|
Title: *TEKCOIN WALLET IS A VIRUS (On offical topic)* Post by: addarmstrong on November 04, 2017, 02:48:23 PM Hi,
Made an account just to let the mod know that the 'wallet' on the official TEKcoin topic is a virus and has just messed up my clean install of win7 (was too lazy to plug a drive in to get my old wallet exe). Could someone please investigate this as i dont want other people running it and im not acutally sure what it is doing but it deffo isnt legit as it overwrites explorer.exe and dwm.exe with its own version (stupidly using the tekcoin icon for the file...) and it also cause windows to become not genuine. Stupidly i wasnt running an antivirus at the time but noticed it was really raping one of my drives trying to read from it to the point it was crashing windows explorer, at that point i shut down and booted into another install to delete the stuff it created and restore my other install. Just wanted to make the forum aware, i cant do anymore. Thanks Adam Title: Re: *TEKCOIN WALLET IS A VIRUS (On offical topic)* Post by: TheHiman on November 19, 2017, 10:16:08 PM I can confirm this.
The links on mega from the thread are replaced and contains a rarfile with an exe dated to 11 April 2017. (Which is to young and no longer the original old 2016er wallet!) The .exe installs an file "explorer.exe" in C:\Program Files (x86)\WindowsClient\explorer.exe - which is a fake. To activate them, it created an autostart entry in the registry that points directly after boot to this file. When try to kill the process, the process is spawned many times and restarting in endless loop. At this point a immidiate power-cut from the machine is best what you can make at this moment. For me it looks like an replacement for the regulary explorer - which contains keylogger and all the usual things we know. I had the chance to remove all instances fast enough, before the usual "download actions" begans. Antivirus has not detected any activity - only the long starting time and nearly doing "nothing" for about 30 Seconds makes me fast checking all running processes and shutdown the machine asap. By the way: On the old website the other download-link is dead to mega, further more, most google searches to the forum opening post - so this thread needs immidiatly disabled or edited by an admin. Title: Re: *TEKCOIN WALLET IS A VIRUS (On offical topic)* Post by: GeePeeU on November 19, 2017, 10:19:17 PM Gotta be more careful. Sorry you fell victim.
Title: Re: *TEKCOIN WALLET IS A VIRUS (On offical topic)* Post by: 420mineit on December 13, 2017, 01:08:24 AM http://
Hi, Made an account just to let the mod know that the 'wallet' on the official TEKcoin topic is a virus and has just messed up my clean install of win7 (was too lazy to plug a drive in to get my old wallet exe). Could someone please investigate this as i dont want other people running it and im not acutally sure what it is doing but it deffo isnt legit as it overwrites explorer.exe and dwm.exe with its own version (stupidly using the tekcoin icon for the file...) and it also cause windows to become not genuine. Stupidly i wasnt running an antivirus at the time but noticed it was really raping one of my drives trying to read from it to the point it was crashing windows explorer, at that point i shut down and booted into another install to delete the stuff it created and restore my other install. Just wanted to make the forum aware, i cant do anymore. Thanks Adam God damn it why is this TEKCoin virus thread still not deleted? I just downloaded it because it had high profits on coinwarz and now I just lost all coins across multiple wallets. Fuck I am pissed. Mods DO SOMETHING. My mistake for trusting bitcointalk, I thought downloads were vetted. Same as above, it created multiple explorer.exe processes that were insanely difficult to remove. I THINK it is gone but i will be re installing windows shortly.. EDIT: For anyone that cares.. this is the IP address of the virus creator ... Or at least where it was connecting to sending back my wallet.dat https://i.imgur.com/Rm5ENR4.png Title: Re: *TEKCOIN WALLET IS A VIRUS (On offical topic)* Post by: shubaduba on December 13, 2017, 02:21:03 AM Thanks for heads up.
Will be more aware Title: Re: *TEKCOIN WALLET IS A VIRUS (On offical topic)* Post by: milly6 on January 20, 2018, 06:20:33 PM I can confirm this. The links on mega from the thread are replaced and contains a rarfile with an exe dated to 11 April 2017. (Which is to young and no longer the original old 2016er wallet!) The .exe installs an file "explorer.exe" in C:\Program Files (x86)\WindowsClient\explorer.exe - which is a fake. To activate them, it created an autostart entry in the registry that points directly after boot to this file. When try to kill the process, the process is spawned many times and restarting in endless loop. At this point a immidiate power-cut from the machine is best what you can make at this moment. For me it looks like an replacement for the regulary explorer - which contains keylogger and all the usual things we know. I had the chance to remove all instances fast enough, before the usual "download actions" begans. Antivirus has not detected any activity - only the long starting time and nearly doing "nothing" for about 30 Seconds makes me fast checking all running processes and shutdown the machine asap. By the way: On the old website the other download-link is dead to mega, further more, most google searches to the forum opening post - so this thread needs immidiatly disabled or edited by an admin. thanks for the heads up Title: Re: *TEKCOIN WALLET IS A VIRUS (On offical topic)* Post by: leger0 on January 23, 2018, 10:42:31 PM Yes, I can confirm this too.
I have tried to find working windows wallet but no luck, only this one with exploit. Finally I have managed to compiled wallet from the original source code. If you need it you can find it here: https://bitcointalk.org/index.php?topic=2125731.msg28783577#msg28783577 scanned with virus total: https://www.virustotal.com/#/file-analysis/NTZhNTI0NTRiNDQ4Mjc4NGExYzRhYmVkM2NlOGUwZjA6MTUxNjc0NzIyNQ== |
