Bitcoin Forum
April 24, 2018, 09:44:57 PM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: *TEKCOIN WALLET IS A VIRUS (On offical topic)*  (Read 345 times)
addarmstrong
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
November 04, 2017, 02:48:23 PM
 #1

Hi,

Made an account just to let the mod know that the 'wallet' on the official TEKcoin topic is a virus and has just messed up my clean install of win7 (was too lazy to plug a drive in to get my old wallet exe).

Could someone please investigate this as i dont want other people running it and im not acutally sure what it is doing but it deffo isnt legit as it overwrites explorer.exe and dwm.exe with its own version (stupidly using the tekcoin icon for the file...) and it also cause windows to become not genuine.

Stupidly i wasnt running an antivirus at the time but noticed it was really raping one of my drives trying to read from it to the point it was crashing windows explorer, at that point i shut down and booted into another install to delete the stuff it created and restore my other install.

Just wanted to make the forum aware, i cant do anymore.

Thanks
Adam
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
TheHiman
Newbie
*
Offline Offline

Activity: 17
Merit: 0


View Profile
November 19, 2017, 10:16:08 PM
 #2

I can confirm this.

The links on mega from the thread are replaced and contains a rarfile with an exe dated to 11 April 2017.
(Which is to young and no longer the original old 2016er wallet!)

The .exe installs an file "explorer.exe" in C:\Program Files (x86)\WindowsClient\explorer.exe - which is a fake.
To activate them, it created an autostart entry in the registry that points directly after boot to this file.
When try to kill the process, the process is spawned many times and restarting in endless loop.
At this point a immidiate power-cut from the machine is best what you can make at this moment.

For me it looks like an replacement for the regulary explorer - which contains keylogger and all the usual
things we know.

I had the chance to remove all instances fast enough, before the usual "download actions" begans.
Antivirus has not detected any activity - only the long starting time and nearly doing "nothing" for
about 30 Seconds makes me fast checking all running processes and shutdown the machine asap.

By the way: On the old website the other download-link is dead to mega, further more, most google
searches to the forum opening post - so this thread needs immidiatly disabled or edited by an admin.
GeePeeU
Sr. Member
****
Offline Offline

Activity: 336
Merit: 250



View Profile
November 19, 2017, 10:19:17 PM
 #3

Gotta be more careful. Sorry you fell victim.

Bitcoin-Cash !
420mineit
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
December 13, 2017, 01:08:24 AM
 #4

http://
Hi,

Made an account just to let the mod know that the 'wallet' on the official TEKcoin topic is a virus and has just messed up my clean install of win7 (was too lazy to plug a drive in to get my old wallet exe).

Could someone please investigate this as i dont want other people running it and im not acutally sure what it is doing but it deffo isnt legit as it overwrites explorer.exe and dwm.exe with its own version (stupidly using the tekcoin icon for the file...) and it also cause windows to become not genuine.

Stupidly i wasnt running an antivirus at the time but noticed it was really raping one of my drives trying to read from it to the point it was crashing windows explorer, at that point i shut down and booted into another install to delete the stuff it created and restore my other install.

Just wanted to make the forum aware, i cant do anymore.

Thanks
Adam

God damn it why is this TEKCoin virus thread still not deleted? I just downloaded it because it had high profits on coinwarz and now I just lost all coins across multiple wallets. Fuck I am pissed. Mods DO SOMETHING. My mistake for trusting bitcointalk, I thought downloads were vetted. Same as above, it created multiple explorer.exe processes that were insanely difficult to remove. I THINK it is gone but i will be re installing windows shortly..

EDIT: For anyone that cares.. this is the IP address of the virus creator ... Or at least where it was connecting to sending back my wallet.dat

https://i.imgur.com/Rm5ENR4.png
shubaduba
Full Member
***
Offline Offline

Activity: 159
Merit: 100


mine safe o/


View Profile
December 13, 2017, 02:21:03 AM
 #5

Thanks for heads up.
Will be more aware
milly6
Legendary
*
Offline Offline

Activity: 1470
Merit: 1000



View Profile WWW
January 20, 2018, 06:20:33 PM
 #6

I can confirm this.

The links on mega from the thread are replaced and contains a rarfile with an exe dated to 11 April 2017.
(Which is to young and no longer the original old 2016er wallet!)

The .exe installs an file "explorer.exe" in C:\Program Files (x86)\WindowsClient\explorer.exe - which is a fake.
To activate them, it created an autostart entry in the registry that points directly after boot to this file.
When try to kill the process, the process is spawned many times and restarting in endless loop.
At this point a immidiate power-cut from the machine is best what you can make at this moment.

For me it looks like an replacement for the regulary explorer - which contains keylogger and all the usual
things we know.

I had the chance to remove all instances fast enough, before the usual "download actions" begans.
Antivirus has not detected any activity - only the long starting time and nearly doing "nothing" for
about 30 Seconds makes me fast checking all running processes and shutdown the machine asap.

By the way: On the old website the other download-link is dead to mega, further more, most google
searches to the forum opening post - so this thread needs immidiatly disabled or edited by an admin.

 

thanks for the heads up

Eyes open, No Fear. Be Safe! Trinity: Currency Without Bias
leger0
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
January 23, 2018, 10:42:31 PM
 #7

Yes, I can confirm this too.
I have tried to find working windows wallet but no luck, only this one with exploit.

Finally I have managed to compiled wallet from the original source code.
If you need it you can find it here:
https://bitcointalk.org/index.php?topic=2125731.msg28783577#msg28783577

scanned with virus total:
https://www.virustotal.com/#/file-analysis/NTZhNTI0NTRiNDQ4Mjc4NGExYzRhYmVkM2NlOGUwZjA6MTUxNjc0NzIyNQ==
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!