Bitcoin Forum
December 15, 2017, 04:45:18 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Potential Virus - Minerd related? Possible Coin stealer?  (Read 987 times)
tahar
Newbie
*
Offline Offline

Activity: 28



View Profile
April 22, 2013, 12:30:03 AM
 #1

Okay, so i would be very security conscientious at the most part but just recently i downloaded several miners, all linked to from these forums, for different crypto-currencies as a means of testing.

Having read someone who was asked to run a Java program randomly which proceeded to run an exploit to enable the hacker to remove his funds (cant recall the topic but it's here somewhere) i was fortunately prepared when i was asked to execute a very suspicious 'Java Upgrade' less than 10 minutes ago.

I'm now doing a full run of Anti Malware / Anti Virus searches and removing all the mining software i downloaded.

I am posting this to ask everyone to be very careful when downloading miners as i'm as certain as i could be that this was a virus (Java update was not from Oracle, some random address) and i'm sure i got it from the Miner software i downloaded as there is no other avenue it could have came from.

Be careful and stay safe!

Litecoin Kamikaze Game (http://litecoinkamikaze.com/ref/11196)
1513313118
Hero Member
*
Offline Offline

Posts: 1513313118

View Profile Personal Message (Offline)

Ignore
1513313118
Reply with quote  #2

1513313118
Report to moderator
1513313118
Hero Member
*
Offline Offline

Posts: 1513313118

View Profile Personal Message (Offline)

Ignore
1513313118
Reply with quote  #2

1513313118
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513313118
Hero Member
*
Offline Offline

Posts: 1513313118

View Profile Personal Message (Offline)

Ignore
1513313118
Reply with quote  #2

1513313118
Report to moderator
1513313118
Hero Member
*
Offline Offline

Posts: 1513313118

View Profile Personal Message (Offline)

Ignore
1513313118
Reply with quote  #2

1513313118
Report to moderator
1513313118
Hero Member
*
Offline Offline

Posts: 1513313118

View Profile Personal Message (Offline)

Ignore
1513313118
Reply with quote  #2

1513313118
Report to moderator
tmbp
Sr. Member
****
Offline Offline

Activity: 336


View Profile
April 22, 2013, 12:45:59 AM
 #2

Okay, so i would be very security conscientious at the most part but just recently i downloaded several miners, all linked to from these forums, for different crypto-currencies as a means of testing.

Having read someone who was asked to run a Java program randomly which proceeded to run an exploit to enable the hacker to remove his funds (cant recall the topic but it's here somewhere) i was fortunately prepared when i was asked to execute a very suspicious 'Java Upgrade' less than 10 minutes ago.

I'm now doing a full run of Anti Malware / Anti Virus searches and removing all the mining software i downloaded.

I am posting this to ask everyone to be very careful when downloading miners as i'm as certain as i could be that this was a virus (Java update was not from Oracle, some random address) and i'm sure i got it from the Miner software i downloaded as there is no other avenue it could have came from.

Be careful and stay safe!

Couple of people already got their coins stolen from mt gox by letting Java apps access to their PC.

Heard about someone who got 30BTC stolen this way. BTC is certainly for the technologically advanced and not for pensioners.

tahar
Newbie
*
Offline Offline

Activity: 28



View Profile
April 22, 2013, 09:25:03 AM
 #3

Okay, so i would be very security conscientious at the most part but just recently i downloaded several miners, all linked to from these forums, for different crypto-currencies as a means of testing.

Having read someone who was asked to run a Java program randomly which proceeded to run an exploit to enable the hacker to remove his funds (cant recall the topic but it's here somewhere) i was fortunately prepared when i was asked to execute a very suspicious 'Java Upgrade' less than 10 minutes ago.

I'm now doing a full run of Anti Malware / Anti Virus searches and removing all the mining software i downloaded.

I am posting this to ask everyone to be very careful when downloading miners as i'm as certain as i could be that this was a virus (Java update was not from Oracle, some random address) and i'm sure i got it from the Miner software i downloaded as there is no other avenue it could have came from.

Be careful and stay safe!

Couple of people already got their coins stolen from mt gox by letting Java apps access to their PC.

Heard about someone who got 30BTC stolen this way. BTC is certainly for the technologically advanced and not for pensioners.


I would certainly agree that BTC is currently only for the technicallly and security savvy and until these things are addressed it shall only stifle the growth of crypto-currencies. Security needs to be strong and in the background. Some sort of supplementary encryption program or further enhancements to the clients will hopefully address this issue.

Litecoin Kamikaze Game (http://litecoinkamikaze.com/ref/11196)
JimmyTwoTone
Newbie
*
Offline Offline

Activity: 25


View Profile
April 22, 2013, 09:27:16 AM
 #4

In the MEantime .... Just spend Bitcoins on Porn  WOOOHOOO
HellDiverUK
Hero Member
*****
Offline Offline

Activity: 658



View Profile
April 22, 2013, 09:27:57 AM
 #5

McAfee was going mad here this morning too.  Doesn't seem to like the Litecoin miners linked in the "alternative currency" forum.  I should have know better when it came off Rapidshare.  Roll Eyes

| 
 
50
| 




                       ▄
           ▄▄▄▄▄▄███████
▄▄▄▄█████  █████████████
█████████  █████████████
█████████  █████████████
█████████  █████████████
█████████  █████████████
█████████  █████████████

█████████  █████████████
█████████  █████████████
█████████  █████████████
█████████  █████████████
█████████  █████████████
▀▀▀▀█████  █████████████
           ▀▀▀▀▀▀███████
                       ▀
| 
 
$1,5 M
|


        ▄▄▄█████████▄▄▄
      ▄█████▀▀███▀▀█████▄
    ▄███▀     ███     ▀███▄
   ████       ███       ████
  ███▀                   ▀███
 ███▀                     ▀███
▄██▀       █████████       ▀██▄
███                         ███
███        █████████        ███
███                         ███
▀██▄       █████████       ▄██▀
 ███▄                     ▄███
  ███▄                   ▄███
   ████       ███       ████
    ▀███▄     ███     ▄███▀
      ▀█████▄▄███▄▄█████▀
        ▀▀▀█████████▀▀▀
 
|
 
<>
<>
<>
<>
 
GITHUB
TWITTER
YOUTUBE
FACEBOOK
raph
Newbie
*
Offline Offline

Activity: 8


View Profile
April 22, 2013, 09:32:41 AM
 #6

I would reinstall windows.... some of those rootkits are pretty nasty and impossible to detect
tahar
Newbie
*
Offline Offline

Activity: 28



View Profile
April 22, 2013, 09:44:54 AM
 #7

I would reinstall windows.... some of those rootkits are pretty nasty and impossible to detect

Thanks ralph. I've all my Crypto Currency data / transactions / clients over to a fresh Ubuntu Linux installation on a portable hard drive. To be safe, i'll consider reinstalling windows and likely do this shortly.

Litecoin Kamikaze Game (http://litecoinkamikaze.com/ref/11196)
tahar
Newbie
*
Offline Offline

Activity: 28



View Profile
April 22, 2013, 09:48:35 AM
 #8

McAfee was going mad here this morning too.  Doesn't seem to like the Litecoin miners linked in the "alternative currency" forum.  I should have know better when it came off Rapidshare.  Roll Eyes


I think that could be my problem. I MAY have downloaded an alt-coin miner from a differing thread than the original as i was looking for the most up to date version. I recall downloading both GUI Miner and GUI Miner Alpha versions from different threads. Just speculating that on some of those threads may the culprit lie.

Litecoin Kamikaze Game (http://litecoinkamikaze.com/ref/11196)
ISAWHIM
Hero Member
*****
Offline Offline

Activity: 504



View Profile
April 22, 2013, 10:03:29 AM
 #9

i'm sure i got it from the Miner software i downloaded as there is no other avenue it could have came from.

Um, It could have come from an AD on any website, related to bitcoins, or bitcoin-mining... Or any other legitimate website.

But I digress...

Yes, everyone should be careful on the internet. Browsing is more dangerous than "installing" programs, because you do that more, and "assume", it is safer. (Especially if you use a virus scanner, and non MSIE browser, thus, assuming even more, and being more vulnerable with multiple ways to get infected now.)

Every legitimate program you add, with false security promises, and open ports... is simply another way for a virus to get inside. (Look at a port monitor, and you will see you have about three dozen open ports, from about 12 programs, at any one time.)

But it MUST be the bitcoin programs, because that is what you "knowingly" installed... (Um, ironic that you just confessed to doing something that you, in hind-sight, know leads to infections. Tongue )

Good luck with your scans... Make sure you change the "default" settings of your scanner to... "Scan all files", and "Include common files", and "deflate all zipped files", and "Do not exclude ____ type of file". The "default" settings, even for a "Full scan" does not scan all files. It only focuses on the most potential files, and often skips the majority of actual infected files, because they hide as somevirus.txt, somevirus.jpg, somevirus.mp3, etc...

Helps if you do a boot-scan too, without being online, where more viruses can just drop in, after the dropper has detected you "just scanned this folder", dropping a backup-dropper. That also allows system files to be scanned, before they start. Since viruses usually start there. (They crash a system file, infect it quickly, then the file restarts after it sees it has crashed, and now it infects every other system along the way.)
tahar
Newbie
*
Offline Offline

Activity: 28



View Profile
April 22, 2013, 10:09:33 AM
 #10

i'm sure i got it from the Miner software i downloaded as there is no other avenue it could have came from.

Um, It could have come from an AD on any website, related to bitcoins, or bitcoin-mining... Or any other legitimate website.

But I digress...

Yes, everyone should be careful on the internet. Browsing is more dangerous than "installing" programs, because you do that more, and "assume", it is safer. (Especially if you use a virus scanner, and non MSIE browser, thus, assuming even more, and being more vulnerable with multiple ways to get infected now.)

Every legitimate program you add, with false security promises, and open ports... is simply another way for a virus to get inside. (Look at a port monitor, and you will see you have about three dozen open ports, from about 12 programs, at any one time.)

But it MUST be the bitcoin programs, because that is what you "knowingly" installed... (Um, ironic that you just confessed to doing something that you, in hind-sight, know leads to infections. Tongue )

Good luck with your scans... Make sure you change the "default" settings of your scanner to... "Scan all files", and "Include common files", and "deflate all zipped files", and "Do not exclude ____ type of file". The "default" settings, even for a "Full scan" does not scan all files. It only focuses on the most potential files, and often skips the majority of actual infected files, because they hide as somevirus.txt, somevirus.jpg, somevirus.mp3, etc...

Helps if you do a boot-scan too, without being online, where more viruses can just drop in, after the dropper has detected you "just scanned this folder", dropping a backup-dropper. That also allows system files to be scanned, before they start. Since viruses usually start there. (They crash a system file, infect it quickly, then the file restarts after it sees it has crashed, and now it infects every other system along the way.)

Okay this i very helpful information and i thank you for it, and this has led me to think that i may stand corrected.

I am thinking that a rogue coin related website, as i have browsed an awful lot recently, may be just as likely (or more likely?) to have caused the virus. Thank you for pointing out.

Litecoin Kamikaze Game (http://litecoinkamikaze.com/ref/11196)
ISAWHIM
Hero Member
*****
Offline Offline

Activity: 504



View Profile
April 22, 2013, 10:13:20 AM
 #11

Keep your active-scanner on "paranoid" mode... whenever you are going into the "unknown"... (Same settings as a full-scan, scan read, scan write, scan access, scan all files/types...) Setup a "Paranoid" profile, just for that... Tongue )
Buffer Overflow
Legendary
*
Offline Offline

Activity: 1652



View Profile
April 22, 2013, 10:43:16 AM
 #12

In the MEantime .... Just spend Bitcoins on Porn  WOOOHOOO

People still pay for porn?

chapapa
Newbie
*
Offline Offline

Activity: 20


View Profile
April 22, 2013, 10:59:09 AM
 #13

yeah i would be careful if you download mining software from non official websites (like somewhere on a form linked to a filehoster). i just download mining software from the official websites.
vm1990
Legendary
*
Offline Offline

Activity: 1260


bloginhell.me


View Profile WWW
April 22, 2013, 11:03:02 AM
 #14

if in doubt shove it through this
https://www.virustotal.com/en/

▄▄▄▄▄▄
▄▄▄▄
▄▄
▄▄▄▄▄▄
▄▄▄▄
▄▄
▄▄▄▄▄▄
▄▄▄▄
▄▄
.JOIN THE CLUB !
 Bitcointalk.club
▄▄▄▄▄▄
▄▄▄▄
▄▄
BLOG:  www.bloginhell.me        BTC: 192tyaiwWxJ2UhSxUCbQW4JuA3Le5CEhWH                 Free 5GB Storage Cloud.Bloginhell.me 
Scigie
Newbie
*
Offline Offline

Activity: 14


View Profile
April 23, 2013, 12:10:45 AM
 #15

Norton picked up a contaminated file when I first started mining ltc a month or so ago. I to strayed off the beaten path and downloaded something I shouldn't have.
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!