Fiverr Community Forum

Virus appeared in one of buyer's request files

Nice! I’ve never had a message like that but I don’t open files at all on fiverr, unless it’s part of what I purchased from a seller.

1 Like

Well, it’s nice to know Fiverr is trying hard to keep this place as safe as possible.

I decided to check the BR page and this is what showed up… Let me say the request is for translation/proofreading and the requestor, who acts solely as a buyer, joined Fiverr in 2015. :grimacing:

1 Like

I don’t get the mentality of people who try to do this.

2 Likes

I downloaded the file and am currently analyzing it. Looks like it’s obfuscated though.
Edit: Probably a RAT (remote access trojan). I have not found any network traffic from the VM after running the .js file, so the trojan is probably embedded inside it, instead of being a downloader. When running, it writes something to the registry, then opens powershell. I have no idea what the powershell script does, but it uses a lot of CPU and disk. It also opens multiple powershell processes.The js file runs at startup. I don’t think it’s ransomware.

Maybe it’s Lee who wants to use everyone’s computer.

you can mail them:
support@fiverr.com

Seems like browser blocked it :thinking:

This is why I love VirusTotal. You can check the behaviour (check the link) very easly :slight_smile:

1 Like

When I tested it Windows Defender detected and quarantined it. I had to disable it

Are you sure about Hitman PRO being safe? I downloaded the installation file and ran a scan of the installation file on Virus Total. Virus Total found a virus in the installation file.

If there’s a virus in the file, then don’t open the file!

Please contact the fiverr support team for this issue.

It is not Fiverr’s responsibility to do anti-virus screening. I know what you mean tho… but if you worry, you should do a virus screen on your end. I am guilty of not doing virus scans of all the files I have received so far… I didn’t think of that.

Some browsers/anti-virus do screen when you finish downloading.

Did you downloaded Hitmanpro from their site trial version or after you paid?
The virus that you are getting is usually attached in HitmanPro cracked version.

You can buy cheap full licenced anti-malware programs scrapped from old motherboards by computer fixers/resellers if you can’t afford full price of new program.

1 Like

I downloaded the trial version of HitmanPro from the software vendor’s (Sophos) website

One more reason why I stay away from BRs.

You never know what you are getting yourself into.

.js file can not run on computer directly unless you have nodejs or deno installed on your computer. Atleast what I know.