Bitcoin Forum
August 22, 2019, 07:44:19 PM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker  (Read 1480 times)
a7mos
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500



View Profile
January 12, 2016, 07:36:46 PM
Last edit: January 12, 2016, 08:50:18 PM by a7mos
 #1

Hi

So, i was trying to download the candle coin wallet from its official thread a

and as soon as i unrar the file the anti virus (eset smart security) deleted it because it is a trojan

and when i posted on his thread asking what is wrong with the wallet, he deleted my post as the thread is self moderated

here is the pm i got because my post asking him what is wrong was deleted. some other guy posted that the virustool link on the thread is not for the wallet exe, it is another complete thing but the dev Dave4You also deleted that comment and i could not find it on google caches


Quote from: Bitcoin Forum
A reply of yours, quoted below, was deleted by the starter of a self-moderated topic. There are no rules of self-moderation, so this deletion cannot be appealed. Do not continue posting in this topic if the topic-starter has requested that you leave.

You can create a new topic if you are unsatisfied with this one. If the topic-starter is scamming, post about it in Scam Accusations.

Quote
I can not run the wallet because of the anti virus. is it clean or what is this message ?


so if you downloaded his wallet, you better scan your computer very well before you got hacked

and if your wallet is clean Mr dev Dave4You SO WHY DID YOU DELETED THE POSTS WITHOUT ANY REPLY OR CLARIFICATION ! ??


Edit: I found out that i am not the first one who warning against this wallet
check these threads :
 https://bitcointalk.org/index.php?topic=1257893.0
https://bitcointalk.org/index.php?topic=1296561.0
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
EcuaMobi
Legendary
*
Offline Offline

Activity: 1820
Merit: 1427


https://Ecua.Mobi


View Profile WWW
January 12, 2016, 07:59:46 PM
 #2

OP are you sure you downloaded from here?
Quote
https://mega.nz/#!3wlWWSyZ!pa4iXLYtDc4g_6t0c23_y7S2gBQaSwt1PRwVokFySMA
which is the link shown on that thread at the moment and archived here: https://archive.is/HZpoI

or was it from here:
Quote
https://mega.nz/#!e0t3gZoT!G7E9l7D1PNWKnqpem7MY58uOseKAz5WX9Zipsfn2voU
which was published a few hours ago, archived here: https://archive.is/BPKDA

Can you re-download from the first link and re-run your antivirus? The second link is no longer available on mega.nz and I find extremely strange that in December the first one was published again. Archive: https://archive.is/VbszE
It does seem that link is being switch often as already mentioned here: https://bitcointalk.org/index.php?topic=1257893.msg13044241#msg13044241

This is very strange and suspicious.

a7mos
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500



View Profile
January 12, 2016, 08:04:09 PM
 #3

OP are you sure you downloaded from here?
Quote
https://mega.nz/#!3wlWWSyZ!pa4iXLYtDc4g_6t0c23_y7S2gBQaSwt1PRwVokFySMA
which is the links shown on that thread at the moment and archived here: https://archive.is/HZpoI

or was it from here:
Quote
https://mega.nz/#!e0t3gZoT!G7E9l7D1PNWKnqpem7MY58uOseKAz5WX9Zipsfn2voU
which was published a few hours ago, archived here: https://archive.is/BPKDA

Can you re-download from the first link and re-run your antivirus? The second link is no longer available on mega.nz and I find extremely strange that in December the first one was published again. Archive: https://archive.is/VbszE
It does seem that link is being switch often as already mentioned here: https://bitcointalk.org/index.php?topic=1257893.msg13044241#msg13044241

This is very strange and suspicious.

I do not Know which link i downloaded from. it was from mega and i downloaded yesterday as i remember. the one i mentioned in the thread i just copied it from the thread minutes later, so he may changed it after deleting my post

i will download the first link now and scan it to see what will be the result
Dave4You
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
January 12, 2016, 08:05:10 PM
 #4

Check the wallet by yourself on virustotal, this would help you a lot ...
1,5 + Month after release  and 15464 Clicks and 21 Pages of replys on main thread and 22570 Clicks and 39 pages of replys on giveaway thread
https://bitcointalk.org/index.php?topic=1259902.0
https://bitcointalk.org/index.php?topic=1256604.0
Here is all info with all users that used wallet or exchange wallet for candle.
Code:
nikl,kondiomir,nikkers,I_Like_Dogs,trader19,MineDumpNextOne,ukon,reatsch
Sir_Astral,Rubberduckie,Mr.Bubels,Depredation,kevinjulio,oxiyusuf,paolo77
klenin,WhiteManWhite,muchoman,badykvik,bitpotter,operabit,rendravolt
bitsurfer2014,xhoneyael,finder,freemind1,affandi,artur11110000,connexus,MALCOM X X X
Arie22,qwed,badam,lobat999,jerrysunny,bontyw1276,hopped,altseeker,Archastar,tomvalois
mruk,culuuton,petermike,itsmeram,rockyram,dang thi bich thuy,efelts01,USER211,
hoian0809,mapolevault,RJX,liuka,Mallampue,tottong,lootz,Angora,m4xp0w3r7,ntsdm,olegaolega
1btcdream,cryptocrypt,bluedeep,usorin,Nik4691,LadangGalau,kawa900jc,badykvik,superman1314
CryptoStake,b-trading,RhodaGila,NoobKidOnTheBlock,mikhael,lanbo,honglien,ltcrstrbrt
wildduck,theboccet,begau,yampi,Shkembe,TorinT,getwork
rorona_zoro,ButtCrack,Trololoh,doriangray,davids,Enema,Banjiro,Palakka,Mallampue,
tottong,g3rszpi,issho,issho,voteformeg,Maloppo,hashmaster1,Furious 7
grandFX,catotune,MadCow,solstice,saladin7000,shadows123,ShowOff,Hirose UK,d-trix,
davincicode666,skeet,Real14Hero,Unread,m4xp0w3r7,caex,herzogzwei
Keyboard PC,infusonline,Farma,kliown,vhong,EBK1000,FaucetRank.com,Little_Sister
KosmoKisa,Republikcoin.com,Krista,WhiteShum,butragenjo,moppang
mhd japar siregar,MonsterV,hawkins,dwminer1,boomboom
mhd japar siregar,hawkins,dwminer1,boomboom,kjadB,torrantz,Trial,lootz,WhiteShum
traderbit,diodio5,itsmeram
steveds,iphonecoins,kevinjulio,kevinjulio,reefsea,Maloppo,Krista,
WhiteShum,WhiteManWhite,infusonline,moppang,Compa,Trial,extrabyte,
Mallampue,tottong,pol5,n691309,Palakka,smith coins,Republikcoin.com
Banjiro,ie007cheung,pusaka,Tauja,mhd japar siregar,prodigy8
Keyboard PC,ShowOff,cokkapaga,mrcashking,ivanst776,traderbit
Hirose UK,mammusu,Unread,PapillonV,Colombina
Furious 7,Monnt,MTBTT,Graphics,lootz,connexus,chichidori,altseeker,ntsdm
1btcdream,mikhael,hoie6060,olegaolega,WhiteShum,junder,stepmike,TurboMen
lanbo,doriangray,Decoded,justspare,reefsea,kevinjulio,pickupcoin
MadeinCoin,infusonline,smith coins,pol5,n691309,prodigy8,steveds
moppang,extrabyte,Banjiro,Trial,Mento,pusaka,WhiteManWhite
Republikcoin.com,Tauja,Paidi,Decoded,Krista,Bayuu,mhd japar siregar
cancerbola,Compa,MyBTT,gampher,grandFX,ie007cheung,mammusu
SmartIphone,iphonecoins,ivanst776,Mallampue,traderbit,
PapillonV
Palakka,skeet,Colombina,Keyboard PC,mrcashking,hoie6060
extrabyte,ShowOff,Hirose UK,Monnt,Graphics,MTBTT,WhiteShum
Furious 7,Unread,bitfranky,solstice,vhong,altseeker,Temo58
waterpile,connexus,lanbo,pol5,prodigy8,n691309,smith coins
robstak,danel,BTT,TurboMen,daddybios,ivanst776,WhiteManWhite
Mallampue,SmartIphone,Mento,smigel,Tauja,mammusu,iphonecoins
Compa,reefsea,Bayuu,MyBTT,lanbo,kevinjulio,mrcashking,financetalks
moppang,artur11110000,mhd japar siregar,infusonline,
Republikcoin.com,MadeinCoin,Banjiro,smith coins,prodigy8
pol5,Trial,testcoin,stepmike,hoie6060,n691309,Hirose UK
axxo,justspare,lanbo,bitfranky,solstice,Bought,Funny
skeet,vhong,connexus,steveds,melisande,SmartIphone
ivanst776,ShowOff,Banjiro,cokkapaga,Keyboard PC,Winalunt
Amadues,salek11,Furious 7,Unread,SPQRCoin,traderbit
lootz,Krista,ntsdm,superman1314,asa.convex,gampher
WhiteShum,artur11110000
n691309,smith coins,pol5,SmartIphone,mammusu,kevinjulio
financetalks,stepmike,Mento,tukinen,WhiteManWhite,reefsea
iphonecoins,prodigy8,ie007cheung,mhd japar siregar,Hirose UK
Colombina,MISHA165,Republikcoin.com,Trial,KosmoKisa,hoie6060
Tauja,daddybios,Mallampue,testcoin,ivanst776,infusonline
smigel,TurboMen,MadeinCoin,moppang,nekochan05,Decoded,traderbit
0n0t0le
WhiteShum,zubelutte,SPQRCoin,Unread,Krista,Funny
pol5,ShowOff,waterpile,stepmike,lootz,Holdaaja
olegaolegta,Furious 7,Keyboard PC
WhiteManWhite,moppang,lxxtikk,financetalks,Mento
kevinjulio,reefsea,hoie6060,Colombina,ie007cheung,axxo
TurboMen,testcoin,WhiteShum,Trial,iphonecoins,MISHA165
KosmoKisa,francism,Hirose UK,MadeinCoin,infusonline
stepmike,Krista,SPQRCoin,waterpile,Holdaaja,robstak
pol5,lanbo,tukinen,1btcdream,danel,mhd japar siregar
Keyboard PC,lxxtikk,lxxtikk,altseeker,WhiteShum,daddybios
Mento,financetalks,moppang,stepmike,smigel,ie007cheung
WhiteManWhite,Trial,reefsea,Colombina,kevinjulio
hoie6060,Tauja,iphonecoins,pol5,Unread,Holdaaja,testcoin        
MadeinCoin,Banjiro,Krista,smith coins,prodigy8,cokkapaga
infusonline,robstak,SPQRCoin,francism,lxxtikk,shadows123
mammusu,daddybios,kingaltcoins,saladin7000,MISHA165,a7mos
mikhael,bitfranky,WhiteShum,artur11110000,WhiteManWhite    
kevinjulio,TurboMen,tukinen,daddybios,smigel,financetalks
stepmike,waterpile,ie007cheung,Trial,Keyboard PC,Mento
KosmoKisa,Colombina,infusonline,moppang,solstice,1btcdream
fritzi,vhong,mhd japar siregar,SmartIphone
WhiteShum,waterpile,Holdaaja,kingaltcoins,hoie6060,onlinepro
Krista,testcoin,SPQRCoin,iphonecoins,d-trix,pol5,MISHA165,stepmike
ShowOff,WhiteManWhite,smigel,Amadues,financetalks,Colombina,SmartIphone

MD5: e81ba50c0444962db5f1eb59b3769c2f
SHA1: f0a397a2bd087b9e4543b19bef551fbdeeac5d64
SHA256: 543e3874be615567bb08b509685b4d527175de09501c6d6de329b34e9c4daeb4
https://mega.nz/#!3wlWWSyZ!pa4iXLYtDc4g_6t0c23_y7S2gBQaSwt1PRwVokFySMA
https://github.com/candlecoin/candlecoin

You can be sure that there is no malware inside ....  
Thank you.
EcuaMobi
Legendary
*
Offline Offline

Activity: 1820
Merit: 1427


https://Ecua.Mobi


View Profile WWW
January 12, 2016, 08:07:15 PM
 #5

Dave4You please explain why the link was changed from ...wVokFySMA to ...WX9Zipsfn2voU and then back to ...wVokFySMA and why ...WX9Zipsfn2voU is no longer available.
Re-read my previous post for more information.

Your virus scans just cover ...wVokFySMA, not ...WX9Zipsfn2voU.

a7mos
Hero Member
*****
Offline Offline

Activity: 574
Merit: 500



View Profile
January 12, 2016, 08:16:32 PM
Last edit: January 12, 2016, 08:43:40 PM by a7mos
 #6

I downloaded from the link with FySMA at the end of the url now on vps and I unrarthe file and tested it on virustool and here is the result : https://www.virustotal.com/en/file/543e3874be615567bb08b509685b4d527175de09501c6d6de329b34e9c4daeb4/analysis/

Quote
SHA256:   543e3874be615567bb08b509685b4d527175de09501c6d6de329b34e9c4daeb4
File name:   Candle-qt.exe
Detection ratio:   1 / 54
Analysis date:   2016-01-12 13:14:57 UTC ( 7 hours ago )

so even virus total said it is not completely clean !

Edit: I remembered something, the link i downloaded was bigger than 10 megabytes as i best as i remember. the current one is 8 megabytes

so maybe there is two files as zazarb said
zazarb
Legendary
*
Offline Offline

Activity: 1736
Merit: 1482


Get loan in just five minutes goo.gl/8WMW6n


View Profile WWW
January 12, 2016, 08:30:24 PM
 #7

about that I write month ago: https://bitcointalk.org/index.php?topic=1296561.0


there is Two different version- healthy and infected with trojan.
Dave4You
Full Member
***
Offline Offline

Activity: 182
Merit: 100


View Profile
January 13, 2016, 12:13:01 AM
 #8

Link is not changed!
Only can be that account was violated and the hacker changed the wallets.But password not changed Huh
I will deep scan pc now.
EcuaMobi
Legendary
*
Offline Offline

Activity: 1820
Merit: 1427


https://Ecua.Mobi


View Profile WWW
January 13, 2016, 12:55:41 AM
 #9

Link is not changed!
Only can be that account was violated and the hacker changed the wallets.But password not changed Huh
I will deep scan pc now.
The fact you just lie proves everything. Thanks for making it easy.

james.lent
Hero Member
*****
Offline Offline

Activity: 602
Merit: 501



View Profile
January 13, 2016, 01:10:25 AM
 #10

Link is not changed!
Only can be that account was violated and the hacker changed the wallets.But password not changed Huh
I will deep scan pc now.

Dude you have had a history of changing the files in the download link. Dont blame the hacker now, because you're the one doing it.
eddie13
Hero Member
*****
Offline Offline

Activity: 1218
Merit: 950


BTC or BUST


View Profile
January 13, 2016, 01:16:26 AM
 #11

The thread is locked now and it appears that EcuaMobi is the new candlecoin DEV

https://bitcointalk.org/index.php?topic=1256604.msg13533306#msg13533306

Edie: Now this one too... https://bitcointalk.org/index.php?topic=1259902.msg13533312#msg13533312

This Space For Rent
james.lent
Hero Member
*****
Offline Offline

Activity: 602
Merit: 501



View Profile
January 13, 2016, 01:21:15 AM
 #12

The thread is locked now and it appears that EcuaMobi is the new candlecoin DEV

https://bitcointalk.org/index.php?topic=1256604.msg13533306#msg13533306

Edie: Now this one too... https://bitcointalk.org/index.php?topic=1259902.msg13533312#msg13533312

the scammer is now butt hurt lol
nikkers
Hero Member
*****
Offline Offline

Activity: 566
Merit: 500



View Profile
January 13, 2016, 01:39:43 AM
 #13

https://bitcointalk.org/index.php?topic=1257893.0

Me and some others called this noob out a long time ago, and warned others but he just kept deleting posts in his main thread.

Glad the douche has finally been caught again, i just wonder how many folks he infected Sad
digit
Legendary
*
Offline Offline

Activity: 1643
Merit: 1006



View Profile
January 13, 2016, 03:16:16 AM
Last edit: January 13, 2016, 03:26:32 AM by digit
 #14

@a7mos heres what i posted that was deleted, the guy also changed the link after he deleted.  
cache/snapshot of OP can be seen here https://archive.is/VbszE (20 Dec 2015 14:02:59 UTC), https://archive.is/BPKDA (12 Jan 2016 13:15:12 UTC), https://archive.is/HZpoI (12 Jan 2016 19:48:13 UTC)


Quote from: Bitcoin Forum
A reply of yours, quoted below, was deleted by the starter of a self-moderated topic. There are no rules of self-moderation, so this deletion cannot be appealed. Do not continue posting in this topic if the topic-starter has requested that you leave.

You can create a new topic if you are unsatisfied with this one. If the topic-starter is scamming, post about it in Scam Accusations.

Quote
I can not run the wallet because of the anti virus. is it clean or what is this message ?


confirmed
rar file - https://www.virustotal.com/en/file/433cff9ddd3038e7c7ac5b9245ce3cd0b739314078caf536be5353752e293ac2/analysis/1452604948/
extracted candleqt.exe - https://www.virustotal.com/en/file/b6b6072bda8202eb22aa5c8ace04f4b8a16516dfd3d192e4cb86ececc367732f/analysis/

VT results link in OP is for completely different file then what is downloaded from windowsqt link provided by dev  Angry

might be a false positive but then there is this it reports its internal/original name as "audioadg.exe" a windows7 system file



note its also not the first time this dev has been accused of hiding a trojan in his wallet links, and really concerning how distributed this wallet is from the signature campaign he is running

Candle have new dev from today!For all info and for giveaway please contact new dev.Thank you!
Contact dev  

i got a post deletion notice, checked the thread/OP and he had also edited again the links to windows qt download, i was allowing him some time give an explanation before i was going make a new post about it, but instead he has posted this and locked the thread.  

BTC:1DigitwteXwFcRAaWpVDRp6eKqzC6y9tgm ■ ŁTC:LKMcEHoFWHAUoRscqW1cwjhLgFrk7MgCWU ■ BLK:BR4WG59FjQYiQNVR3Ftn9EYgs4kJE1YLUK ■
The Pharmacist
Legendary
*
Offline Offline

Activity: 1610
Merit: 3067



View Profile
January 13, 2016, 04:07:35 AM
 #15

Good, I like seeing scammers getting the smackdown.

I don't know much about candlecoin other than it's avatar campaign.  Is this scammer one of the developers?  I'm a non-techie so I'm sure I would have just downloaded the trojan and lost everything.  Good job, guys.

mexxer-2
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1003


4 Mana 7/7


View Profile
January 13, 2016, 05:52:55 AM
 #16

Now that it seems highly likely that the wallet contained trojan, what about group of people who are still advertising the coin?
MbccompanyX
Full Member
***
Offline Offline

Activity: 182
Merit: 100

★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
January 13, 2016, 07:30:23 AM
 #17

Now that it seems highly likely that the wallet contained trojan, what about group of people who are still advertising the coin?

Good question, they maybe didn't even noticed that people found out that the wallet link get swapped time by time or maybe at the end (and i hope that) they used Yobit/Steps Candlecoin wallet (Which, being built from the source makes them clean) but still let's remember that all this debate started almost 3 months ago and there were 3 threads talking about this (Including this one). Even i'm curious to see if all the people advertising the coin will believe the lie of the dev, stop promoting the coin or wait for some serious person to take over (which i don't think will be possible because of the coin reputation)...

P.s. i just noticed that he is now abusing of the trust system by sending different red trust (so the one to EcuaMobi isn't the only one) and he even red trusted the OP like if he did a trade with he (Which never existed), i decided to put a red trust as well because what he did is seriously stupid

SmartIphone
Legendary
*
Offline Offline

Activity: 1204
Merit: 1000



View Profile
January 13, 2016, 08:21:58 AM
 #18

Now that it seems highly likely that the wallet contained trojan, what about group of people who are still advertising the coin?

People who are/were advertising are the participants from the avatar campaign including me, i got a PM from EcuaMobi thanks to him I removed the avatar.
kingaltcoins
Hero Member
*****
Offline Offline

Activity: 784
Merit: 500


View Profile
January 13, 2016, 01:10:54 PM
 #19

Thank god I used YoBit's CD coin address for joining avatar campaign. I got little suspicious when he was not paying for the last 2-3 days. I was going to create a scam accusation against him but he paid me before that.

Woof! Thanks op for this awareness. Luckily I dumped this shitty coin yesterday and got my equivalent BTC. Wink At least I don't have to hold a bag of shit coins now.

N.B I'm also quite suspicious about SwagBucks and AvatarCoin too. Huh
MbccompanyX
Full Member
***
Offline Offline

Activity: 182
Merit: 100

★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
January 13, 2016, 02:25:10 PM
 #20

Thank god I used YoBit's CD coin address for joining avatar campaign. I got little suspicious when he was not paying for the last 2-3 days. I was going to create a scam accusation against him but he paid me before that.

Woof! Thanks op for this awareness. Luckily I dumped this shitty coin yesterday and got my equivalent BTC. Wink At least I don't have to hold a bag of shit coins now.

N.B I'm also quite suspicious about SwagBucks and AvatarCoin too. Huh

for what a user friend of mine told seems that some free distribution coin are in some kind of network made by scammers... i'm not sure if even those two coins you cited are involved but who knows....

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!