ChainSaur - Virus detected on their Wallet + possible bumping service

[holydarkness]

What happened: Wallet scan comes with some red flags

Scammer profile: https://bitcointalk.org/index.php?action=profile;u=1038373
Announcement thread: https://bitcointalk.org/index.php?topic=5275064.0
Archive: https://archive.is/F4wFo
Suspected wallet link: https://github.com/chainsaur-project/Chainsaur-Wallet/releases/download/1.1.0/chainsaur-gui-w1.1.0-windows.msi
Scan result: https://www.virustotal.com/gui/file/81f6dafca3ab9dced3b4e35d131bf7945635f50cef633f16bb30d73158a6dc88/detection
Screenshot of scanned result:


Other than that, their thread is likely using bumping service as the posts that filled their thread mainky came from two users. Xandry had highlighted this issue

osyduck and podlodkin are you both from some bumping service or connected with topic starter? Every stupid question that you asked can be easily found on their website.

@podlodkin ^ see link above .. stop deleting my messages, this is a shit launch

32. Posting multiple posts in a row (excluding bumps and reserved posts by the thread starter) is not allowed.

[1715067663]

1715067663

[1715067663]

1715067663

[1715067663]

1715067663

[nutildah]

Good find. I verified the file in VirusTotal for myself and came up with the same thing you did.

I have tagged the OP and his 2 bumper accounts. Also reported to the mods. If I'm not mistaken the thread will probably be removed shortly.

[narghat]

the wallet file is virus-free. take the original turtlecoin wallet and see for yourself
https://github.com/turtlecoin/turtle-wallet-go/releases/tag/0.14

[logfiles]

the wallet file is virus-free. take the original turtlecoin wallet and see for yourself
https://github.com/turtlecoin/turtle-wallet-go/releases/tag/0.14

What does your wallet have to do with turtle coin or their wallet? That shouldn't be an excuse. Simply explain why a number of Antivirus engines in VirusTotal are displaying positive results of a possibility of your wallet being infected with malware.

You also did not answer this member's question.

Humm. While the wallet was running I got.

Detected Backdoor:W32/QuasarRAT.A

This program provides remote access to the computer it is installed on.

Users\user\AppData\Roaming\odn.exe

Coincidence or shady wallet??

[DaveF]

the wallet file is virus-free. take the original turtlecoin wallet and see for yourself
https://github.com/turtlecoin/turtle-wallet-go/releases/tag/0.14

1) What logfiles said
2) Yeah, it's a virus: https://www.hybrid-analysis.com/sample/81f6dafca3ab9dced3b4e35d131bf7945635f50cef633f16bb30d73158a6dc88

And look a profile that was inactive since 2018 comes back and posts an infected wallet.

-Dave

[narghat]

Labeled as: Win64/CoinMiner.GG potentially unwanted 
Are you seriously ? haha

[nutildah]

Labeled as: Win64/CoinMiner.GG potentially unwanted 
Are you seriously ? haha

That's one of two items -- you've been avoiding addressing the second:

QuasarRAT.A

You also did not answer this member's question.

Humm. While the wallet was running I got.

Detected Backdoor:W32/QuasarRAT.A

This program provides remote access to the computer it is installed on.

Users\user\AppData\Roaming\odn.exe

Coincidence or shady wallet??

Hope you didn't pay too much for your account as it will be banned shortly.

[narghat]

Labeled as: Win64/CoinMiner.GG potentially unwanted  
Are you seriously ? haha

That's one of two items -- you've been avoiding addressing the second:

QuasarRAT.A

You also did not answer this member's question.

Humm. While the wallet was running I got.

Detected Backdoor:W32/QuasarRAT.A

has nothing to do with us, check your computer for viruses

[nutildah]

has nothing to do with us, check your computer for viruses

Also detected by VirusTotal:

TrojanPSW.Python

Trojan-PSW programs are designed to steal user account information such as logins and passwords from infected computers. PSW is an acronym of Password Stealing Ware.

When launched, a PSW Trojan searches system files which store a range of confidential data or the registry. If such data is found, the Trojan sends it to its “master.” Email, FTP, the web (including data in a request), or other methods may be used to transit the stolen data.

https://encyclopedia.kaspersky.com/knowledge/trojan-psw/

You got caught. There's nothing more to say.

[logfiles]

Labeled as: Win64/CoinMiner.GG potentially unwanted 
Are you seriously ? haha

But you are handpicking only what one AV engine has detected (coinminer.GG which I am also aware is common with crypto wallets and mining software) but how about Trojan which seems to be consistent in the other 4 AV engines?