Amph
Legendary
 Offline
Activity: 3248
Merit: 1070
|
 |
August 05, 2014, 08:21:40 AM |
|
You know you can bind a trojan with the windows wallet then encrypt the new file with a crypter and create a Fully undetectable file.
Show up on virus total as clean being that the crypter is private and the stub is private, detecting it might take a week if not more.
Yes there are features with new trojans that can disable sandbox, hide itself from taskmanager, Anti-virus killer, Firewall killer, persistence and a bitch to remove.
And yes some trojans can bypass VMs.
If the wallet has a trojan/keylogger you'd probably never know until its too late, its pretty hard to find it and when opening the wallet the trojan or keylogger copies itself to a different location configured by the person spreading it.
Would be careful guys, and I would really trust members that registered a day or 2 ago defending the coin and claiming the file is clean when people are getting their coins stolen.
this is why you mine on pool and dump from there, anyway running somea ntivirus like malwarebytes will help you, instead of installing garbage stuff without any defende, bypassing a good firewall is very hard to do(even the windows firewall, check for yourself), you need a very good virus to do this, i don't think those dev can do it i've installed 200wallet, no virus has scratched me ever Like you i have antivirus. Also run many wallets like over 100 of them. Now for the first time i get a virus. Dont say it never happens to you!! yeah but i killed it with malwarebyte, i have never lost any coin due to a virus |
|
|
|
|
MysticalCockFungus
Member
Offline
Activity: 105
Merit: 10
|
|
August 05, 2014, 08:22:26 AM |
|
You know you can bind a trojan with the windows wallet then encrypt the new file with a crypter and create a Fully undetectable file.
Show up on virus total as clean being that the crypter is private and the stub is private, detecting it might take a week if not more.
Yes there are features with new trojans that can disable sandbox, hide itself from taskmanager, Anti-virus killer, Firewall killer, persistence and a bitch to remove.
And yes some trojans can bypass VMs.
If the wallet has a trojan/keylogger you'd probably never know until its too late, its pretty hard to find it and when opening the wallet the trojan or keylogger copies itself to a different location configured by the person spreading it.
Would be careful guys, and I would really trust members that registered a day or 2 ago defending the coin and claiming the file is clean when people are getting their coins stolen.
this is why you mine on pool and dump from there, anyway running somea ntivirus like malwarebytes will help you, instead of installing garbage stuff without any defende, bypassing a good firewall is very hard to do(even the windows firewall, check for yourself), you need a very good virus to do this, i don't think those dev can do it i've installed 200wallet, no virus has scratched me ever Read what smokim87 said, he is 100% correct. Depending on the price you want to pay (generally $100-$2000) you can buy crypters that have never been used before and therefore will remain undetected by any virus scanning/removal tool for a very long time (up to a year even). It doesnt take a genius hacker of a dev to pull something like this off, you can probably pay a hacker in a blackhat forum to compile the entire thing for ~$500. If you ran the wallet on your PC your best bet is to windows reinstall because chances are no software will detect it for a long time. |
|
|
|
|
madbit1000
|
|
August 05, 2014, 08:22:53 AM |
|
I am running malwarebytes now. But so far nothing found even though its still in the system. Still running.
|
You should not buy a warrant unless you are prepared to sustain a total loss of the money you have invested plus any commission or other transaction charges
|
|
|
Amph
Legendary
Offline
Activity: 3248
Merit: 1070
|
|
August 05, 2014, 08:29:17 AM
Last edit: August 05, 2014, 08:47:00 AM by Amph |
|
You know you can bind a trojan with the windows wallet then encrypt the new file with a crypter and create a Fully undetectable file.
Show up on virus total as clean being that the crypter is private and the stub is private, detecting it might take a week if not more.
Yes there are features with new trojans that can disable sandbox, hide itself from taskmanager, Anti-virus killer, Firewall killer, persistence and a bitch to remove.
And yes some trojans can bypass VMs.
If the wallet has a trojan/keylogger you'd probably never know until its too late, its pretty hard to find it and when opening the wallet the trojan or keylogger copies itself to a different location configured by the person spreading it.
Would be careful guys, and I would really trust members that registered a day or 2 ago defending the coin and claiming the file is clean when people are getting their coins stolen.
this is why you mine on pool and dump from there, anyway running somea ntivirus like malwarebytes will help you, instead of installing garbage stuff without any defende, bypassing a good firewall is very hard to do(even the windows firewall, check for yourself), you need a very good virus to do this, i don't think those dev can do it i've installed 200wallet, no virus has scratched me ever Read what smokim87 said, he is 100% correct. Depending on the price you want to pay (generally $100-$2000) you can buy crypters that have never been used before and therefore will remain undetected by any virus scanning/removal tool for a very long time (up to a year even). It doesnt take a genius hacker of a dev to pull something like this off, you can probably pay a hacker in a blackhat forum to compile the entire thing for ~$500. If you ran the wallet on your PC your best bet is to windows reinstall because chances are no software will detect it for a long time. i have wallet trap(small amount of coin in wallet) for that, plus i install all clients in a zombie pc where there is nothing to steal, no problem |
|
|
|
|
|
digiguy
|
|
August 05, 2014, 08:32:09 AM |
|
i see the strategy u guys say virus price goes down others like me say there is no virus price stabilize so that being said you guys want to bring the price down so u can get some cheap coins Hmmm makes me wonder what coins are u guys been holding?
|
|
|
|
|
suppersz
Sr. Member
Offline
Activity: 336
Merit: 250
There is a day to be born, and another to die
|
|
August 05, 2014, 08:33:25 AM |
|
You are right,dev have removed the file....... Idiot would invest in this coin..... |
|
|
|
Amph
Legendary
Offline
Activity: 3248
Merit: 1070
|
|
August 05, 2014, 08:35:00 AM |
|
i see the strategy u guys say virus price goes down others like me say there is no virus price stabilize so that being said you guys want to bring the price down so u can get some cheap coins Hmmm makes me wonder what coins are u guys been holding?
no i don't care actually, i dumped all |
|
|
|
|
|
digiguy
|
|
August 05, 2014, 08:41:56 AM |
|
an im buying this coin could hit 3k  the coin is solid |
|
|
|
|
|
madbit1000
|
|
August 05, 2014, 08:47:54 AM |
|
an im buying this coin could hit 3k the coin is solid Lets hope so. I am still mining the coin. I mine lots of coins. I never dump. only keep.. fro some this is wrong. But hey, you never know. Did this with blackcoin and came up quids in when i finally sold some. Regarding virus, just run 3 software on fast mode also mem checked and also checked the file with spybot search and destroy. waiting on malwarebytes to finish. but still nothing found. So you are right it hides itself. |
You should not buy a warrant unless you are prepared to sustain a total loss of the money you have invested plus any commission or other transaction charges
|
|
|
|
tubesteak
|
|
August 05, 2014, 08:48:13 AM |
|
What's special with this coin? Has the dev proved he is legit? any type of innovation here?
|
SLG: SPWZuB9HsZVQNiHCbLQyw32EdRdVtt87We
|
|
|
|
Collegestudent
|
|
August 05, 2014, 09:03:21 AM |
|
I dont see a problem can we get withdrawals deposits enabled in altpooler? Looking to cold them
|
|
|
|
|
|
phoneled
|
|
August 05, 2014, 09:24:34 AM |
|
You are right,dev have removed the file....... Idiot would invest in this coin..... really? any proof |
|
|
|
prosheng
Member
Offline
Activity: 113
Merit: 10
|
|
August 05, 2014, 09:57:42 AM |
|
You are right,dev have removed the file....... Idiot would invest in this coin..... Agreed. Just quit. |
|
|
|
|
guanchayuan
|
|
August 05, 2014, 09:59:14 AM |
|
You are right,dev have removed the file....... Idiot would invest in this coin..... lol Net Hashrate 62,607.72 MH/s |
|
|
|
|
EntryPoint
Newbie
Offline
Activity: 54
Merit: 0
|
|
August 05, 2014, 10:20:27 AM |
|
Hey,
Everyone that downloaded the windows wallet early needs to check that AppData\Local\Spoon directory. That is where the backdoor was installed, it doesn't come up on a lot of virus scans, and was packaged with the windows wallet. Seems that the dev has now removed the malicious wallet.
You need to delete that directory asap. The program installed after you ran the zipcoin wallet for the first time and ztor.exe remains running even after you close the zipcoin wallet.
Obviously the exchanges and people who complied from source weren't affected, as this was zipped with the original windows wallet that was posted in the announcement.
Digiguy seems like the attacker shilling to extend time cleaning people out, posting screenshots to direct attention from where the problem is.
So if you downloaded that original windows wallet you need to check that C:\USERS\youraccount\APPDATA\LOCAL\SPOON, delete that directory asap, and then look for all your wallet.dat files in the APPDATA roaming folder, if you were infected the "wallet.dat" files were renamed to whatever coin it was such as "Dogecoin.dat" and then sent to the attacker.
Gonna repeat, Zipcoin-qt.exe itself is not malicious it was the ztor.exe bullshit that was packaged with the windows wallet, maybe thats why the dev called it zipcoin heh.
Again this shit doesnt come up on a lot of antivirus scanners and you need to remove this manually if you were infected, and then there is no telling what else could have been installed so its best to reformat your harddrive.
I fear a good amount of people got cleaned out already if they had all their wallets on the infected PC, I guess we'll find out with time.
|
|
|
|
|
|
guanchayuan
|
|
August 05, 2014, 10:31:31 AM |
|
Hey,
Everyone that downloaded the windows wallet early needs to check that AppData\Local\Spoon directory. That is where the backdoor was installed, it doesn't come up on a lot of virus scans, and was packaged with the windows wallet. Seems that the dev has now removed the malicious wallet.
You need to delete that directory asap. The program installed after you ran the zipcoin wallet for the first time and ztor.exe remains running even after you close the zipcoin wallet.
Obviously the exchanges and people who complied from source weren't affected, as this was zipped with the original windows wallet that was posted in the announcement.
Digiguy seems like the attacker shilling to extend time cleaning people out, posting screenshots to direct attention from where the problem is.
So if you downloaded that original windows wallet you need to check that C:\USERS\youraccount\APPDATA\LOCAL\SPOON, delete that directory asap, and then look for all your wallet.dat files in the APPDATA roaming folder, if you were infected the "wallet.dat" files were renamed to whatever coin it was such as "Dogecoin.dat" and then sent to the attacker.
Gonna repeat, Zipcoin-qt.exe itself is not malicious it was the ztor.exe bullshit that was packaged with the windows wallet, maybe thats why the dev called it zipcoin heh.
Again this shit doesnt come up on a lot of antivirus scanners and you need to remove this manually if you were infected, and then there is no telling what else could have been installed so its best to reformat your harddrive.
I fear a good amount of people got cleaned out already if they had all their wallets on the infected PC, I guess we'll find out with time.
why your wallet is installed ? my wallet not installed |
|
|
|
|
EntryPoint
Newbie
Offline
Activity: 54
Merit: 0
|
|
August 05, 2014, 10:36:29 AM |
|
Hey,
Everyone that downloaded the windows wallet early needs to check that AppData\Local\Spoon directory. That is where the backdoor was installed, it doesn't come up on a lot of virus scans, and was packaged with the windows wallet. Seems that the dev has now removed the malicious wallet.
You need to delete that directory asap. The program installed after you ran the zipcoin wallet for the first time and ztor.exe remains running even after you close the zipcoin wallet.
Obviously the exchanges and people who complied from source weren't affected, as this was zipped with the original windows wallet that was posted in the announcement.
Digiguy seems like the attacker shilling to extend time cleaning people out, posting screenshots to direct attention from where the problem is.
So if you downloaded that original windows wallet you need to check that C:\USERS\youraccount\APPDATA\LOCAL\SPOON, delete that directory asap, and then look for all your wallet.dat files in the APPDATA roaming folder, if you were infected the "wallet.dat" files were renamed to whatever coin it was such as "Dogecoin.dat" and then sent to the attacker.
Gonna repeat, Zipcoin-qt.exe itself is not malicious it was the ztor.exe bullshit that was packaged with the windows wallet, maybe thats why the dev called it zipcoin heh.
Again this shit doesnt come up on a lot of antivirus scanners and you need to remove this manually if you were infected, and then there is no telling what else could have been installed so its best to reformat your harddrive.
I fear a good amount of people got cleaned out already if they had all their wallets on the infected PC, I guess we'll find out with time.
why your wallet is installed ? my wallet not installed I am just calling it "installed", what I mean is downloaded wallet and ran it, there was no installer if thats what you mean. |
|
|
|
|
|
coinmaker33
|
|
August 05, 2014, 10:45:16 AM |
|
This is as fishy as a fishmarket at lunchtime during a heatwave!
Unfortunate if the DEV is not involved, but whichever way you look at this, the coin and the community trust is now compromised severely.
This coin is not going to go anywhere IMO...
Be cautious and treat every new release like its a scam.
Protect yourselves people!
|
Rockin the Bitcointalk Community
|
|
|
|
phoneled
|
|
August 05, 2014, 10:48:44 AM |
|
dev, why don't you respond this?
|
|
|
|
|
guanchayuan
|
|
August 05, 2014, 10:50:57 AM |
|
Hey,
Everyone that downloaded the windows wallet early needs to check that AppData\Local\Spoon directory. That is where the backdoor was installed, it doesn't come up on a lot of virus scans, and was packaged with the windows wallet. Seems that the dev has now removed the malicious wallet.
You need to delete that directory asap. The program installed after you ran the zipcoin wallet for the first time and ztor.exe remains running even after you close the zipcoin wallet.
Obviously the exchanges and people who complied from source weren't affected, as this was zipped with the original windows wallet that was posted in the announcement.
Digiguy seems like the attacker shilling to extend time cleaning people out, posting screenshots to direct attention from where the problem is.
So if you downloaded that original windows wallet you need to check that C:\USERS\youraccount\APPDATA\LOCAL\SPOON, delete that directory asap, and then look for all your wallet.dat files in the APPDATA roaming folder, if you were infected the "wallet.dat" files were renamed to whatever coin it was such as "Dogecoin.dat" and then sent to the attacker.
Gonna repeat, Zipcoin-qt.exe itself is not malicious it was the ztor.exe bullshit that was packaged with the windows wallet, maybe thats why the dev called it zipcoin heh.
Again this shit doesnt come up on a lot of antivirus scanners and you need to remove this manually if you were infected, and then there is no telling what else could have been installed so its best to reformat your harddrive.
I fear a good amount of people got cleaned out already if they had all their wallets on the infected PC, I guess we'll find out with time.
why your wallet is installed ? my wallet not installed I am just calling it "installed", what I mean is downloaded wallet and ran it, there was no installer if thats what you mean. you https://mega.co.nz/#!6cAxzBjT!KVntyW_y8j4QVwobEHROrRhpuKnX_2uxd-KML_S4ips down wallet ? |
|
|
|
|
|
