For the last month or two, my AV blocks their site because it detected a ScrInject.B trojan.
And yes, it’s the correct site (monkrus.ws).
VirusTotal also shows 4 security vendors register it as malicious.
Are these all false positives or is monkrus’s site no longer trustworthy?
Four does seem low, it does seem spot on for a false positive. That being said, you can install something like GlassWire and monitor outgoing connections on a VM if you’re concerned, which I would recommend doing so on the latest Windows 11, to protect against any malware that could infect the host machine through the VM, it is rarer alas but it absolutely does exist in the wild. You can also check your router logs and firewall software, take it an extra step and block those IPs from contacting you through your HOSTS file on your Windows machine or Linux machine, (located in different locations of course).
Use a DNS that blocks adware access, such as a PRIVATE, PAID VPN service with no logs. These DNS services usually come with a filter list for known malware hosters and IPs and it’s an extra step in the right direction for protection against a file just in case it’s NOT a false positive. Good luck and I hope I helped you make a safe and informed decision for yourself!
It shows 5 if you scan w14.monkrus.ws.
And this is Quttera’s analysis here:
https://quttera.com/detailed_report/w14.monkrus.ws
Whether there is a real problem or not, it might be something the monkrus admins want to look into in order to address it.
But if anyone else has a better understanding of what’s going on with their site, I’d love to hear it and it’s probably good information for the rest of this sub.
r/GenP talks about the safety of monkrus in their wiki: https://www.reddit.com/r/GenP/wiki/patchmethods/
Most people who claimed they got malware from the Adobe collection repack had either downloaded it from an unofficial source, downloaded from YouTube, or downloaded other pieces of sketchy software - just so happens that a monkrus repack was the last thing they installed. Then there are others who have been using monkrus for years and haven’t had issues.
In the Quttera analysis, the malicious files are from a blacklisted domain [
M.BL.Domain.gen], fv20[.]failiem[.]lv - this is a file host from Latvia. The files being flagged probably aren’t malicious, though if this host isn’t taking down malware, it would make sense that they are blocked by some antivirus companies. Especially since Quttera isn’t checking the torrents - they are uploaded to other sites.All in all, if you have any doubts, don’t install it. Check out GenP instead of you don’t really trust monkrus!
Wait how do you get a virus downloading from youtube, using some sketchy youtube download site? Yt-dlp is good right?
I probably should have specified - downloading cracked software from a YouTube video. Downloading videos from YouTube is fine with tools like yt-dlp.
Whew scared me lol. Thanks!