How to validate a large torrented file is clean? (lemmy.dbzer0.com)

submitted 1 day ago* (last edited 21 hours ago) by Yourname942@lemmy.dbzer0.com to c/piracy@lemmy.dbzer0.com

36 comments fedilink hide all child comments

How do you validate that what you torrented is clean/no malware/spyware? Specifically, I torrented two things:

Astute Graphics Plug-ins Elite Bundle 3.9.1.7z from teamos. *It is 678MB so I can't upload to Virustotal
Master Collection 2025 from uztracker (which is listed on monkrus's website's list of trackers). It is 37.5GB so I can't upload to Virustotal.

I'm not sure what I should to do to be honest.

Edit: Would splitting the 37.5GB file into 650MB pieces and then scanning with virustotal help? Not sure if downloaded files need to be whole for it to work properly.

This is the results from virustotal (I could only scan 4 files in the master collection without running the iso)

Thank you.

you are viewing a single comment's thread
view the rest of the comments

[-] pirateKaiser@sh.itjust.works 10 points 22 hours ago

Run it inside a VM? If you're suspicious or just worried, this would resolve most if not all of possible worries you may have.

[-] USSEthernet@startrek.website 8 points 20 hours ago* (last edited 19 hours ago)

This is what I do. I have a VM for torrents and a VM sandbox to check stuff that I'm concerned about. At the host level I disable any type of sharing with the host, no copy paste, no sharing disks, nothing. The VM only gets the storage I assign to it and once I validate then I'll detach and mount it to the host.

[-] Yourname942@lemmy.dbzer0.com 1 points 20 hours ago

Hey thank you for the info. Which VM do you use? How do you disable the various types of sharing with the host? Also, how do you validate? Sorry for all the questions, but that seems like it may be my only option

[-] USSEthernet@startrek.website 2 points 19 hours ago* (last edited 19 hours ago)

I use Hyper-V because I run server 2022 and it's free. Hyper-V allows you to disable any host resource sharing in the VM settings.

On my sandbox VM I'll scan the files then install and scan, then run the software and scan. I use both defender and I think malwarebytes. It's a lot of extra work for no gain, but I'd rather be too careful than risk installing malware.

[-] Kissaki@lemmy.dbzer0.com 3 points 5 hours ago

Note that sophisticated malware [attempts to] identify whether it is running in a VM / testbed / analysis scenario and may behave and look different between that runtime scenario and "normal use".

Analysis in a VM may not be sufficient to determine whether it is safe outside of it.

[-] Yourname942@lemmy.dbzer0.com 1 points 2 hours ago

If it detects that it is in a VM and doesn't activate the malware, then I'm perfectly okay just using the software inside the VM.

[-] Yourname942@lemmy.dbzer0.com 1 points 19 hours ago

Thank you for the detailed response. Just to confirm, is Hyper-V your sandbox VM? I used ESET to scan the files I torrented, but they look very suspicious from virustotal, but I don't really know how to parse the info - knowing if it is a false positive/etc.

[-] USSEthernet@startrek.website 2 points 18 hours ago

Hyper-V is the hypervisor that the VM runs on. Yeah I don't really know which malware scanners are the go to ones anymore. Just figure if I can get it to pass through 2 different ones ok then it's probably ok. I'm sure there's some other good ones out there. I've heard of ESET and virustotal, but I'm not familiar.

[-] Yourname942@lemmy.dbzer0.com 1 points 1 hour ago

Do you know of any guides to set up Hyper-V for this type of purpose? I want it to be as secure as can be: "disable any type of sharing with the host, no copy paste, no sharing disks, etc."

[-] Yourname942@lemmy.dbzer0.com 3 points 21 hours ago

How would I know if there was hidden spyware/malware if I ran it in a VM? (if they are smart they try to be undetected)

[-] whats_a_lemmy@midwest.social 5 points 21 hours ago

You don't, but if someone figured out how to do a VM escape surely they would have bigger aspirations than some random torrent

[-] Yourname942@lemmy.dbzer0.com 1 points 21 hours ago* (last edited 21 hours ago)

I mean yeah that makes sense, but I don't know enough about torrenting (nor tech in general) to know if something is safe/trustworthy sadly.. I feel like I'm probably better off spending several hundreds on a subscription, than more likely than not be hacked/get advanced spyware. I doubt they wouldn't prey on dumb people like me if it is easy. If I was more knowledgeable it would probably be possible to manually remove infected bits of a torrented file to make it work, but idk.

[-] pirateKaiser@sh.itjust.works 5 points 19 hours ago* (last edited 19 hours ago)

If you find torrenting and running a VM too technical, I'm sorry to say you're better off not trying to identify and remove any malicious code.

Don't put yourself down and waste your money, you can get over the learning curve for this, it's not that steep.

To elaborate, as the previous reply stated, running the cracked programs inside a virtual machine allows you to isolate an environment specifically for this usage. Configured properly (another reply went into more detail here), even if the cracked software has something malicious, it can't harm you. So you can safely ignore wether there's a virus or not.

[-] Yourname942@lemmy.dbzer0.com 2 points 18 hours ago

Thank you for the info, and for the encouragement. Yeah I am definitely going to try using a VM to diagnose the files more closely. To confirm, is a VM, (such as Hyper-V) similar to Windows Sandbox, where it effectively resets itself (new slate) each time you open it? Or can I install the torrented files in the VM and still access it if I close and reopen the VM in the future?

Also, which VM would you suggest? I apologize for appending so many questions to my original post.