Bitcoin Forum
December 04, 2016, 06:37:54 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Trojan Horse/Malware Detected On My Bitcoin Machine  (Read 3703 times)
jimbobway
Legendary
*
Offline Offline

Activity: 1380



View Profile
June 16, 2011, 06:56:52 AM
 #1

My AVG Antivirus caught the following a couple of weeks ago on my Windows (Yea I know Windows is no good) machine running bitcoin.

Trojan horse Generic22.BOFM
Malware Win32.Sasfix.bktc


Anybody else get something like this?

░░░░░░░░░██████░░░░░░░░░░░░▄▄▄
░░███░░██████░░░░░▄▄▄▄▄░░██
░░███░░█████████████
░░░░░░░░██████▀▀██████████
░░░░░░░░██████░░░░░██████████
░░░░░░▄▄▄▄▄▄░░░▄▄▄░░░░███████
░░░░░██████░░░███░░░░███████
░░░░░██████░░░███
░░░░░███████▄▄▄▄▄████████
░░░░░████████████████████
░░▄▄▄▄▄░░█████░░░░█████████
█████░░█████░░░░█████████
█████░░░░░░░░░░░░█████████
█████░░░░░░░░░░░░░█████████

START GETTING PAID FOR YOUR ATTENTION!
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
JUSTICE IN THE WORLD OF ONLINE ADVERTISING!

BUY MASS COIN 】【 ICO PROSPECTUS
VISIT OUR WEBSITE
TWITTER 】【 FACEBOOK 】【 TELEGRAM

1480876674
Hero Member
*
Offline Offline

Posts: 1480876674

View Profile Personal Message (Offline)

Ignore
1480876674
Reply with quote  #2

1480876674
Report to moderator
1480876674
Hero Member
*
Offline Offline

Posts: 1480876674

View Profile Personal Message (Offline)

Ignore
1480876674
Reply with quote  #2

1480876674
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480876674
Hero Member
*
Offline Offline

Posts: 1480876674

View Profile Personal Message (Offline)

Ignore
1480876674
Reply with quote  #2

1480876674
Report to moderator
1480876674
Hero Member
*
Offline Offline

Posts: 1480876674

View Profile Personal Message (Offline)

Ignore
1480876674
Reply with quote  #2

1480876674
Report to moderator
1480876674
Hero Member
*
Offline Offline

Posts: 1480876674

View Profile Personal Message (Offline)

Ignore
1480876674
Reply with quote  #2

1480876674
Report to moderator
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
June 16, 2011, 08:18:17 AM
 #2

If you have any BTC beyond 10 on that machine do yourself a big favor and move them to a secure wallet running on Mac OS X or Linux right NOW!


cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
June 16, 2011, 11:00:46 AM
 #3

If you have any BTC beyond 10 on that machine do yourself a big favor and move them to a secure wallet running on Mac OS X or Linux right NOW!



given what happened to you, if you were just starting mining, would you join a big pool or stay independent?
jerfelix
Sr. Member
****
Offline Offline

Activity: 266


View Profile
June 16, 2011, 11:34:13 AM
 #4

My AVG Antivirus caught the following a couple of weeks ago on my Windows (Yea I know Windows is no good) machine running bitcoin.

Trojan horse Generic22.BOFM
Malware Win32.Sasfix.bktc


Anybody else get something like this?
Send them to an online wallet or Mt Gox or something.

and then follow the instructions to create a secure wallet ASAP
http://forum.bitcoin.org/index.php?topic=16457.msg226657#msg226657

We don't need another "allinvain" tragedy.

Piper67
Legendary
*
Offline Offline

Activity: 1008



View Profile
June 16, 2011, 11:49:44 AM
 #5

A question:

If I open my bitcoin client, cycle through 100 addresses, copy the 101st, then send some BTC to that one, THEN encrypt and backup my wallet.dat file, are the coins I had in there before cycling through the addresses safe or only the new ones?

Thanks.
cypherdoc
Legendary
*
Offline Offline

Activity: 1764



View Profile
June 16, 2011, 11:58:00 AM
 #6

A question:

If I open my bitcoin client, cycle through 100 addresses, copy the 101st, then send some BTC to that one, THEN encrypt and backup my wallet.dat file, are the coins I had in there before cycling through the addresses safe or only the new ones?

Thanks.

no, you're safe.  you can have thousands of addresses stored in your wallet, not just 100.
joepie91
Sr. Member
****
Offline Offline

Activity: 294


View Profile
June 16, 2011, 12:12:01 PM
 #7

Did you download a Bitcoin miner?

Like my post(s)? 12TSXLa5Tu6ag4PNYCwKKSiZsaSCpAjzpu Smiley
Quote from: hawks5999
I just can't wait for fall/winter. My furnace never generated money for me before. I'll keep mining until my furnace is more profitable.
jimbobway
Legendary
*
Offline Offline

Activity: 1380



View Profile
June 16, 2011, 02:27:31 PM
 #8

Did you download a Bitcoin miner?

yes I mine on slush and deepbit.  I'm using poclbm.

░░░░░░░░░██████░░░░░░░░░░░░▄▄▄
░░███░░██████░░░░░▄▄▄▄▄░░██
░░███░░█████████████
░░░░░░░░██████▀▀██████████
░░░░░░░░██████░░░░░██████████
░░░░░░▄▄▄▄▄▄░░░▄▄▄░░░░███████
░░░░░██████░░░███░░░░███████
░░░░░██████░░░███
░░░░░███████▄▄▄▄▄████████
░░░░░████████████████████
░░▄▄▄▄▄░░█████░░░░█████████
█████░░█████░░░░█████████
█████░░░░░░░░░░░░█████████
█████░░░░░░░░░░░░░█████████

START GETTING PAID FOR YOUR ATTENTION!
███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
JUSTICE IN THE WORLD OF ONLINE ADVERTISING!

BUY MASS COIN 】【 ICO PROSPECTUS
VISIT OUR WEBSITE
TWITTER 】【 FACEBOOK 】【 TELEGRAM

epi 1:10,000
Full Member
***
Offline Offline

Activity: 154


View Profile
June 16, 2011, 05:09:16 PM
 #9

If you have any BTC beyond 10 on that machine do yourself a big favor and move them to a secure wallet running on Mac OS X or Linux right NOW!



Man every time I see you post I get this feeling like I have been kicked in the gut, as it reminds me of the greatest bitcoin tragedy to date.  It's Shakespearian in scope.  We feel your pain man.
allinvain
Legendary
*
Offline Offline

Activity: 1988



View Profile
August 05, 2011, 04:01:16 AM
 #10

If you have any BTC beyond 10 on that machine do yourself a big favor and move them to a secure wallet running on Mac OS X or Linux right NOW!



given what happened to you, if you were just starting mining, would you join a big pool or stay independent?

I would join a big pool. Solo mining is not worth it unless you have a crazy hashrate. Also if I was just starting out I would invest whatever time is necessary to setup a linux box just to store coins I would mine.

Luke-Jr
Legendary
*
Offline Offline

Activity: 2086



View Profile
August 05, 2011, 04:14:29 AM
 #11

Join a small pool.

RchGrav
Full Member
***
Offline Offline

Activity: 149



View Profile
August 05, 2011, 04:45:23 AM
 #12

Hi Jimbobway,

Do you have JAVA installed on your system?  If it is less than Java 6 Update 26 you have a huge security hole there..  the little orange box in your system tray is annoying, but its your friend also.

http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html#AppendixJAVA

I'm not sure what antivirus you are using, but please take a moment and perform these tasks on your system for some extra peace of mind (or wipe your system with DBAN which will COMPLETELY erase every sector on your drive, then reinstall everything fresh and restore your backups)...  

For quick and dirty rootkit detection you can download GMER and do a preliminary scan..

http://www.gmer.net/

If GMER detects things that your antivirus has missed, then either manually hunt these buggers out of your system, or take my next recommendation...

Please boot your system with the CD/DVD/USB drive created from this website, and perform an Offline System Scan, typically capable of detecting some of the more advanced cloaking, rootkit techniques, and rogue JAVA code living on your drive that an Online System Scan will miss.

http://connect.microsoft.com/systemsweeper

Finally.. please consider purchasing Malwarebytes as an add on security layer to your existing antivirus solution, it co-exists well with most other antivirus solutions... You can get a free scan and clean from Malwarebytes following (or prior) to the MSSS boot scan.

It will scan and clean your computer for FREE, and if you would like it to actively protect your system its very cheap.  Malwarebytes has some sophisticated heuristics detection routines, a dynamic and fully automatic IP blocking system against the bad guys, and I have found that it does an AMAZING job for the money..

Please run GMER one last time... If GMER finds a modified MBR (Master Boot Record) you NEED to clean it manually.

For Windows XP you should be able to boot with your OS CD and pick "Recovery Console" as one of the first options.. Use the FIXMBR command..

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/bootcons_fixmbr.mspx

If you are on Windows 7 or Vista you will want to use the BOOTREC command.. here are some docs on that.

http://support.microsoft.com/kb/927392

If this doesn't help you, hopefully it helps someone!




4C 6F 6E 67  4C 69 76 65  42 69 74 63 6F 69 6E
Qba'g lbh unir nalguvat orggre gb qb?
RchGrav
Full Member
***
Offline Offline

Activity: 149



View Profile
August 05, 2011, 05:44:27 AM
 #13

I have had a good experience so far using http://www.immunet.com maybe give it a shot?

Viper I had not heard of Immunet before you mentioned it, it looks decent enough...  It seems to score well against a decent number of malware threats.  (better than many)

I don't know if I would use it in place of a licensed version of Malwarebytes... while Immunet scores better on the 2011 malware flash tests than something like AVG, it does not seem to surpass the protection of a program like Norton.   See below for recent statistics on Malware Related Security Products to Assess your own solution.*

I still recommend that every bitcoiner running the Windows Operating System should follow my steps listed above on your OS if you would like to confirm your malware health.

Here is the proper way to configure a Windows XP/Vista/Windows 7 PC to be "Technically Secure" against a malware infection devoid of any 3rd party security software.

A fully updated Operating System (including service packs), with Automatic Update ON, Updated Third Party Applications(Java, Adobe Flash, Adobe Reader, etc), Microsoft Security Essentials (MSSE) installed, Internet Explorer 8 or 9 default security settings (Reset all zones to default level), with SmartScreen Filter ON, and Pop-Up Blocker  ON.), Windows Firewall ON,  User Account Control (UAC) ON (Vista and Windows 7), and not running with elevated privileges, A good password policy in effect.

* http://malwareresearchgroup.com/malware-tests/flash-test-results/


The ONLY product that surpasses Malwarebytes is something called "Defense Wall", which is more of a sandbox system, than true antimalware solution.

I can't recommend Defense Wall as I have not used it, nor do I know for sure that it will not interfere with the operation of the Bitcoin client.



4C 6F 6E 67  4C 69 76 65  42 69 74 63 6F 69 6E
Qba'g lbh unir nalguvat orggre gb qb?
TraderTimm
Legendary
*
Offline Offline

Activity: 1652



View Profile
August 05, 2011, 06:08:31 PM
 #14

Be sure to keep different wallets, and don't continue to use a compromised computer. Unless you want to end up like some unprepared forum members. There are plenty of threads on this subject, search away!

fortitudinem multis - catenum regit omnia
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!