Jump to content
Ghost Recon.net Forums

Recommended Posts

So, after linking to a Ghost Recon camera trainer, Dropbox decided that this is "malicious content" and... now hold on to your hats... has disabled ALL of my shared links that have been active for years (e.g. to GR mods here in the download section, various GR tools, etc. - about 3 Terabytes of data) and BANNED me from creating new links (they said the ban would last for 24 hours, but that was days ago).

Dropbox sent me an email announcing this, with an embedded link to re-enable my sharing privileges. That link did not work at all ("There was a problem" message). I contacted customer support via live chat, but they could not help me ("sorry, it's too technical"), "escalated" the issue to email, and gave me a support ticket. That's been hours ago, and nothing happened since. I've been a paying customer since the beginning, with Terabytes of data stored there. This is unacceptable. What a bad joke.

I'll probably be moving all my data. Dunno where to yet. 

Link to post
Share on other sites

It's a common issue regarding executable files that perform memory injections, it tends to trip behavioural analysis in VirusTotal as it's a very common component of the execution process of some of the worst malware, Ransomware uses memory and process injection to hook into explorer for example, and due to the recent epidemic of ransomware sweeping the world, hosts are taking a much more hardline approach to potential malware being hosted on their servers (except Google Drive, apparently).

I've reported the hashes as a false positive with a detailed explanation to VirusTotal, so hopefully they will work on that and stop it tripping when hosts perform regular AV scans.
I may disassemble it and run through its primary functions with them. But you can use that verdict in your DropBox appeal.

It's why I always recommend using an encrypted .7z file for any executable files that inject into memory, or executables with components that were originally coded in x86 Assembly (a bad/mistyped register operand can trip most AVs)

Microsoft offers a terabyte for free, Google Drive is also cheap and a little more relaxed.

Alternatively you could set up a home-server with NAS.

  • Like 1
Link to post
Share on other sites

I know it‘s a code injector and a false positive scan. That’s not the point. The thing is, why would they break YEARS of old links over a single new file, instead of just disabling that single file?

Link to post
Share on other sites

The primary concern there is they don't know what other 'malicious' files are being distributed unchecked, it's relatively common for malicious files to go undetected by AV scanners. It's also pretty common for accounts to be distributing cracked software etc.

It's mainly a precautionary measure and intended to be temporary until they can get more information. Both as a protection for its users and itself.

It's just a shame they've dropped the ball on the information part.

 

I'm by no means trying to patronise or insult your intelligence on the injection part, more say that Malware ❤️ Memory Injection. So a lot of innocent injection programs get caught up in the crossfire. So it's considered 'reasonable' from the part of DropBox to kill links as a precaution.

Edited by Zeealex
  • Like 1
Link to post
Share on other sites

A note about Google Drive. I uploaded Richard's FPW view executables to Google Drive about a week ago and someone notified me awhile later that the link was broken.
Pretty harsh what Dropbox has done Apex. I hope you get it sorted out.

 

  • Thanks 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...