NorrisK (OP)
Legendary
Offline
Activity: 1946
Merit: 1007
|
|
February 24, 2014, 08:28:05 PM |
|
Hi all,
I recently noticed that whenever I open a wallet on my pc, a file called bitcoinurl in the folder boost interprocess is created. Is this supposed to happen or could this be virus/trojan related?
I've always scanned doubtful wallets using virustotal, so I have a hard time believing this is malicious.
Could anyone please check there C:\ProgramData for a folder called boost interprocess? The file bitcoinurl is created whenever I open any wallet and is removed as soon as I close it.
Thanks!
|
|
|
|
|
|
|
Once a transaction has 6 confirmations, it is extremely unlikely that an attacker without at least 50% of the network's computation power would be able to reverse it.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
Amph
Legendary
Offline
Activity: 3206
Merit: 1069
|
|
February 24, 2014, 08:35:03 PM |
|
malwarebyte report it as a malicious, not the folder, i mean the file inside it when it is created
first time i found that was after installing rabbitcoin client
|
|
|
|
NorrisK (OP)
Legendary
Offline
Activity: 1946
Merit: 1007
|
|
February 24, 2014, 08:39:44 PM |
|
How did you get rid of it?
|
|
|
|
Amph
Legendary
Offline
Activity: 3206
Merit: 1069
|
|
February 24, 2014, 08:45:06 PM |
|
with malwarebyte, but now when i open ebt client, it will pop up again but without any files inside
|
|
|
|
NorrisK (OP)
Legendary
Offline
Activity: 1946
Merit: 1007
|
|
February 24, 2014, 08:57:19 PM |
|
with malwarebyte, but now when i open ebt client, it will pop up again but without any files inside
When I open a wallet and scan the file using virustotal it comes out clean.. Still not sure what to think
|
|
|
|
Amph
Legendary
Offline
Activity: 3206
Merit: 1069
|
|
February 24, 2014, 09:15:17 PM |
|
with malwarebyte, but now when i open ebt client, it will pop up again but without any files inside
When I open a wallet and scan the file using virustotal it comes out clean.. Still not sure what to think yeah, problaby a virus residual or other shit
|
|
|
|
NorrisK (OP)
Legendary
Offline
Activity: 1946
Merit: 1007
|
|
February 24, 2014, 11:43:44 PM |
|
thanks for the I.fo amph. anybody else has this folder/file?
|
|
|
|
NorrisK (OP)
Legendary
Offline
Activity: 1946
Merit: 1007
|
|
February 25, 2014, 04:04:11 PM |
|
Is there really nobody else that has this folder or knows more about it?
|
|
|
|
Nullu
|
|
February 25, 2014, 04:08:05 PM |
|
Have this folder as well but no idea what it's for.
My only guess is that it's to do with the boost c++ library, which doesn't automatically make it suspicious, but it does concern me that only some wallets seem to use it.
I did a full sweep and nothing came up. Various google searches haven't been too clear either.
|
BTC - 14kYyhhWZwSJFHAjNTtyhRVSu157nE92gF
|
|
|
NorrisK (OP)
Legendary
Offline
Activity: 1946
Merit: 1007
|
|
February 25, 2014, 04:18:07 PM |
|
Have this folder as well but no idea what it's for.
My only guess is that it's to do with the boost c++ library, which doesn't automatically make it suspicious, but it does concern me that only some wallets seem to use it.
I did a full sweep and nothing came up. Various google searches haven't been too clear either.
I did find that some wallets use a boost::interprocess code or something, I'll check some of the older coins as well to see if it shows up there as well. Looks to be something that is used for syncing the wallet, but better safe than sorry.
|
|
|
|
syyyn
|
|
February 26, 2014, 02:07:51 AM |
|
Same just happened with me when I was doing some system cleaning and I found this path C:\ProgramData\boost_interprocess\20140225072043.xxxxxxx\BitcoinURI and seems that this file contains machine code (correct me if im wrong) getting words such as "STX" "NUL" "BS" "SOH"
This was with Ultracoin by the way.
|
|
|
|
|