I've been hacked, and now I'm screwed (Can anyone help with a loan?)

[nwfella]

Oh yeah.  Forgot to add that part too.  No stress on timeline getting it back here either

[heads4tailz]

We could start a gamble-gang for you? everybody just bet .5 :X

[DobZombie]

Oh yeah.  Forgot to add that part too.  No stress on timeline getting it back here either

I would be able to provide you with a loan of 0.50 btc
Since these are special circumstances, you can take as much time as you want to pay me back, and I do not want any interest.

I am moving some coins right now, but when everything is confirmed, I will send the 0.50 btc to you.

Edit: I will send when you confirm this is ok for you.

Thank you so much guys!  You got no idea how much every little bit helps

Once loaned I'll pop it on the front page with status etc

[DobZombie]

We could start a gamble-gang for you? everybody just bet .5 :X

Whats a gamble gang, it sounds interesting!

[waterpile]

14 BTC big amount. wish you can get back again

[noellajean]

Oh yeah.  Forgot to add that part too.  No stress on timeline getting it back here either

I would be able to provide you with a loan of 0.50 btc
Since these are special circumstances, you can take as much time as you want to pay me back, and I do not want any interest.

I am moving some coins right now, but when everything is confirmed, I will send the 0.50 btc to you.

Edit: I will send when you confirm this is ok for you.

Insert sappy, girly quote here....

Thank you guys, you both rock 

[eternalgloom]

0.5 BTC sent to 17uWCajedEVHJgds2Fzm752By1YVG4wPN2

https://blockchain.info/tx/09a0ed294ee21836a8610a4dbb80cc4a871fb87b8297105801bf464ec1db4ab8

[DobZombie]

Then transferred a file that I've identified as a Trojan. I think I may have tracked it on to the secure pc.

I am sorry for your loss.

And if you can upload and send me that file via PM i could know who is behind that hack.

Here is a link to the file
WARNING! TROJAN! WARNING! TROJAN! WARNING! TROJAN!
http://wikisend.com/download/420034/svchost.exe
WARNING! TROJAN! WARNING! TROJAN! WARNING! TROJAN!

It's an extractable archive

[S4VV4S]

Correct me if I am wrong but svchost.exe is actually a windows file.

You have mentioned windows defender before and I am pretty sure that windows defender uses svchost.exe

Perhaps it was infected?

[0xAli]

Correct me if I am wrong but svchost.exe is actually a windows file.

You have mentioned windows defender before and I am pretty sure that windows defender uses svchost.exe

Perhaps it was infected?

The original service host (svchost) file is legit and it's signed by microsoft. and to make malicious files less suspicious hackers sometimes rename their files to match legit ones. So if you see it outside C:\Windows\System32 then that's not the real one.

In this case svchost acts like an archive file (zip or rar) and it's self extracting 3 files: dialected.exe, file.bin, and "Nuevo imagen de mapa de bits.bmp"
"Nuevo imagen de mapa de bits" is the translation of "New bitmap image" in spanish.

I am not sure the dialected.exe file is malicious, it's tagged by two antivirus engines but i can't analyze it, it keeps crashing inside the virtual machine.

[S4VV4S]

Correct me if I am wrong but svchost.exe is actually a windows file.

You have mentioned windows defender before and I am pretty sure that windows defender uses svchost.exe

Perhaps it was infected?

The original service host (svchost) file is legit and it's signed by microsoft. and to make malicious files less suspicious hackers sometimes rename their files to match legit ones. So if you see it outside C:\Windows\System32 then that's not the real one.

In this case svchost acts like an archive file (zip or rar) and it's self extracting 3 files: dialected.exe, file.bin, and "Nuevo imagen de mapa de bits.bmp"
"Nuevo imagen de mapa de bits" is the translation of "New bitmap image" in spanish.

I am not sure the dialected.exe file is malicious, it's tagged by two antivirus engines but i can't analyze it, it keeps crashing inside the virtual machine.

So could this be a weakness on windows defender?
Not being able to block malicious software?

[0xAli]

So could this be a weakness on windows defender?
Not being able to block malicious software?

Windows defender doesn't protect you from all bad things http://thenextweb.com/microsoft/2012/11/09/windows-8-protected-from-85-of-malware-detected-in-the-past-six-months-right-out-the-box/
And that's not only windows defender, you shouldn't rely on anti-virus software to fully protect you anyway, they do some protection but it's not 100% secure.
The senior vice president for information security of Symantec (who make Norton antivirus) said that antivirus is dead, it's not as good as it used to be, antivirus did get better but so did the malicious hackers.

Nothing can protect you against bad behavior like willingly downloading and executing an exe.

[byt411]

Correct me if I am wrong but svchost.exe is actually a windows file.

You have mentioned windows defender before and I am pretty sure that windows defender uses svchost.exe

Perhaps it was infected?

The original service host (svchost) file is legit and it's signed by microsoft. and to make malicious files less suspicious hackers sometimes rename their files to match legit ones. So if you see it outside C:\Windows\System32 then that's not the real one.

In this case svchost acts like an archive file (zip or rar) and it's self extracting 3 files: dialected.exe, file.bin, and "Nuevo imagen de mapa de bits.bmp"
"Nuevo imagen de mapa de bits" is the translation of "New bitmap image" in spanish.

I am not sure the dialected.exe file is malicious, it's tagged by two antivirus engines but i can't analyze it, it keeps crashing inside the virtual machine.

This basically means that the hacker is Spanish, or at least speaks spanish. We're onto something.
If we can get some IPs that would be useful.

[0xAli]

This basically means that the hacker is Spanish, or at least speaks spanish. We're onto something.
If we can get some IPs that would be useful.

Not particularly, there is other Spanish speaking countries.
It would help greatly to know where is the file originated from. Link/forum/email etc.

[DobZombie]

Nothing can protect you against bad behavior like willingly downloading and executing an exe.

Perhaps I should clarify.

I have no idea where the original Trojan on my PC came from. I'll list what happened once they got into my laptop.

They got into teamviewer.

they then went to
http://69.31.136.5/defaults/sendspace-pop.html
then went
http://aff.trafficjmp.com/geo/preset/162/1/0/0
Then went to some of my bookmarks
then went to
https://www.sendspace.com/file/cwyxow
which downloaded said trojan.

at about the same time they went to my website's provider and uploaded via FTP

A few minutes ago, our anti-virus scanner reported that a malicious file has
been uploaded to your 1&1 webspace.
WARNING thebitcoinmuseum.com/coinwidget/404.php WARNING

They told me that it came from IP 119.81.27.176

That's all I have so far...

[DobZombie]

So far Noella and I have received loans from...
Kind words & Support have come flooding in!
So far Noella & I have received...
nwfella BTC0.02 @ 0% Interest (thx buddy )
bigtimespaghetti BTC0.10 @ 0% Interest (you the man! )
eternalgloom BTC0.50 @ 0% Interest (I could kiss you on the mouth!  )

I'd like to take the opportunity to thank you guys so very much.  I knew the community would help me out!  It's not 14BTC, but it's a fucking great start

Thanks again guys 

[Fuserleer]

I've posted in the other thread my offer to help.

[jonald_fyookball]

So far Noella and I have received loans from...
Kind words & Support have come flooding in!
So far Noella & I have received...
nwfella BTC0.02 @ 0% Interest (thx buddy )
bigtimespaghetti BTC0.10 @ 0% Interest (you the man! )
eternalgloom BTC0.50 @ 0% Interest (I could kiss you on the mouth!  )

I'd like to take the opportunity to thank you guys so very much.  I knew the community would help me out!  It's not 14BTC, but it's a fucking great start

Thanks again guys 

My .5 BTC loan offer is still on the table as well.  0% interest.

[DobZombie]

My .5 BTC loan offer is still on the table as well.  0% interest.

I thought I PM'd you?  Maybe I just accidentally solicited a random bitcointalk user

I will take you up on your offer Jonald. thanks 

[carpetbagger]

Kind words & Support have come flooding in!
So far Noella & I have received...
nwfella BTC0.02 @ 0% Interest (thx buddy )
bigtimespaghetti BTC0.10 @ 0% Interest (you the man! )
eternalgloom BTC0.50 @ 0% Interest (I could kiss you on the mouth!  )

Hi Dob. Did you get my PM? I'm a little confused because you didn't reply, but the 0.1 btc was from me.