*TEKCOIN WALLET IS A VIRUS (On offical topic)*

[addarmstrong]

Hi,

Made an account just to let the mod know that the 'wallet' on the official TEKcoin topic is a virus and has just messed up my clean install of win7 (was too lazy to plug a drive in to get my old wallet exe).

Could someone please investigate this as i dont want other people running it and im not acutally sure what it is doing but it deffo isnt legit as it overwrites explorer.exe and dwm.exe with its own version (stupidly using the tekcoin icon for the file...) and it also cause windows to become not genuine.

Stupidly i wasnt running an antivirus at the time but noticed it was really raping one of my drives trying to read from it to the point it was crashing windows explorer, at that point i shut down and booted into another install to delete the stuff it created and restore my other install.

Just wanted to make the forum aware, i cant do anymore.

Thanks
Adam

[1714732584]

1714732584

[1714732584]

1714732584

[1714732584]

1714732584

[1714732584]

1714732584

[1714732584]

1714732584

[1714732584]

1714732584

[TheHiman]

I can confirm this.

The links on mega from the thread are replaced and contains a rarfile with an exe dated to 11 April 2017.
(Which is to young and no longer the original old 2016er wallet!)

The .exe installs an file "explorer.exe" in C:\Program Files (x86)\WindowsClient\explorer.exe - which is a fake.
To activate them, it created an autostart entry in the registry that points directly after boot to this file.
When try to kill the process, the process is spawned many times and restarting in endless loop.
At this point a immidiate power-cut from the machine is best what you can make at this moment.

For me it looks like an replacement for the regulary explorer - which contains keylogger and all the usual
things we know.

I had the chance to remove all instances fast enough, before the usual "download actions" begans.
Antivirus has not detected any activity - only the long starting time and nearly doing "nothing" for
about 30 Seconds makes me fast checking all running processes and shutdown the machine asap.

By the way: On the old website the other download-link is dead to mega, further more, most google
searches to the forum opening post - so this thread needs immidiatly disabled or edited by an admin.

[GeePeeU]

Gotta be more careful. Sorry you fell victim.

[420mineit]

http://

Hi,

Made an account just to let the mod know that the 'wallet' on the official TEKcoin topic is a virus and has just messed up my clean install of win7 (was too lazy to plug a drive in to get my old wallet exe).

Could someone please investigate this as i dont want other people running it and im not acutally sure what it is doing but it deffo isnt legit as it overwrites explorer.exe and dwm.exe with its own version (stupidly using the tekcoin icon for the file...) and it also cause windows to become not genuine.

Stupidly i wasnt running an antivirus at the time but noticed it was really raping one of my drives trying to read from it to the point it was crashing windows explorer, at that point i shut down and booted into another install to delete the stuff it created and restore my other install.

Just wanted to make the forum aware, i cant do anymore.

Thanks
Adam

God damn it why is this TEKCoin virus thread still not deleted? I just downloaded it because it had high profits on coinwarz and now I just lost all coins across multiple wallets. Fuck I am pissed. Mods DO SOMETHING. My mistake for trusting bitcointalk, I thought downloads were vetted. Same as above, it created multiple explorer.exe processes that were insanely difficult to remove. I THINK it is gone but i will be re installing windows shortly..

EDIT: For anyone that cares.. this is the IP address of the virus creator ... Or at least where it was connecting to sending back my wallet.dat

https://i.imgur.com/Rm5ENR4.png

[shubaduba]

Thanks for heads up.
Will be more aware

[milly6]

I can confirm this.

The links on mega from the thread are replaced and contains a rarfile with an exe dated to 11 April 2017.
(Which is to young and no longer the original old 2016er wallet!)

The .exe installs an file "explorer.exe" in C:\Program Files (x86)\WindowsClient\explorer.exe - which is a fake.
To activate them, it created an autostart entry in the registry that points directly after boot to this file.
When try to kill the process, the process is spawned many times and restarting in endless loop.
At this point a immidiate power-cut from the machine is best what you can make at this moment.

For me it looks like an replacement for the regulary explorer - which contains keylogger and all the usual
things we know.

I had the chance to remove all instances fast enough, before the usual "download actions" begans.
Antivirus has not detected any activity - only the long starting time and nearly doing "nothing" for
about 30 Seconds makes me fast checking all running processes and shutdown the machine asap.

By the way: On the old website the other download-link is dead to mega, further more, most google
searches to the forum opening post - so this thread needs immidiatly disabled or edited by an admin.

 

thanks for the heads up

[leger0]

Yes, I can confirm this too.
I have tried to find working windows wallet but no luck, only this one with exploit.

Finally I have managed to compiled wallet from the original source code.
If you need it you can find it here:
https://bitcointalk.org/index.php?topic=2125731.msg28783577#msg28783577

scanned with virus total:
https://www.virustotal.com/#/file-analysis/NTZhNTI0NTRiNDQ4Mjc4NGExYzRhYmVkM2NlOGUwZjA6MTUxNjc0NzIyNQ==