this post was submitted on 05 Aug 2023
425 points (96.9% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

55076 readers
317 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 2 years ago
MODERATORS
 

Originally posted over on /r/piracy (https://www.reddit.com/r/Piracy/comments/15itrip/1337x_admins_allowing_bg3_torrent_with_bitcoin/)

It looks like a bitcoin miner was included in the installer, and the admins on 1337x may or may not give a shit apparently. Scanned my pc and my wifes and found the same stuff the others mentioned.

According to the other comments, don't feel the need to uninstall as the miner was installed separate to the game, just give a Malwarebytes scan to get rid of the junk.

you are viewing a single comment's thread
view the rest of the comments
[–] harmonea@kbin.social 13 points 1 year ago* (last edited 1 year ago) (2 children)

The DODI repack is based on the RUNE release which I believe is clean. Another commenter claims a found Trojan but there are others who found nothing, and imo it's probably just the usual crack shenanigans.

Edit: See replies! It seems there are tainted versions of the repack out there, but there are clean ones too. Remember to keep a critical eye on your sites and uploaders in addition to your release groups. There's a useful link in a reply to me below showing what you might see if you've downloaded a bad one.

[–] shottymcb@lemm.ee 8 points 1 year ago

There's no need for a crack on this game, it's available on GOG which is always DRM free.

[–] Makeshift@lemmy.dbzer0.com 2 points 1 year ago (1 children)

it seems like half the people I see who downloaded it say they got a tojan, and half didn't. Could it possibly be triggering only for certain people? perhaps if their specs are good enough for bitcoin mining or not? or maybe just at random? just spitballing here

[–] harmonea@kbin.social 2 points 1 year ago (1 children)

For the RUNE release, it probably has more to do with what AV they're using and how sensitive it is. Cracked games flag AVs all the time, you have to pay attention to what it's alerting you about. If you're being careful and clean about the sites, uploaders, and release groups you trust, that "trojan" is usually nothing more than an injected hook to defeat DRM.

[–] Makeshift@lemmy.dbzer0.com 10 points 1 year ago (1 children)
[–] harmonea@kbin.social 6 points 1 year ago* (last edited 1 year ago) (1 children)

Hey, thanks for that link! I'm really glad to have the details so I can verify for myself.

However, with that, I can REALLY confirm this is not an issue inherent to the DODI repack. DODI's is what I'm using and I have none of that on my system -- I checked with that powershell command, then also followed along with the comments to check other files and scheduled tasks that were mentioned.

That said, I got my download from torrentleech. I suspect a tainted version of the repack got onto certain other sites. It wouldn't be the first time (which is why I specify trusted sites and uploaders in addition to release groups).

[–] Makeshift@lemmy.dbzer0.com 3 points 1 year ago

good to hear. dodi just officially denied the accusations as well:

https://www.reddit.com/r/Piracy/comments/15ivtzk/dodi_verified_release_on_tg_has_crypto_miner/juy98il/

although he claims integritycheck.exe is a windows process, when clearly it is also the name of that miner I linked above

my guess is the dodi account on torrent galaxy, although verified, could be a fake and is putting in these viruses, or maybe the people commenting saying they got the virus from dodi actually got it from that hogwarts legacy crack which originally had this miner.

either way, I always hope the community will take these sorts of claims seriously and investigate to ensure everyone's safety