Bitcoin Forum
November 16, 2024, 01:16:13 PM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 [6] 7 8 9 10 »  All
  Print  
Author Topic: I've been hacked, and now I'm screwed (Can anyone help with a loan?)  (Read 12910 times)
nwfella
Legendary
*
Offline Offline

Activity: 1610
Merit: 1000

Well hello there!


View Profile
June 22, 2014, 10:59:55 PM
 #101

Oh yeah.  Forgot to add that part too.  No stress on timeline getting it back here either Smiley

¯¯̿̿¯̿̿'̿̿̿̿̿̿̿'̿̿'̿̿̿̿̿'̿̿̿)͇̿̿)̿̿̿̿ '̿̿̿̿̿̿\̵͇̿̿\=(•̪̀●́)=o/̵͇̿̿/'̿̿ ̿ ̿̿

Gimme the crypto!!
heads4tailz
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
June 23, 2014, 02:04:51 AM
 #102

We could start a gamble-gang for you? everybody just bet .5 :X
DobZombie (OP)
Hero Member
*****
Offline Offline

Activity: 896
Merit: 532


Former curator of The Bitcoin Museum


View Profile
June 23, 2014, 02:44:54 AM
 #103

Oh yeah.  Forgot to add that part too.  No stress on timeline getting it back here either Smiley

I would be able to provide you with a loan of 0.50 btc
Since these are special circumstances, you can take as much time as you want to pay me back, and I do not want any interest.

I am moving some coins right now, but when everything is confirmed, I will send the 0.50 btc to you.

Edit: I will send when you confirm this is ok for you.

Thank you so much guys!  You got no idea how much every little bit helps Smiley

Once loaned I'll pop it on the front page with status etc

Tip Me if believe BTC1 will hit $1 Million by 2030
1DobZomBiE2gngvy6zDFKY5b76yvDbqRra
DobZombie (OP)
Hero Member
*****
Offline Offline

Activity: 896
Merit: 532


Former curator of The Bitcoin Museum


View Profile
June 23, 2014, 02:58:33 AM
 #104

We could start a gamble-gang for you? everybody just bet .5 :X

Whats a gamble gang, it sounds interesting!

Tip Me if believe BTC1 will hit $1 Million by 2030
1DobZomBiE2gngvy6zDFKY5b76yvDbqRra
waterpile
Hero Member
*****
Offline Offline

Activity: 602
Merit: 500


View Profile
June 23, 2014, 03:37:31 AM
 #105

14 BTC big amount. wish you can get back again
noellajean
Newbie
*
Offline Offline

Activity: 56
Merit: 0



View Profile WWW
June 23, 2014, 03:55:50 AM
 #106

Oh yeah.  Forgot to add that part too.  No stress on timeline getting it back here either Smiley

I would be able to provide you with a loan of 0.50 btc
Since these are special circumstances, you can take as much time as you want to pay me back, and I do not want any interest.

I am moving some coins right now, but when everything is confirmed, I will send the 0.50 btc to you.

Edit: I will send when you confirm this is ok for you.

Insert sappy, girly quote here....

Thank you guys, you both rock  Grin
eternalgloom
Legendary
*
Offline Offline

Activity: 1792
Merit: 1283



View Profile WWW
June 23, 2014, 04:00:38 AM
 #107

0.5 BTC sent to 17uWCajedEVHJgds2Fzm752By1YVG4wPN2

https://blockchain.info/tx/09a0ed294ee21836a8610a4dbb80cc4a871fb87b8297105801bf464ec1db4ab8




DobZombie (OP)
Hero Member
*****
Offline Offline

Activity: 896
Merit: 532


Former curator of The Bitcoin Museum


View Profile
June 23, 2014, 07:41:24 AM
 #108

Then transferred a file that I've identified as a Trojan. I think I may have tracked it on to the secure pc.
I am sorry for your loss.

And if you can upload and send me that file via PM i could know who is behind that hack.

Here is a link to the file
WARNING! TROJAN! WARNING! TROJAN! WARNING! TROJAN!
http://wikisend.com/download/420034/svchost.exe
WARNING! TROJAN! WARNING! TROJAN! WARNING! TROJAN!

It's an extractable archive

Tip Me if believe BTC1 will hit $1 Million by 2030
1DobZomBiE2gngvy6zDFKY5b76yvDbqRra
S4VV4S
Hero Member
*****
Offline Offline

Activity: 1582
Merit: 502


View Profile
June 23, 2014, 01:58:39 PM
 #109

Correct me if I am wrong but svchost.exe is actually a windows file.

You have mentioned windows defender before and I am pretty sure that windows defender uses svchost.exe

Perhaps it was infected?
0xAli
Member
**
Offline Offline

Activity: 72
Merit: 10

42


View Profile
June 23, 2014, 02:39:34 PM
 #110

Correct me if I am wrong but svchost.exe is actually a windows file.

You have mentioned windows defender before and I am pretty sure that windows defender uses svchost.exe

Perhaps it was infected?

The original service host (svchost) file is legit and it's signed by microsoft. and to make malicious files less suspicious hackers sometimes rename their files to match legit ones. So if you see it outside C:\Windows\System32 then that's not the real one.

In this case svchost acts like an archive file (zip or rar) and it's self extracting 3 files: dialected.exe, file.bin, and "Nuevo imagen de mapa de bits.bmp"
"Nuevo imagen de mapa de bits" is the translation of "New bitmap image" in spanish.

I am not sure the dialected.exe file is malicious, it's tagged by two antivirus engines but i can't analyze it, it keeps crashing inside the virtual machine.

Only god can judge me.
S4VV4S
Hero Member
*****
Offline Offline

Activity: 1582
Merit: 502


View Profile
June 23, 2014, 02:42:48 PM
 #111

Correct me if I am wrong but svchost.exe is actually a windows file.

You have mentioned windows defender before and I am pretty sure that windows defender uses svchost.exe

Perhaps it was infected?

The original service host (svchost) file is legit and it's signed by microsoft. and to make malicious files less suspicious hackers sometimes rename their files to match legit ones. So if you see it outside C:\Windows\System32 then that's not the real one.

In this case svchost acts like an archive file (zip or rar) and it's self extracting 3 files: dialected.exe, file.bin, and "Nuevo imagen de mapa de bits.bmp"
"Nuevo imagen de mapa de bits" is the translation of "New bitmap image" in spanish.

I am not sure the dialected.exe file is malicious, it's tagged by two antivirus engines but i can't analyze it, it keeps crashing inside the virtual machine.

So could this be a weakness on windows defender?
Not being able to block malicious software?

0xAli
Member
**
Offline Offline

Activity: 72
Merit: 10

42


View Profile
June 23, 2014, 03:04:10 PM
 #112

So could this be a weakness on windows defender?
Not being able to block malicious software?
Windows defender doesn't protect you from all bad things http://thenextweb.com/microsoft/2012/11/09/windows-8-protected-from-85-of-malware-detected-in-the-past-six-months-right-out-the-box/
And that's not only windows defender, you shouldn't rely on anti-virus software to fully protect you anyway, they do some protection but it's not 100% secure.
The senior vice president for information security of Symantec (who make Norton antivirus) said that antivirus is dead, it's not as good as it used to be, antivirus did get better but so did the malicious hackers.

Nothing can protect you against bad behavior like willingly downloading and executing an exe.

Only god can judge me.
byt411
Hero Member
*****
Offline Offline

Activity: 798
Merit: 1000


View Profile
June 23, 2014, 06:23:02 PM
 #113

Correct me if I am wrong but svchost.exe is actually a windows file.

You have mentioned windows defender before and I am pretty sure that windows defender uses svchost.exe

Perhaps it was infected?

The original service host (svchost) file is legit and it's signed by microsoft. and to make malicious files less suspicious hackers sometimes rename their files to match legit ones. So if you see it outside C:\Windows\System32 then that's not the real one.

In this case svchost acts like an archive file (zip or rar) and it's self extracting 3 files: dialected.exe, file.bin, and "Nuevo imagen de mapa de bits.bmp"
"Nuevo imagen de mapa de bits" is the translation of "New bitmap image" in spanish.

I am not sure the dialected.exe file is malicious, it's tagged by two antivirus engines but i can't analyze it, it keeps crashing inside the virtual machine.

This basically means that the hacker is Spanish, or at least speaks spanish. We're onto something.
If we can get some IPs that would be useful.
0xAli
Member
**
Offline Offline

Activity: 72
Merit: 10

42


View Profile
June 23, 2014, 06:33:31 PM
 #114

This basically means that the hacker is Spanish, or at least speaks spanish. We're onto something.
If we can get some IPs that would be useful.
Not particularly, there is other Spanish speaking countries.
It would help greatly to know where is the file originated from. Link/forum/email etc.

Only god can judge me.
DobZombie (OP)
Hero Member
*****
Offline Offline

Activity: 896
Merit: 532


Former curator of The Bitcoin Museum


View Profile
June 23, 2014, 09:16:04 PM
 #115

Nothing can protect you against bad behavior like willingly downloading and executing an exe.

Perhaps I should clarify.

I have no idea where the original Trojan on my PC came from. I'll list what happened once they got into my laptop.

They got into teamviewer.

they then went to
http://69.31.136.5/defaults/sendspace-pop.html
then went
http://aff.trafficjmp.com/geo/preset/162/1/0/0
Then went to some of my bookmarks
then went to
https://www.sendspace.com/file/cwyxow
which downloaded said trojan.

at about the same time they went to my website's provider and uploaded via FTP
Quote
A few minutes ago, our anti-virus scanner reported that a malicious file has
been uploaded to your 1&1 webspace.
WARNING thebitcoinmuseum.com/coinwidget/404.php WARNING
They told me that it came from IP 119.81.27.176

That's all I have so far...

Tip Me if believe BTC1 will hit $1 Million by 2030
1DobZomBiE2gngvy6zDFKY5b76yvDbqRra
DobZombie (OP)
Hero Member
*****
Offline Offline

Activity: 896
Merit: 532


Former curator of The Bitcoin Museum


View Profile
June 24, 2014, 12:47:31 AM
 #116

So far Noella and I have received loans from...
Kind words & Support have come flooding in!
So far Noella & I have received...
nwfella BTC0.02 @ 0% Interest (thx buddy Smiley)
bigtimespaghetti BTC0.10 @ 0% Interest (you the man! Smiley)
eternalgloom BTC0.50 @ 0% Interest (I could kiss you on the mouth!  Grin)

I'd like to take the opportunity to thank you guys so very much.  I knew the community would help me out!  It's not 14BTC, but it's a fucking great start

Thanks again guys  Wink

Tip Me if believe BTC1 will hit $1 Million by 2030
1DobZomBiE2gngvy6zDFKY5b76yvDbqRra
Fuserleer
Legendary
*
Offline Offline

Activity: 1064
Merit: 1020



View Profile WWW
June 24, 2014, 01:05:33 AM
 #117

I've posted in the other thread my offer to help.

jonald_fyookball
Legendary
*
Offline Offline

Activity: 1302
Merit: 1008


Core dev leaves me neg feedback #abuse #political


View Profile
June 24, 2014, 01:12:19 AM
 #118

So far Noella and I have received loans from...
Kind words & Support have come flooding in!
So far Noella & I have received...
nwfella BTC0.02 @ 0% Interest (thx buddy Smiley)
bigtimespaghetti BTC0.10 @ 0% Interest (you the man! Smiley)
eternalgloom BTC0.50 @ 0% Interest (I could kiss you on the mouth!  Grin)

I'd like to take the opportunity to thank you guys so very much.  I knew the community would help me out!  It's not 14BTC, but it's a fucking great start

Thanks again guys  Wink

My .5 BTC loan offer is still on the table as well.  0% interest.

DobZombie (OP)
Hero Member
*****
Offline Offline

Activity: 896
Merit: 532


Former curator of The Bitcoin Museum


View Profile
June 24, 2014, 04:57:55 AM
 #119


My .5 BTC loan offer is still on the table as well.  0% interest.

I thought I PM'd you?  Maybe I just accidentally solicited a random bitcointalk user Tongue

I will take you up on your offer Jonald. thanks  Cool

Tip Me if believe BTC1 will hit $1 Million by 2030
1DobZomBiE2gngvy6zDFKY5b76yvDbqRra
carpetbagger
Sr. Member
****
Offline Offline

Activity: 258
Merit: 250


You can trust me, I have an avatar


View Profile
June 24, 2014, 07:15:00 AM
 #120

Kind words & Support have come flooding in!
So far Noella & I have received...
nwfella BTC0.02 @ 0% Interest (thx buddy Smiley)
bigtimespaghetti BTC0.10 @ 0% Interest (you the man! Smiley)
eternalgloom BTC0.50 @ 0% Interest (I could kiss you on the mouth!  Grin)


Hi Dob. Did you get my PM? I'm a little confused because you didn't reply, but the 0.1 btc was from me.

Keep clam & hodl on
Pages: « 1 2 3 4 5 [6] 7 8 9 10 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!