work for no gain, but I’d rather be too careful than risk installing malware.

          • Kissaki@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            5
            ·
            2 months ago

            Note that sophisticated malware [attempts to] identify whether it is running in a VM / testbed / analysis scenario and may behave and look different between that runtime scenario and “normal use”.

            Analysis in a VM may not be sufficient to determine whether it is safe outside of it.

            • Yourname942@lemmy.dbzer0.comOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              2 months ago

              If it detects that it is in a VM and doesn’t activate the malware, then I’m perfectly okay just using the software inside the VM.

          • Yourname942@lemmy.dbzer0.comOP
            link
            fedilink
            English
            arrow-up
            1
            ·
            2 months ago

            Thank you for the detailed response. Just to confirm, is Hyper-V your sandbox VM? I used ESET to scan the files I torrented, but they look very suspicious from virustotal, but I don’t really know how to parse the info - knowing if it is a false positive/etc.

            • 🖖USS-Ethernet@startrek.website
              link
              fedilink
              English
              arrow-up
              2
              ·
              2 months ago

              Hyper-V is the hypervisor that the VM runs on. Yeah I don’t really know which malware scanners are the go to ones anymore. Just figure if I can get it to pass through 2 different ones ok then it’s probably ok. I’m sure there’s some other good ones out there. I’ve heard of ESET and virustotal, but I’m not familiar.

              • Yourname942@lemmy.dbzer0.comOP
                link
                fedilink
                English
                arrow-up
                1
                ·
                2 months ago

                Do you know of any guides to set up Hyper-V for this type of purpose? I want it to be as secure as can be: “disable any type of sharing with the host, no copy paste, no sharing disks, etc.”

                • 🖖USS-Ethernet@startrek.website
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  edit-2
                  2 months ago

                  The main settings that I mentioned are under integration services settings on the VM. There’s probably plenty of guides available on YouTube for Hyper-V along with the official Microsoft documentation (which probably isn’t that great).

    • Yourname942@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      2 months ago

      How would I know if there was hidden spyware/malware if I ran it in a VM? (if they are smart they try to be undetected)

      • whats_a_lemmy@midwest.social
        link
        fedilink
        English
        arrow-up
        5
        ·
        2 months ago

        You don’t, but if someone figured out how to do a VM escape surely they would have bigger aspirations than some random torrent

        • Yourname942@lemmy.dbzer0.comOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          2 months ago

          I mean yeah that makes sense, but I don’t know enough about torrenting (nor tech in general) to know if something is safe/trustworthy sadly… I feel like I’m probably better off spending several hundreds on a subscription, than more likely than not be hacked/get advanced spyware. I doubt they wouldn’t prey on dumb people like me if it is easy. If I was more knowledgeable it would probably be possible to manually remove infected bits of a torrented file to make it work, but idk.

          • pirateKaiser@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            5
            ·
            edit-2
            2 months ago

            If you find torrenting and running a VM too technical, I’m sorry to say you’re better off not trying to identify and remove any malicious code.

            Don’t put yourself down and waste your money, you can get over the learning curve for this, it’s not that steep.

            To elaborate, as the previous reply stated, running the cracked programs inside a virtual machine allows you to isolate an environment specifically for this usage. Configured properly (another reply went into more detail here), even if the cracked software has something malicious, it can’t harm you. So you can safely ignore wether there’s a virus or not.

            • Yourname942@lemmy.dbzer0.comOP
              link
              fedilink
              English
              arrow-up
              2
              ·
              2 months ago

              Thank you for the info, and for the encouragement. Yeah I am definitely going to try using a VM to diagnose the files more closely. To confirm, is a VM, (such as Hyper-V) similar to Windows Sandbox, where it effectively resets itself (new slate) each time you open it? Or can I install the torrented files in the VM and still access it if I close and reopen the VM in the future?

              Also, which VM would you suggest? I apologize for appending so many questions to my original post.

  • fastfomo7@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    8
    ·
    2 months ago

    Honestly, the safest move is to keep these files totally separate from your personal stuff. Running them in a VM or dedicated hardware is really the only way to avoid getting hacked.

  • dastanktal [none/use any]@hexbear.net
    link
    fedilink
    English
    arrow-up
    5
    ·
    2 months ago

    Just run the file against clamav, and you should be able to tell whether or not it’s got issues. That’s generally what’s done in commercial spaces.

      • dastanktal [none/use any]@hexbear.net
        link
        fedilink
        English
        arrow-up
        4
        ·
        2 months ago

        Yes, it’s open source antivirus software.

        The entire internet practically runs on what these guys do.

        https://www.clamav.net/

        It has a tool that you can use to scan whatever binary you want and it’ll tell you whether or not it’s a virus which fits what you need to do

        • Yourname942@lemmy.dbzer0.comOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          Oh okay, thanks. I don’t know how it compares with Eset for example. My antivirus said the files were clean, but the virustotal results are really sketchy.

          • dastanktal [none/use any]@hexbear.net
            link
            fedilink
            English
            arrow-up
            3
            ·
            2 months ago

            It’s not like traditional antivirus software, it just includes a tool that you can use to manually scan files to see if it has a virus signature, which is all Eset and most virus scanners are doing on the backend. They’re also doing what’s called heuristics, which is where they’re using predictive modeling to try and identify if a program has what they call an attack signature. This does result in false positives, just so you’re aware.

            All virus total is doing is running a bunch of virus engines like eset and clamav on the back end to see if it triggers anything.

            If both your virus software and clamav comes back clean, then I’d trust it.

            • Yourname942@lemmy.dbzer0.comOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              2 months ago

              Would you trust it if the detection is 0, but there are network connections? (contacted domains and contacted IP addresses)

              • dastanktal [none/use any]@hexbear.net
                link
                fedilink
                English
                arrow-up
                2
                ·
                2 months ago

                A lot of the time these apps will have heuristics that will reach back out and so you will see network connections occasionally.

                Without knowing more about this application, I don’t have the right context to evaluate whether or not I would trust something like that, so it’s gonna be up to your comfort level. But, if clamav came back clean and so did your other virus software, I would assume it’s not malicious traffic.

  • rulray@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    2 months ago

    What about installing some antivirus than can scan on demand?

    I don’t know how’s the “market” right now, but a few years ago Malwarebytes was good for Windows, and ClamAV in Linux

    • Yourname942@lemmy.dbzer0.comOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      2 months ago

      I ran my antivirus on the plugins.zip folder and it didn’t detect anything. Then I ran it on the master collection folder, and it also didn’t detect anything, but it suspiciously finished almost immediately although it does only contain the iso (37.5GB), .info file (2.46KB), .sha (85B), .md5 (77B), so I’m not sure. Also, I just posted the virustotal results in this thread.

      • Cevilia (she/they/…)@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 months ago

        You may have to mount the iso first before a virus scanner would scan it. Which I would advise against doing on a machine you care about. And even then, it might not scan the suspect files anyway, a lot of scanners will only check files with certain extensions.

        Otherwise you could just run it in a virtual machine with no network connections and see if anything sus happens. But it might not happen right away, or it might detect the VM and not trigger any malware.

        These are ways you can gather information to make an informed decision, but ultimately you may just have to decide whether you trust the source enough to roll the dice. Only you can make that decision.

        • Yourname942@lemmy.dbzer0.comOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          If I use the VM with no network connections, is there any way for me to manually find malware hidden in the files? I’m not really sure what to look for specifically. I definitely want to try using a VM to more closely inspect the files

          • Cevilia (she/they/…)@lemmy.blahaj.zone
            link
            fedilink
            English
            arrow-up
            2
            ·
            2 months ago

            This is way outside of my expertise. I’m not sure you’d find anything VirusTotal’s behaviour checks didn’t find, anyway. Usually, if I’m at all unsure, I just won’t run it.

  • nullptr@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 months ago

    It it incredibly difficult to vet with 100% certainty that a binary you run it safe. If you have the source code, its so much easier. As others have said, the best way in piracy to be safe is downloading from a reputable source. Monkrus is pretty good. I am assuming you’re referring to the Adobe master collection? If so, GenP is excellent (and open source).

    If you are on windows, one thing you can do is run any programs in sandboxie and see what it writes to the disc. If it tries to edit things that it shouldn’t like the registry or parts of the os that would be a red flag.

    You could also setup firewall rules to block the application from accessing the internet. I am on macOS so I use a program called little snitch (lulu by objective see is also good). I am not familiar with the windows side of things. But essentially what I do is block the program and any processes it starts.

    If you want to learn more about malware, https://objective-see.org/ is a great resource. It’s macOS focused however but I’ve learned a ton from it. In particular their book on mac malware teaches a lot of analysis techniques.