#🔥︱curseforge-support

Microsoft Edge

MicrosoftEdge is legitimate.

what's the name or names of the hidden files?

cool cool base on the jar scans I did looks like i'm safe

Recommend checking the github that's been posted above on the doc. Has the answers to those questions and then some, and I'd rather not spam it 🙂

So, if there is no Microsoft Edge folder in local app data, does this mean I was never infected?

run the cf tools just in case

I've run the script, does that suffice?

ran both and nothing was detected thank you eveyone for all the help

maybe but you know, if you just want to be sure

Can you link these tools please?

I look manually and used the tool.

so any word on when it will be safe again?

yeah i found out after updateing prominece that there was a virus going and that promince was infected around but luckly i think they took the update down before i updated but i ran the tool just to be on the safe side

Infected Jar Tool: https://github.com/overwolf/jar-infection-scanner/releases/download/1.0.0.0/JarInfectionScanner.zip

Suspicious Jar Scanner: https://github.com/overwolf/detection-tool/releases/tag/0.0.1

credits to: Mishka for the links

They are going through all the modpackd. Estimated 12 hrs when i read it

ty

when you read it?

Its in #news

it was posted around 12 am my time

and what time is it now

9 hrs ago

9

welp hopefully 3 more hours

Is it safe to play yet

Sry that’s what I meant

Im waiting until CF says so

I know in #📢︱news they mentioned that the scan was happening on all projects. When will we know the results in that scan? As well, are already predownloaded modpacks that have been played before safe or is it best to not run anything unless 100% sure its safe (from using a scanner)

I’m wondering what cf is gonna do to try preventing this in the future, hopefully something

Tried to launch minecraft after downloading some new mods and it keeps saying exit code: 1 or whatever every time I try to launch

12 hrs after the post was made maybe since they did mention it should take approx. 12 hrs

Exit codes give us literally nothing, look for the crash report in the folder or the latest.log

WARNING: coremods are present:
llibrary (llibrary-core-1.0.11-1.12.2.jar)
Inventory Tweaks Coremod (InventoryTweaks-1.63.jar)
OTGCorePlugin (OTG-Core.jar)
IvToolkit (IvToolkit-1.3.3-1.12.jar)
iceandfire (iceandfire-1.9.1-1.12.2.jar)
Contact their authors BEFORE contacting forge

I just downloaded OTG, does this help?

i was replying to the first part of his question

The virus?

you might grab your latest.log or your crash log

hes asking about his game crashing. not that

the main mitigation that would help here would be difficult to implement. in fact CF tried to implement it before, and had very low uptake

Do you want me to send the crash report to you?

put it in afile and post it here for others. i can try but im not the best

Paste created of crash-2023-06-07_10.54.37-server.txt, uploaded by himan.

how long will this virus thing last

so what u are saying is that any pack not updated within 48 hrs should be clean? Like im wanting to play stoneblock 2. Assuming thats safe?

No - although stone block 2 hasn't been updated in years lol

This is not true. Please read #🆘︱current-issues🆘 and #📢︱news rather than random chat information

gonna be honest. not much for me to go off here and as i said, im not the best. from what i can tell its crawshing on a server tick..... which isnt normal behavior on game startup unless you launching a world

thats annoying asf

Ancient warfare. You have almost no performance mods and 1.12.2 was terrible without them. You should test some like vanillafix or foamfix, and increase your ram used to 6-7gb

?mc-ram

That would make sense cause I have a beefy computer and rendering world chunks at low setting and 12 render was freezing my game and I have biomes a plenty and all that, thank you for this ill see if it works

It’s been 9 and a half hours from the last major update (besides the hackmd events GitHub). Has anyone heard any updates?

They said it would take about 12 hours to scan stuff

2.5 more and counting…

Still no good, should I just redownload the pack or smth? That is a lot of progress loss

Post which things you did in #🧱︱mc-other-help

im not gonna claim to be a code expert, but it seems to me that its trying to load something that doesnt exist

Which mods I addeD?

and ice and fire seems to be the one doing it, so maybe reinstalling the pack its in or just that mod?

Nah I just double checked and I have em all, the game ran before I added the mods tho so idk

That could make sense cause I logged off the game while fighting a dragon from that mod, ill try it

ahh it didnt work

this line in particular sticks out me as maybe trying to load something it cant find: com.github.alexthe666.iceandfire.patcher.IceAndFireRuntimePatcher
GL info: ERROR RuntimeException: No OpenGL context found in the current thread.

I just deleted it along with the mods I downloaded and it didnt work, ill open the crash report

Even spigot is now at risk which is vanilla lol

Please use #🧱︱mc-other-help for Minecraft game support questions

Ok so I deleted OTG but everytime I load the game OTG_Core comes back as a file, I think that might be an issue

so it might be trying to load something from otg, but cant since you deleted it and then it gets stuck

I mean it doesnt work even with it installed so idk

like i said, i dont claim to be an expert, just someone with some ideas as to what it might be

so anything?

hey when did the malware concern start? like when was the first report or when cf caught it

evidences shows it is 2 months back iirc

Modrinth mods are all safe correct? At least anything new

i think it's only curse forge that was affected

guess ill be by myself then lol

see #📢︱news and #🆘︱current-issues🆘 for current information

Stuff like shaderpacks and texture packs are safe to download right? It’s just Jars im pretty sure

can you manually add mods/etc that you have into curseforge (sims 4) instead of having it scan? also, how do I know if it is scanning?

Yeah

If I haven't updated a modpack in a month or two, would it be safe to launch? or should I abstain from modded altogether for the moment?

Is there a way to see when u downloaded a mod pack

just go into the files and look at the date, that should be when it last updated (not downloaded I dont think so no)

So no way to check when I downloaded a pack?

im no expert but I dont think so

read news

Just cope without modded for a day or two

how do i run detection tool on mac

so i need help. anyone online?

Im convinced OTG is a virus, I deleted my profile 3 times now and every time i launch the game it comes back

Mac is not currently at risk, so there's no detection tool for it

https://tenor.com/view/no-sad-frustrated-no-way-yell-gif-17334973

so is it safe to launch modpacks if the tool found no malware(i want to run sevtech ages if that matters)?

https://github.com/fractureiser-investigation/fractureiser/blob/main/docs/users.md#im-not-infected-now-what

This answers that question see section "I'm not infected, now what?"

thanks

Hi, I have enough points, but can't checkout, cause button is inactive.
What is wrong?

if nekoscanner just says done scanning are you safe

i keep getting this when i try to play a modpack from the curseforge launcher

I didnt see Microsoft Edge (or even MicrosoftEdge) does that mean Im fine(-ish)?

ran the scanner too, said Im fine, just wanna make sure

Download the cf scanners put all of your mods through the web detecter and be wary

oki, thanks

can someone help me with this, i tired reinstalling java, idk whats wrong

Quick search says it's because of outdated mods. Most likely what happened was one of the mods used had a dependent mod that was removed. Read #🆘︱current-issues🆘 to see why it may have been removed.

that screenshot contains no useful information other than 'minecraft broke'
please use #🧱︱mc-other-help for game problems

do i need to take every step or just step 0

it doesn't take long, just do both

So i am 100% safe

Is CF done with their scan yet?

I would say no until we hear more in #📢︱news

If you didnt see another Post then no

Use the new jar scanner too

yeah i did

The jar scanner scans s0, and the detector scans stage 2

where is the Jar scanner located?

yeah i did the other one too but i only did one profile folder because the other folders i didn't download things in years

Also in the help article

https://support.curseforge.com/en/support/solutions/articles/9000228509-june-2023-infected-mods-detection-tool/

not the one from hackmd but the other one

So what’s next after the scan completes? Is it safe to download anything again and then work on preventing this will set into place?

I would assume after they scan all projects we'll get the all clear. They'd then I assume be scanning new projects/updates for this before they get approved

Rly hope they think of something good to prevent this type of thing from ever happening

you need to wait until curseforge disinfect everythng

I would think the lesson to be taken out of it, is verifying mod updates needs to be more strict and check for more malware

Bit there are a whole lot of new people in this server x

I wish modding wasn’t such a game of trust. Or that the internet was less of a horrible place but that’s never gonna happen

Yeahh but why can;t everyone be nice and not upload malware

There will always be people who want to harm others for their enjoyment/profit, don't know why but there will be

Idk why i never bullied some one or something i always been kind and i dont get it

I believe anything like that is all just mental illness, wires crossed in their brains. It’s human instinct to care for those around us

I don't get what people think they'll get out of doing things like this, they'll get caught and get in legal trouble and all they've really done is cause a little inconvenience for a day or so

Nice said

I wonder if Curse is gonna take any legal action against the person who did this, if they’ve even been identified

there stands i dont have malware but still a little bit worried xd

I'm sure once they are satisfied wiht the safety of the projects they'll start going after the person involved

and luinar client and badlion client are safe?

Yeah same, scared something is just lurking waiting to activate

is curseforge safe to run right now?

I wouldn't

shouldn't do it yet

Probably not until they make an official statement

alright ill wait thanks for the heads up

yeah but should i scan badlion and lunar? because i only did my last used / updated modpack all the other modpacks i made years ago i only scanned those

see #📢︱news and #🆘︱current-issues🆘 to learn what the current status is and what the situation is about

I’d scan anywhere that has a .jar file on your pc

We should get an update soon, it's been a little over the 12 hour estimate so should be soon

yeah but don't know how i can scan lunar and bad XD

Just paste the directory they are in into the JarScanner

So basically we are waiting on an official announcement on the results of the full scan of CF ?

They are probably waking up soon-ish, as they are located in Israel. Unless some poor bastard stayed awake the entire scan procedure.

I noticed that the bad projects list got updated overnight, so someone may have been there. But yeah, it's I think 8:30 ish in israel rn

probably some one did

But my guess is that #📢︱news and #🆘︱current-issues🆘 will be updated, when they have more information. :)

Ofc

yeahh true

oh cool didnt know they were located in israel

me too

Always a good fact to know when you want to know about pack approval, especially as work week is Sunday - Thursday

1 good thing about the whole malware spread

i went to this discord lmao and now i have a new fun discordd xd

no meme channel tho :(

Troubles bring people together.. or something like that :')

Something along those lines

Time for me to focus on some work at my dayjob. Have fun and hope it all gets resolved soon!

I’m in like 5 new discords lol

Nicee

well back to jedi survivor until i hear something

Is it fine to Play lunar

#📢︱news

does anyone know how long it takes to wait for a file to be public on a modpack

Currently all approvals are turned off/halted/paused.

likely yes, but iirc lunar auto-updates so it could have stage0 but im not too sure

are all the c&c servers down

Or you could use an antivirus xD

I think its torchmaster (wrong channel, Sorry big champs)

i dont see Microsoft edge and the scanners didn't scan a virus so i dont have it? But i couldn't scan all the jars but i did most of them

as long as theres no space then your safe, but do the rest just in case

dont want to risk it ya know?

So are all of the files on the website currently scanned? It said 12 hours on the #📢︱news post and now it's been about 15

around 12 hours

So could be a few more hours.

Not 12 hours exactly :)

Oh okay, I just didn't know if anything was said and I just missed it or it wasn't in news, thanks

Oh, it does say "around" in the news post.

But hopefully it'll get sorted soon.

Yeah it does, I just assumed I missed it or something. I assume we'll get a ping or something, thank you

Yeah, there'll probably be a new post in #📢︱news later :)

Don’t think I downloaded anything new from curseforge- nor did I update anything recently to my memory- but just in case I did a full reset on my laptop- and then ran the provided scanner- and it said it didn’t detect anything. Is that enough, or should I try the jar checker just in case?

Where does the CF launcher put its forge-injected jar files for Minecraft? I’m trying to find the datapack content added by forge.

hey getting this error while trying to update a moddpack

check #📢︱news

cant see anything related to that

which part should i check ?

if that's minecraft related its there

it says there was malicous file uploaded etc but what this has to do with me unable to update a modpack

yes because they're preventing people to update mods packs because malware. Please read all the 3 news recently

oh didnt saw that and i was able to download new packs so didnt think it was related to that okay

updating still falls in line of downloading, you're just downloading a new version

ohh i fucked up i reinstalled my pack bc i tought it would fix it and i cant downlaod it again rn lol

after i remved the mod first aid i can't regenerate health
how can i fix it

you should ask in #🧱︱mc-other-help

It explains what to do on the mod's description page

arleady done

that timing

oh ok tysm

curseforge and overwolf dont open

it shows them loading and once it finishes nothing happens

dont know if this needs to be in minecraft support but it seems to be related. opening mods from curseforge. then opens minecraft but it closes out the application. the mod would load but then shut down

So I always get the same error code when I try to install modpacks but its in german tho "Fehler bei entchlüsslungsvorgang, siehe interne ausnahme" But I dont know how that translates correct in english and when I create my own custom profiles it cant launch the game because I think it said that it cant update the native launcher

hi quick question
in perhaps the most unlucky thing ive ever done, right before this whole malware thing came to light, i was like "huh, i wanna get back into modded minecraft" (after not playing it for like a year)
i downloaded the Better Minecraft .zip file, but then got sidetracked and never played or extracted it
i believe that Better Minecraft is one of the infected modpacks
i ran the prismlauncher script to check for the malicious files and it came back clean, but i'm still a but nervous
am i in any danger if i never ran or extracted the infected modpack?

Have you run any of the detectors provided by CF yet?

I have an issue whit shields in my description, when I use a shield containing a base64 image, it doesn't render. It does when I just open the shield link in my browser. (shields using shields.io)

um no, where can i find those

#🆘︱current-issues🆘

alright i think im good
both scans gave me the all clear

short question, I used the overwolf infection scanner and scanned \curseforge\minecraft
that was the right folder, wasnt it?

hi, yesterday I did the scan to search for scan 1, 2 and 3 and there was nothing, so I uninstalled curseforge for the time this issue is been fixed but I didn't scan for stage 0, is it to late to scan for it ? and even if I uninstalled curseforge is there a chance for me to be still infected by stage 0 ?

unless you ever downloaded mod files elsewhere that should be the right one
i scanned my Downloads folder too just to be safe

ok ty

@sage mantle very sorry for the ping it's because I'm not sure

honestly i know nothing about minecraft (i'm Sims 4 support), i'm just acting as crowd control right now. the best i can do is direct you to #📢︱news and #🆘︱current-issues🆘 and hopefully a staff member who's more knowledgeable will answer you when they're free.

okay thanks for the reply

no problem! sorry i couldn't really help.

don't worry in worst I will try to do the jar scanner on all my computer

good luck!

Wait you can scan for different stages of the program?

jar scanner detect scan 0 and tool detector stage 1, 2 and 3

So I did a refresh windows. All apps are gone, and I have to manually download and install them back later. Do I still need to use the tool to check if ive been infected?

I mean it sounds like at that point you probably deleted the infected .jars if you had any, you could probably start changing some passwords

okay thanks

If you have default minecraft installed you could also maybe check that

That seems excessive

Honestly I might do the same, I kind of want to reset my PC anyway

Thats why i did it

is it safe now to download/update mods as long it isn't on the cf list?

I am pretty sure that's what they said in news

okay

thanks

after stage 2 runs are any of the files for stage 2 deleted? Ive run the stage 1 and 2 detectors before and ive run windows defender

like could it be infected with stage 3 and are there any signs

same question

lmao 5am trying to sleep but slightly preoccupied and worried so yeah theres that

i had the microsoft edge folder but no sign of the libWeb file even with hidden files off

iirc, i dont think it deletes itself

IS IT SAFE TO USE CURSEFROGE NOW ?

read it fully
#📢︱news message

wait until like june 10th or smth

so my process so far:
wake up yesterday and run the stage 1 and 2 thingies
start safe modpack
close
run things again + windows defender
now it is 5am
am i safe to assume that i can get some closure and sleep without worrying about me coming back to something bad?

your safe as long it doesn't detect anything

Great, thanks

idk why but this makes me paranoid irl despite the fact that its an internet thing

wdym it was like they will take only 12hrs to complete it and they will update it in #📢︱news and they did it

just precautions dawg, better safe then sorry

they might have smth up their sleeves, i doubt they didnt plan for this

ok

and if i am using clients like lunar or badlion then any problem ?

those are nonmodded clients so probably not

so it's safe to use them wt abt feather cuz there are mods in it

same seeing stuff like the fake Microsoft Edge folder is so insanely creepy

its a complete breach of privacy and its scary, as if someone else is living in your house without you knowing

is it safe to use Feather Client cuz it seems as if they are modded idk...

i believe feather uses the curseforge api, so still downloads stuff from cf.
because cf is clean now feather is also safe, provided they dont cache any mods
read #📢︱news for more information

k so minecraft is safe we can use curse froge or any mods right ?

yes

Hey so just wanted to report that jar detector gets detected on virustotal, nothing much just an false positive prob.
https://www.virustotal.com/gui/file/ff42deb398f8df0e53f26259014083769c430bdd5e65c5a344e77d9f36e74eb7?nocache=1

k thx 🙂

okay so, if i had the Microsoft Edge file i have and presumably had stage 2 and 3

or is Microsoft Edge just stage 2 ?

Are mods safe again or is the malware still being spread around?

where do I find minecraft CF files ?

in your user folder, and then curseforge

u can find all information regarding that here -> #📢︱news message

thanks, how long does it take ? (approximately)

how long does what take?

the scan, sorry lol

not long

Why does my curseforge not open

can u give more information ?

can someone help me with this? (you can ping me)

My cursforge simply doesn’t open. I click it and it shows the launching curseforge pop up and once it finishes nothing happens. Same thing happens with overwolf

i think someone got the same issue a while ago he fixed it with reinstalling overwolf

I’ve tried that

I even deleted overwolfs file and then reinstalled it and nothing happened

mhhh weird question but did u restart ur pc xD ?

Yes

Multiple times

do u use windows ?

If I downloaded better mc about a week and a half ago is it 100% that i got the malware? I havent played it in in a few days last time i played was before the announcement of malware

it was all the way back in april already

u should still check with the detection tool ... u can find all the info regarding that in #📢︱news message

honestly just check to be 110% sure, cause these things can be tricky ://

its not 100%, just do the scan and if nothing pops up you're fine

how to update modpack version

Yes windows 10

Okay thanks

try to close all curseforge and ovelwolf proceses in task manager

is ur windows up to date if not make sure it is ...

so they said everything is solved like hour ago, but my uploaded mod files are still stuck on processing... so when can i expect them processed ?

it is true that curseforge are safe finally?

u can find all information about that in #📢︱news message

can a me downloada any mod and live now?

yes just reinstall all the modpacks and use the detection tool just to make sure but there are no cases in which user got infected with the current security measures by CF...

aight bet but it should be fine if i download new mods and whatnot right

yes but just to make sure use the detection tool right after that

what folder/file do i have to search up in this spot

any folder that you have .jar files in

cbf fuck it we ball

the scanner gives me a warning when i try to download it

using prism launcher rn to download/import should be ok right ?

Screen shot?

So now guys everything is safe and we can download mods?

Yes, follow the instructions in the linked attached in the latest #📢︱news update

I haven't used my laptop for 1 month and at that time I had installed bmc on it. When I found out that curseforge was hacked, I reset my laptop without opening it. I also had norton antivirus on it. Is it possible that my laptop still has malware?

just use the scanner tool

Is the curse forge hack fixed ?

Yes

Wait really I deleted all my big mod packs for nothing ?

No old files maybe has malware but now you can download mods

Sorry for the disturb but if we have a MacOS are we completely safe?
Isn't there a way to ensure that the mods we have already downloaded are malware-free?

there are no known cases were mac user got infected so u can say ur safe

Ohhh ok Alr thanks but another stupid question I downloaded a vr modpack with a lot of optimisation mods and yung’s better mods is it safe ?

I scanned my uh Mods folder a bunch of times with the detecter, they all came back negative i should be fine then?

yes just to make sure use it every time u download mod(pack)s

Alright thank you :)

Isn't there a scanner tool available for Mac too?

i dont think so but mac is not affected so there was no need for that ...

i deleted all of my minecraft files yesterday Is there still a reason to use the jar scanner?

am i fine to play curse forge?

pls read #📢︱news message

yes you can

i did what i understood was i can but i just want to make sure

and can download any modpack on there right?

Moreover, I've read that the mod When Dungeons Arise has been infected and even fixed, but it seems there is no update available. I've download it for Minecraft 1.16.5 Forge around the 23rd August 2022.

Just watch what you download

to make sure just use the detection tool after u downlaod mods then u should be fine

aight thanks ❤️

Do u guys know if dawncraft has been infected cuz I want to play but with the recent infection issues, idk could someone check if they have the free time?

You check 💀

Is this safe or I should discourage people from downloading this old modpack of mine?

u can use the dedection tool to make sure its safe ...

dont download from mod list they have

but there are no cases in which user got infected with the current security measures by CF ...

hey guys..? (thats the .zip curseforge sent us for the malware detection)

when i download the jar infection scanner & try to open it opens this a file with a folder "release" in it any idea what i should do?

extract the folder anywhere, and then run the program

How long should that scan tool take to run that was way to quick

guys are we sure that the scan tools are legit? it showed up in virus total and im somewhat concerned to run it

im kinda in the same boat you know after running it that was an instant...

what if it was cf what got hacked and not the mods...? what if we are all downloaded a maassive virus

It's fine. It's a false positive mainly because to find the infected files it has to know what to look for

It takes time for anti-virus signatures and things to catch up when things are caught

The admins have confirmed none of the accounts with admin/mod priv havent been hacked

yeah but if they were behind it wouldnt that be exactly what theyd say??

safe thing to do would be deleting it afterwards for sure

It doesn't take that long for the scanner to run either running fast is normal

so wanna make sure if i get this right i can play minecraft mods as long as there not on the affected list ?

No. The owner himself has even confirmed that none of the admins accounts were hacked its in #📢︱news

true, but if it runs something else in the background thats an immediete L thousands of people have tkaen

Are zip files infected?

Just .jar files

how can i find the jar files?

If you don't trust it there are a couple open source tools where the source can be inspected

omg im soo lucky thanks to god i had so panic

Bro doesnt want his p0rn files corrupted

Thank you

this is very true tbh the safest thing to do is air gap your pc and wait a week for this to go to other scanners download a scanner on a thumb drive then check but not everyone can do that

My data is too important for me

Hey quick question! If I haven't played modded minecraft for like 4 months (I played in January), and especially didn't update any mods, I should be good?

His 2tb of furry porn doesnt need to be corrupted

what you really need to worry about is the passwords itl grab

https://github.com/overwolf/detection-tool

Jup

so just to be clear i can play minecraft mods as long as there not on the affected list

Imagine the true virus was the scanner and everything up until then was just to get more people to install it 🕵️ (conspiracy theory)

This is the source code for the tool used by curseforge. You can inspect to your hearts content.

its been stuck like this for a bit is this ok

Pretty much

?

I need help plz 🙏

problem is safest way to run this is run it in a virtual machine but we cant or its useless..

That's an error. This running as admin? It's saying it can't access the needed directory

if u want to be sure u can use the detection tool on every instance u want to launch ...

im sorry but there is no way in H E double hockey sitcks that i dare to run this as administrator

hey guys, i ran both the detectors, and the specific folder on was ran in each folder containing mods, plus i had never downloaded any mods from the list in the article. Am i safe to play?

Then the tool doesn't run. As I said the source is open to be inspected. I understand paranoia, but if you won't trust the open source tools put together by the community and CF then there really isn't a way to confirm 100%

That's for scanning jars aka your mod folder for the mod packs

If it found nothing yes

and such is the paradox of being terrified of viruses, cant trust i havent got one, cant trust the antivirus isnt a virus, just one big loop of me being scared. but ykw frick it im gonna run it and if im infected from it ill die laughing knowing ive at least gone down with the ship

lmao were the same, I'm scared too

imagine later today we all just begin seeing cmd prompt appear

Welcome to the cybersecurity space my friend. It's all about risk management.

more like cyberparanoia and panic attack management

You're scanning the wrong thing...

https://support.curseforge.com/en/support/solutions/articles/9000228509-june-2023-infected-mods-detection-tool/

Please reaaaad and follow instructions

Anyone?

yeah i would still scan it, as its possible for last 4 months ive heard, but you should be good most likely

Run the scanning tools. Should be OK after

Everyone is shitting bricks over this istg

Alright. Time to boot up ol' reliable

That's what happens when you breach security 😛

I'm also paranoid but I rather take the risk of not being at risk with a bigger risk.

If anything, with it being open source, it would be a smaller risk not a bigger risk the bigger risk is leaving it unverified on your machine

Do the detection tools provided on the curseforge support page work for Mac? (I know the malware doesn’t seem to work on Mac, but I’d still rather not have stage0 on my system)

Exactly.

just run the tool they made

just reset ur pc if u are that scared ...

yep, thats why ive already deleted it and cleared recycle bin, however you do know that it is very hard to actually fully wipe a file or folder. even clearing recycle bin means it still exists, its just marked for deletion and cant do anything until its overridden by other files you download in the future. at least thats what i know, dont take my word for it probably bc im dumb sometiimes.

So the detection tool doesn’t work on Mac?

You are partially correct lol, but you are talking about a forensic analyst or a professional drive recovery here lol. This malware is not at that level of sophistication. And if the tools tried to do anything malicious, we would know, as the code can be inspected

(I am an information security major so)

What do i run on the stage 0 detection tool?

there is no need to bc there are no cases were mac user were affected ...

Ok thanks

@celest lantern what should i run on the stage 0 detection tool?

!noping

sorry gang but i need some help

!patience

all i need to know is what should i run on the stage 0 detection tool?

wdym ?

its asking what files it should run

all java files u think could be infected

well i deleted my mods folder yesterday and i think i deleted .minecraft too

oh damn

why your entire .minecraft folder

idek someone here said i should do it

if it includes .minecraft, never listen to them

For the check with the jar scanner I searched the entire curseforge file, if that's clear too am I good?

i'm not infected i ran the scan on all my files

the detection tool isnt running. I'm on linux. I downloaded the linux version and set it to execute as program. But it still does nothing whe I try to run it

I think I stumbled onto a suspicious mod update, the changelog says "IMPORTANT SECURITY UPDATE * This fixes an important security issue, update asap. The issue will be revealed in 1-2 months.". It feels like they want people to update quickly but won't say why (1-2 months ? Thats weird). Could it be that the modpage has been compromised AFTER the global check by curseforge ? It's Global Packs by JTK222

I don't know if there's a curseforge personnel that could check this out

i got the first tool to run but now i cant find a linux version of the second tool

Did I understand it correctly? I can now safely download new minecraft modpacks without a risk of getting infected?

can i ask about uploading mod to curseforge?

There is always a risk in general, everything you download in the web can be malware - for now no projects are known to be affcted and online on curseforge so try it. I would be always save and make some scans with the tool to see if anything get detected

how do i put my mod pack into the jar scanner?

this is my first time uploading mod, my mod is approved but when i tried to open it on a browser not logged in, there is no mod file and i noticed that there is a "proccessing" status, does it mean that i will have to wait for my mod file to be appear, and if that so, how long does it usually take

you just need to install the scanner and scan ( #📢︱news) , no need to select a folder.
You can also look into the list for affected mods, when you have installed one on the list it is possible that you got affected

yep can take time also bec the malware issue

!status

any help?

The other scanner you click browse and then select the mods folder of your instance and then scan and it'll look through all your mods for infected files

k

yep

oh thank you

so im clean? im good to boot up my save?

where did u download that scanner?

from the link in the news channel

check the #🆘︱current-issues🆘

so im all good to play again?

can we download mods from forge now?

I wouldn’t recommend

im still a bit nervous lol

alr

why ?

u should be fine if u reinstall all ur modpacks and use the detection tool before u start a mc instance ..

ok

Ok

also if u use the Curseforge App u will be a lot safer instead of downlaoding the mods from a website in the internet ...

can't i use curseforge website?

thats also fine but try sticking to offical websites

of course

Hello I have a problem here when I add a version of my modpack it's taking forever to Processing

where is the browse?

on the right side of the bar

Yeah i know, but i can't find it

is the right side cutted out ?

It is

can you not drag and resize the window?

i'm trying but nothing appears

guess i have to manually write the name of the files

try to restart the app or computer ....

just copy the path of the file location needed, then paste it

This virus isn’t detectable from most antiviruses

there is an problem in the button layout. that's the problem

oh thanks

no infected files found in all my modpacks

..

sorry, i can't help you. but i'm sure there is someone here that can

sooo two hours later my uploaded files are still stuck on processing. Can someone fix it ?

Redo the process

how? cant find option to delete them

checkbox next to the files is also greyed out so cant archive them either

given the recent malware outbreak, I'd imagine that the processing for uploaded stuff to their site has gotten more thorough

well dont think it now takes 4 hours instead of 10 minutes like before the outbreak

There is a large queue, so yeah it's gonna take a while

ah makes sense but would appreciate some info about it

Noted 🙂

Huh, I was sure they posted something about it.

They did, in the dev server

Ah. Right. x)

I need more caffeine

A neverending battle

!status This is bec the malware issue, may can take time

is there any new info on a linux version of the jar scanner? Nickel said they were looking into it

im safe

wait i didn't need to run the modpacks one by one?

i dont know

where can i find my curseforge mods in my files to scan them

i just scanned my curse folder

i'm just scanning again to be sure

nothing here, its time to scan my second folder

do i have to turn on assembly binding logging?

all paranoid i think me too i scan every time before and after i play minecraft

i'm the safest in the world

also no need to worry, i didn't update this no chat reports

But if I didn't know that my file were a virus what well happen?

you mean if you downloaded an file with virus?

You've probably already scanned them all, but you could just go to the folder with the mods you want to scan then click the icon on he left as seen here and it'll highlight the exact path you need to take to access that folder so you can just copy and paste it

false trojan?

i already found out this

No I mean like if I add a mod that had a virus and I didn't know about it what well happen?

I have a powershell scanner if anyone wants it, works wonder against the virus

stage 0, it may update to an stage 1. but looks like stage 0 and 1 are dormant

Typical times between new Minecraft and new Forge release?

imagine being able to scan. cries in linux The jar scanner only is for windows

I keep trying to make a Minecraft Modpack for me and my brothers to play but I keep getting an incompatible modset error... all the mods I chose are 19.2 and fabric so I have no idea what is incompatible and I can't understand what the error message is saying other than something is incompatible...

Anyways so from what I understand after reading the most recent message in #📢︱news is that it's safe to download mods, modpacks, and bukkit plugins off of curseforge again. Is that the case?

can someone help (you can ping)

But if was stage 2 or 3 what well happen?

There are no cases in which user got infected with the current security measures by CF
although that dosnt mean the problem is 100% solved, but it should be save to play modded Minecraft rn
if u want to be even saver run the detection tool before u launch any instance of minecraft
the detection tool and a lot more information about that in #📢︱news

Youre password information would be stolen and a cryptominer would be installed on your pc

Ok good, thank you

put your error in a past bin and send it here

That's is really scary

what is a past bin?

i was trying to find an image of what they do since i forgot, but yeah its what evan said

oh there it is

just a site to upload large amounts of text

Is curseforge safe now

this? https://pastebin.com/qMFZ8szm

yes

There are no cases in which user got infected with the current security measures by CF
although that dosnt mean the problem is 100% solved, but it should be save to play modded Minecraft rn
if u want to be even saver run the detection tool before u launch any instance of minecraft
the detection tool and a lot more information about that in #📢︱news

I have downloaded many mods and modpacks in the past few months, but how long ago do you think they were infected?

"here are no cases in which user got infected with the current security measures by CF" oh dose this mean the only mod packs with the infected files were downloaded directly form the website or third party sources?

a few weeks according to the news

Okay thanks

Im talking about the current(present) after the measures by CF...

Mac users should be good to go right

yes

there are no cases in which mac users got affected ...

What I thing is happening is that for some reason fabroc thinks magic origins doesn't have a version specified. If I am write you should ask the mod creator about this

Yea..i still cant help being paranoid about it tbh

can i finally play minecraft 1.20 with no worries?

vanilla or modded?

yeah, the news said that even vanilla was unsafe

What's the current status of processing resource pack updates?

it isnt

ok thanks

sry deleted the message but what id said was true

Well thanks for the tip

no problem

Yeah ik

that seemed to be it thank you!

Why does it say when I download the second jar malware scanner on curseforge’s support It says not download commonly

everytime i try to start a 1.19.2 forge profile on curseforge it shows me the error: an unexpected issue occured and the game has crashed. We're sorry for the inconvenience.

Exit code: 1

How can i fix this?

!mc-installfix

try what the bot says

ill give it a shot

So is it safe now to download mods from the app?

You can find that answer in the TLDR of the latest #📢︱news .

how do use fab on 1.20?

Does. This malware infect other staff such as documents, files etc???

anyone know if the banned mods will be coming back in any way

Not sure what the malware does exactly to your game/pc but while playing with random keys seemed to be pressed without me doing it. perhaps just a bug of the modpack or..
I did a test yesterday and it said nothing was found so x.x

Alright, Im sorry if this question sounds dumb, I aint the smartest on tech, but am I still safe to enter login info to overworlf so I can access privacy settings?

ive followed everystep of the bot. however its still giving that same error

help i need plz

Can someone help me with shields.io, links containing a Base64 image don't render for me on curseforge. It works anywhere else (using markdown)

the malware is in the mods, not in curseforge itself, so it should be fine

k ty

Command and Control for it is down at this moment, so for now unopened files are stuck at stage zero. From #📢︱news , run the malware checker to make sure it isn't installed, and if no malware is detected download the jar file scanner and scan all your mods for dormant stage 0 code. If any files are detected, delete them. Once they're all off your computer, you're safe to play minecraft again, as all infected mods were taken down

it's now okay to download and play mods, just make sure you don't have any infected files on your computer first

with the mods taken down, you're at no more of a risk than you were before, just due to the nature of modding you always can potentially download something malicious, that's why you've gotta be careful what you download

A bit late, but no, it was not compromised (And I checked my system for the malware). Just bad timing.
The security issue has been reported Tuesday morning to me, and I fixed it right after work.
The exact issue is kept secret for now, because it's really easy to abuse even without any technical knowledge.
The tldr; users of older versions, are under the risk of others being able to play with their MC accounts.

I know this might not sound really trustworthy, but yeah.. there's nothing I can really do besides telling you the above.
Also 1-2 months were maybe a bit far fetched, I was kind of panicking that this issue existed since 1.18 and no one noticed or at least reported it to me. More likely to reveal it in a week or two

this person in a server im with keeps saying that inventorypets is compromised, but isnt sending screenshots of where he found it. is that true?

curseforge made a full scan of every mod hosted on the site, and infected mods were removed. You can find the list in the article in #📢︱news

thats what i told him, thanks

if you're suspicious of a mod, you can always use the jar scanner on it

how would someone know if they had stage 3 btw, was curious abt that yesterday

the malware detector should detect all stages past 0, if the malware detector comes positive, then you have stages 1-3

im fine, i did a complete windows scan and i did the detector, im just syaing hypothetically. and i thought i read that stage 3 cant be seen?

I don't remember seeing that

i think it was someone in this server that said it, which makes sense why it probably isnt true

If you're worried about it, you can just change your passwords

also, i wanna add two mods to my server later, fairy lights and gravestone mod, i should be safe to do so right?

yep

just make sure that your server has no malicious mods already ofc

Ah alright ! Yeah I can see the misunderstanding now, glad it's fine! Thank you for replying and letting me know !

I somehow have 0 malicious files

how did you find out

the jar scanner tool

i just scanned all my modpack's mods folders

where is the jar scanner tool

download can be found in #📢︱news

thx

could the virus have spread to other sites/programs? If for example a developer of a java program dowloaded an infected file and updated the java program he is making on his website. Would this download contain the virus?

theoretically

you should just be able to use the jar scanner tho

I've checked, and the scanner will scan non minecraft related jar files

i dont see the jar scanner in news

ok i dont want to be annoying but do i just choose one of them : detection-tool-console-0-0-2-win.exe and the detection-tool-0-0-2-win.exe to use?
I open the console one and it closed it self

thank you

How do I use the stage 0 jar infection detector? It's currently packaged as a zip file.

unzip & run the .exe

i'm pretty sure that's what i did

guys the detector tool on the news channel is the 0-0-1, where is the 0-0-2?

in github

ok thx

https://github.com/overwolf/detection-tool/releases/tag/0.0.2

i just dont understand the differences between console one and the gui one

im trying to play on mc 1.19.4 through curseforge so i can add a couple of mods i need, one of the mods is sodium/rubidium/optifine, anything to boost the fps really, but i cant find any of them

What the recommended memory usage to put for a mod that has 200 mods

👍

console are people using command windows with no gui

pls help

Sodium isn’t available on CF and is for Fabric, Rubidium is and is for Forge, OptiFine is on its own site

Im running into this problem where mods themselves support the verson im modding but the dependencies dont support the same version. What should I do? (if there is anything I can do)

I think my pc just broke after downloading a modpack

i doubt that. more likely you found one who had their dependency removed from curseforge or the dev did a goof. example?

bump

YUNGS Better Mineshafts. The mod itself supports 1.12.2 but YUNGS Api only goes down to 1.16.3/.4

Squizzle answered you just a few messages above.

I thought packs was safe to download again clearly not

The malware would not break your PC

Well it clearly has considering it’s been running fine until I downloaded that pack

Well, then could you elaborate what broke?

i don't think it actually has a required dependency in the 1.12.2 version

My whole pc I can’t even boot it up no more it black screens

I will try it

Nvm the pc is running

But extremely extremely slow

I should just search for .jar files in my search bar right, if im correct they're all in my forge folder but idk if they are anywhere else

you were right! thank you!

If you're concerned, run a virus scan (e.g. windows defender)
And additionally you can run Overwolfs checker linked in #📢︱news

any client modders other than curseforge, there are some mods that i cant find on it

Mods such as

sodium, or literally any other mod for 1.20

1.20 is brand new, Sodium is on Modrinth

ok that helps ig, thanks

Not every mod is immediately available on 1.20

i mean when it was black screen i couldnt and its fine now just needed to put some compressed air in and its fine again

are there any compromised texture packs on curseforge?

texture packs don't use jar files, so atm they're fine

thank you

Am i safe from the hacked files if i haven't used curseforge since the 4th of may?

same for shaderpacks

Hi is it a problem that I downloaded patcher yesterday?

use the scan tools in #📢︱news

i downloaded BetterMc mod this week and am now seeing videos about it being a virus. How can i check?

i just had some random mod called "Its Raining Ores" show up on my CF mods list for a second and when i clicked on it, it had like no info. then i went back and it was gone

can i log in without useing twicth????

Use the tool that you can find at #📢︱news

?notcf

Who can help launch Detector Tool Deployed? I don't understand English and have now written this through a translator

Can I still play if I only use essential?

Is the maleware infecting every mods, or just these mods listed?

Is the malware operating on Macos ??

Yes you can use essential mod surely

no. see #📢︱news

how do i usethe 2nd check tool?

I’m having issues running any and every mod pack on curseforge for a day or two now

Is it possible to filter minecraft modpack by mod in pack? I want to find good modpack with ProjectE, but idk how to do it

Just wondering if anyone else is having this issue.

i cant even get it to run💀

What’s the current status of the compromised account and mods

Any idea how I can search by ID? Modpack rejected for certain ID's but I don't know which mods they correspond to

Hi i'd like to play with my friends on a modpack i created. How do i upload/share it ? Do i have to post it ?

Not necessarily, especially if you aren't going to update it a lot. Click on your profile that you've created, go to the three dots in the top right, and then export it. Select the folders you need beyond the default 3 (maybe resource packs for example) and then send them the .zip file it makes.

i'm not going to update at all

likely false positive

You can directly send it to them

already done but as they put it in they're folder it doesn't appear on curseforge app

Import button is in create custom profile > top of the screen

perfect thank you very much

Can I add my own mod files to aternos forge? And not be limiter to the aternos mods

When does the malware date back? Also can someone give me the hackmd link or a list of all the malware mods

Hello can anyone tell me how am I supposed to use the tools for linux?

curseforge page for affected mods
https://support.curseforge.com/en/support/solutions/articles/9000228509-june-2023-infected-mods-detection-tool/#What-happened?

Alr thanks

that document moved to github here:
https://github.com/fractureiser-investigation/fractureiser

So xaero minimap and simply voice are safe?

They are not in the infected mods list and curseforge said they scanned their database, so I guess yes they are safe

Hi with global_packs can you not have .zip files in them?

the processor will only accept one ZIP file with all relevant files within it. Please extract internal ZIP files and try to reupload the file.
If you have any questions please contact our support team https://support.curseforge.com.```

My friend keeps disconnecting and flying off the map and eventually keeps getting the "Timed out" message. How do we fix it because otherwise making this damn world was useless

?mc-forge

This is not the Forge Discord server

Dear user, you might be looking for the Forge Discord server or trying to use a command that only works there.
While CurseForge does contain the word Forge, they're not the same.

You may find the Forge Discord server here: https://discord.gg/UvedJ9m

will the anti virus scanner work to see if iv been infected or do i need to use the scanner they made?

use the ones they made as the AVs only detect known malwares!

alr ty

how do i go to search the files that have been found?

what do you mean?

The detection tool says I have the files but I cant see them in that directory even with hidden items turned on

Can I add my own mod files to aternos forge? And not be limiter to the aternos mods

Check out the guide by curseforge and fracturiser investigation team for detailed instructions on how to use the tool, it is pinned in #🆘︱current-issues🆘 and #📢︱news

#🧱︱mc-other-help message

can anybody tell me how am I supposed to use the cf scanner tools on Linux, do I need to compile the tool from source code? I don't know how to!

do i copy and paste the files that have been found into the search bar on the “this pc” section in the folder? i did that but it’s like stuck at the end and won’t finish searching

So, run the scanner tools and my system is clean according to them.
One question: If I choose to keep playing Minecraft from this point onwards, should I do regular rescans until there are furthur updates on the situation, or is that unecessary with a clean system?

Oh no no no, download the tools by curseforge which can be found in the #📢︱news channel and use them to check for the infected files and after effects of them

i did and i have 5 detected files, and it says to go to the file destination and delete them but im not sure where to go to find the destination

well if your system is clean according to the scanner you don't need another rescan as the attacker's servers are down so they cannot do anything, they tried to infect people with the popular Skyrage malware as a last ditch effort but failed.
But basically you don't need to do rescans regularly. Just keep an eye out for updates on the situation until the dust settles

If I am correct it is also giving you the path to each and every one of those 5 files, paste those path one by one and delete the files

Also there are two tools by the way, be sure to use both

do i paste them into the search bar in the “this pc” section of the folder?

open your file explorer and paste the path in the big search bar, yeah "this pc" search bar (sorry I understood it late as I have not used windows in a really long while)

it’s ok ty i’m gonna try to do that rn

Anyone know how to get mod name from ID?

Hello!! Is it safe too play Modded now? 🤔

read the curseforge announcement and fracturiser investigation documentation and decide for yourself!

No that is not an answer

i searched one of them in the "this pc" search and i have hidden files turned on and it says that "no items match your search"

😅

See I would say it is safe to use as per the announcements but I am still somewhat skeptical personally

please follow the guide by curseforge, I do not have memories of windows anymore I am sorry, but I checked the curseforge guide it's really comprehensive, check that

How do i use the second tool?

Install the zip file that is downloaded, extract it, and run the .exe file

The directory was missing for me even with show hidden items enabled. I had to go into view options and disable "Hide protected operating system files" to get the malicious files to appear and delete them. The guide on the site does not cover this and it definitely needs to be added to it.

how do i extract .-.

right click, extract...something

what do i rigjt click?

It does I suppose, check the fracturiser guide, they are more comprehensive

the zip file!

WHAT FILE WHICH ONE

there is just one!

Jar scanner thingy?

yup (just remove this slowmode for god's sake!)

Okay its out what do i do now? open? @potent zodiac

anywhere you'd like, probably on desktop for easy access

HELLPP do i open the file now?

🍿

so the folder that is extracted contains a .exe file, JarInfectionScanner.exe, double click it to execute it

double click the .exe