|
Title: Malicious proces on Ubuntu via crypto wallets: Rpigdnos Post by: samspaces on November 14, 2015, 05:14:36 PM I've managed to clear my digital ocean droplet of this little bastard program that eats up 100% cpu and restarts itself through parent process 1:
I created another older droplet, copied the /sbin/init to the infected droplet, removed the init file, deleted the program Rpigdnos in /bin, overwrote /sbin/init with the clean version and rebooted. Likely wallet is Rublebit. Not sure though. 17-11 Update: not a crypto wallet issue, probably. Title: Re: Malicious proces on Ubuntu via crypto wallets: Rpigdnos Post by: MbccompanyX on November 15, 2015, 09:13:53 PM Which other wallets you have on the machine? and what let you think that rublebit is the source of the malicious process?
Title: Re: Malicious proces on Ubuntu via crypto wallets: Rpigdnos Post by: notabeliever on November 16, 2015, 01:52:42 AM Might be 1337 too. My cpu has been throttling for awhile and trying to isolate the issue. Rubit had too many flagged virus from virustotal so I used an exchange instead. I only install 99% of the wallets that are clean from virustotal.
Title: Re: Malicious proces on Ubuntu via crypto wallets: Rpigdnos Post by: LucyLovesCrypto on November 16, 2015, 02:00:39 AM Might be 1337 too. My cpu has been throttling for awhile and trying to isolate the issue. Rubit had too many flagged virus from virustotal so I used an exchange instead. I only install 99% of the wallets that are clean from virustotal. I don't have the answer but want to say that virustotal can miss things. Use a VM unless you trust the software 100% Title: Re: Malicious proces on Ubuntu via crypto wallets: Rpigdnos Post by: MbccompanyX on November 16, 2015, 06:59:32 AM Might be 1337 too. My cpu has been throttling for awhile and trying to isolate the issue. Rubit had too many flagged virus from virustotal so I used an exchange instead. I only install 99% of the wallets that are clean from virustotal. I don't have the answer but want to say that virustotal can miss things. Use a VM unless you trust the software 100% Or use sandbox with process explorer, sometimes is even better then using a virtual machine (some viruses have part of the code made for stop the execution if launched in a virtual machine) Title: Re: Malicious proces on Ubuntu via crypto wallets: Rpigdnos Post by: samspaces on November 16, 2015, 01:03:22 PM I skipped 1337 so haven't used that one. Rublebit was one of the last wallets I installed. Could also be the 'Blurry' wallet or the 'Digitalcredits' wallet.
Title: Re: Malicious proces on Ubuntu via crypto wallets: Rpigdnos Post by: MbccompanyX on November 16, 2015, 01:15:06 PM I skipped 1337 so haven't used that one. Rublebit was one of the last wallets I installed. Could also be the 'Blurry' wallet or the 'Digitalcredits' wallet. If possible try to make a virtual machine and see if launching those wallets on different VM one of those shows the malicious process Title: Re: Malicious proces on Ubuntu via crypto wallets: Rpigdnos Post by: HeroCat on November 16, 2015, 03:23:45 PM Yes, that's true. In Linux you can never be safe from viruses ;) Only in Windows, you can have protection through anti virus software ;D
Title: Re: Malicious proces on Ubuntu via crypto wallets: Rpigdnos Post by: MbccompanyX on November 16, 2015, 03:30:22 PM Yes, that's true. In Linux you can never be safe from viruses ;) Only in Windows, you can have protection through anti virus software ;D There are antiviruses even on linux but aren't so know like windows antivirus, But even mac os isn't safe from viruses at the end too Title: Re: Malicious proces on Ubuntu via crypto wallets: Rpigdnos Post by: samspaces on November 17, 2015, 12:49:58 AM I skipped 1337 so haven't used that one. Rublebit was one of the last wallets I installed. Could also be the 'Blurry' wallet or the 'Digitalcredits' wallet. If possible try to make a virtual machine and see if launching those wallets on different VM one of those shows the malicious process I have, a few hours ago. None of the suspected wallets triggered the program. Title: Re: Malicious proces on Ubuntu via crypto wallets: Rpigdnos Post by: MbccompanyX on November 17, 2015, 07:09:20 AM I skipped 1337 so haven't used that one. Rublebit was one of the last wallets I installed. Could also be the 'Blurry' wallet or the 'Digitalcredits' wallet. If possible try to make a virtual machine and see if launching those wallets on different VM one of those shows the malicious process I have, a few hours ago. None of the suspected wallets triggered the program. Then close the whole thread and go in the rublebit thread telling sorry for raising such thing against the dev, and anyway next time check better what you download from websites you don't know.... |