ApexMods Posted September 8, 2020 Share Posted September 8, 2020 So, after linking to a Ghost Recon camera trainer, Dropbox decided that this is "malicious content" and... now hold on to your hats... has disabled ALL of my shared links that have been active for years (e.g. to GR mods here in the download section, various GR tools, etc. - about 3 Terabytes of data) and BANNED me from creating new links (they said the ban would last for 24 hours, but that was days ago). Dropbox sent me an email announcing this, with an embedded link to re-enable my sharing privileges. That link did not work at all ("There was a problem" message). I contacted customer support via live chat, but they could not help me ("sorry, it's too technical"), "escalated" the issue to email, and gave me a support ticket. That's been hours ago, and nothing happened since. I've been a paying customer since the beginning, with Terabytes of data stored there. This is unacceptable. What a bad joke. I'll probably be moving all my data. Dunno where to yet. Quote Link to comment Share on other sites More sharing options...
jtibbitt Posted September 8, 2020 Share Posted September 8, 2020 Strange. Quote Link to comment Share on other sites More sharing options...
Zeealex Posted September 8, 2020 Share Posted September 8, 2020 It's a common issue regarding executable files that perform memory injections, it tends to trip behavioural analysis in VirusTotal as it's a very common component of the execution process of some of the worst malware, Ransomware uses memory and process injection to hook into explorer for example, and due to the recent epidemic of ransomware sweeping the world, hosts are taking a much more hardline approach to potential malware being hosted on their servers (except Google Drive, apparently). I've reported the hashes as a false positive with a detailed explanation to VirusTotal, so hopefully they will work on that and stop it tripping when hosts perform regular AV scans. I may disassemble it and run through its primary functions with them. But you can use that verdict in your DropBox appeal. It's why I always recommend using an encrypted .7z file for any executable files that inject into memory, or executables with components that were originally coded in x86 Assembly (a bad/mistyped register operand can trip most AVs) Microsoft offers a terabyte for free, Google Drive is also cheap and a little more relaxed. Alternatively you could set up a home-server with NAS. 1 Quote Link to comment Share on other sites More sharing options...
ApexMods Posted September 8, 2020 Author Share Posted September 8, 2020 I know it‘s a code injector and a false positive scan. That’s not the point. The thing is, why would they break YEARS of old links over a single new file, instead of just disabling that single file? Quote Link to comment Share on other sites More sharing options...
Zeealex Posted September 8, 2020 Share Posted September 8, 2020 (edited) The primary concern there is they don't know what other 'malicious' files are being distributed unchecked, it's relatively common for malicious files to go undetected by AV scanners. It's also pretty common for accounts to be distributing cracked software etc. It's mainly a precautionary measure and intended to be temporary until they can get more information. Both as a protection for its users and itself. It's just a shame they've dropped the ball on the information part. I'm by no means trying to patronise or insult your intelligence on the injection part, more say that Malware ❤️ Memory Injection. So a lot of innocent injection programs get caught up in the crossfire. So it's considered 'reasonable' from the part of DropBox to kill links as a precaution. Edited September 8, 2020 by Zeealex 1 Quote Link to comment Share on other sites More sharing options...
wombat50 Posted September 8, 2020 Share Posted September 8, 2020 A note about Google Drive. I uploaded Richard's FPW view executables to Google Drive about a week ago and someone notified me awhile later that the link was broken. Pretty harsh what Dropbox has done Apex. I hope you get it sorted out. 1 Quote Link to comment Share on other sites More sharing options...
Zeealex Posted September 8, 2020 Share Posted September 8, 2020 yeah, any self respecting file hosting service will take it down once it's pinned as "malware" but Google and Microsoft won't ban you straight up like DropBox 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.