mr_random (OP)
Legendary
Offline
Activity: 1344
Merit: 1001
|
|
May 11, 2013, 01:57:22 PM |
|
I am deleting all messages in ALL CAPS bright red font. Nothing personal. Looking at you hdclover.
|
|
|
|
GröBkAz
|
|
May 11, 2013, 01:58:52 PM |
|
Just Jr. Members lost ther BTC and they registed in this Forum just to post, that they lost some BTC. A bad joke
|
|
|
|
|
TheSwede75
|
|
May 11, 2013, 02:00:38 PM |
|
Just Jr. Members lost ther BTC and they registed in this Forum just to post, that they lost some BTC. A bad joke
Says the JR member? I'm not saying it's true or false, but I will say that its amazing so many people are willing to download a random 'wallet' and run whatever commands some random member tells them to with NO idea what it is they are doing.
|
|
|
|
Mike Christ
aka snapsunny
Legendary
Offline
Activity: 1078
Merit: 1003
|
|
May 11, 2013, 02:01:44 PM |
|
Just Jr. Members lost ther BTC and they registed in this Forum just to post, that they lost some BTC. A bad joke
Says the JR member? I'm not saying it's true or false, but I will say that its amazing so many people are willing to download a random 'wallet' and run whatever commands some random member tells them to with NO idea what it is they are doing. Ehh, not really amazing. The herd mentality is really popular nowadays; why think, when you can be led?
|
|
|
|
fenican
|
|
May 11, 2013, 02:02:49 PM |
|
I think all posts with ALL RED or special fonts are very suspicious and seem to be either FUD or hacked accounts.
Hopefully administrators can clean this up, delete all those posts, suspend any accounts that look hacked, and get any substantive posts into an official thread
|
|
|
|
rbdrbd
|
|
May 11, 2013, 02:08:10 PM |
|
Just Jr. Members lost ther BTC and they registed in this Forum just to post, that they lost some BTC. A bad joke
Says the JR member? I'm not saying it's true or false, but I will say that its amazing so many people are willing to download a random 'wallet' and run whatever commands some random member tells them to with NO idea what it is they are doing. Ehh, not really amazing. The herd mentality is really popular nowadays; why think, when you can be led? I think it's more the profit motivator at play. Throw in the opportunity to make money, and much reason/caution goes out the window for most folks. It's all about getting there before the other guy. Not saying I don't suffer from this too, but I realize it. Can only mitigate it when you realize it.
|
|
|
|
Goldmember
Newbie
Offline
Activity: 26
Merit: 0
|
|
May 11, 2013, 02:08:56 PM |
|
I am deleting all messages in ALL CAPS bright red font. Nothing personal. Looking at you hdclover.
Thank you! For what it is worth, I had no coins stolen. I used the original executable from the OP announcement, plus compile from source on linux. If (if!) this is true, I suspect it is one of the later binaries that came out.
|
|
|
|
xibeijan
Legendary
Offline
Activity: 1232
Merit: 1001
|
|
May 11, 2013, 02:12:13 PM |
|
FACT: YAC fear mongering is a testament to YAC's success. They want it.
|
|
|
|
skull88
|
|
May 11, 2013, 02:13:15 PM |
|
I installed the client and miner for YACoin on a windowscomputer to test it yesterday, the computer has several altcoin clients on it, there was still an old bitcoinwallet on that computer (unencrypted!) that had a very small amount of btc's in it. Not really enough to get worried about so I actually didn't bother much and didn't transfer them. Also a wallet with an even smaller amount of Litecoins in it is on that computer (also unencrypted), just checked and everything is still there and no suspicious activity is going on. I downloaded them from the mega link.
|
BTC: 1MifMqtqqwMMAbb6zr8u6qEzWqq3CQeGUr LTC: LhvMYEngkKS2B8FAcbnzHb2dvW8n9eHkdp
|
|
|
LOG123
Full Member
Offline
Activity: 153
Merit: 100
...
|
|
May 11, 2013, 02:14:25 PM |
|
I think all posts with ALL RED or special fonts are very suspicious and seem to be either FUD or hacked accounts.
Hopefully administrators can clean this up, delete all those posts, suspend any accounts that look hacked, and get any substantive posts into an official thread
There's nothing suspicious about this, jeez fenican.
|
|
|
|
shaal
Member
Offline
Activity: 112
Merit: 10
|
|
May 11, 2013, 02:17:01 PM |
|
I know i keep posting this but, can we get ONE screenshot of peoples bitcoin wallet with transactions going out?
|
|
|
|
Mushoz
|
|
May 11, 2013, 02:17:27 PM |
|
One of the minerd.exe programs is infected, see here: That's probably how some people's coin got stolen. This was the minerd.exe that was downloaded from the "virusscanner friendly" Minerd topic.
|
www.bitbuy.nl - Koop eenvoudig, snel en goedkoop bitcoins bij Bitbuy!
|
|
|
mr_random (OP)
Legendary
Offline
Activity: 1344
Merit: 1001
|
|
May 11, 2013, 02:19:21 PM |
|
Nice find Mushoz. Updating the OP.
|
|
|
|
theking
|
|
May 11, 2013, 02:20:17 PM |
|
The only way to find out is to reverse the exe, forget about virus scans etc, these are 100% proof, also the fact that some people claim to be affected is also not much proof, its possible its either made up, or caused by another exe or attack too, plus if its caused by this exe, it may not be attacking everyone for various reasons. Luckily the exe does not seem to be protected with a strong packer. Running a packet sniffer alone also may not show much. So if anyone has had a look through the source to start off with that can be helpful but we need someone experienced with reversing exes to check em out to be sure.
|
|
|
|
theking
|
|
May 11, 2013, 02:21:57 PM |
|
Yea its seemed suspect to use themida in order to stop the original minerd.exe from showing up in virus scanners as themedia causes even more propblems for virus scanners and can be very hard to reverse too.
|
|
|
|
cheapbit
Newbie
Offline
Activity: 20
Merit: 0
|
|
May 11, 2013, 02:22:30 PM |
|
(the win32 binary downloaded soon after release)
tested under a VM for ~30minutes. no read operation toward bitcoin wallet yet. and no dns request to the suffix yet.
although the motivation to release yacoin is still highly suspicious.
|
|
|
|
eule
|
|
May 11, 2013, 02:22:56 PM |
|
Even the normal minerd (for scrypt and sha256) gives an anti virus warning, have to whitelist the dir to start it... So the windows compiled "new minerd for scrypt-jane" posted later could indeed have a trojan and most wouldn't notice as the program is already known to cause false positives.
|
|
|
|
Mushoz
|
|
May 11, 2013, 02:28:24 PM |
|
Cannot show the whole list, as it won't fit my screen, but I've checked all entries, and the ONLY wallet.dat Yacoin accesses, is the one it's supposed to access (Yacoin's wallet.dat). I have NOT seen it access Bitcoin's wallet.dat
|
www.bitbuy.nl - Koop eenvoudig, snel en goedkoop bitcoins bij Bitbuy!
|
|
|
cheapbit
Newbie
Offline
Activity: 20
Merit: 0
|
|
May 11, 2013, 02:30:19 PM |
|
Cannot show the whole list, as it won't fit my screen, but I've checked all entries, and the ONLY wallet.dat Yacoin accesses, is the one it's supposed to access (Yacoin's wallet.dat). I have NOT seen it access Bitcoin's wallet.dat http://i39.tinypic.com/4j9f7q.png+1 although so all altcoin clients should first go to a vm
|
|
|
|
|