Endermanch@000.exe -

Submit Mod Report
Endermanch@000.exe

The Mod List [SFW + NSFW Edition]

Endermanch@000.exe

Malware Warning issued on March 1st, 2026 [More Info & Safety Tips]

  • Affected Creators: NateTheL0ser, PurrSimity, jellyheadDimbulb, o_pedrão (new creator account)
  • Affected Sites: Mod The Sims, LoversLab

WARNING: From NateTheL0ser on Mod The Sims ↓

CRITICAL INFORMATION: If you have not downloaded the mod “updated” today (March 1, 2026, prior to 10:41AM Central Standard Time), you do not need to redownload. If you have, however, you MUST redownload the mod to prevent harm to your game. My account was compromised suddenly and I have no idea how or when exactly it happened.

Affected mods include: Let Toddlers Swear, Misery Traits, Chat Pack, and Coming Out (from Mod The Sims only, creator’s patreon not affected)

The uploads included a new script file containing something called “silkrose_debug” that attempts to download files from a third-party website. (thanks to Kuttoe for that info)

It’s confirmed that Nate does have control of their account again, so the above message is confirmed from them. However, if you downloaded the previous updates from them on MTS (24 hours prior to March 1st at 10:41AM Central Standard Time), delete immediately, run a virus scan on your computer. You may want to change your passwords as well.

There may be more mods/creators affected that we don’t know about yet, so please be extremely cautious when downloading updates (don’t install CC that mysteriously includes a script file, check creators social media for announcements, wait for me to post them, etc). Make sure to keep ModGuard installed for added protection.

*Mod list updates from Mod the Sims will be on hold until further notice*

Update at 12:14pm (Pacific Time) → More compromised accounts were found including PurrSimity & jellyheadDimbulb
March 2nd, 2026 Update – MTS owner Tashiketh posted this in response to the incidents. Mod list updates from MTS will still be on hold for now.

March 2nd, 2026 Update #2 – Another malware upload found on LoversLab by o_pedrão (a new creator account): The Virginity System. Please follow the same advice as before! See Sims After Dark posts for more detailed information!

Warning: Some custom careers (not all) are causing LEs when using interactions that bring up the sim picker. If you’re experiencing this issue with any of your careers (after school activities included), please submit a broken mod report! More info for creators (thanks OneMoreKayaker)

Feb 16th update: Core Library (by Lot 51) was updated to include a hotfix for this issue. So, you can install Core Library alongside your custom careers to continue using them for now. It’s still recommended that creators update their careers for these changes to avoid potential issues.

  • These mods will still be listed as Broken (or N/A if the creator decides to rely on the hotfix) until their included career tunings are changed to 32 bit instances (or EA reverts/fixes the change).
  • After updating these careers, you’ll have to have your Sim rejoin and cheat their promotion by using MCCC or UI Cheats.

Endermanch@000.exe -

Uses TASKKILL.EXE to terminate security or system processes.

: The malware is known to forcibly change the desktop background image as part of its payload. System Sabotage : Endermanch@000.exe

: Since this malware targets system files and startup configurations, having a clean system image is the fastest way to recover. Uses TASKKILL

: It modifies the Windows Registry to change the login/logoff helper path and creates files in the Startup directory to ensure it runs every time the computer boots. : It modifies the Windows Registry to change

is a malicious executable, often categorized within malware collections as a "troll" or "destructive" virus, similar in spirit to the MEMZ trojan. It is a .NET-based file that performs several invasive system modifications designed to disrupt user experience and compromise system integrity. 🛠️ Technical Behavior

: Frequently identified under PID 2900 or 1876 in sandboxed environments.

: Modern EDR tools can flag the suspicious use of WMIC.EXE and TASKKILL.EXE that this malware relies on.