|
Title: ChainSaur - Virus detected on their Wallet + possible bumping service Post by: holydarkness on September 13, 2020, 07:23:42 AM What happened: Wallet scan comes with some red flags
Scammer profile: https://bitcointalk.org/index.php?action=profile;u=1038373 Announcement thread: https://bitcointalk.org/index.php?topic=5275064.0 Archive: https://archive.is/F4wFo Suspected wallet link: https://github.com/chainsaur-project/Chainsaur-Wallet/releases/download/1.1.0/chainsaur-gui-w1.1.0-windows.msi Scan result: https://www.virustotal.com/gui/file/81f6dafca3ab9dced3b4e35d131bf7945635f50cef633f16bb30d73158a6dc88/detection Screenshot of scanned result: https://i.ibb.co/5hrVnvS/IMG-20200913-141801.jpg (https://ibb.co/yF6JY5Z) Other than that, their thread is likely using bumping service as the posts that filled their thread mainky came from two users. Xandry had highlighted this issue osyduck (https://bitcointalk.org/index.php?action=profile;u=1558664) and podlodkin (https://bitcointalk.org/index.php?action=profile;u=1651884) are you both from some bumping service or connected with topic starter? Every stupid question that you asked can be easily found on their website. @podlodkin ^ see link above .. stop deleting my messages, this is a shit launch 32. Posting multiple posts in a row (excluding bumps and reserved posts by the thread starter) is not allowed. Title: Re: ChainSaur - Virus detected on their Wallet + possible bumping service Post by: nutildah on September 13, 2020, 08:43:31 AM Good find. I verified the file in VirusTotal for myself and came up with the same thing you did.
I have tagged the OP and his 2 bumper accounts. Also reported to the mods. If I'm not mistaken the thread will probably be removed shortly. Title: Re: ChainSaur - Virus detected on their Wallet + possible bumping service Post by: narghat on September 13, 2020, 08:36:10 PM the wallet file is virus-free. take the original turtlecoin wallet and see for yourself
https://github.com/turtlecoin/turtle-wallet-go/releases/tag/0.14 Title: Re: ChainSaur - Virus detected on their Wallet + possible bumping service Post by: logfiles on September 13, 2020, 09:50:46 PM the wallet file is virus-free. take the original turtlecoin wallet and see for yourself What does your wallet have to do with turtle coin or their wallet? That shouldn't be an excuse. Simply explain why a number of Antivirus engines in VirusTotal are displaying positive results of a possibility of your wallet being infected with malware.https://github.com/turtlecoin/turtle-wallet-go/releases/tag/0.14 You also did not answer this member's question. Humm. While the wallet was running I got. Detected Backdoor:W32/QuasarRAT.A This program provides remote access to the computer it is installed on. Users\user\AppData\Roaming\odn.exe Coincidence or shady wallet?? Title: Re: ChainSaur - Virus detected on their Wallet + possible bumping service Post by: DaveF on September 13, 2020, 10:05:33 PM the wallet file is virus-free. take the original turtlecoin wallet and see for yourself https://github.com/turtlecoin/turtle-wallet-go/releases/tag/0.14 1) What logfiles said 2) Yeah, it's a virus: https://www.hybrid-analysis.com/sample/81f6dafca3ab9dced3b4e35d131bf7945635f50cef633f16bb30d73158a6dc88 And look a profile that was inactive since 2018 comes back and posts an infected wallet. -Dave Title: Re: ChainSaur - Virus detected on their Wallet + possible bumping service Post by: narghat on September 13, 2020, 10:14:43 PM Labeled as: Win64/CoinMiner.GG potentially unwanted
Are you seriously ? haha Title: Re: ChainSaur - Virus detected on their Wallet + possible bumping service Post by: nutildah on September 13, 2020, 10:33:53 PM Labeled as: Win64/CoinMiner.GG potentially unwanted Are you seriously ? haha That's one of two items -- you've been avoiding addressing the second: QuasarRAT.A (https://cyware.com/news/quasar-rat-a-sneak-peek-into-the-remote-access-trojans-capabilities-18afa9a3) You also did not answer this member's question. Humm. While the wallet was running I got. Detected Backdoor:W32/QuasarRAT.A This program provides remote access to the computer it is installed on. Users\user\AppData\Roaming\odn.exe Coincidence or shady wallet?? Hope you didn't pay too much for your account as it will be banned shortly. Title: Re: ChainSaur - Virus detected on their Wallet + possible bumping service Post by: narghat on September 13, 2020, 10:57:29 PM Labeled as: Win64/CoinMiner.GG potentially unwanted Are you seriously ? haha That's one of two items -- you've been avoiding addressing the second: QuasarRAT.A (https://cyware.com/news/quasar-rat-a-sneak-peek-into-the-remote-access-trojans-capabilities-18afa9a3) You also did not answer this member's question. Humm. While the wallet was running I got. Detected Backdoor:W32/QuasarRAT.A has nothing to do with us, check your computer for viruses Title: Re: ChainSaur - Virus detected on their Wallet + possible bumping service Post by: nutildah on September 13, 2020, 11:22:51 PM has nothing to do with us, check your computer for viruses Also detected by VirusTotal: TrojanPSW.Python Quote Trojan-PSW programs are designed to steal user account information such as logins and passwords from infected computers. PSW is an acronym of Password Stealing Ware. When launched, a PSW Trojan searches system files which store a range of confidential data or the registry. If such data is found, the Trojan sends it to its “master.” Email, FTP, the web (including data in a request), or other methods may be used to transit the stolen data. https://encyclopedia.kaspersky.com/knowledge/trojan-psw/ You got caught. There's nothing more to say. Title: Re: ChainSaur - Virus detected on their Wallet + possible bumping service Post by: logfiles on September 13, 2020, 11:32:00 PM Labeled as: Win64/CoinMiner.GG potentially unwanted But you are handpicking only what one AV engine has detected (coinminer.GG which I am also aware is common with crypto wallets and mining software) but how about Trojan which seems to be consistent in the other 4 AV engines?Are you seriously ? haha https://talkimg.com/images/2023/07/19/Zxt9W.png (https://talkimg.com/images/2023/07/19/Zxt9W.png) |
