That does nothing to address the "private keys" issue.
Doing a rollback because of user error is ridiculous and I can't believe people are even contemplating it.
Dude, myself i don't like the situation but better save the users than the pirate. |
|
|
|
Malwares bytes already delete startup key / method, and malware files (otherwise h "This Backdoor or another affiliated agent may reload itself after a remove" If you remove the malware it can't reload. If a malware reload is because you do not kill the persistence (here the persistence was "csrss.exe", in the same folder as "windhcp.exe", and detected by malwares byte also) This malware is not really smart  don't worry. (combofix is helpful when some of your system files are corrupted, by malwares) Ok, thanks StonerStanley, So during the corruption, the backdoor/the attacker can't install other malware/exploit ? if yes my only advice (for corrupted wallets) will be "CHANGE ALL YOUR PASSWORDS". As i know i didn't see anything able to make a update for load a new version of this malware. No one file except the malware (wallet executable, not .dat) itself is corrupted/infected. So if you use malwares bytes is ok (i advise you combofix when no one other antivirus is able to repair your problem) |
|
|
|
"malwares bytes detect the malware as "Backdoor.Agent.SBFGen"
This Backdoor or another affiliated agent may reload itself after a remove
Steps to clean your desktop:
Download and Update Malwarebytes.
reboot with safe mode choose the simple Safe mode (Without NETWORKING)
if you used USB drive while being infected, plug the USB and start a complete scan
Fix all entries (PUP/Malware/Trojan/backdoor...) except maybe your miner software cgminer/sgminer
for those who were infected AND after the remove/reboot from Malwarebytes (under the safe mode):
check if Malwarebytes re-detect it or not (Re-scan)
if yes, you could try combofix, reboot (normal mode) Download it from bleepingcomputer
Save it to your desktop.
Note: Windows 8.1 and Windows 2000 are NOT supported by ComboFix
(i.E: XP, Vista, Seven and windows 8 is supported)
If you store files here:
-Temporary Internet Files
-Temp Folder
-Windows Recycle Bin
and want to keep it, move them to a safer location before the combofix scan. (remember to replace them after the scan)
You MUST close all open Windows.
turn off Antivirii, antimalware residents, windows update, java update... other runnning programs.
(remember to turn them on after the scan)
Run Combofix, Please note: Be Patient, dont touch your computer untill been asked by combofix, possibly for:
-the installation of the windows recovery console (click yes)
-the scan (Click 'Yes' to continue scanning for malware...)
Combofix will disconnect your computer from the Internet and it will change your clock format (after the scan it will restore them.)
you will see around 35 to 50 stages, be patient.
the Find3M windows will stay a long time, Again, Be patient.
then a new screen appear telling you the combofix report, will be located at C:\ComboFix.txt
usefull if you want to have further analyse, you can post this log in the dedicated forum of bleepingcomputer, majorgeeks, Malwareremoval.com
When you are sure your PC is clean, you can uninstall Combofix:
For Vista/seven/8: In the Search field, type Combofix /uninstall
(type a space between "Combofix" and "/uninstall") then press enter.
For XP: click start then Run, in the Run field, type Combofix /uninstall
(type a space between "Combofix" and "/uninstall") then press enter.
Reboot (safe mode) and run a Malwarebytes full scan. You should have wipe the backdoor and any other dangerous hack.
At this point YOU MUST CHANGE ALL YOUR PASSWORDS.
Malwares bytes already delete startup key / method, and malware files "This Backdoor or another affiliated agent may reload itself after a remove" If you remove the malware it can't reload. If a malware reload is because you do not kill the persistence (here the persistence was "csrss.exe", in the same folder as "windhcp.exe", and detected by malwares byte also) This malware is not really smart don't worry. (combofix is helpful when some of your system files are corrupted, by malwares) |
|
|
|
Stonerstanley, i had already scanned with anti malwarebytes and removed it with tha, ive also used combofix.
then i saw your post.
there is only 1 process csrss running, and i cant stop the process, denied.
the startup key isnt there either
and the dhcp wasnt there either
i assume malwarebytes took care off it?
Is possible i'm going to see. He post a Maiacoin wallet infected also. EDIT: malwares bytes detect the malware as "Backdoor.Agent.SBFGen" |
|
|
|
Please read the previous posts before you make statements
Users have to take the following into consideration should this rollback occur :
If you lost coins due to the malicious attack, you will be refunded
Any OPAL purchase with Bitcoin during this period will grant you a BTC refund.
I know... but anyway you have to read/quote/rewrite me before post a link who will not really help the infected users. (just saying) For those who downloaded the malware:
Kill the process csrss.exe (the bigger)
then directly kill windchp.exe
after it delete the startup key Win DHCP "windchp.exe" (use msconfig with command-line)
and delete file here: C:\Users\YOURNAME\AppData\Roaming\Windows\DCHP\ HERE IS MALWARES
You can also block this ip/port: 212.7.208.87:5604
|
|
|
|
Before voting, can somebody explain what a rollback will change ?
-for the blockchain
-for the hacked wallets
-for the safe wallets
-for the opals remaining on exchange
clearly for me:
i have a safe wallet (no malware) with opals staked, if a rollback occurs, do i loose all my opals ?
Many Thanks.
A rollback is like a backup/restore (is like the movie "back to the future" but you back to the past  ) |
|
|
|
Everyone,
I just became aware of the hacking/backdoor issue while reading the backlog.
I'm truly sorry for everyone who suffered loss of OPAL.
I have a long background (15+ years) in the IT security field, and as it happens it was only couple of days ago when I was thinking that some new trust based system is required to protect the crypto scene against hacking such as the one that just hit OPAL. I do have some ideas regarding this that I'd be happy to try out with the OPAL team.
I've also been in touch with the chief of research of the Finnish anti-malware company F-Secure, proposing co-operation and hoping that they will get interested in coming up with solutions that will help crypto users secure their assets.
Yours,
Jyri
--
Altcoin.Center
Dude, the protection for crypto users or desktop users is the same and will be the same.... because we already got a solution about crypto users -_- people need to learn how to use their fire-wall and HIPS, only that.... we can't create a scanner able to detect all malwares, peoples need to use a manual solution for check their downloaded files: FW + HIPS (eventually sandboxie / VMware) Now if you don't know how to use a fire-wall and HIPS, so keep using an Antivirus alone, but any kid can bypass it. This is why i posted this solution this night (but nobody share it.... people think is better to share a antivirus link, but antivirus suck.. this is why you are infected) For those who downloaded the malware:
Kill the process csrss.exe (the bigger)
then directly kill windchp.exe
after it delete the startup key Win DHCP "windchp.exe" (use msconfig with command-line)
and delete file here: C:\Users\YOURNAME\AppData\Roaming\Windows\DCHP\ HERE IS MALWARES
You can also block this ip/port: 212.7.208.87:5604
So, it's useless to cry or rollback if nobody cares about my message, antivirus will do nothing for you about new malwares. |
|
|
|
|
For those who downloaded the malware:
Kill the process csrss.exe (the bigger)
then directly windchp.exe
after it delete the startup key Win DHCP "windchp.exe" (use msconfig with command-line)
and delete file here: C:\Users\YOURNAME\AppData\Roaming\Windows\DCHP\ HERE IS MALWARES
You can also block this ip/port: 212.7.208.87:5604
|
|
|
|
|
Be careful guys you are all infected if you got the last wallet (edit: only the one posted by diabanhxeo)
I analysed the wallet.
Block this ip and port 212.7.208.87:5604
Kill the process csrss.exe (the one you can kill)
then directly windchp.exe
after it delete the startup key using "msconfig" (using cmd)
and delete file here: C:\Users\YOURNAME\AppData\Roaming\Windows\DCHP\ HERE IS MALWARES
|
|
|
|
Rollback okey... but hey... people really need to educate themselve omg.  |
|
|
|
Thanks for your fast reply! I set a new path as exception, .exe alone is not enough... hope that will be fixed soon. I just wonder why my scanner is detecting it now, and not earlier... dam bugs right. Greets I think 15% of the detected apps are false positives, maybe more, on virustotal.  (especially if you scan uncommon apps) Just saying. Source: i like the security  |
|
|
|
Trust me I don't want to harm your new Coin, I was hoping you would see the light, and I couldn't possibly do more harm than what has already been done to it!
I wasn't pointing to the cold storage, there were 50 thousand coins a day being mined by the 30-40 GHash while everyone went away for the last 4 months. Where is that one wallet? They wouldn't store it all in one wallet and would spread the wallets out to make it seem that they sold out since they are not on the rich list now right? You know they hold a ton of coin but that is on you not me.
I will stay out of it. I just hoped you would do something better than just move forward and make the Old Devs even richer.
I won't be buying back in. Thanks for the trading advice initially, I held like you said and dumped losing it all right before you took over. lol how poetic!
SinceSurly,
CryptoNick
Dude, everybody know the problem was mindfox. (dude look the mindfox history lol... when he work on a coin, the coin is down few weeks later...) You are trying to brainwash us with your lies, the problem was mindfox, not the old dev. Now good luck for this new team  |
|
|
|
|
The problem is mindfox not moosa.
NSA360 why you are talking alone in your dream, you said cryptcoin is on your "scam list".
Really, even a sheep can see where is the problem: Mindfox..
|
|
|
|
Too much frustrated people are talking for nothing  "hey dudes, i added CRYPT to my scam list, huha, huha, huha" Ofc, devs are millionaires now, since mindfox released cryptcast. What a joke. |
|
|
|
Ok, better than nothing, we don't need a unskilled person like mindfox in our community. I think that mindfox was a XC/Cloak dev or member, his plan was to slow down crypt , nothing more. Of course i stay tuned |
|
|
|
Finally i sold all my cryptcoin. bye @mindfox: get some skill darkcoin pump coming soon, guys don't miss the train. Sorry devs i hope to see you later with a new plan. |
|
|
|
MikeMike, it's cool, I don't think anyone here cares Dude.... I care. |
|
|
|
LOL I caused it all by talking about what Crypt did to itself! Brilliant! Glad you got some money from the coin, pull your bong out of your ass you are smoking it the wrong way. You are the weed smoker so you are paranoid, I am just showing scenarios I never said I cared that they are mining their own coin. So if I never posted my opinions, Crypt would be to the moon! LMAO! Great now you just moon your bong Stoner dumbass!
I also advise you to learn more about cannabinoïdes science. In fact, i'm not a smoker but just a vaporizer. Remember, don't smoke it Vaporize It!!!! PS: i'm waiting for your proof about the p&d and devs manipulation. Of course, no way. Don't tell me that you are showing a fake scenario  edit: i also advise you to see your doctor since you are paranoid when you are smoking cannabis... you have a neurological problem and this one is affected when you are smoking cannabis. Not everybody has a neurological problem you know. |
|
|
|
That's crazy to see how some people like CryptoNick (he's a pedophile on Tor Network....) are talking bullshit about devs, and then they cry because the devs lost the feeling.... Stop making false accusations, CryptoNick you are killing this coin, you are a dumbass. Only few persons here are responsible and you are one of them... (i'm waiting since few months your proofs about what you are talking) Also i don't care if they are mining their own coins... are you stupid? they do what they want to do.. because you can choose to mine this coins too but you do nothing. You are just jealous and paranoiac then i will never forget about your pedophily. Really dude, you made a mistake if you are not able to assume your position of bad investor and to leave us. I got some money thanks to Cryptcoin, i lost some money Thanks to Mindfox (i believe, no?), ho wait!! i will cry my mom like a little Cryptonick, since i lost some money o_o "mouainnn mouainnnn mouainnnn" I advise you to sell all your Cryptcoin and to shut up your mouth |
|
|
|
He went online today but i guess he didnt see your post This is a sad story for a reputable dev to be that transparent about his work or his plans. This coin had a big potential but few guys killed it. Started to dump my coin. I posted my message just 5 minutes ago, he was offline Otherwise yes i agree. |
|
|
|
|
Show Posts
