I recently wanted to watch something a film and went to one of the first two sites listed on the Reddit’s r/Piracy mega thread under it’s online streaming section. I normally use an older laptop that I don’t care about and have no sensitive info on but wanted to stream to a projector and only my personal laptop had an hdmi port.
I downloaded firefox exclusively to use for piracy streaming but initially forgot to add ublock origin or another AV extension to the browser. When clicking anywhere on the site, a new tab would open that I’d need to close before I could actually engage with the website content (search, play, etc), which had been my experience in the past using online streaming sites. Once, one of the popup tabs opened and immediately started a file download without my permission. I didn’t open it and deleted it immediately but have recently been noticing some performance issues on my device Mostly that web pages and their content are slower to load than before and my computer has gotten overwhelmed and frozen a few times - not extremely substantially but enough that I’ve noticed a difference.
For context: I have a ThinkPad with windows 10 installed and an Intel i5 CPU. My default browser has been Opera for a few months now.
I just checked and the compressed zip file is in my recycling bin (not fully off my computer) and I’m not sure if/how it can affect my device without me ever opening or running its contents. I don’t have an antivirus background process on my device aside from the default Microsoft Defender Antivirus that comes with Windows 10.
Is there possibly somewhere I could upload the file to check for malware/scan the file to know what it does (titled “XVlDEOSs_Elena_Frost_IMG_223606” - searching for that title didn’t match anything on google)? Is there any chance the file is benign and the performance issues I’m noticing are unrelated to this situation?
TLDR: How concerned should I be about the possibility of a virus on my device from a popup window automatically downloading a zip file I never opened?
Would reinstalling my OS be the main/only possible resolution to a potential virus/worm/malware? I’d really like to avoid that if possible but many of the articles/info I can find about it have inconsistent info about risk and steps to take for resolution. I don’t know much about what kinds of risks I might’ve exposed my computer to. Any insight would be greatly appreciated!
You should wipe the whole thing. Ideally, don’t install windows again, go with a Linux distro. But wipe it even if you reinstall windows, just to be sure you’re safe.
Are you using 7-zip by any chance? There were some recent exploits in older versions that could enable an attacker to install malware when just hoping an archive with it.
Just use Linux
i love linux but they’re not immune from viruses so you should still be cautious even though it is less likely to get one
No it’s not immune to viruses or malware. Like you said it’s less likely. But also in general Linux is more safe, for root permissions it will ask you your password.
And just in general I think you’re better off using Linux.
And if they have a thinkpad their hardware may be pretty old with it on Windows 10. Linux will run better on it anyways which is another reason to move on to it.
You should use Firefox with ublock origin in the future or Brave over Opera. And also set downloads to something like ask location before downloading so it doesn’t auto download stuff without your permission.
And with you being on Windows 10 I’m guessing your think pad is pretty old. I’d move onto Linux with it being much lightrr and running better.
Opera isn’t bad on its own. There’s nothing wrong with using it, as long as you take proper steps to stay protected. And Brave is largely an astroturfed crypto scam, run by one of the scummiest techbros alive.
Windows 10 isn’t getting security updates any more so there’s a chance you were affected by an exploit either that day or a different time.
Also, uBlock Origin isn’t an AV program. It blocks ads, which may be malicious… But malicious ads are only one potential vector for malware, and being blocked won’t necessarily stop drive-by attacks. Because of the way browser ad blockers work, the ad still has to load in the background before it can be blocked, so you’re still being served the potentially malicious ads. It probably would’ve helped in this scenario (where OP actually clicked a malicious ad) but there’s no telling what other BS they picked up just by browsing.
Windows 10 is still getting security updates if you enrolled for extended security updates, which I believe my Windows machine prompted me to do (though it’s possible I only saw it when I went into update settings to manually update, rather than a desktop notification).
Thanks for the update, I’m kind i’m afraid to boot into Windows 10 on my dual boot machine, but luckily I haven’t needed to for anything.
You should wipe your whole drive and install linux, just to be safe
I second this. Be safe
deleted by creator
I mean, really, everyone should. Just to be safe.
Just to be safe.
You got your computer herpes.
What technology does this site use to stream the video? Bittorrent?
You can upload potential threats to https://www.virustotal.com/gui/home/upload
There are/were vulnerabilities that are zero click, but in this case I imagine they are just banking on people clicking it in this case. If you’re not familiar xvideos is a porn site.
I think you are probably fine as you were running windows defender. It might be a good idea to do a manual full scan and perhaps refresh your browser.
Thank you for that link! It was really helpful for my piece of mind to upload it and see the specific types of threats found in the file scripts! I’m currently parsing through some of the threats/phrases to make sure I would’ve needed to unzip the file for it to cause any harm but I really appreciate your help!
I am familiar with the concept of xvideos and assume it was titled that to be perhaps enticing (? 😅) for someone to unzip it? Regardless thank you for the kind explanation!
FWIW with virus total, you don’t even need to upload the file, just provide the hash to see if is known to virus total. The name may be auto generated which wouldn’t help much in searching, but the hash is based on the file contents.
the zip file itself might also be generated (you can just tack random garbage into places in the zip format and it’ll be ignored - which is extremely quick to do), in which case the hash would change… the file itself is important in case it’s an exploit in the unzip program itself, but also the contents of the file is important
It’s very unlikely you are infected by anything unless you were using some crazy settings or addons, or unless you were hit by some extreme 0-day exploit that hasn’t become widespread yet. Firefox does not and normally cannot execute files it downloads automatically nor are videos a likely risk for remote code execution now that we have technologies like data execution prevention built into processors, if you’re attacked by malware it will rely on some other vector or trickery to get you to execute the file. I would expect that your performance issues are unrelated, but you should also check Firefox’s addons and extensions as well as your task manager startup tab to make sure nothing has obviously been installed without your knowledge.
One thing that sticks out at me is the fact that you only mention the file’s “title” and if you haven’t already you should make sure Windows Explorer is set up to ALWAYS show full file extensions, that’s like a basic safety measure that really should be on by default but isn’t, and it’s really mandatory if you’re messing around on the darker parts of the web. You have to know what kind of file extension it is because that affects what Windows is going to do with it, and when it’s supposed to be one thing and Windows is going to do something different with it that’s a huge red flag that it’s malware trying to trick you into running it.
You can upload the file to virustotal if you want to scan it but it doesn’t sound likely that it even ran unless you did something bad by accident.
Thanks for the thorough reply! The download was a zipped folder with other files inside, my bad for not clarifying! I’m not sure how windows handles zip files compared to other file types but I’ll definitely look into that. Nothing obvious has been installed or added to Firefox as far as I can tell and I definitely checked out my task manager when my device performance started acting up. I appreciate your insight!
Windows Explorer is set up to ALWAYS show full file extensions, that’s like a basic safety measure that really should be on by default but isn’t
Drives me MAD man. Absolutely MAD.
I’d just delete the file and move on. Get ublock origin for the next time you need to torrent stuff. Its unlikely anyone is burning exploits on random piracy sites. 0 click exploits are like gold.
Arbitrary code execution is tricky to pull off without an existing exploit (or a zero day exploit).
It’s smart that you didn’t open the file, but I suspect it’s probably nothing because it would have required you opening the file for any virus contained within to execute.
Still, worth just running your standard Windows Defender virus scan on it and on your computer in general, if nothing else.
not true, there have been malicious files that are triggered without opening it when windows tries to generate a preview and such
There’s at least some difference between “have been” and “this is currently likely to happen”, since if it’s known then it would have been fixed. I’ve gotten viruses before from just visiting websites but it was decades ago and there’s no way the same method would work now.
obviously old exploits “have been” patched, but the class of exploits still exists and a NEW exploit, which is unknowable to us, COULD be exploiting via a no-interaction file download.
NEW methods are frequently invented so to say he’s safe is incorrect.
999/1,000 they’re just trying to get you to run some file.
and for fun, check out Malvertising
That’s good to know! I wasn’t totally sure what kind of attack I would be at risk for and trying to describe the problem to a search engine in a few phrases was giving me scary results 😅 Thanks!
Unless there was an exploit in the browser itself, you’re probably fine.
Windows being randomly slow is just standard Windows behaviour. When you look in task manager, there’s like 200 things it just runs all the time.
Back in the day I’d run Malwarebytes free checker. It doesn’t run all the time, it’s a one time scan.
not entirely true. if the file downloaded, windows does a bunch of “helpful” things with files… these are almost certainly benign (eg rendering thumbnails, getting metadata about certain file types) but almost anything is potentially exploitable (eg overflow in thumbnail generation code could lead to code execution just from browsing a website and then opening your downloads folder in explorer)
drive-by attacks don’t just effect the browser
with that said, it’d be a huge deal if this was the reality of the situation… it’s highly unlikely, but zero days exist, and the possibility is always real
i say this because this has been exploited in the past with exactly the same scenario: preview generation
You should def install a linux on your old laptop. if you dont want to bother setting it up then just install malwarebyte and scan your pc to be sure.
