MtGox_client.exe

[jhfire]

Anyone have this file, I wish to download it. Don't question my wanting, please if you have the file upload it to mediafire I wish to take a look at it.

I did actually decompile it. Here is proof as well as a thread mob closed.

Thread:

https://i.imgur.com/Kv6gN.png

Proof:

https://i.imgur.com/y5O66.png

[DamienBlack]

Just so everyone is clear, this is a virus.

[jhfire]

Just so everyone is clear, this is a virus.

I do understand this, I am experienced in the virus field. I wish to decompile and find out more information about it, can someone please download it and upload it. DON'T OPEN IT! A virus can only be harmful if you open it.

[AnonymousBat]

I'd love a copy to load up into IDA as well.

[jhfire]

Does anyone have a damn copy? Stop being a pussy and please upload it. If you can get me that file I can get the hacker.

[GeniuSxBoY]

"hay guiz, can som1 giv me teh v1rus so I can h3xedit mi acc0unt informashunz n2 it?"

[jhfire]

"hay guiz, can som1 giv me teh v1rus so I can h3xedit mi acc0unt informashunz n2 it?"

You haten son?

[GeniuSxBoY]

When you change the information and link it to your account, there will be some other noob that goes "haaay look!! I found th mt gox hax0r!!"

[CYPER]

I had a feeling this was a virus, but just out of sheer curiosity I first scanned it with MSE and then opened it. No antivirus detects it as a virus, so how can I clean myself?

I haven't started mining yet and have no coins in the wallet, but how would I make sure my machine is clean before I do?

[just_someguy]

I had a feeling this was a virus, but just out of sheer curiosity I first scanned it with MSE and then opened it. No antivirus detects it as a virus, so how can I clean myself?

I haven't started mining yet and have no coins in the wallet, but how would I make sure my machine is clean before I do?

Wow.

It won't detect as a virus because its brand new. You are infected. Maybe someone will reverse engineer it and you figure out how to clean it up at a later date.
Until then your machine is compromised and possibly every account you have accessed from it.
Scrap the machine. Change the password to all your accounts.

[3txx]

to first poster:
If you still need the File, please send me your Email/Trashmail/Something via PM. I wont upload/download it.


greets

[SomeoneWeird]

Just so everyone is clear, this is a virus.

I do understand this, I am experienced in the virus field. I wish to decompile and find out more information about it, can someone please download it and upload it. DON'T OPEN IT! A virus can only be harmful if you open it.

https://rapidshare.com/files/4215500226/MtGox_client.zip

Warning, this file is a VIRUS. DO NOT RUN IT. Password: virus

[CYPER]

Wow.

It won't detect as a virus because its brand new. You are infected. Maybe someone will reverse engineer it and you figure out how to clean it up at a later date.
Until then your machine is compromised and possibly every account you have accessed from it.
Scrap the machine. Change the password to all your accounts.

I just found out there is an executable called xXXCFEA.exe that has outgoing connections from my machine and it disappears from the Task Manager list when I close the Bitcoin.exe:

[xXXCFEA.exe]
 TCP    127.0.0.1:58531        Black:58530            ESTABLISHED
[xXXCFEA.exe]
 TCP    192.168.1.105:54354    giraffe:6667           ESTABLISHED
[bitcoin.exe]
 TCP    192.168.1.105:56397    www:https              CLOSE_WAIT
[xXXCFEA.exe]
 TCP    192.168.1.105:59214    mx1:imap               ESTABLISHED

It's located in
C:\Users\CYPER\AppData\Local\Temp

I bet that's part of the virus.
Do you think the virus is so sophisticated that it can extract all of my saved passwords from Firefox for example?

[just_someguy]

I bet that's part of the virus.
Do you think the virus is so sophisticated that it can extract all of my saved passwords from Firefox for example?

Assume it is. You need to wipe that machine and check anything else on your network.

[Man From The Future]

http://www.virustotal.com/file-scan/report.html?id=b8e42f50c70c37967f5a89b556f732ba5e7f6d3a1e1a6d4dcd225f85ebf26963-1308572546

No detections

[SomeoneWeird]

http://www.virustotal.com/file-scan/report.html?id=b8e42f50c70c37967f5a89b556f732ba5e7f6d3a1e1a6d4dcd225f85ebf26963-1308572546

No detections

As we've said, it's a new virus, so the AV's won't have a signature for it yet.

[Man From The Future]

http://www.virustotal.com/file-scan/report.html?id=b8e42f50c70c37967f5a89b556f732ba5e7f6d3a1e1a6d4dcd225f85ebf26963-1308572546

No detections

As we've said, it's a new virus, so the AV's won't have a signature for it yet.

Which means a bunch of Mt Gox users will now have it. Whcih is why I feel the need to use:

 

[bradminer]

I think it is useful for all to upload this file to AV companies to update signatures as soon as possible.....

I've gmail account so their filters on .exe files blocked it.... i think

[mandros]

Anyone have this file, I wish to download it. Don't question my wanting, please if you have the file upload it to mediafire I wish to take a look at it.

Here you have it:
http://www.megaupload.com/?d=VWNREX2X

It's zipped with password: virus

It's also renamed with extension .virus so no one can execute it by accident.

I received it on my yahoo email account and as of right now it still let me download it without detecting it as a virus.

[SomeoneWeird]

Anyone have this file, I wish to download it. Don't question my wanting, please if you have the file upload it to mediafire I wish to take a look at it.

Here you have it:
http://www.megaupload.com/?d=VWNREX2X

It's zipped with password: virus

It's also renamed with extension .virus so no one can execute it by accident.

I received it on my yahoo email account and as of right now it still let me download it without detecting it as a virus.

I've posted it aswell