jhfire (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 20, 2011, 06:06:23 AM Last edit: June 21, 2011, 01:17:16 AM by jhfire |
|
Anyone have this file, I wish to download it. Don't question my wanting, please if you have the file upload it to mediafire I wish to take a look at it.I did actually decompile it. Here is proof as well as a thread mob closed. Thread: Proof:
|
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
June 20, 2011, 06:07:22 AM |
|
Just so everyone is clear, this is a virus.
|
|
|
|
jhfire (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 20, 2011, 06:09:38 AM |
|
Just so everyone is clear, this is a virus.
I do understand this, I am experienced in the virus field. I wish to decompile and find out more information about it, can someone please download it and upload it. DON'T OPEN IT! A virus can only be harmful if you open it.
|
|
|
|
AnonymousBat
Member
Offline
Activity: 111
Merit: 10
|
|
June 20, 2011, 06:16:55 AM |
|
I'd love a copy to load up into IDA as well.
|
|
|
|
jhfire (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 20, 2011, 06:18:30 AM |
|
Does anyone have a damn copy? Stop being a pussy and please upload it. If you can get me that file I can get the hacker.
|
|
|
|
GeniuSxBoY
|
|
June 20, 2011, 06:23:25 AM |
|
"hay guiz, can som1 giv me teh v1rus so I can h3xedit mi acc0unt informashunz n2 it?"
|
Be humble!
|
|
|
jhfire (OP)
Newbie
Offline
Activity: 56
Merit: 0
|
|
June 20, 2011, 06:24:22 AM |
|
"hay guiz, can som1 giv me teh v1rus so I can h3xedit mi acc0unt informashunz n2 it?"
You haten son?
|
|
|
|
GeniuSxBoY
|
|
June 20, 2011, 06:26:01 AM |
|
When you change the information and link it to your account, there will be some other noob that goes "haaay look!! I found th mt gox hax0r!!"
|
Be humble!
|
|
|
CYPER
|
|
June 20, 2011, 11:39:54 AM |
|
I had a feeling this was a virus, but just out of sheer curiosity I first scanned it with MSE and then opened it. No antivirus detects it as a virus, so how can I clean myself?
I haven't started mining yet and have no coins in the wallet, but how would I make sure my machine is clean before I do?
|
|
|
|
just_someguy
|
|
June 20, 2011, 11:56:24 AM |
|
I had a feeling this was a virus, but just out of sheer curiosity I first scanned it with MSE and then opened it. No antivirus detects it as a virus, so how can I clean myself?
I haven't started mining yet and have no coins in the wallet, but how would I make sure my machine is clean before I do?
Wow. It won't detect as a virus because its brand new. You are infected. Maybe someone will reverse engineer it and you figure out how to clean it up at a later date. Until then your machine is compromised and possibly every account you have accessed from it. Scrap the machine. Change the password to all your accounts.
|
|
|
|
3txx
Member
Offline
Activity: 111
Merit: 11
|
|
June 20, 2011, 11:57:50 AM |
|
to first poster: If you still need the File, please send me your Email/Trashmail/Something via PM. I wont upload/download it.
greets
|
|
|
|
SomeoneWeird
|
|
June 20, 2011, 12:04:51 PM |
|
Just so everyone is clear, this is a virus.
I do understand this, I am experienced in the virus field. I wish to decompile and find out more information about it, can someone please download it and upload it. DON'T OPEN IT! A virus can only be harmful if you open it. https://rapidshare.com/files/4215500226/MtGox_client.zipWarning, this file is a VIRUS. DO NOT RUN IT. Password: virus
|
|
|
|
CYPER
|
|
June 20, 2011, 12:11:44 PM |
|
Wow.
It won't detect as a virus because its brand new. You are infected. Maybe someone will reverse engineer it and you figure out how to clean it up at a later date. Until then your machine is compromised and possibly every account you have accessed from it. Scrap the machine. Change the password to all your accounts.
I just found out there is an executable called xXXCFEA.exe that has outgoing connections from my machine and it disappears from the Task Manager list when I close the Bitcoin.exe: [xXXCFEA.exe] TCP 127.0.0.1:58531 Black:58530 ESTABLISHED [xXXCFEA.exe] TCP 192.168.1.105:54354 giraffe:6667 ESTABLISHED [bitcoin.exe] TCP 192.168.1.105:56397 www:https CLOSE_WAIT [xXXCFEA.exe] TCP 192.168.1.105:59214 mx1:imap ESTABLISHED It's located in C:\Users\CYPER\AppData\Local\Temp I bet that's part of the virus. Do you think the virus is so sophisticated that it can extract all of my saved passwords from Firefox for example?
|
|
|
|
just_someguy
|
|
June 20, 2011, 12:20:20 PM |
|
I bet that's part of the virus. Do you think the virus is so sophisticated that it can extract all of my saved passwords from Firefox for example?
Assume it is. You need to wipe that machine and check anything else on your network.
|
|
|
|
|
SomeoneWeird
|
|
June 20, 2011, 12:40:06 PM |
|
As we've said, it's a new virus, so the AV's won't have a signature for it yet.
|
|
|
|
|
bradminer
Newbie
Offline
Activity: 20
Merit: 0
|
|
June 20, 2011, 12:46:10 PM |
|
I think it is useful for all to upload this file to AV companies to update signatures as soon as possible.....
I've gmail account so their filters on .exe files blocked it.... i think
|
|
|
|
mandros
Newbie
Offline
Activity: 21
Merit: 0
|
|
June 20, 2011, 01:08:34 PM |
|
Anyone have this file, I wish to download it. Don't question my wanting, please if you have the file upload it to mediafire I wish to take a look at it.
Here you have it: http://www.megaupload.com/?d=VWNREX2XIt's zipped with password: virus It's also renamed with extension .virus so no one can execute it by accident. I received it on my yahoo email account and as of right now it still let me download it without detecting it as a virus.
|
|
|
|
SomeoneWeird
|
|
June 20, 2011, 01:14:49 PM |
|
Anyone have this file, I wish to download it. Don't question my wanting, please if you have the file upload it to mediafire I wish to take a look at it.
Here you have it: http://www.megaupload.com/?d=VWNREX2XIt's zipped with password: virus It's also renamed with extension .virus so no one can execute it by accident. I received it on my yahoo email account and as of right now it still let me download it without detecting it as a virus. I've posted it aswell
|
|
|
|
|