Bitcoin Forum
December 07, 2016, 12:42:50 PM *
News: Latest stable version of Bitcoin Core: 0.13.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 »  All
  Print  
Author Topic: MtGox_client.exe  (Read 6625 times)
jhfire
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 20, 2011, 06:06:23 AM
 #1

Anyone have this file, I wish to download it. Don't question my wanting, please if you have the file upload it to mediafire I wish to take a look at it.

I did actually decompile it. Here is proof as well as a thread mob closed.

Thread:



Proof:

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
DamienBlack
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 20, 2011, 06:07:22 AM
 #2

Just so everyone is clear, this is a virus.

I trade bitcoin options at https://bitoption.org/ ... Join me.
I play poker at https://betco.in/ ... Join me.
Support the bitcoin economy, what do you do?
Tips: 1NfXhiTFEdKQTdLy49s6DYAP1K7MeFWyao
jhfire
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 20, 2011, 06:09:38 AM
 #3

Just so everyone is clear, this is a virus.

I do understand this, I am experienced in the virus field. I wish to decompile and find out more information about it, can someone please download it and upload it. DON'T OPEN IT! A virus can only be harmful if you open it.
AnonymousBat
Member
**
Offline Offline

Activity: 111


View Profile
June 20, 2011, 06:16:55 AM
 #4

I'd love a copy to load up into IDA as well.
jhfire
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 20, 2011, 06:18:30 AM
 #5

Does anyone have a damn copy? Stop being a pussy and please upload it. If you can get me that file I can get the hacker.
GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 546



View Profile
June 20, 2011, 06:23:25 AM
 #6

"hay guiz, can som1 giv me teh v1rus so I can h3xedit mi acc0unt informashunz n2 it?"
jhfire
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 20, 2011, 06:24:22 AM
 #7

"hay guiz, can som1 giv me teh v1rus so I can h3xedit mi acc0unt informashunz n2 it?"

You haten son?
GeniuSxBoY
Hero Member
*****
Offline Offline

Activity: 546



View Profile
June 20, 2011, 06:26:01 AM
 #8

When you change the information and link it to your account, there will be some other noob that goes "haaay look!! I found th mt gox hax0r!!"
CYPER
Hero Member
*****
Offline Offline

Activity: 630



View Profile
June 20, 2011, 11:39:54 AM
 #9

I had a feeling this was a virus, but just out of sheer curiosity I first scanned it with MSE and then opened it. No antivirus detects it as a virus, so how can I clean myself?

I haven't started mining yet and have no coins in the wallet, but how would I make sure my machine is clean before I do?

If this post helped you and you feel generous you know what to do: 1P9tXFy9bVgzrfPGeV7F8np26ZtFdCCWvz
just_someguy
Full Member
***
Offline Offline

Activity: 125


View Profile
June 20, 2011, 11:56:24 AM
 #10

I had a feeling this was a virus, but just out of sheer curiosity I first scanned it with MSE and then opened it. No antivirus detects it as a virus, so how can I clean myself?

I haven't started mining yet and have no coins in the wallet, but how would I make sure my machine is clean before I do?

Wow.

It won't detect as a virus because its brand new. You are infected. Maybe someone will reverse engineer it and you figure out how to clean it up at a later date.
Until then your machine is compromised and possibly every account you have accessed from it.
Scrap the machine. Change the password to all your accounts.
3txx
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 20, 2011, 11:57:50 AM
 #11

to first poster:
If you still need the File, please send me your Email/Trashmail/Something via PM. I wont upload/download it.


greets

SomeoneWeird
Hero Member
*****
Offline Offline

Activity: 700


View Profile
June 20, 2011, 12:04:51 PM
 #12

Just so everyone is clear, this is a virus.

I do understand this, I am experienced in the virus field. I wish to decompile and find out more information about it, can someone please download it and upload it. DON'T OPEN IT! A virus can only be harmful if you open it.

https://rapidshare.com/files/4215500226/MtGox_client.zip

Warning, this file is a VIRUS. DO NOT RUN IT. Password: virus
CYPER
Hero Member
*****
Offline Offline

Activity: 630



View Profile
June 20, 2011, 12:11:44 PM
 #13

Wow.

It won't detect as a virus because its brand new. You are infected. Maybe someone will reverse engineer it and you figure out how to clean it up at a later date.
Until then your machine is compromised and possibly every account you have accessed from it.
Scrap the machine. Change the password to all your accounts.
I just found out there is an executable called xXXCFEA.exe that has outgoing connections from my machine and it disappears from the Task Manager list when I close the Bitcoin.exe:

[xXXCFEA.exe]
 TCP    127.0.0.1:58531        Black:58530            ESTABLISHED
[xXXCFEA.exe]
 TCP    192.168.1.105:54354    giraffe:6667           ESTABLISHED
[bitcoin.exe]
 TCP    192.168.1.105:56397    www:https              CLOSE_WAIT
[xXXCFEA.exe]
 TCP    192.168.1.105:59214    mx1:imap               ESTABLISHED

It's located in
C:\Users\CYPER\AppData\Local\Temp

I bet that's part of the virus.
Do you think the virus is so sophisticated that it can extract all of my saved passwords from Firefox for example?

If this post helped you and you feel generous you know what to do: 1P9tXFy9bVgzrfPGeV7F8np26ZtFdCCWvz
just_someguy
Full Member
***
Offline Offline

Activity: 125


View Profile
June 20, 2011, 12:20:20 PM
 #14

Quote

I bet that's part of the virus.
Do you think the virus is so sophisticated that it can extract all of my saved passwords from Firefox for example?

Assume it is. You need to wipe that machine and check anything else on your network.
Man From The Future
Full Member
***
Offline Offline

Activity: 126


View Profile
June 20, 2011, 12:35:01 PM
 #15

http://www.virustotal.com/file-scan/report.html?id=b8e42f50c70c37967f5a89b556f732ba5e7f6d3a1e1a6d4dcd225f85ebf26963-1308572546

Sad No detections
SomeoneWeird
Hero Member
*****
Offline Offline

Activity: 700


View Profile
June 20, 2011, 12:40:06 PM
 #16


As we've said, it's a new virus, so the AV's won't have a signature for it yet.
Man From The Future
Full Member
***
Offline Offline

Activity: 126


View Profile
June 20, 2011, 12:41:54 PM
 #17


Which means a bunch of Mt Gox users will now have it. Whcih is why I feel the need to use:

 Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry
bradminer
Newbie
*
Offline Offline

Activity: 20


View Profile
June 20, 2011, 12:46:10 PM
 #18

I think it is useful for all to upload this file to AV companies to update signatures as soon as possible.....

I've gmail account so their filters on .exe files blocked it.... i think
mandros
Newbie
*
Offline Offline

Activity: 21


View Profile
June 20, 2011, 01:08:34 PM
 #19

Anyone have this file, I wish to download it. Don't question my wanting, please if you have the file upload it to mediafire I wish to take a look at it.

Here you have it:
http://www.megaupload.com/?d=VWNREX2X

It's zipped with password: virus

It's also renamed with extension .virus so no one can execute it by accident.

I received it on my yahoo email account and as of right now it still let me download it without detecting it as a virus.
SomeoneWeird
Hero Member
*****
Offline Offline

Activity: 700


View Profile
June 20, 2011, 01:14:49 PM
 #20

Anyone have this file, I wish to download it. Don't question my wanting, please if you have the file upload it to mediafire I wish to take a look at it.

Here you have it:
http://www.megaupload.com/?d=VWNREX2X

It's zipped with password: virus

It's also renamed with extension .virus so no one can execute it by accident.

I received it on my yahoo email account and as of right now it still let me download it without detecting it as a virus.


I've posted it aswell Smiley
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!