Anyone who downloaded the GOG Baldur's Gate 3 release from 1337x, scan with Malwarebytes asap! - eviltoast

Originally posted over on /r/piracy (https://www.reddit.com/r/Piracy/comments/15itrip/1337x_admins_allowing_bg3_torrent_with_bitcoin/)

It looks like a bitcoin miner was included in the installer, and the admins on 1337x may or may not give a shit apparently. Scanned my pc and my wifes and found the same stuff the others mentioned.

According to the other comments, don’t feel the need to uninstall as the miner was installed separate to the game, just give a Malwarebytes scan to get rid of the junk.

  • harmonea@kbin.social
    link
    fedilink
    arrow-up
    6
    ·
    edit-2
    1 year ago

    Hey, thanks for that link! I’m really glad to have the details so I can verify for myself.

    However, with that, I can REALLY confirm this is not an issue inherent to the DODI repack. DODI’s is what I’m using and I have none of that on my system – I checked with that powershell command, then also followed along with the comments to check other files and scheduled tasks that were mentioned.

    That said, I got my download from torrentleech. I suspect a tainted version of the repack got onto certain other sites. It wouldn’t be the first time (which is why I specify trusted sites and uploaders in addition to release groups).

    • Makeshift@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      good to hear. dodi just officially denied the accusations as well:

      https://www.reddit.com/r/Piracy/comments/15ivtzk/dodi_verified_release_on_tg_has_crypto_miner/juy98il/

      although he claims integritycheck.exe is a windows process, when clearly it is also the name of that miner I linked above

      my guess is the dodi account on torrent galaxy, although verified, could be a fake and is putting in these viruses, or maybe the people commenting saying they got the virus from dodi actually got it from that hogwarts legacy crack which originally had this miner.

      either way, I always hope the community will take these sorts of claims seriously and investigate to ensure everyone’s safety