Bitcoin Forum
December 06, 2016, 12:20:41 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 [3]  All
  Print  
Author Topic: Attention! This address is stealing BTC now!  (Read 4734 times)
Chick
Member
**
Offline Offline

Activity: 70


View Profile
June 30, 2011, 10:33:41 PM
 #41

dban is a bit overkill if you just want to wipe the MBR and destroy data on a drive. A single zero pass would be fine Smiley Takes a hell of a lot less time!

It does have that option. I used the so called "least secure" option of a zero pass on a 100 gb HD and it took 2 hours max. Some of the erase options dban offers are insane.

Just use a linux liveCD and run:

DISCLAIMER: DO NOT "test" THESE COMMANDS ON A SYSTEM YOU DON'T WANT TO DESTROY!!!!!

dd if=/dev/zero of=/dev/sdX

where X is the device

Did this to a 1TB drive not long ago, took maybe 4 hours... maybe a little more.

You could also do a (psuedo)random data write with

dd if=/dev/urandom of=/dev/sda

Since we were talking about these rootkit viruses within the MBR.. If you just wanted to kill the MBR:

dd if=/dev/null of=/dev/sdX bs=446 count=1

and to remove both the MBR and the partition table (which you'd have to rebuild if you wanted to use the partitions again!):
dd if=/dev/null of=/dev/sdX bs=512 count=1

DISCLAIMER: DO NOT "test" THESE COMMANDS ON A SYSTEM YOU DON'T WANT TO DESTROY!!!!!

I'd imagine these rootkits would get back into the MBR as soon as windows boots again, so I don't think this would fix it without at least killing the processes/services which it depends on in windows.

Interesting virus.. very nasty Sad I'm gonna do some checking on all my systems. Guess its perfectly possible that poeple are losing their wallets to this rootkit/botnet - they could easily send a command to the infected machines to search for wallet.dat and send email/send it somewhere. Obviously I'm just guessing! But AFAIK you could end up infected just by visiting the wrong website :/



Dude, I hate you so much! It totally wiped out my computer!

1481026841
Hero Member
*
Offline Offline

Posts: 1481026841

View Profile Personal Message (Offline)

Ignore
1481026841
Reply with quote  #2

1481026841
Report to moderator
1481026841
Hero Member
*
Offline Offline

Posts: 1481026841

View Profile Personal Message (Offline)

Ignore
1481026841
Reply with quote  #2

1481026841
Report to moderator
1481026841
Hero Member
*
Offline Offline

Posts: 1481026841

View Profile Personal Message (Offline)

Ignore
1481026841
Reply with quote  #2

1481026841
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
PCRon
Jr. Member
*
Offline Offline

Activity: 46


View Profile
July 01, 2011, 01:39:30 AM
 #42

my client sent 0.46 btc to this address today.. by itself.
im on win7x64 with latest updates, scanned the whole pc, checked open ports and autoruns.. and nothing.

i need help cus this is serious, if my antivirus and 4 anti-troyan apps say my windows is clean and it clearly isnt, there is something wrong.

Try MS System Sweeper

http://connect.microsoft.com/systemsweeper

I have run it on a number of computers at the office and home.  I have seen reports of people finding Root Kits (RKs) that normal AV is not picking up.  You burn it to a CD and boot from the CD.
nakowa
Member
**
Offline Offline

Activity: 82


View Profile
July 01, 2011, 03:39:27 AM
 #43

http://blockexplorer.com/address/1Go93RSbJ5Ky8poq1NA9eWKfxPd55vKVos

This address was stolen, sent 15Afx45asCysyNd9HE7xeZTkzLgDq2JCEx 94.83BTC.

Stealing is going on...
Pages: « 1 2 [3]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!