[ANN][OXN] OXEN | PoW/PoS Hybrid | Blake2s CPU | No Premine | Launched

[CosaNostra]

Anyone figured out a way to find this type of trojan before actually running it? Like with some hex editor or something? 

Anyone? 

I remember this guy busting couple of them earlier https://bitcointalk.org/index.php?topic=1223102.msg12805304#msg12805304

Yes, thanks for your answer, I have checked this wallet the same way even before running it sandboxed and found nothing, so now I really need to learn how to check wallets for this new kind of shit lol 

[MisO69]

Anyone figured out a way to find this type of trojan before actually running it? Like with some hex editor or something? 

Anyone? 

I remember this guy busting couple of them earlier https://bitcointalk.org/index.php?topic=1223102.msg12805304#msg12805304

Yes, thanks for your answer, I have checked this wallet the same way even before running it sandboxed and found nothing, so now I really need to learn how to check wallets for this new kind of shit lol 

You can't. This malware is probably encrypted, then after you run the wallet it installs the payload on your computer.

Best thing to do is get an old PC and test these wallets. Have the old PC running a decent antivirus or malwarebytes. Watch for suspicious activity and don't use that pc for anything other than testing these things.

You should also have an image of that computer so you can re-image it to a clean install if need be. The same can be done with virtual machines if you have no spare PC. Windows 7 supports VMs.

[JJ12880]

Anyone figured out a way to find this type of trojan before actually running it? Like with some hex editor or something? 

Anyone? 

I remember this guy busting couple of them earlier https://bitcointalk.org/index.php?topic=1223102.msg12805304#msg12805304

Yes, thanks for your answer, I have checked this wallet the same way even before running it sandboxed and found nothing, so now I really need to learn how to check wallets for this new kind of shit lol 

You can't. This malware is probably encrypted, then after you run the wallet it installs the payload on your computer.

Best thing to do is get an old PC and test these wallets. Have the old PC running a decent antivirus or malwarebytes. Watch for suspicious activity and don't use that pc for anything other than testing these things.

You should also have an image of that computer so you can re-image it to a clean install if need be. The same can be done with virtual machines if you have no spare PC. Windows 7 supports VMs.

The only way to be 99% sure the code is clean, is to learn C++ and go over every line of code yourself. Even Crapsy missed an IRC backdoor in a wallet, that was only a few lines of code, that was incredibly well hidden. 

What I do, is i have a few older i5 laptops i use just as wallet servers. I have nothing other than untrusted wallets on those computers, so if something goes wrong, it does not affect my main computers.

JJ

[binary_tree]

Nothing new,merely a clone of NEVA.

[seedtrue]

Nothing new,merely a clone of NEVA.

The thread......did you even read it bro? It has a trojan attached.

[Crypto Nut]

I have run 2 virus checkers on my PC and both come up clean. I downloaded the wallet but nothing else. Does this mean my PC is clean ? This is the first time i have come across this, as i don't normally download wallets, so just want to know does this type of virus get detected on a scan or is my PC still possibley infected. Many thanks

[CosaNostra]

Thank you, MisO69 and JJ12880!

Usually I'm doing a manual check as this guy did here using a hex-editor: https://bitcointalk.org/index.php?topic=1223102.msg12805304#msg12805304 (thanks for the link MissCrypto!)
Although the trojan is usually encrypted, the filename is still visible, like some 'taskhost.exe' or similar. Yet, not in this case, which is strange, so I wonder how he did it...  

Learn C++ and go over every line of code... Well, I don't have that much spare time.  

I guess the only option left is to run all new wallets in separate sandboxes  

[BigBoom3599]

Thank you, MisO69 and JJ12880!

Usually I'm doing a manual check as this guy did here using a hex-editor: https://bitcointalk.org/index.php?topic=1223102.msg12805304#msg12805304 (thanks for the link MissCrypto!)
Although the trojan is usually encrypted, the filename is still visible, like some 'taskhost.exe' or similar. Yet, not in this case, which is strange, so I wonder how he did it...  

Learn C++ and go over every line of code... Well, I don't have that much spare time.  

I guess the only option left is to run all new wallets in separate sandboxes  

I saw somebody else mention that he setup a nodes that distributed the malware. I'm not a programmer but maybe he left a vulnerability in the code trough which he then distributed the malware via the nodes, again I'm not a programmer so I'm not sure if that's even possible. 

[Fishmaster42]

I have one question. If we havent been robbed yet are we good. I use a password manger, I use avast security, i use a vpn. I scanned and deleted all the crap that come from this thread. So am I waiting to be jacked or am I good?

[Mote]

I have one question. If we havent been robbed yet are we good. I use a password manger, I use avast security, i use a vpn. I scanned and deleted all the crap that come from this thread. So am I waiting to be jacked or am I good?

You really should reformat your drive

[Pyramusx]

I have one question. If we havent been robbed yet are we good. I use a password manger, I use avast security, i use a vpn. I scanned and deleted all the crap that come from this thread. So am I waiting to be jacked or am I good?

Read my post above. I got robbed clean earlier today/yesterday.

[Fishmaster42]

Ok well I guess I knew what you guys would say. I will be off offline a bit.

[mholzschuh1]

I use 2fa on my google account and use google to store my passwords, There are probably more secure options out there but I think he made an attempt at me as I received an email saying that my Dropbox was locked out due to failed login attempts. although my Dropbox is empty and have not used it since high school it makes me wonder what else he could have gotten. That is all I have noticed so far, I am scanning as I type .... knew I shouldn't have trusted this coin and I don't know why I downloaded it. Can someone tell me where this trojan likes to hide so I can be sure im not still infected, malware bytes and avg say im good but I want to be sure.

[Epsylon3]

Good question! @Epsylon3 can you compare the files and confirm that at least the miner is clean?

Yes ccminer binary seems clean, same CRC in 7-zip/Winrar : 3AC049EC, SHA256 hash starts with DAB89CD9FBFFF1...

was just repacked in a zip file, i sent a 7z archive

http://ccminer.org/preview/ccminer-rel1.7.5-blake2s-x64.7z
http://ccminer.org/preview/ccminer-blake2s-src.7z

BTC txid of the tip was 593381e546b8bde22229d8a94335131a5494aeab331f6e9a44dc66bc8c4e84ae (0.09987...)

[mholzschuh1]

I just got done with a wipe to be safe, I went threw the event log and seen a lot of login and logout at like 5am when I was asleep so to be safe I just formatted and reinstalled windows

[PrizZzrak]

Luckily I compile from source.. And I could not find anything virus related in that..

Some nasty tricks these guys are pulling here.. 

[Anoona]

Who wants 25 OXN for free? I'm done with this coin, got hacked my Paypal acc

[mholzschuh1]

What I want to know is what kind of virus we are dealing with, is it a worm, did it save itself to my other drives or are those ok, I hope to god it was just a key logger as i only type a handful of passwords and most the ones I have to type in have 2fa. But to be safe I am changing all of my passwords that I can think of. Anyone with insight in coding and whoever can tell me exactly what it dose I would love you long time.

[appcapn]

Too bad that this was a virus coin, since I had already mined quite a few of these coins. Well, at least I was able to clean my PC of viruses and changed the passwords before late so I think I'm safe on that front, most people weren't so lucky.

[Hagart]

This coin is hard to mine