mistercashking
Legendary
 Offline
Activity: 1044
Merit: 1050
|
 |
March 14, 2016, 03:59:38 PM |
|
yes virus confirmed. how did we miss it. My computer didn't even alert me of a virus. But someone did a remote desktop to my pc and tried to login into bittrex. I cut my pc off before they hit the login button. Just finished reformatting and clean install.
|
|
|
|
|
cakir
Legendary
Offline
Activity: 1274
Merit: 1000
★ BitClave ICO: 15/09/17 ★
|
|
March 14, 2016, 03:59:54 PM |
|
I've runned CPU miner, Gpu miner and oxen-qt so far I don't seem to be infected.
I'll run a full virus scan now. Let's see.
|
|
|
|
|
|
|
,'#██+:
,█████████████'
+██████████████████
;██████████████████████
███████: .███████`
██████ ;█████'
`█████ #████#
████+ `████+
████: ████,
████: .# █ ████
;███+ ██ ███ ████
████ ███' ███. '███,
+███ #████ ,████ ████
████ █████ .+██████: █████+ `███.
,███ ███████████████████████ ████
████ ███████████████████████' :███
███: +████████████████████████ ███`
███ █████████████████████████` ███+
,███ ██████████████████████████ #███
'███ '██████████████████████████ ;███
#███ ███████████████████████████ ,███
████ ███████████████████████████. .███
████ ███████████████████████████' .███
+███ ███████████████████████████+ :███
:███ ███████████████████████████' +███
███ ███████████████████████████. ███#
███. #██████████████████████████ ███,
████ █████████████████████████+ `███
'███ '████████████████████████ ████
███; ███████████████████████ ███;
████ #████████████████████ ████
███# .██████████████████ `███+
████` ;██████████████ ████
████ '███████#. ████.
.████ █████
'████ █████
#████' █████
+█████` ██████
,██████: `███████
████████#;,..:+████████.
,███████████████████+
.███████████████;
`+███████#,
| |
|
|
|
|
Vaccomondus
|
|
March 14, 2016, 04:07:03 PM |
|
yes virus confirmed. how did we miss it. My computer didn't even alert me of a virus. But someone did a remote desktop to my pc and tried to login into bittrex. I cut my pc off before they hit the login button. Just finished reformatting and clean install.
what you installed only the qt? |
|
|
|
|
mistercashking
Legendary
Offline
Activity: 1044
Merit: 1050
|
|
March 14, 2016, 04:12:59 PM |
|
yes virus confirmed. how did we miss it. My computer didn't even alert me of a virus. But someone did a remote desktop to my pc and tried to login into bittrex. I cut my pc off before they hit the login button. Just finished reformatting and clean install.
what you installed only the qt? had installed both cpu miner, gpu miner and qt. had them running when it happened. |
|
|
|
|
|
BigBoom3599
|
|
March 14, 2016, 04:26:57 PM |
|
The vps i have the qt and cpuminer installed on is also clean  |
|
|
|
|
|
Vaccomondus
|
|
March 14, 2016, 04:32:45 PM |
|
this in netstat, is dangerous? msnbot-191-232-139-87:https
how can i know if i'm infected? i don't want to format
|
|
|
|
|
|
|
|
Sir_Astral
|
|
March 14, 2016, 05:20:04 PM |
|
I have Linux Router and interactive firewall on windows, no new connections, wallet running from yesterday...
Dev, hello? Answer something.
|
|
|
|
|
|
USScrypto
|
|
March 14, 2016, 05:56:14 PM |
|
The dev being silent on the situation is not a good sign...
|
|
|
|
|
|
Vaccomondus
|
|
March 14, 2016, 05:58:17 PM |
|
he is busy breaking some firewall lol
|
|
|
|
|
|
Sir_Astral
|
|
March 14, 2016, 06:24:31 PM |
|
Someone is hardly solomining now.
|
|
|
|
|
BigCat45
Sr. Member
Offline
Activity: 441
Merit: 250
Bigboss
|
|
March 14, 2016, 06:27:31 PM |
|
The dev being silent on the situation is not a good sign...
So, I just had this idea while responding to another thread ( https://bitcointalk.org/index.php?topic=18242.480) I am looking for pentesters and developers to work with as a bitcoin "security team". Basically, the idea is that we provide penetration/exploit testing for pool owners and maybe even individual users if they are so inclined and repair any security flaws and/or exploitable code. If interested, please reply with your area of expertise, what tools you use and rate yourself on how knowledgeable you are in your field on a scale of 1 - 10 where 1 is "little to no experience" and 10 is "I can build a computer from the ground up and write all my own programs in Windows and *nix OS's". Personally, my area of expertise is in penetration/exploit testing with some programming skill. The tools I use include but are not limited to: nmap, metasploit, wireshark, kismet, ettercap, hydra and MANY others. On a scale of 1 - 10 I rate myself as an 8 in my field. What about you...? 4 years ago ... |
|
|
|
|
kondiomir
Legendary
Offline
Activity: 1568
Merit: 1000
Twitter @Acimirov
|
|
March 14, 2016, 06:29:58 PM |
|
So ... the wallet is clear - right ?
The malware comes from gpu or cpu miner.
Who posted them ?
|
|
|
|
|
|
Sir_Astral
|
|
March 14, 2016, 06:31:48 PM |
|
Seems to be... Dev said he paid for miner. But he is offline now.
|
|
|
|
|
|
Fishmaster42
|
|
March 14, 2016, 06:35:30 PM |
|
The dev being silent on the situation is not a good sign...
So, I just had this idea while responding to another thread ( https://bitcointalk.org/index.php?topic=18242.480) I am looking for pentesters and developers to work with as a bitcoin "security team". Basically, the idea is that we provide penetration/exploit testing for pool owners and maybe even individual users if they are so inclined and repair any security flaws and/or exploitable code. If interested, please reply with your area of expertise, what tools you use and rate yourself on how knowledgeable you are in your field on a scale of 1 - 10 where 1 is "little to no experience" and 10 is "I can build a computer from the ground up and write all my own programs in Windows and *nix OS's". Personally, my area of expertise is in penetration/exploit testing with some programming skill. The tools I use include but are not limited to: nmap, metasploit, wireshark, kismet, ettercap, hydra and MANY others. On a scale of 1 - 10 I rate myself as an 8 in my field. What about you...? 4 years ago ... Oh no thats not good. I scanned the stuff only the minner cpu files showed up for me. What now |
|
|
|
|
|
BigBoom3599
|
|
March 14, 2016, 06:36:43 PM |
|
So, I just had this idea while responding to another thread ( https://bitcointalk.org/index.php?topic=18242.480) I am looking for pentesters and developers to work with as a bitcoin "security team". Basically, the idea is that we provide penetration/exploit testing for pool owners and maybe even individual users if they are so inclined and repair any security flaws and/or exploitable code. If interested, please reply with your area of expertise, what tools you use and rate yourself on how knowledgeable you are in your field on a scale of 1 - 10 where 1 is "little to no experience" and 10 is "I can build a computer from the ground up and write all my own programs in Windows and *nix OS's". Personally, my area of expertise is in penetration/exploit testing with some programming skill. The tools I use include but are not limited to: nmap, metasploit, wireshark, kismet, ettercap, hydra and MANY others. On a scale of 1 - 10 I rate myself as an 8 in my field. What about you...? This fact and the fact that the dev is still silent are certainly worrying, I definitely think dev has something to do with the virus(es) |
|
|
|
|
Mote
Newbie
Offline
Activity: 18
Merit: 0
|
|
March 14, 2016, 06:47:55 PM |
|
Coin is virus
|
|
|
|
|
mistercashking
Legendary
Offline
Activity: 1044
Merit: 1050
|
|
March 14, 2016, 07:11:55 PM
Last edit: March 14, 2016, 07:22:23 PM by mistercashking |
|
I don't know if it's the dev who planted the virus or not but he's pretty easy to dox. If you look at his first post on bitcointalk back from 2012 you can find everything you need to know about him by searching his recording label in this post. There could also be the possibility that this account was sold a long time ago. https://bitcointalk.org/index.php?topic=15672.msg1171453#msg1171453 |
|
|
|
|
appcapn
Member
Offline
Activity: 87
Merit: 10
|
|
March 14, 2016, 07:54:10 PM |
|
Its not just the cpu miner that contains malware but also the wallet consistently tries to connect to nodes that have been flagged in the malwarebytes database for spreading malware. Also I wasn't running cpu miner, just the wallet and gpuminer which "appear" to be clean and still I was constantly being notified by my antivirus software about the virus file "taskhost" appearing in the temp directory, even though each time it was blocked and deleted by the antivirus.
|
|
|
|
|
seedtrue
Legendary
Offline
Activity: 963
Merit: 1002
|
|
March 14, 2016, 08:47:26 PM |
|
I am glad that I just scanned the thread at launch and chose to not get involved. These fuckers are getting pretty low with this bullshit.
|
|
|
|
|
|
