Bitcoin Forum
November 20, 2017, 06:37:05 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 »  All
  Print  
Author Topic: VIRUS IN ~ CANDLE ~ .EXE Are we surprised?  (Read 1966 times)
LiteMine
Sr. Member
****
Offline Offline

Activity: 363



View Profile
November 21, 2015, 04:44:35 PM
 #1

Candlecoin windows binary is infected, different hash than presented in their thread. I know there are false positives in wallets, but Malwarebytes just took about 10 virusues off my crashbox, it was previously clean.


rar:   HEUR/QVM03.0.Malware.Gen
https://www.virustotal.com/en/file/6dc0bbad7bf9fb63f8377045b9fa3bf268eace72f024592fbdb1eedd82f91f3e/analysis/1448121325/

.exe:    Dropper/Win32.Agent
https://www.virustotal.com/en/file/50aa309e434155d422b886a3be9aff9ab2d02f4916d804f5ca5f2c7e11f192ce/analysis/

1511159825
Hero Member
*
Offline Offline

Posts: 1511159825

View Profile Personal Message (Offline)

Ignore
1511159825
Reply with quote  #2

1511159825
Report to moderator
1511159825
Hero Member
*
Offline Offline

Posts: 1511159825

View Profile Personal Message (Offline)

Ignore
1511159825
Reply with quote  #2

1511159825
Report to moderator
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511159825
Hero Member
*
Offline Offline

Posts: 1511159825

View Profile Personal Message (Offline)

Ignore
1511159825
Reply with quote  #2

1511159825
Report to moderator
kondiomir
Legendary
*
Offline Offline

Activity: 1330


Twitter @Acimirov


View Profile
November 21, 2015, 04:47:24 PM
 #2

https://www.virustotal.com/bg/file/24a4b22f96711ae297b986dfb5fedf930a234d2a44dc75a0afd8cbe49b18adf1/analysis/1448124355/


0 / 54
Sir_Astral
Hero Member
*****
Offline Offline

Activity: 546


View Profile
November 21, 2015, 04:48:43 PM
 #3

My wallet

CRC32: 6528049F
MD5: E78C0CC7CCD7802569501937495CAD1A
SHA-1: 2AEFBD873C35C3BA534653B3FA2705D54D1835A3

And yours?
kondiomir
Legendary
*
Offline Offline

Activity: 1330


Twitter @Acimirov


View Profile
November 21, 2015, 04:50:59 PM
 #4

MD5 e78c0cc7ccd7802569501937495cad1a
SHA1 2aefbd873c35c3ba534653b3fa2705d54d1835a3
SHA256 24a4b22f96711ae297b986dfb5fedf930a234d2a44dc75a0afd8cbe49b18adf1
Sir_Astral
Hero Member
*****
Offline Offline

Activity: 546


View Profile
November 21, 2015, 04:52:28 PM
 #5

OP has other checksum.
ocminer
Legendary
*
Offline Offline

Activity: 1918



View Profile WWW
November 21, 2015, 04:56:05 PM
 #6

It's a self mod topic... biiig Red flag

suprnova pools - reliable mining pools - #suprnova on freenet
https://www.suprnova.cc - FOLLOW us @ Twitter ! twitter.com/SuprnovaPools
Sir_Astral
Hero Member
*****
Offline Offline

Activity: 546


View Profile
November 21, 2015, 05:01:24 PM
 #7

OP has other checksum.

This is exactly why we launched Steps Stay Safe, our online facility is there for miners and holders of new coins to make sure wallets is clean before you download it to your computer.

https://altcoinsteps.com/staySafe


Interesting. How do you check it? VM?
samspaces
Legendary
*
Offline Offline

Activity: 1181


View Profile
November 21, 2015, 05:02:57 PM
 #8

OP has other checksum.

This is exactly why we launched Steps Stay Safe, our online facility is there for miners and holders of new coins to make sure wallets is clean before you download it to your computer.

https://altcoinsteps.com/staySafe


This is a really cool initiative! I'll check this out later when I have time.
TillKoeln
Legendary
*
Offline Offline

Activity: 1106


View Profile WWW
November 21, 2015, 05:05:54 PM
 #9

Quote
Are we surprised? 


ehm no ^^  thats why i prefer to compile the wallets on my own system

kondiomir
Legendary
*
Offline Offline

Activity: 1330


Twitter @Acimirov


View Profile
November 21, 2015, 05:11:41 PM
 #10

Just downloaded the wallet from the OP.

https://www.virustotal.com/bg/file/35845506d49504d9744e7abcee721951ca2baf3a5cd7a188706e8d64e98ed494/analysis/1448125705/

0/55

MD5 d13bdfd57d28108c5efea5562e69304d
SHA1 230bc9e3c8a151189167644a5d56210bc7ed2eb4
SHA256 35845506d49504d9744e7abcee721951ca2baf3a5cd7a188706e8d64e98ed494


Also checked wit HEX editor. Seems like no hidden exe there.


Note: seems like MD5 & SHA are different from initial qt-wallet.
Note2: Initial and present wallet are .zip @LiteMine wallet is .rar
AltcoinSteps
Sr. Member
****
Offline Offline

Activity: 322


Let's make a new altcoin environment.


View Profile WWW
November 21, 2015, 05:13:27 PM
 #11

OP has other checksum.

This is exactly why we launched Steps Stay Safe, our online facility is there for miners and holders of new coins to make sure wallets is clean before you download it to your computer.

https://altcoinsteps.com/staySafe


Interesting. How do you check it? VM?
we do not download the .exe, we compile our from source and we add all new coins since lately 9 out of 10 have virus/trojan, but if you want to check/download the .exe better use WM or sandbox

Steps - Let's make a new altcoin environment.  | Join Us Now!
Sir_Astral
Hero Member
*****
Offline Offline

Activity: 546


View Profile
November 21, 2015, 05:18:02 PM
 #12

Downloaded from Candle thread now, my wallet has same checksums.
Where OP has downloaded exe with different checksums?
nikkers
Hero Member
*****
Offline Offline

Activity: 566



View Profile
November 21, 2015, 05:40:14 PM
 #13

The file i got yesterday is clean too, and different checksum etc than op of this thread :S

not saying there's nothing hidden in it, i'm no expert, but malwarebytes and virustotal tell me mine is clean :S

ZIP
https://www.virustotal.com/en/file/35845506d49504d9744e7abcee721951ca2baf3a5cd7a188706e8d64e98ed494/analysis/1448126500/

QT
https://www.virustotal.com/en/file/24a4b22f96711ae297b986dfb5fedf930a234d2a44dc75a0afd8cbe49b18adf1/analysis/1448126126/

i'll hold off on installing it for now  Wink
Sir_Astral
Hero Member
*****
Offline Offline

Activity: 546


View Profile
November 21, 2015, 05:50:39 PM
 #14

The file i got yesterday is clean too, and different checksum etc than op of this thread :S

not saying there's nothing hidden in it, i'm no expert, but malwarebytes and virustotal tell me mine is clean :S

ZIP
https://www.virustotal.com/en/file/35845506d49504d9744e7abcee721951ca2baf3a5cd7a188706e8d64e98ed494/analysis/1448126500/

QT
https://www.virustotal.com/en/file/24a4b22f96711ae297b986dfb5fedf930a234d2a44dc75a0afd8cbe49b18adf1/analysis/1448126126/

i'll hold off on installing it for now  Wink

I have the same checksum.
OP is a troll.
samsunk
Member
**
Offline Offline

Activity: 95


View Profile
November 21, 2015, 05:53:14 PM
 #15

No surprise - I told them in thread beware of viruses with encryption can defeat av scanners

-samsunk
lobat999
Sr. Member
****
Offline Offline

Activity: 294



View Profile
November 22, 2015, 12:20:35 AM
 #16

Candlecoin windows binary is infected, different hash than presented in their thread. I know there are false positives in wallets, but Malwarebytes just took about 10 virusues off my crashbox, it was previously clean.


rar:   HEUR/QVM03.0.Malware.Gen
https://www.virustotal.com/en/file/6dc0bbad7bf9fb63f8377045b9fa3bf268eace72f024592fbdb1eedd82f91f3e/analysis/1448121325/

.exe:    Dropper/Win32.Agent
https://www.virustotal.com/en/file/50aa309e434155d422b886a3be9aff9ab2d02f4916d804f5ca5f2c7e11f192ce/analysis/



just run a new test. it seems clean though. Smiley

https://www.virustotal.com/en/file/24a4b22f96711ae297b986dfb5fedf930a234d2a44dc75a0afd8cbe49b18adf1/analysis/1448151472/


            ▄▄▄▄▄▄▄▄▄
        ▄███████████████▄
     ▄█████████████████████▄
   ▄█████████████████████████▄
  █████████████████████████████
 ███████████████████████████████
▐██████   ▀████▀  ▐▌       █████▌
██████▌    ▀█▀    ███▌  █████████
██████  ▐▄    ▄  ▐███  ▐█████████
█████▌  ██▄ ▄█▌  ███▌  █████████▌
▐███████████████████████████████
 ▀█████████████████████████████
   ██████████████████████████▀
    ▀██████████████████████▀
       ▀████████████████▀▀
           ▀▀▀▀▀▀▀▀▀▀















▬▬  ▬▬  ▬▬  ▬▬  ▬▬
White Paper
▬▬  ▬▬  ▬▬  ▬▬  ▬▬
Sir_Astral
Hero Member
*****
Offline Offline

Activity: 546


View Profile
November 22, 2015, 12:27:08 AM
 #17

Click additional information from OP exe link.
14 Mb exe. OP is a troll.
lobat999
Sr. Member
****
Offline Offline

Activity: 294



View Profile
November 22, 2015, 12:32:35 AM
 #18

Click additional information from OP exe link.
14 Mb exe. OP is a troll.


Oh yeah. That explains it. Thanks Smiley


            ▄▄▄▄▄▄▄▄▄
        ▄███████████████▄
     ▄█████████████████████▄
   ▄█████████████████████████▄
  █████████████████████████████
 ███████████████████████████████
▐██████   ▀████▀  ▐▌       █████▌
██████▌    ▀█▀    ███▌  █████████
██████  ▐▄    ▄  ▐███  ▐█████████
█████▌  ██▄ ▄█▌  ███▌  █████████▌
▐███████████████████████████████
 ▀█████████████████████████████
   ██████████████████████████▀
    ▀██████████████████████▀
       ▀████████████████▀▀
           ▀▀▀▀▀▀▀▀▀▀















▬▬  ▬▬  ▬▬  ▬▬  ▬▬
White Paper
▬▬  ▬▬  ▬▬  ▬▬  ▬▬
m4xp0w3r7
Hero Member
*****
Offline Offline

Activity: 598


View Profile
November 22, 2015, 09:14:22 AM
 #19

Clean
https://www.virustotal.com/en/file/24a4b22f96711ae297b986dfb5fedf930a234d2a44dc75a0afd8cbe49b18adf1/analysis/1448151472/
skeet
Full Member
***
Offline Offline

Activity: 191


View Profile
November 23, 2015, 12:29:19 AM
 #20

Click additional information from OP exe link.
14 Mb exe. OP is a troll.


Nope, the dev purposely swap the original clean file with infected file from mega. How would I know? The exe file I downloaded at work was clean but when I redownloaded it again at home it was totally infected. It was on the same OP of the official thread.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!