Bitcoin Forum

Just found this today:

https://i.imgur.com/IeOFTHj.png

any explanations?

edit: not pointing any fingers; curious if anyone else has seen this too.  could be from anywhere

A coin name l337 just screams "hidden virus!"

So then apparently this is proof there are some haxzorz running with this? ;)

well that shows us a registry key flagged on your windows machine..
could have come from anywhere ..did you google it ?
i advise taking the wallet you mentioned and uploading it to VirusTotal.
post us the link to the result and maybe a link to the wallet (one of us can check it out)

Nope, it is  some sort of hidden treasure design for those who will install and run the wallet.  :D

Windows Qt wallet - MEGA (https://mega.nz/#!Soc3zCgB!qvJ6d8b1i-5h48RMKH2M2KoJEIMvlpHTRRfSjZAun5Y) (Virustotal analysis (0/54)) (https://www.virustotal.com/en/file/7c48ee35498f983354f751185cacc3a1bd1543eb40182172a7c0e91a1f52724d/analysis/1446323177/)

feel free to test it by your own

https://bitcointalk.org/index.php?topic=1232586.0

Now the download clean...but prior to posting this, it wasn't....

People must always draw their own conclusions, but why would a backdoor suddenly show up ONLY in my 1337 wallet, out of the 20+ wallets on my PC - 99% of which are of higher volume/popularity?  I haven't downloaded anything since the 1337 wallet - it doesn't make sense that something would magically, yet deliberately infect this specific directory....

TillKoeln, just wanted to state that I have nothing against you!

I've traded many of your coins in the past & had no problems similar to this.


Just very, very odd...never seen something like this before.

Want to make sure everyone else checks their stuff as well!

no Problem.  but the coin is allright 2 weeks old ^^  i wouldnt say that the Problem is inside the 1337 wallet.
you are the first one who has any Problems. maybe you should scan your whole System.


but maybe i am a Super Haxxor which is smarter than VirusTotal ^^  who knows .

At this point i will move my 1337 wallet to a virtual machine and record any activity.... let's hope that the OP is just making some fud because isn't something that can be denied easly

Some |-|4><><0|2 in the past got hit by an overdose of creativity and named his backdoor/tool box of the trade 1337 as well. So MBAM, and maybe some other AV, gets a bit upset because of the name of the thing. Rename it and the actual keys, a selection of the usual ones found in wallets for settings, in that group just pass the test.

Anyway only MBAM reports this fact, Avast Antivirus with the last update doesn't tell anything about the qt wallet... And anyway i agree that maybe is just a coincidence and we don't need to worry about

evil Haxxors around ....  ;D ;D ;D ;D ;D ;D ;D

indeed

I hope you were sarcastic against yourself because somebody can confuse it and you know what it could mean....

correct . but if People get confused by something like this ... they should better turn down her Internet and shut down any devices ^^

Get your windows scanned..

Your post here OP shows a bad registry key.
That has no link to the wallet.. your just guessing that is what caused it (with out proof)

Any program can create a registry key.

Yeah, is what i thinked too, must be only a try to fud 1337 because at the moment is almost the most stable coin of till....

To be fair, it probably was really just a little bit of concern although opening a new thread for it was a bit over the top.

The registry entry is actually part of the 1337 wallet, but it's not a bad key as such. It triggered a warning in MBAM because of its name. MBAM is, usually, quite thorough and MBAM being MBAM it did warn the user even for a possible trace of Malware so he'd be able to look into it further.

For me I concluded it's just a coincidence. The registry keys below the 1337 entry are just standard keys for coin wallets and trigger no warning on their own whereas just creating a key named 1337 yourself is enough to trigger it.

Getting your windows scanned is always a good idea. (Edit/Disclaimer: This doesn't means doing something that makes someone, for example FBI, scanning your actual glass ones in some way)

i was wondering that the User which open this thread never reply anything else . about his issue .

Good question, maybe he thinked that was useless to insist on something he knows that doesn't exist......

ok, I am not pointing fingers but maybe dev explain why 1337 qt windows binary needs clipboard permission, I blocked access and it still works without it, but why? this is the first QT wallet that needs to read the clipboard illegal on a non-system operation, for example I copy and paste something to it that's legal, but I copy elsewhere and it reads it that's not legal.

awaiting dev reply, love the coin, too stupid to compile my own wallet, bought bunch of the crypto to start staking and support the network, only if yobit release my withdrawals.

Weird stuff going on...thanks for your input, let's see what the dev has to say about this  ::)

How is something like this possible.  What is the purpose of the virus.  If something like this got into the system, would it not crash the whole system for that coin?  I knew it would only be a matter of time before something like this happened.

what do you mean by 'crash the system'?  You mean crash the price, or the network itself?  If implemented properly, a backdoor could just send all the requested user information to the dev, while the coin network runs as expected from end-user's standpoint.  I'm not saying this is such a case, but in theory it is totally plausible.

i agree... why would you trust a coin that has this title, it is obvious it is not there for long run.

I have used it for a while, no problems at all, I used sandbox to see if it's going to leave something behind, nothing happend, but still I need dev to come out and tell me what he compiled in there, because I know for sure that you can bypass sandbox, and I know for sure that you can melt a trojan or anything, and I know for sure that a staking wallet will always be online to stake so the trojan don't need to be in the system, and I know for sure that he can use the peer to peer as a network to host his trojan without a central server, because I have done all of this crap when I was a kid, there is a known peer to peer trojan currently that can steal all kinds of wallet available for only 0.1 BTC and it's called black shade or something and it's totally FUD, also zeus became p2p and source is available online, it can easily bind with the wallet and connections would seem normal, and I have seen many members from BTT on hackforums, so please come out and tell us.

- for now I would recommend using paper wallets or running the wallet on a VM.

Or "pwned!"

Not surprizing, people should always check first what they download. Especially if you hold large sums on your PC.

An antivirus scan is always recommended. BURST doesnt have backdoors in its wallets thats for sure.

Well you sure seem un-biased, judging by your profile..... ;D nice price rise recently, congrats :)

Well I`m just a user of BURST and managing the INCOME asset of the BURST asset exchange.

I`m not in the dev team.

How does the income asset work?  I found a link but it doesn't explain much.  How far along the roadmap are you?  I could offer my assistance if it's needed - just shoot me a PM if so!  I'd be glad to help - I like sharing my knowledge, and assisting in any way I can to as many coins as possible (this acct. isn't my main).

Don't be surprised by that i have seen a LOT of wallets ask for that exact permission with my security.

My password manager program "Password Depot" prompts me for any windows QT i have run.
It warns me that they all tried to access the clipboard info.

I don't have any info on that but i have seen it on all clean wallets.
Don't be alarmed by that.. it's normal.

I have used a LOT of wallets too ;)

I got up to 15 gigs worth before i started deleting them LOL