Backdoor in 1337 wallet...?!

[Arrakeen]

Just found this today:



any explanations?

edit: not pointing any fingers; curious if anyone else has seen this too.  could be from anywhere

[solid12345]

A coin name l337 just screams "hidden virus!"

[Mercado]

So then apparently this is proof there are some haxzorz running with this?

[Spoetnik]

well that shows us a registry key flagged on your windows machine..
could have come from anywhere ..did you google it ?
i advise taking the wallet you mentioned and uploading it to VirusTotal.
post us the link to the result and maybe a link to the wallet (one of us can check it out)

[francism]

So then apparently this is proof there are some haxzorz running with this?

Nope, it is  some sort of hidden treasure design for those who will install and run the wallet. 

[TillKoeln]

Windows Qt wallet - MEGA (Virustotal analysis (0/54))

feel free to test it by your own

https://bitcointalk.org/index.php?topic=1232586.0

[Arrakeen]

Now the download clean...but prior to posting this, it wasn't....

People must always draw their own conclusions, but why would a backdoor suddenly show up ONLY in my 1337 wallet, out of the 20+ wallets on my PC - 99% of which are of higher volume/popularity?  I haven't downloaded anything since the 1337 wallet - it doesn't make sense that something would magically, yet deliberately infect this specific directory....

TillKoeln, just wanted to state that I have nothing against you!

I've traded many of your coins in the past & had no problems similar to this.


Just very, very odd...never seen something like this before.

Want to make sure everyone else checks their stuff as well!

[TillKoeln]

TillKoeln, just wanted to state that I have nothing against you!
I've traded many of your coins in the past & had no problems similar to this.

no Problem.  but the coin is allright 2 weeks old ^^  i wouldnt say that the Problem is inside the 1337 wallet.
you are the first one who has any Problems. maybe you should scan your whole System.


but maybe i am a Super Haxxor which is smarter than VirusTotal ^^  who knows .

[MbccompanyX]

At this point i will move my 1337 wallet to a virtual machine and record any activity.... let's hope that the OP is just making some fud because isn't something that can be denied easly

[Tortoise75]

Some |-|4><><0|2 in the past got hit by an overdose of creativity and named his backdoor/tool box of the trade 1337 as well. So MBAM, and maybe some other AV, gets a bit upset because of the name of the thing. Rename it and the actual keys, a selection of the usual ones found in wallets for settings, in that group just pass the test.

[MbccompanyX]

Some |-|4><><0|2 in the past got hit by an overdose of creativity and named his backdoor/tool box of the trade 1337 as well. So MBAM, and maybe some other AV, gets a bit upset because of the name of the thing. Rename it and the actual keys, a selection of the usual ones found in wallets for settings, in that group just pass the test.

Anyway only MBAM reports this fact, Avast Antivirus with the last update doesn't tell anything about the qt wallet... And anyway i agree that maybe is just a coincidence and we don't need to worry about

[TillKoeln]

evil Haxxors around .... 

[TillKoeln]

A coin name l337 just screams "hidden virus!"

indeed

[MbccompanyX]

A coin name l337 just screams "hidden virus!"

indeed

I hope you were sarcastic against yourself because somebody can confuse it and you know what it could mean....

[TillKoeln]

I hope you were sarcastic against yourself

correct . but if People get confused by something like this ... they should better turn down her Internet and shut down any devices ^^

[Spoetnik]

Get your windows scanned..

Your post here OP shows a bad registry key.
That has no link to the wallet.. your just guessing that is what caused it (with out proof)

Any program can create a registry key.

[MbccompanyX]

Get your windows scanned..

Your post here OP shows a bad registry key.
That has no link to the wallet.. your just guessing that is what caused it (with out proof)

Any program can create a registry key.

Yeah, is what i thinked too, must be only a try to fud 1337 because at the moment is almost the most stable coin of till....

[Tortoise75]

To be fair, it probably was really just a little bit of concern although opening a new thread for it was a bit over the top.

The registry entry is actually part of the 1337 wallet, but it's not a bad key as such. It triggered a warning in MBAM because of its name. MBAM is, usually, quite thorough and MBAM being MBAM it did warn the user even for a possible trace of Malware so he'd be able to look into it further.

For me I concluded it's just a coincidence. The registry keys below the 1337 entry are just standard keys for coin wallets and trigger no warning on their own whereas just creating a key named 1337 yourself is enough to trigger it.

Getting your windows scanned is always a good idea. (Edit/Disclaimer: This doesn't means doing something that makes someone, for example FBI, scanning your actual glass ones in some way)

[TillKoeln]

i was wondering that the User which open this thread never reply anything else . about his issue .

[MbccompanyX]

i was wondering that the User which open this thread never reply anything else . about his issue .

Good question, maybe he thinked that was useless to insist on something he knows that doesn't exist......