|
Title: User PC0316 Spreading Virus Software? Post by: FruitsBasket on March 19, 2016, 05:42:35 PM Story: I asked to join a captcha typing thing, and I said yes. This user: https://bitcointalk.org/index.php?action=profile;u=794409 sends me a PM with malicious software...
I received this pm: !!! WARNING: This user is a newbie. If you are expecting a message from a more veteran member, then this is an imposter !!! Then I download the software: Hello there, What country are you located in? Here is a google document about the work. https://drive.google.com/open?id=0B9aH_qGeXCLtYkEwT2FjLWpOaTg The download link for the app is here: https://drive.google.com/open?id=0B9aH_qGeXCLtZ3BzaUc1Q0tHbVk Our email is peerchecker@gmail.com We have created login details for you (which you use after you download and start the app). Login: ********** Password: ********* We need a Bitcoin address from you too please so you can get paid. Thanks, PC. https://i.imgur.com/NbxdTfS.png Title: Re: User PC0316 Spreading Virus Software? Post by: whywefight on March 19, 2016, 05:45:32 PM according to virustotal, yes: https://www.virustotal.com/de/file/7c14952c3eab3f46262da33b53633b0fa3cd248e14eb01cdb4005995fec8562d/analysis/
My local Kaspersky didnt find anything, hm... Title: Re: User PC0316 Spreading Virus Software? Post by: FruitsBasket on March 19, 2016, 05:47:36 PM according to virustotal, yes: https://www.virustotal.com/de/file/7c14952c3eab3f46262da33b53633b0fa3cd248e14eb01cdb4005995fec8562d/analysis/ Okay, how am I going to see if I have that virus on my pc?I ran this software a week ago, but removed it. Now I wanted to re install it and it gives many virus alerts. Can u tell me how I can see if I am infected? Title: Re: User PC0316 Spreading Virus Software? Post by: whywefight on March 19, 2016, 05:49:15 PM I guess this (http://www.trojaner-board.de/161525-win7-64bit-spyware-zbot-ed-bzw-heur-qvm03-0-malware-gen-gefunden-malwarebytes-bzw-360-internet-security.html) is no help as its in german. Run Malwarebytes and see what it says
Title: Re: User PC0316 Spreading Virus Software? Post by: --Encrypted-- on March 19, 2016, 05:53:17 PM google drive scans files for virus when they're uploaded...
EDIT: scanned with avast premier and the result is clean. Looks like it's got HEUR/QVM03.0.Malware.Gen, whatever that means. yup. https://www.virustotal.com/en/file/7c14952c3eab3f46262da33b53633b0fa3cd248e14eb01cdb4005995fec8562d/analysis/1458410565/ oh wait. whywefight posted this. silly me. Title: Re: User PC0316 Spreading Virus Software? Post by: suchmoon on March 19, 2016, 05:56:38 PM Looks like it's got HEUR/QVM03.0.Malware.Gen, whatever that means.
At some point PC0316 seems to have posted the link in the thread (quoted by another user below) but now the post is gone. I have uploaded it to Google Drive. ok, i interested and I have already sent a private message to you, if the work is good and has a decent income, I will forward it, and how you think about a daily income of solving captchas it?https://drive.google.com/open?id=0B9aH_qGeXCLtZ3BzaUc1Q0tHbVk Email me or private message me if you are interested. My email is in the Instruction manual which is also on Google Drive, here: https://drive.google.com/open?id=0B9aH_qGeXCLtYkEwT2FjLWpOaTg Title: Re: User PC0316 Spreading Virus Software? Post by: FruitsBasket on March 19, 2016, 05:56:42 PM google drive scans files for virus when they're uploaded... But when I try to download it blocks the software automatically by my browser.So I don't know if it's a browser is giving false information. Title: Re: User PC0316 Spreading Virus Software? Post by: Fortify on March 19, 2016, 06:03:50 PM You really should strip out the link if you think it is hosting a virus or malware, a few innocent people might click through without thinking. Nobody should download from links they don't know, even to do a virus scan on it.
Title: Re: User PC0316 Spreading Virus Software? Post by: suchmoon on March 19, 2016, 06:07:14 PM A virgin VM with up-to-date Windows Defender also found something:
https://meem.link/i/a/GBevU.jpg Edited 2020-11-28 to fix a broken image Nasty enough for me, I'm not gonna dig deeper. Title: Re: User PC0316 Spreading Virus Software? Post by: FruitsBasket on March 19, 2016, 06:08:06 PM You really should strip out the link if you think it is hosting a virus or malware, a few innocent people might click through without thinking. Nobody should download from links they don't know, even to do a virus scan on it. I did a virus scan at first and then it was fine, but a week later I get many virus alerts. I looked in my regedit and looked up the possible infected things, which i found online but it did not find anything, so I hope I am safe.Title: Re: User PC0316 Spreading Virus Software? Post by: Xandrah on March 19, 2016, 09:19:51 PM Started this up on a brand new vm, same result. Stay away from it.
Title: Re: User PC0316 Spreading Virus Software? Post by: FruitsBasket on March 20, 2016, 08:45:19 AM Started this up on a brand new vm, same result. Stay away from it. My Windows Defender also found that file and placed and quarantine.Then I did a scan and it isn't finished yet, hope that it is clean. Title: Re: User PC0316 Spreading Virus Software? Post by: knowhow on March 20, 2016, 02:31:03 PM Started this up on a brand new vm, same result. Stay away from it. My Windows Defender also found that file and placed and quarantine.Then I did a scan and it isn't finished yet, hope that it is clean. The last times i tryed to dowload the avira runned on it and the program werent working,saying missing some files,i didnt hade any kind of virus message but in the end i dont like to use sofwtare that is unknow for the most,i will scan it again and if the program stills i will use it. Title: Re: User PC0316 Spreading Virus Software? Post by: Freddynic159 on March 20, 2016, 02:38:20 PM the program takes control over the browser Internet Explorer to verify that the captchas have been completed correctly and sometimes to clear history and cache of the browser. does it have something to do with the detection of virus?
Title: Re: User PC0316 Spreading Virus Software? Post by: FriendlyChemist on March 20, 2016, 05:11:38 PM the program takes control over the browser Internet Explorer to verify that the captchas have been completed correctly and sometimes to clear history and cache of the browser. does it have something to do with the detection of virus? Which program you are talking about? I also opened a program today from services section and my browser automatically stops and all data cache are cleared up?? Which program you are talking about? Title: Re: User PC0316 Spreading Virus Software? Post by: Freddynic159 on March 20, 2016, 05:20:54 PM the program takes control over the browser Internet Explorer to verify that the captchas have been completed correctly and sometimes to clear history and cache of the browser. does it have something to do with the detection of virus? Which program you are talking about? I also opened a program today from services section and my browser automatically stops and all data cache are cleared up?? Which program you are talking about? PeerChecker.exe I think that it is only a false positive by what I mentioned them before. Title: Re: User PC0316 Spreading Virus Software? Post by: knowhow on March 21, 2016, 08:23:53 PM The first three times i tryed it were giving me error,saying there were files missing,then later i had installed it without any virus hidden now i think and almost sure i got the virus ,i dont use explorer at all soo what kind of hiden virus it is anyone knows?
Title: Re: User PC0316 Spreading Virus Software? Post by: ashkanb on March 22, 2016, 09:54:25 AM the program takes control over the browser Internet Explorer to verify that the captchas have been completed correctly and sometimes to clear history and cache of the browser. does it have something to do with the detection of virus? i've had the same question; never brought it up to PC thought! i'm using a spare laptop, running security essentials and spybot, and no personal info so i dont care much! (no other windows machines on my network either to worry about.) after every session i'd leave the laptop on and scan with both softwares so far nothing other than regular payments ??? Title: Re: User PC0316 Spreading Virus Software? Post by: Sigals on March 23, 2016, 09:12:56 AM the program takes control over the browser Internet Explorer to verify that the captchas have been completed correctly and sometimes to clear history and cache of the browser. does it have something to do with the detection of virus? If that is true and it uses hooks in windows then that would most likely flag it as a virus even though potentially it could be non-malicious. Title: Re: User PC0316 Spreading Virus Software? Post by: Text on April 28, 2016, 02:30:06 AM I think it's just a false alarm, after several days of working still my laptop works fine. I think the browser is wrong because last night I downloaded other application and it showed failed and virus detected later on when I tried to download it again then it was successful.
Title: Re: User PC0316 Spreading Virus Software? Post by: alfaboy23 on April 28, 2016, 04:00:36 AM the program takes control over the browser Internet Explorer to verify that the captchas have been completed correctly and sometimes to clear history and cache of the browser. does it have something to do with the detection of virus? If that is true and it uses hooks in windows then that would most likely flag it as a virus even though potentially it could be non-malicious. But we can't be sure until we decompile the program. There are true malwares today that can't be dected like what I've just encountered last month, it changes the wallet address in clipboard. Just to be safe, run it on a virtual environment or install a Deep Freeze. |
