Bitcoin Forum
December 18, 2017, 11:29:13 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: Backdoor in 1337 wallet...?!  (Read 1610 times)
Arrakeen
Hero Member
*****
Offline Offline

Activity: 518


Offer escrow, receive negative trust


View Profile
November 10, 2015, 08:50:54 PM
 #1

Just found this today:



any explanations?

edit: not pointing any fingers; curious if anyone else has seen this too.  could be from anywhere
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
solid12345
Legendary
*
Offline Offline

Activity: 1148



View Profile
November 10, 2015, 09:22:40 PM
 #2

A coin name l337 just screams "hidden virus!"
Mercado
Jr. Member
*
Offline Offline

Activity: 41


View Profile
November 10, 2015, 10:05:30 PM
 #3

So then apparently this is proof there are some haxzorz running with this? Wink

Always look at the bright side of life
Spoetnik
Legendary
*
Offline Offline

Activity: 1470


FUD Philanthropist™


View Profile
November 10, 2015, 11:17:45 PM
 #4

well that shows us a registry key flagged on your windows machine..
could have come from anywhere ..did you google it ?
i advise taking the wallet you mentioned and uploading it to VirusTotal.
post us the link to the result and maybe a link to the wallet (one of us can check it out)

FUD first & ask questions later™
francism
Sr. Member
****
Offline Offline

Activity: 458


View Profile
November 11, 2015, 12:32:35 AM
 #5

So then apparently this is proof there are some haxzorz running with this? Wink

Nope, it is  some sort of hidden treasure design for those who will install and run the wallet.  Cheesy
TillKoeln
Legendary
*
Offline Offline

Activity: 1120


View Profile WWW
November 11, 2015, 05:55:11 AM
 #6

Windows Qt wallet - MEGA (Virustotal analysis (0/54))

feel free to test it by your own

https://bitcointalk.org/index.php?topic=1232586.0

Arrakeen
Hero Member
*****
Offline Offline

Activity: 518


Offer escrow, receive negative trust


View Profile
November 11, 2015, 06:21:25 AM
 #7

Now the download clean...but prior to posting this, it wasn't....

People must always draw their own conclusions, but why would a backdoor suddenly show up ONLY in my 1337 wallet, out of the 20+ wallets on my PC - 99% of which are of higher volume/popularity?  I haven't downloaded anything since the 1337 wallet - it doesn't make sense that something would magically, yet deliberately infect this specific directory....

TillKoeln, just wanted to state that I have nothing against you!

I've traded many of your coins in the past & had no problems similar to this.


Just very, very odd...never seen something like this before.

Want to make sure everyone else checks their stuff as well!
TillKoeln
Legendary
*
Offline Offline

Activity: 1120


View Profile WWW
November 11, 2015, 06:42:52 AM
 #8

TillKoeln, just wanted to state that I have nothing against you!
I've traded many of your coins in the past & had no problems similar to this.

no Problem.  but the coin is allright 2 weeks old ^^  i wouldnt say that the Problem is inside the 1337 wallet.
you are the first one who has any Problems. maybe you should scan your whole System.


but maybe i am a Super Haxxor which is smarter than VirusTotal ^^  who knows .




MbccompanyX
Full Member
***
Offline Offline

Activity: 182

★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
November 11, 2015, 06:44:23 AM
 #9

At this point i will move my 1337 wallet to a virtual machine and record any activity.... let's hope that the OP is just making some fud because isn't something that can be denied easly

Tortoise75
Sr. Member
****
Offline Offline

Activity: 341


View Profile
November 11, 2015, 07:33:43 AM
 #10

Some |-|4><><0|2 in the past got hit by an overdose of creativity and named his backdoor/tool box of the trade 1337 as well. So MBAM, and maybe some other AV, gets a bit upset because of the name of the thing. Rename it and the actual keys, a selection of the usual ones found in wallets for settings, in that group just pass the test.
MbccompanyX
Full Member
***
Offline Offline

Activity: 182

★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
November 11, 2015, 07:43:02 AM
 #11

Some |-|4><><0|2 in the past got hit by an overdose of creativity and named his backdoor/tool box of the trade 1337 as well. So MBAM, and maybe some other AV, gets a bit upset because of the name of the thing. Rename it and the actual keys, a selection of the usual ones found in wallets for settings, in that group just pass the test.

Anyway only MBAM reports this fact, Avast Antivirus with the last update doesn't tell anything about the qt wallet... And anyway i agree that maybe is just a coincidence and we don't need to worry about

TillKoeln
Legendary
*
Offline Offline

Activity: 1120


View Profile WWW
November 11, 2015, 07:49:08 AM
 #12

evil Haxxors around ....  Grin Grin Grin Grin Grin Grin Grin

TillKoeln
Legendary
*
Offline Offline

Activity: 1120


View Profile WWW
November 11, 2015, 08:27:24 AM
 #13

A coin name l337 just screams "hidden virus!"

indeed

MbccompanyX
Full Member
***
Offline Offline

Activity: 182

★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
November 11, 2015, 08:32:23 AM
 #14

A coin name l337 just screams "hidden virus!"

indeed

I hope you were sarcastic against yourself because somebody can confuse it and you know what it could mean....

TillKoeln
Legendary
*
Offline Offline

Activity: 1120


View Profile WWW
November 11, 2015, 08:43:29 AM
 #15

I hope you were sarcastic against yourself

correct . but if People get confused by something like this ... they should better turn down her Internet and shut down any devices ^^

Spoetnik
Legendary
*
Offline Offline

Activity: 1470


FUD Philanthropist™


View Profile
November 11, 2015, 11:04:26 AM
 #16

Get your windows scanned..

Your post here OP shows a bad registry key.
That has no link to the wallet.. your just guessing that is what caused it (with out proof)

Any program can create a registry key.

FUD first & ask questions later™
MbccompanyX
Full Member
***
Offline Offline

Activity: 182

★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
November 11, 2015, 11:07:49 AM
 #17

Get your windows scanned..

Your post here OP shows a bad registry key.
That has no link to the wallet.. your just guessing that is what caused it (with out proof)

Any program can create a registry key.

Yeah, is what i thinked too, must be only a try to fud 1337 because at the moment is almost the most stable coin of till....

Tortoise75
Sr. Member
****
Offline Offline

Activity: 341


View Profile
November 11, 2015, 06:40:00 PM
 #18

To be fair, it probably was really just a little bit of concern although opening a new thread for it was a bit over the top.

The registry entry is actually part of the 1337 wallet, but it's not a bad key as such. It triggered a warning in MBAM because of its name. MBAM is, usually, quite thorough and MBAM being MBAM it did warn the user even for a possible trace of Malware so he'd be able to look into it further.

For me I concluded it's just a coincidence. The registry keys below the 1337 entry are just standard keys for coin wallets and trigger no warning on their own whereas just creating a key named 1337 yourself is enough to trigger it.

Getting your windows scanned is always a good idea. (Edit/Disclaimer: This doesn't means doing something that makes someone, for example FBI, scanning your actual glass ones in some way)
TillKoeln
Legendary
*
Offline Offline

Activity: 1120


View Profile WWW
November 14, 2015, 06:55:46 PM
 #19

i was wondering that the User which open this thread never reply anything else . about his issue .

MbccompanyX
Full Member
***
Offline Offline

Activity: 182

★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
November 14, 2015, 06:59:47 PM
 #20

i was wondering that the User which open this thread never reply anything else . about his issue .

Good question, maybe he thinked that was useless to insist on something he knows that doesn't exist......

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!