|
Mowcore
|
 |
November 14, 2013, 11:07:51 AM |
|
fine, ignore my blatant warnings people!
|
✰Humble Weekly Bundle.✰Pay What You Want. Redeem on Steam. Support charity. Pay with BTCitcoin now!✰--> Paypal 
|
|
|
|
|
|
"You Asked For Change, We Gave You Coins" -- casascius
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
lonesoul
|
|
November 14, 2013, 11:12:00 AM |
|
fine, ignore my blatant warnings people!
I didnt ignore your warnings... i have no bluescreen, no signs of your problem on my machine, no signs of the process you talk about. scanned all the files with Malwarebytes and Sophos, couldnt find anything dodgy going on. if i were you i would scan your machine and look for another possible source. its a long shot but the timing could of been coincidental (as i said a long shot but you never know) |
Please click this link-> https://mcxnow.com/?r=Stuartnorth (The link is a referral link, it costs you nothing, but provides a little bonus for me if you click through to the site. Please help feed my baby. Thanks :-) ) |
|
|
|
Mowcore
|
|
November 14, 2013, 11:21:56 AM |
|
My system was fine and is now fine. My laptop was fine (the machine i tried it on) and is now fine, once I removed the included .dll that somehow ran a autoit v3 script. Everything is ok now, I tried it on my test machine and it failed the....test. Have fun mining THC, I am gonna have fun smoking it!
|
✰Humble Weekly Bundle.✰Pay What You Want. Redeem on Steam. Support charity. Pay with BTCitcoin now!✰--> Paypal
|
|
|
Grogorash (OP)
Newbie
 Offline
Activity: 29
Merit: 0
|
|
November 14, 2013, 11:29:06 AM |
|
cant get any connections... so cant sync >.<
Anyone got a node?
Try yo sinc now My system was fine and is now fine. My laptop was fine (the machine i tried it on) and is now fine, once I removed the included .dll that somehow ran a fake svhost.exe which was really a autoit v3 script. Everything is ok now, I tried it on my test machine and it failed the....test. Have fun mining THC, I am gonna have fun smoking it!
Lol ... Stop smoke |
|
|
|
|
|
Mowcore
|
|
November 14, 2013, 11:32:22 AM |
|
You released a coin called THC with a big skunk leaf as your coin logo and your telling me to "stop smoke".
haha
No, really, good luck with the coin.
|
✰Humble Weekly Bundle.✰Pay What You Want. Redeem on Steam. Support charity. Pay with BTCitcoin now!✰--> Paypal
|
|
|
|
lonesoul
|
|
November 14, 2013, 11:33:12 AM |
|
My system was fine and is now fine. My laptop was fine (the machine i tried it on) and is now fine, once I removed the included .dll that somehow ran a autoit v3 script. Everything is ok now, I tried it on my test machine and it failed the....test. Have fun mining THC, I am gonna have fun smoking it!
have fun :-) im at work so can spark anything up for a few more hours :-( Also its now syncing (still no sign of any horribleness ^.^) |
Please click this link-> https://mcxnow.com/?r=Stuartnorth (The link is a referral link, it costs you nothing, but provides a little bonus for me if you click through to the site. Please help feed my baby. Thanks :-) ) |
|
|
|
Mowcore
|
|
November 14, 2013, 11:42:04 AM |
|
My system was fine and is now fine. My laptop was fine (the machine i tried it on) and is now fine, once I removed the included .dll that somehow ran a autoit v3 script. Everything is ok now, I tried it on my test machine and it failed the....test. Have fun mining THC, I am gonna have fun smoking it!
have fun :-) im at work so can spark anything up for a few more hours :-( Also its now syncing (still no sign of any horribleness ^.^) Haha thanks, hope those 3 hours go quick!. Can you just check something for me though, ctrl alt delete and tell me if you see autoit script v3 running, cause it loads when you click the "thecoin.exe" and it tells you the dll's are missing. So it's not the dll's, I apologise for that error. Why would a script load when the .exe does not load due to missing dll's?. Yes, I tried this on a 2nd laptop. I can try on a 3rd and 4th, for science. |
✰Humble Weekly Bundle.✰Pay What You Want. Redeem on Steam. Support charity. Pay with BTCitcoin now!✰--> Paypal
|
|
|
|
lonesoul
|
|
November 14, 2013, 11:53:48 AM |
|
did as requested, no signs of it under Processes/Applications/tasks/services
the exe is currently running and cant see any signs of AutoIt anywhere >.<
Just out of interest when did you download wallet, i wonder if maybe the download you got was editted in some way after it was uploaded (how big was the download mine was 9,452kb in zipped form, the exe is 3,427kb unzipped)
on another issue, the wallet has now synced to 06:04:50 this morning and wont go anything further...
also it has synced to block 12655.... which would imply with a 2 minute block time that there has been mining going on for 17.5 days... (someone please check the math on that .... for some reason my brain failed to function part way through doing the sums.)
sooooooo it looks like we might not of been given all the info in the first post... So until the mysterous 12655 blocks are eplained ill be removing everything from the machine as it looks like its not legit
buuuuuuut if there's a perfect explanation for the blocks ill stick it back on ^.^
|
Please click this link-> https://mcxnow.com/?r=Stuartnorth (The link is a referral link, it costs you nothing, but provides a little bonus for me if you click through to the site. Please help feed my baby. Thanks :-) ) |
|
|
JanPaull
Newbie
Offline
Activity: 18
Merit: 0
|
|
November 14, 2013, 11:55:41 AM |
|
nothing for me, it's ok and it works
|
|
|
|
|
breezeblock
Newbie
Offline
Activity: 7
Merit: 0
|
|
November 14, 2013, 11:57:37 AM |
|
how did u fix the blu screen?
|
|
|
|
|
|
Mowcore
|
|
November 14, 2013, 12:00:33 PM |
|
did as requested, no signs of it under Processes/Applications/tasks/services
the exe is currently running and cant see any signs of AutoIt anywhere >.<
Just out of interest when did you download wallet, i wonder if maybe the download you got was editted in some way after it was uploaded (how big was the download mine was 9,452kb in zipped form, the exe is 3,427kb unzipped)
It's the same size zipped, 9,452KB. Sorry when I said check ctr alt delete/ task manager I forgot to say it's under processes. The image name is svhost.exe and the description is Autoit v 3 script. It hops all over the place. |
✰Humble Weekly Bundle.✰Pay What You Want. Redeem on Steam. Support charity. Pay with BTCitcoin now!✰--> Paypal
|
|
|
|
lonesoul
|
|
November 14, 2013, 03:17:04 PM |
|
did as requested, no signs of it under Processes/Applications/tasks/services
the exe is currently running and cant see any signs of AutoIt anywhere >.<
Just out of interest when did you download wallet, i wonder if maybe the download you got was editted in some way after it was uploaded (how big was the download mine was 9,452kb in zipped form, the exe is 3,427kb unzipped)
It's the same size zipped, 9,452KB. Sorry when I said check ctr alt delete/ task manager I forgot to say it's under processes. The image name is svhost.exe and the description is Autoit v 3 script. It hops all over the place. Hey hey, With the Svchost.exe clue i have also discovered i have the script running, Got the bluescreen on first attempt to access the process location. On reboot the process is still running, Killing the process also caused a bluescreen (no bluescreen for 5 odd years then 2 in 5 minutes! awesome! lol) anyway, on reboot jumped in to Safemode, deleted everything that was added to the machine today, foudn copies of the .Dll files in one of my other legitimate wallets and copied those over the .Dlls that were added to the syswow folder. (odd thing i found here! All the created times for the legitimate Dlls were created exactly 1 hour before the dodgy ones, which would imply if the dlls are in-fact dodgy and were edited by the coin creator he did it so that they look very much like the real ones, except he is in a different time zone to me. (although this is just speculation ^.^) rebooted back into normal mode no signs of the process running any more, but will be reinstalling loads of antivirus/malware tools tonight to do a complete disinfect. but on first glance it doesn't look like it has done anything horrible all the wallets i have left on the machine are from dead or dying coins and the contents of them doesn't seem to have changed. (I dont actually keep wallets for bitcoin/litecoin/Prime etc on internet facing machines, but recently i have been considering it! after this ill leave them on the USB stick and just suffer the hassle of having to dig it out when ever i want to send coinage ^.^ ) Sooooo thanks for pointing out the process i didnt consider looking under the svchosts (which is dumb as i have seen things hide under there before! (sorry for doubting you ;-) ) On a good note though, I just discovered someone sent me 5.4 million Pennies ^.^ now all i need is for them to stop being worth only 0.00000002ltc >.< I forgot to mention, Anyone else scanning files with Sophos End Point protection or MalwareBytes, this script didnt show up at all in the results. Probably because its using http://www.autoitscript.com/site/ which appears to be a self contained program - my knowledge of programming languages is next to Zero so im assuming the reason it didnt show up is because they is realitively new? anyone that has used it before please let us know. thanking you :-) |
Please click this link-> https://mcxnow.com/?r=Stuartnorth (The link is a referral link, it costs you nothing, but provides a little bonus for me if you click through to the site. Please help feed my baby. Thanks :-) ) |
|
|
transit
Member
Offline
Activity: 85
Merit: 10
|
|
November 14, 2013, 05:18:51 PM |
|
pools?
|
|
|
|
|
|
lonesoul
|
|
November 15, 2013, 08:53:45 AM |
|
Right oh got the reply from Sophos about the submission i sent through.
It would appear this is a virus.
heres the results
Hello,
Thank you for contacting Sophos Technical Support.
**Please note that this is an automated response. If you have any questions, require assistance or clarification on this analysis, please feel free to reply to this email quoting this case number in the subject line.**
The file(s) submitted were malicious in nature and detection will be available on the Sophos Databank shortly.
mingwm10.dll -- clean
libstdc__-6.dll -- clean
libgcc_s_dw2-1.dll -- clean
QtGui4.dll -- clean
QtNetwork4.dll -- clean
libdb_cxx-4.8.dll -- non-malicious
thecoin.exe -- identity created/updated (New detection Troj/AutoIt-AAB)
Y3VUO5HYVD.exe -- clean
svchost.com -- clean
DC2135CED98D8A4D7C0CEE202BB0B8~ -- non-malicious
F5A17C00E427F919C4A49EEF5AD0EE~ -- non-malicious
94308059B57B3142E455B38A6EB920~ -- non-malicious
thecoin-qt.exe -- non-malicious
start.vbs -- non-malicious
start.cmd -- non-malicious
9137175.vbe -- non-malicious
63319.KYU -- non-malicious
46813.EHL -- non-malicious
4504992.VVP -- identity created/updated (New detection Troj/AutoIt-AAB)
start.lnk -- non-malicious
F5A17C00E427F919C4A49EEF5AD0EE~ -- non-malicious
DC2135CED98D8A4D7C0CEE202BB0B8~ -- non-malicious
94308059B57B3142E455B38A6EB920~ -- non-malicious
5C8DDA36D60247082B142836039F46~ -- non-malicious
5C8DDA36D60247082B142836039F46~ -- non-malicious
theCoin-qt.rar.zip -- archive file
theCoin-qt.rar -- archive file
QtCore4.dll -- non-malicious
soooo if you have downloaded this, get your PC cleaned up or risk the issues that come from viruses.
|
Please click this link-> https://mcxnow.com/?r=Stuartnorth (The link is a referral link, it costs you nothing, but provides a little bonus for me if you click through to the site. Please help feed my baby. Thanks :-) ) |
|
|
|
meeh
|
|
November 15, 2013, 09:50:00 AM |
|
Right oh got the reply from Sophos about the submission i sent through.
It would appear this is a virus.
heres the results
Hello,
Thank you for contacting Sophos Technical Support.
**Please note that this is an automated response. If you have any questions, require assistance or clarification on this analysis, please feel free to reply to this email quoting this case number in the subject line.**
The file(s) submitted were malicious in nature and detection will be available on the Sophos Databank shortly.
mingwm10.dll -- clean
libstdc__-6.dll -- clean
libgcc_s_dw2-1.dll -- clean
QtGui4.dll -- clean
QtNetwork4.dll -- clean
libdb_cxx-4.8.dll -- non-malicious
thecoin.exe -- identity created/updated (New detection Troj/AutoIt-AAB)
Y3VUO5HYVD.exe -- clean
svchost.com -- clean
DC2135CED98D8A4D7C0CEE202BB0B8~ -- non-malicious
F5A17C00E427F919C4A49EEF5AD0EE~ -- non-malicious
94308059B57B3142E455B38A6EB920~ -- non-malicious
thecoin-qt.exe -- non-malicious
start.vbs -- non-malicious
start.cmd -- non-malicious
9137175.vbe -- non-malicious
63319.KYU -- non-malicious
46813.EHL -- non-malicious
4504992.VVP -- identity created/updated (New detection Troj/AutoIt-AAB)
start.lnk -- non-malicious
F5A17C00E427F919C4A49EEF5AD0EE~ -- non-malicious
DC2135CED98D8A4D7C0CEE202BB0B8~ -- non-malicious
94308059B57B3142E455B38A6EB920~ -- non-malicious
5C8DDA36D60247082B142836039F46~ -- non-malicious
5C8DDA36D60247082B142836039F46~ -- non-malicious
theCoin-qt.rar.zip -- archive file
theCoin-qt.rar -- archive file
QtCore4.dll -- non-malicious
soooo if you have downloaded this, get your PC cleaned up or risk the issues that come from viruses.
Lol. Always check new coins for virus/trojans you download before launching them. Or better, compile them yourself. If you have launched it, it might be too late already. If you're coins are missing you know why  This is a financial world, and people would go far to steal from others. |
|
|
|
|
|
|
