In short. Its finally happened peoples. lol I HAVE BEEN HACKED !
![Shocked](https://bitcointalk.org/Smileys/default/shocked.gif)
I first became suspicious 2-4 days ago, then decided to test it out with some CANNdy flavoured bait.
![Wink](https://bitcointalk.org/Smileys/default/wink.gif)
200 CANN wasn't enough but 3200 WAS ! lol
TXid : cd276e4d9619e5e201e60ded1c438bf3d2a5c52f6c4a7bea595d3c213327eb41
EDIT :
https://chainz.cryptoid.info/cann/address.dws?CTSFTDzKSonarDJgpuRxukPrECXrby1eSe.htm![](https://ip.bitcointalk.org/?u=http%3A%2F%2Fimg.techpowerup.org%2F150401%2FASNscammed.jpg&t=663&c=BnhulYSj5ktCaQ)
I woke up and noticed that my email account was up and the new/temp password from Polo or Ccex was selected and thought "WTF !!".
I did not request the password resets.
![](https://ip.bitcointalk.org/?u=http%3A%2F%2Fimg.techpowerup.org%2F150401%2FASNpassRESET.jpg&t=663&c=wzx3C4OS37a9iw)
Check the processes with taskmanager and you will see the client is running as service.exe*32 and/or crcss.exe*32 and/or some other name. Right click the process and choose "open file location" when you are ready to delete it.
![](https://ip.bitcointalk.org/?u=http%3A%2F%2Fimg.techpowerup.org%2F150401%2FASNtrojan2.jpg&t=663&c=GxMaT5cZfevslg)
If deleted, it will rewrite itself to the program files(x86) folder after the system is rebooted.
![](https://ip.bitcointalk.org/?u=http%3A%2F%2Fimg.techpowerup.org%2F150401%2FASNtrojan.jpg&t=663&c=eO4p2XYLwQmXQA)
The file responsible for this was found in one of the user's temp/Windows Live/ ID folders. EDIT This stopped after I disabled then deleted service.exe (and everything else) from the temp folder.
Terminating one of those .exe*32 processes caused my right to automatically reboot.
Congrats asshole(s) !
![Smiley](https://bitcointalk.org/Smileys/default/smiley.gif)
Please step forward so that the world may know your inbred shitcoin stained face !