Malware Report #5

2 min read
Rainmeter's avatar
By karmat111
11 Favourites
145 Comments
181K Views

There's a slew of new malware skins uploaded to the main Rainmeter Gallery in the last couple of days.  All downloads in the list at the end of this post are infected.

We try and check all the skins uploaded to our gallery for malware before accepting them and we try to keep this list up-to-date, but real-time interferes, so please practice safe downloading!

Some things to watch for:
- comments are usually disabled or hidden
- they are fairly new to dA, just a couple of new skins
- their profile page only has a few items on it
- they rip a skin/preview/description then upload it with malware or keyloggers
- downloads are zipped and have an .exe file which is the virus
- don't download files like Build.exe, Run.exe, FullInstall.exe, *.rmskin.exe, Full_Set_Up.pif - basically anything that ends in .exe or .pif.

How to test each download for a virus:
- Right-click 'Download File' link, choose 'Copy Link Location'
- Go to VirusTotal at www.virustotal.com/index.html and choose the Submit a Url tab
- Click on 'Submit Url' and then paste the link location in the Search Bar

If you come across malware, report it as malware. If it's your skin that's been ripped, report it and file a DMCA takedown notice.

Thanks!
- Karen

Published:
© 2011 - 2020 Rainmeter
Comments144
anonymous's avatar
Join the community to add your comment. Already a deviant? Log In
pneuma's avatar
Copy and paste the entire link to goto the url heres another link for it 
drive.google.com/open?id=1w8qW…
pneuma's avatar
Very true a ton of these rainmeter .dll files have malicious code injected into them I've done a breakdown of a couple of these files. And being a programmer I usually share my findings on malwaretips.com! so please be careful and have a good hips system running I use multiple hips security applications and the best thing to use by far is Appguard by bluridge networks! Basically even if you are injected the malware can't do anything... Look into it if you don't have it I can also supply a trial copy
mega.nz/#!GfA2DRLR!vZMFhS4BMj608qakyRizyAP45cpEnPT3Gr6vQ_0-LEo

They havent had a trial in about two years but I always run their software trial or paid! Enjoy it should be installed and integral to anyone's security config.
lightning420's avatar
i thank everyone for letting noobs like me know witch skins are ok and the ones that arnt thank god i learned a long time ago from downloading torrents to read the comments before i download anything i hope in the long run everyones efforts will pay off and all skins on da will be safe to download
MarcoPixel's avatar
[link] - All with exes in them, comments disabled.
karmat111's avatar
thanks, he's been banned, though he's probably back up under a different name
MarcoPixel's avatar
[link] - All with exes, comments disables
poiru's avatar
Karen, I've updated the layout of the list to make it more compact. Let me know if this is OK or if you'd prefer the old one :)
karmat111's avatar
I think it's more effective when you can see all the names like I had it. If you want to save on space on the home page, could the post not be pinned to the top, but still available when you click on the red warning button?
poiru's avatar
Alright, I changed it back :) I left out the "BANNED" bit for each user, but I can add that back as well if you so prefer.
jsmorley's avatar
Just my two cents worth, but I think trying to actually keep track of the user names and skins is a losing battle. There are 2-3 new user names and dozens of skins every single day, and although it takes an unacceptably long time for deviantART to do anything about them, they do sweep through and clean up every few days (at least they have in the last week or two, but they are very likely to stop trying again.)

I think we just need to focus in and make it very clear that:

1) Never download a submission with Disabled or Hidden comments.
2) Never, ever, ever run any .exe file to "install a skin".
3) Be sure that any .rmskin is really a .rmskin and not .rmskin.pif or .rmskin.exe. For the love of all that is holy, turn off the setting "Hide extensions of known file types" in Windows.
karmat111's avatar
I would still like my list to continue as is. I think it's worth the time it takes me. To me, as the list gets longer and not deleted, it shows how ridiculous this situation has gotten and it shows dA (if they ever look)that they need to do more.

It also proves that we're not crying wolf, that there really is a 'situation'. And if they have anyway of tracking, all those names and links will show to them who(s) is actually behind all this.
jsmorley's avatar
Fair enough...
jsmorley's avatar
Oh, and

4) PLEASE use the "Report deviation" link on the lower right of the submission to report any suspicious deviation to deviantART staff. We need to keep flooding them with reports, so they understand that their site is under attack and don't get complacent.
DoctorV23's avatar
Hello Jeffrey, I just wanted to say that I really support your (and Karen's) efforts and hard work and do try to help by reporting these on a constant basis. The whole customization section has them now, although the Rainmeter section has been targeted more. I had posted in the Suggestions forum to try to discuss various solutions, noting the disabling and/or hiding of comments, but as usual, it didn’t get further than a (in my opinion silly) link to the help desk. As you say, it’s dA who is under attack.
DoctorV23's avatar
So true. Not only have they not changed with the times, but something new is afoot with usernames also: [link] fediaFedia is one of my all-time favourite artists and people on this site, so this especially nasty. I sent a helpdesk ticket on this one.
jsmorley's avatar
The real trouble is that deviantART is trying to find a solution that doesn't require changing in any way how the site works or is administered. This is the classic "Doing the same thing and expecting a different result" and is a hopeless way of thinking. There are not enough resources at the Help Desk, nor could there ever realistically be, to manage this through some kind of "user report / queue / staff review / delete" process. They will always and forever be hundreds and hundreds behind, and malware submissions will stay on the site for days and weeks at the extreme damage to our common users, and the reputation of deviantART.
DoctorV23's avatar
So true. Not only have they not changed with the times, but something new is afoot with usernames also: [link] fediaFedia is one of my all-time favourite artists and people on this site, so this especially nasty. I even sent a helpdesk ticket on this one.
ActiveColors's avatar
So many banned! Thanks that you care for our safety :)
karmat111's avatar
It's quite the list! But they keep coming...
ActiveColors's avatar
And new invasion of virus-spreaders:
[link]
[link]
[link]
karmat111's avatar
thanks, if you look in the main gallery, they are almost all gone!!! Poiru and I have been sending alot of notes to dA and they've finally listened and are checking the reports and uploads in a different way now. Yea! But we still have to be vigilant!
ActiveColors's avatar
Thanks, that you take care of our safety :)
jsmorley's avatar
You guys need to flood this submission with comments that it is a virus.

[link]

He has locked me from commenting.
anonymous's avatar
Join the community to add your comment. Already a deviant? Log In