FMHYedit/posts/filecr-malware.md

---
title: We Removed FileCR as we Found Malware
description: Update on FileCR
date: 2023-08-14
next: false
aside: left
prev: false
sidebar: false
footer: true
---

<Post authors="['nbats']"></Post>

# FileCR Malware

Note: The malware is not exclusive to FileCR, and we don't have proof FileCR is
intentionally hosting it, but they haven't removed it. Possible sources of the
malware include some uploaders on sanet, but it seems to be coming from multiple
sources.

Since the malware has been found coming from multiple sources, info about the
malware itself has moved to [here](https://rentry.co/big_load_malware). Check
there for technical info or to check if you've been infected.

So far, malware has been found in the following cracks, but it is likely it is
undiscovered in many more downloads because of how large their catalog is.

- https://filecr.com/windows/kms-matrix
- https://filecr.com/windows/windows-activator-by-goddy
- https://filecr.com/windows/stardock-start11
- https://filecr.com/windows/malwarebytes-premium
- https://filecr.com/windows/navicat-premium (Navicat Premium 16.2.3)
- https://filecr.com/windows/outbyte-driver-updater
- https://filecr.com/windows/jetbrains-pycharm (Premium release, you need
  https://greasyfork.org/scripts/403170-bypass-filecrypt to access)
- https://filecr.com/windows/avast-premier-antivirus

So far, FileCR has not responded at all, which is unusual as they're usually
very active and have removed malware in the past as quickly as 6 hours. Because
the malware is included in multiple unrelated cracks and because they haven't
responded at all to reports, they're likely to be in some way involved in
spreading or creating the malware. Also, some malware had descriptions
written just for FileCR, which is unusual, and the description for KMS matrix
contains lies about the activation given by the software.

## [Samples](https://rentry.co/big_load_malware#samples)

## [Am I infected?](https://rentry.co/big_load_malware#am-i-infected)
all the past year threads 2023-12-31 09:53:57 +00:00			`---`
			`title: We Removed FileCR as we Found Malware`
			`description: Update on FileCR`
			`date: 2023-08-14`
fix(posts): remove blank space on posts Closes WEB-15 2024-02-04 13:27:49 +00:00			`next: false`
			`aside: left`
all the past year threads 2023-12-31 09:53:57 +00:00			`prev: false`
fix(posts): remove blank space on posts Closes WEB-15 2024-02-04 13:27:49 +00:00			`sidebar: false`
			`footer: true`
all the past year threads 2023-12-31 09:53:57 +00:00			`---`
chore: format posts markdown 2024-02-11 15:00:58 +00:00
Fix posts typos, reformat some Markdown, and expand post authors tags (compatibility) 2024-06-27 05:06:18 +00:00			`<Post authors="['nbats']"></Post>`
all the past year threads 2023-12-31 09:53:57 +00:00
			`# FileCR Malware`

Fix posts typos, reformat some Markdown, and expand post authors tags (compatibility) 2024-06-27 05:06:18 +00:00			`Note: The malware is not exclusive to FileCR, and we don't have proof FileCR is`
chore: format posts markdown 2024-02-11 15:00:58 +00:00			`intentionally hosting it, but they haven't removed it. Possible sources of the`
			`malware include some uploaders on sanet, but it seems to be coming from multiple`
			`sources.`

			`Since the malware has been found coming from multiple sources, info about the`
			`malware itself has moved to [here](https://rentry.co/big_load_malware). Check`
			`there for technical info or to check if you've been infected.`
all the past year threads 2023-12-31 09:53:57 +00:00
chore: format posts markdown 2024-02-11 15:00:58 +00:00			`So far, malware has been found in the following cracks, but it is likely it is`
			`undiscovered in many more downloads because of how large their catalog is.`
all the past year threads 2023-12-31 09:53:57 +00:00
Fix posts typos, reformat some Markdown, and expand post authors tags (compatibility) 2024-06-27 05:06:18 +00:00			`- https://filecr.com/windows/kms-matrix`
			`- https://filecr.com/windows/windows-activator-by-goddy`
chore: format posts markdown 2024-02-11 15:00:58 +00:00			`- https://filecr.com/windows/stardock-start11`
			`- https://filecr.com/windows/malwarebytes-premium`
			`- https://filecr.com/windows/navicat-premium (Navicat Premium 16.2.3)`
			`- https://filecr.com/windows/outbyte-driver-updater`
			`- https://filecr.com/windows/jetbrains-pycharm (Premium release, you need`
Fix posts typos, reformat some Markdown, and expand post authors tags (compatibility) 2024-06-27 05:06:18 +00:00			`https://greasyfork.org/scripts/403170-bypass-filecrypt to access)`
chore: format posts markdown 2024-02-11 15:00:58 +00:00			`- https://filecr.com/windows/avast-premier-antivirus`
all the past year threads 2023-12-31 09:53:57 +00:00
Fix posts typos, reformat some Markdown, and expand post authors tags (compatibility) 2024-06-27 05:06:18 +00:00			`So far, FileCR has not responded at all, which is unusual as they're usually`
chore: format posts markdown 2024-02-11 15:00:58 +00:00			`very active and have removed malware in the past as quickly as 6 hours. Because`
Fix posts typos, reformat some Markdown, and expand post authors tags (compatibility) 2024-06-27 05:06:18 +00:00			`the malware is included in multiple unrelated cracks and because they haven't`
			`responded at all to reports, they're likely to be in some way involved in`
			`spreading or creating the malware. Also, some malware had descriptions`
chore: format posts markdown 2024-02-11 15:00:58 +00:00			`written just for FileCR, which is unusual, and the description for KMS matrix`
			`contains lies about the activation given by the software.`
all the past year threads 2023-12-31 09:53:57 +00:00
			`## [Samples](https://rentry.co/big_load_malware#samples)`

			`## [Am I infected?](https://rentry.co/big_load_malware#am-i-infected)`