Bitcoin Forum

Economy => Scam Accusations => Topic started by: a7mos on January 12, 2016, 07:36:46 PM



Title: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: a7mos on January 12, 2016, 07:36:46 PM
Hi

So, i was trying to download the candle coin wallet (https://mega.nz/#!3wlWWSyZ!pa4iXLYtDc4g_6t0c23_y7S2gBQaSwt1PRwVokFySMA) from its official thread (https://bitcointalk.org/index.php?topic=1259902.0) a

and as soon as i unrar the file the anti virus (eset smart security) deleted it because it is a trojan

and when i posted on his thread asking what is wrong with the wallet, he deleted my post as the thread is self moderated

here is the pm i got because my post asking him what is wrong was deleted. some other guy posted that the virustool link on the thread is not for the wallet exe, it is another complete thing but the dev Dave4You  (https://bitcointalk.org/index.php?action=profile;u=536886)also deleted that comment and i could not find it on google caches


Quote from: Bitcoin Forum
A reply of yours, quoted below, was deleted by the starter of a self-moderated topic. There are no rules of self-moderation, so this deletion cannot be appealed. Do not continue posting in this topic if the topic-starter has requested that you leave.

You can create a new topic if you are unsatisfied with this one. If the topic-starter is scamming, post about it in Scam Accusations.

Quote
I can not run the wallet because of the anti virus. is it clean or what is this message ?
https://i.imgur.com/qLFTVhY.jpg


so if you downloaded his wallet, you better scan your computer very well before you got hacked

and if your wallet is clean Mr dev Dave4You  (https://bitcointalk.org/index.php?action=profile;u=536886) SO WHY DID YOU DELETED THE POSTS WITHOUT ANY REPLY OR CLARIFICATION ! ??


Edit: I found out that i am not the first one who warning against this wallet
check these threads :
 https://bitcointalk.org/index.php?topic=1257893.0
https://bitcointalk.org/index.php?topic=1296561.0


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: EcuaMobi on January 12, 2016, 07:59:46 PM
OP are you sure you downloaded from here?
Quote
https://mega.nz/#!3wlWWSyZ!pa4iXLYtDc4g_6t0c23_y7S2gBQaSwt1PRwVokFySMA
which is the link shown on that thread at the moment and archived here: https://archive.is/HZpoI

or was it from here:
Quote
https://mega.nz/#!e0t3gZoT!G7E9l7D1PNWKnqpem7MY58uOseKAz5WX9Zipsfn2voU
which was published a few hours ago, archived here: https://archive.is/BPKDA

Can you re-download from the first link and re-run your antivirus? The second link is no longer available on mega.nz and I find extremely strange that in December the first one was published again. Archive: https://archive.is/VbszE
It does seem that link is being switch often as already mentioned here: https://bitcointalk.org/index.php?topic=1257893.msg13044241#msg13044241

This is very strange and suspicious.


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: a7mos on January 12, 2016, 08:04:09 PM
OP are you sure you downloaded from here?
Quote
https://mega.nz/#!3wlWWSyZ!pa4iXLYtDc4g_6t0c23_y7S2gBQaSwt1PRwVokFySMA
which is the links shown on that thread at the moment and archived here: https://archive.is/HZpoI

or was it from here:
Quote
https://mega.nz/#!e0t3gZoT!G7E9l7D1PNWKnqpem7MY58uOseKAz5WX9Zipsfn2voU
which was published a few hours ago, archived here: https://archive.is/BPKDA

Can you re-download from the first link and re-run your antivirus? The second link is no longer available on mega.nz and I find extremely strange that in December the first one was published again. Archive: https://archive.is/VbszE
It does seem that link is being switch often as already mentioned here: https://bitcointalk.org/index.php?topic=1257893.msg13044241#msg13044241

This is very strange and suspicious.

I do not Know which link i downloaded from. it was from mega and i downloaded yesterday as i remember. the one i mentioned in the thread i just copied it from the thread minutes later, so he may changed it after deleting my post

i will download the first link now and scan it to see what will be the result


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: Dave4You on January 12, 2016, 08:05:10 PM
Check the wallet by yourself on virustotal, this would help you a lot ...
1,5 + Month after release  and 15464 Clicks and 21 Pages of replys on main thread and 22570 Clicks and 39 pages of replys on giveaway thread
https://bitcointalk.org/index.php?topic=1259902.0
https://bitcointalk.org/index.php?topic=1256604.0
Here is all info with all users that used wallet or exchange wallet for candle.
Code:
nikl,kondiomir,nikkers,I_Like_Dogs,trader19,MineDumpNextOne,ukon,reatsch
Sir_Astral,Rubberduckie,Mr.Bubels,Depredation,kevinjulio,oxiyusuf,paolo77
klenin,WhiteManWhite,muchoman,badykvik,bitpotter,operabit,rendravolt
bitsurfer2014,xhoneyael,finder,freemind1,affandi,artur11110000,connexus,MALCOM X X X
Arie22,qwed,badam,lobat999,jerrysunny,bontyw1276,hopped,altseeker,Archastar,tomvalois
mruk,culuuton,petermike,itsmeram,rockyram,dang thi bich thuy,efelts01,USER211,
hoian0809,mapolevault,RJX,liuka,Mallampue,tottong,lootz,Angora,m4xp0w3r7,ntsdm,olegaolega
1btcdream,cryptocrypt,bluedeep,usorin,Nik4691,LadangGalau,kawa900jc,badykvik,superman1314
CryptoStake,b-trading,RhodaGila,NoobKidOnTheBlock,mikhael,lanbo,honglien,ltcrstrbrt
wildduck,theboccet,begau,yampi,Shkembe,TorinT,getwork
rorona_zoro,ButtCrack,Trololoh,doriangray,davids,Enema,Banjiro,Palakka,Mallampue,
tottong,g3rszpi,issho,issho,voteformeg,Maloppo,hashmaster1,Furious 7
grandFX,catotune,MadCow,solstice,saladin7000,shadows123,ShowOff,Hirose UK,d-trix,
davincicode666,skeet,Real14Hero,Unread,m4xp0w3r7,caex,herzogzwei
Keyboard PC,infusonline,Farma,kliown,vhong,EBK1000,FaucetRank.com,Little_Sister
KosmoKisa,Republikcoin.com,Krista,WhiteShum,butragenjo,moppang
mhd japar siregar,MonsterV,hawkins,dwminer1,boomboom
mhd japar siregar,hawkins,dwminer1,boomboom,kjadB,torrantz,Trial,lootz,WhiteShum
traderbit,diodio5,itsmeram
steveds,iphonecoins,kevinjulio,kevinjulio,reefsea,Maloppo,Krista,
WhiteShum,WhiteManWhite,infusonline,moppang,Compa,Trial,extrabyte,
Mallampue,tottong,pol5,n691309,Palakka,smith coins,Republikcoin.com
Banjiro,ie007cheung,pusaka,Tauja,mhd japar siregar,prodigy8
Keyboard PC,ShowOff,cokkapaga,mrcashking,ivanst776,traderbit
Hirose UK,mammusu,Unread,PapillonV,Colombina
Furious 7,Monnt,MTBTT,Graphics,lootz,connexus,chichidori,altseeker,ntsdm
1btcdream,mikhael,hoie6060,olegaolega,WhiteShum,junder,stepmike,TurboMen
lanbo,doriangray,Decoded,justspare,reefsea,kevinjulio,pickupcoin
MadeinCoin,infusonline,smith coins,pol5,n691309,prodigy8,steveds
moppang,extrabyte,Banjiro,Trial,Mento,pusaka,WhiteManWhite
Republikcoin.com,Tauja,Paidi,Decoded,Krista,Bayuu,mhd japar siregar
cancerbola,Compa,MyBTT,gampher,grandFX,ie007cheung,mammusu
SmartIphone,iphonecoins,ivanst776,Mallampue,traderbit,
PapillonV
Palakka,skeet,Colombina,Keyboard PC,mrcashking,hoie6060
extrabyte,ShowOff,Hirose UK,Monnt,Graphics,MTBTT,WhiteShum
Furious 7,Unread,bitfranky,solstice,vhong,altseeker,Temo58
waterpile,connexus,lanbo,pol5,prodigy8,n691309,smith coins
robstak,danel,BTT,TurboMen,daddybios,ivanst776,WhiteManWhite
Mallampue,SmartIphone,Mento,smigel,Tauja,mammusu,iphonecoins
Compa,reefsea,Bayuu,MyBTT,lanbo,kevinjulio,mrcashking,financetalks
moppang,artur11110000,mhd japar siregar,infusonline,
Republikcoin.com,MadeinCoin,Banjiro,smith coins,prodigy8
pol5,Trial,testcoin,stepmike,hoie6060,n691309,Hirose UK
axxo,justspare,lanbo,bitfranky,solstice,Bought,Funny
skeet,vhong,connexus,steveds,melisande,SmartIphone
ivanst776,ShowOff,Banjiro,cokkapaga,Keyboard PC,Winalunt
Amadues,salek11,Furious 7,Unread,SPQRCoin,traderbit
lootz,Krista,ntsdm,superman1314,asa.convex,gampher
WhiteShum,artur11110000
n691309,smith coins,pol5,SmartIphone,mammusu,kevinjulio
financetalks,stepmike,Mento,tukinen,WhiteManWhite,reefsea
iphonecoins,prodigy8,ie007cheung,mhd japar siregar,Hirose UK
Colombina,MISHA165,Republikcoin.com,Trial,KosmoKisa,hoie6060
Tauja,daddybios,Mallampue,testcoin,ivanst776,infusonline
smigel,TurboMen,MadeinCoin,moppang,nekochan05,Decoded,traderbit
0n0t0le
WhiteShum,zubelutte,SPQRCoin,Unread,Krista,Funny
pol5,ShowOff,waterpile,stepmike,lootz,Holdaaja
olegaolegta,Furious 7,Keyboard PC
WhiteManWhite,moppang,lxxtikk,financetalks,Mento
kevinjulio,reefsea,hoie6060,Colombina,ie007cheung,axxo
TurboMen,testcoin,WhiteShum,Trial,iphonecoins,MISHA165
KosmoKisa,francism,Hirose UK,MadeinCoin,infusonline
stepmike,Krista,SPQRCoin,waterpile,Holdaaja,robstak
pol5,lanbo,tukinen,1btcdream,danel,mhd japar siregar
Keyboard PC,lxxtikk,lxxtikk,altseeker,WhiteShum,daddybios
Mento,financetalks,moppang,stepmike,smigel,ie007cheung
WhiteManWhite,Trial,reefsea,Colombina,kevinjulio
hoie6060,Tauja,iphonecoins,pol5,Unread,Holdaaja,testcoin        
MadeinCoin,Banjiro,Krista,smith coins,prodigy8,cokkapaga
infusonline,robstak,SPQRCoin,francism,lxxtikk,shadows123
mammusu,daddybios,kingaltcoins,saladin7000,MISHA165,a7mos
mikhael,bitfranky,WhiteShum,artur11110000,WhiteManWhite    
kevinjulio,TurboMen,tukinen,daddybios,smigel,financetalks
stepmike,waterpile,ie007cheung,Trial,Keyboard PC,Mento
KosmoKisa,Colombina,infusonline,moppang,solstice,1btcdream
fritzi,vhong,mhd japar siregar,SmartIphone
WhiteShum,waterpile,Holdaaja,kingaltcoins,hoie6060,onlinepro
Krista,testcoin,SPQRCoin,iphonecoins,d-trix,pol5,MISHA165,stepmike
ShowOff,WhiteManWhite,smigel,Amadues,financetalks,Colombina,SmartIphone

MD5: e81ba50c0444962db5f1eb59b3769c2f
SHA1: f0a397a2bd087b9e4543b19bef551fbdeeac5d64
SHA256: 543e3874be615567bb08b509685b4d527175de09501c6d6de329b34e9c4daeb4
https://mega.nz/#!3wlWWSyZ!pa4iXLYtDc4g_6t0c23_y7S2gBQaSwt1PRwVokFySMA
https://github.com/candlecoin/candlecoin

You can be sure that there is no malware inside ....  
Thank you.


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: EcuaMobi on January 12, 2016, 08:07:15 PM
Dave4You please explain why the link was changed from ...wVokFySMA to ...WX9Zipsfn2voU and then back to ...wVokFySMA and why ...WX9Zipsfn2voU is no longer available.
Re-read my previous post for more information.

Your virus scans just cover ...wVokFySMA, not ...WX9Zipsfn2voU.


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: a7mos on January 12, 2016, 08:16:32 PM
I downloaded from the link with FySMA at the end of the url (https://mega.nz/#!3wlWWSyZ!pa4iXLYtDc4g_6t0c23_y7S2gBQaSwt1PRwVokFySMA) now on vps and I unrarthe file and tested it on virustool and here is the result : https://www.virustotal.com/en/file/543e3874be615567bb08b509685b4d527175de09501c6d6de329b34e9c4daeb4/analysis/

Quote
SHA256:   543e3874be615567bb08b509685b4d527175de09501c6d6de329b34e9c4daeb4
File name:   Candle-qt.exe
Detection ratio:   1 / 54
Analysis date:   2016-01-12 13:14:57 UTC ( 7 hours ago )

so even virus total said it is not completely clean !

Edit: I remembered something, the link i downloaded was bigger than 10 megabytes as i best as i remember. the current one is 8 megabytes

so maybe there is two files as zazarb (https://bitcointalk.org/index.php?topic=1325261.msg13531195#msg13531195) said


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: zazarb on January 12, 2016, 08:30:24 PM
about that I write month ago: https://bitcointalk.org/index.php?topic=1296561.0


there is Two different version- healthy and infected with trojan.


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: Dave4You on January 13, 2016, 12:13:01 AM
Link is not changed!
Only can be that account was violated and the hacker changed the wallets.But password not changed ???
I will deep scan pc now.


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: EcuaMobi on January 13, 2016, 12:55:41 AM
Link is not changed!
Only can be that account was violated and the hacker changed the wallets.But password not changed ???
I will deep scan pc now.
The fact you just lie proves everything. Thanks for making it easy.


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: james.lent on January 13, 2016, 01:10:25 AM
Link is not changed!
Only can be that account was violated and the hacker changed the wallets.But password not changed ???
I will deep scan pc now.

Dude you have had a history of changing the files in the download link. Dont blame the hacker now, because you're the one doing it.


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: eddie13 on January 13, 2016, 01:16:26 AM
The thread is locked now and it appears that EcuaMobi is the new candlecoin DEV

https://bitcointalk.org/index.php?topic=1256604.msg13533306#msg13533306

Edie: Now this one too... https://bitcointalk.org/index.php?topic=1259902.msg13533312#msg13533312


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: james.lent on January 13, 2016, 01:21:15 AM
The thread is locked now and it appears that EcuaMobi is the new candlecoin DEV

https://bitcointalk.org/index.php?topic=1256604.msg13533306#msg13533306

Edie: Now this one too... https://bitcointalk.org/index.php?topic=1259902.msg13533312#msg13533312

the scammer is now butt hurt lol


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: nikkers on January 13, 2016, 01:39:43 AM
https://bitcointalk.org/index.php?topic=1257893.0

Me and some others called this noob out a long time ago, and warned others but he just kept deleting posts in his main thread.

Glad the douche has finally been caught again, i just wonder how many folks he infected :(


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: digit on January 13, 2016, 03:16:16 AM
@a7mos heres what i posted that was deleted, the guy also changed the link after he deleted.  
cache/snapshot of OP can be seen here https://archive.is/VbszE (20 Dec 2015 14:02:59 UTC), https://archive.is/BPKDA (12 Jan 2016 13:15:12 UTC), https://archive.is/HZpoI (12 Jan 2016 19:48:13 UTC)


Quote from: Bitcoin Forum
A reply of yours, quoted below, was deleted by the starter of a self-moderated topic. There are no rules of self-moderation, so this deletion cannot be appealed. Do not continue posting in this topic if the topic-starter has requested that you leave.

You can create a new topic if you are unsatisfied with this one. If the topic-starter is scamming, post about it in Scam Accusations.

Quote
I can not run the wallet because of the anti virus. is it clean or what is this message ?
https://i.imgur.com/qLFTVhY.jpg

confirmed
rar file - https://www.virustotal.com/en/file/433cff9ddd3038e7c7ac5b9245ce3cd0b739314078caf536be5353752e293ac2/analysis/1452604948/
extracted candleqt.exe - https://www.virustotal.com/en/file/b6b6072bda8202eb22aa5c8ace04f4b8a16516dfd3d192e4cb86ececc367732f/analysis/

VT results link in OP is for completely different file then what is downloaded from windowsqt link provided by dev  >:(

might be a false positive but then there is this it reports its internal/original name as "audioadg.exe" a windows7 system file
https://i.imgur.com/TsNSLsw.png


note its also not the first time this dev has been accused of hiding a trojan in his wallet links, and really concerning how distributed this wallet is from the signature campaign he is running

Candle have new dev from today!For all info and for giveaway please contact new dev.Thank you!
Contact dev  

i got a post deletion notice, checked the thread/OP and he had also edited again the links to windows qt download, i was allowing him some time give an explanation before i was going make a new post about it, but instead he has posted this and locked the thread.  


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: The Sceptical Chymist on January 13, 2016, 04:07:35 AM
Good, I like seeing scammers getting the smackdown.

I don't know much about candlecoin other than it's avatar campaign.  Is this scammer one of the developers?  I'm a non-techie so I'm sure I would have just downloaded the trojan and lost everything.  Good job, guys.


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: mexxer-2 on January 13, 2016, 05:52:55 AM
Now that it seems highly likely that the wallet contained trojan, what about group of people who are still advertising the coin?


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: MbccompanyX on January 13, 2016, 07:30:23 AM
Now that it seems highly likely that the wallet contained trojan, what about group of people who are still advertising the coin?

Good question, they maybe didn't even noticed that people found out that the wallet link get swapped time by time or maybe at the end (and i hope that) they used Yobit/Steps Candlecoin wallet (Which, being built from the source makes them clean) but still let's remember that all this debate started almost 3 months ago and there were 3 threads talking about this (Including this one). Even i'm curious to see if all the people advertising the coin will believe the lie of the dev, stop promoting the coin or wait for some serious person to take over (which i don't think will be possible because of the coin reputation)...

P.s. i just noticed that he is now abusing of the trust system by sending different red trust (so the one to EcuaMobi isn't the only one) and he even red trusted the OP like if he did a trade with he (Which never existed), i decided to put a red trust as well because what he did is seriously stupid


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: SmartIphone on January 13, 2016, 08:21:58 AM
Now that it seems highly likely that the wallet contained trojan, what about group of people who are still advertising the coin?

People who are/were advertising are the participants from the avatar campaign including me, i got a PM from EcuaMobi thanks to him I removed the avatar.


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: kingaltcoins on January 13, 2016, 01:10:54 PM
Thank god I used YoBit's CD coin address for joining avatar campaign. I got little suspicious when he was not paying for the last 2-3 days. I was going to create a scam accusation against him but he paid me before that.

Woof! Thanks op for this awareness. Luckily I dumped this shitty coin yesterday and got my equivalent BTC. ;) At least I don't have to hold a bag of shit coins now.

N.B I'm also quite suspicious about SwagBucks and AvatarCoin too. ???


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: MbccompanyX on January 13, 2016, 02:25:10 PM
Thank god I used YoBit's CD coin address for joining avatar campaign. I got little suspicious when he was not paying for the last 2-3 days. I was going to create a scam accusation against him but he paid me before that.

Woof! Thanks op for this awareness. Luckily I dumped this shitty coin yesterday and got my equivalent BTC. ;) At least I don't have to hold a bag of shit coins now.

N.B I'm also quite suspicious about SwagBucks and AvatarCoin too. ???

for what a user friend of mine told seems that some free distribution coin are in some kind of network made by scammers... i'm not sure if even those two coins you cited are involved but who knows....


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: The Sceptical Chymist on January 14, 2016, 01:49:26 AM
Ok so am I understanding this correctly?  The only wallet used to hold this shitcoin is a trojan and thus this was a scam from the start?  As I said, I'm a bit non-tech oriented, but this sounds kind of scary.


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: james.lent on January 14, 2016, 04:23:46 AM
Ok so am I understanding this correctly?  The only wallet used to hold this shitcoin is a trojan and thus this was a scam from the start?  As I said, I'm a bit non-tech oriented, but this sounds kind of scary.

Yeah you're absolutely right. In the future, always run a scan before running it


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: Hippie Tech on January 14, 2016, 05:21:23 AM
Fyi..

How to detect RAT (remote admin tool) --> https://youtu.be/btn9nWE3X7o

Please check your "program files(x86) and the youruser/appdata/local/TEMP folders ! The ASN client is a remote desktop hack !

https://bitcointalk.org/index.php?topic=984878.msg10951987#msg10951987

http://img.techpowerup.org/150401/ASNtrojan2024.jpg



Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: traderbit on January 14, 2016, 07:24:25 AM
Hopefully when i was part of that campaign i used c-cex exchange address, so i didn't risked to get infected, so i do with the currect avatar campaign by using an exchange address, better staying safe.


Title: Re: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker
Post by: a7mos on January 14, 2016, 01:13:20 PM
Hopefully when i was part of that campaign i used c-cex exchange address, so i didn't risked to get infected, so i do with the currect avatar campaign by using an exchange address, better staying safe.

I did the same thing, i joined the campagin with c-cex address and that is why i did not discover that defected wallet before downloading it when i wanted to try skating.
i will never trust any free coin again except if it has an exchange and i can use that address