Some nasty tricks these guys are pulling here..
Topic: [ANN][OXN] OXEN | PoW/PoS Hybrid | Blake2s CPU | No Premine | Launched - page 2. (Read 15077 times)
March 15, 2016, 08:34:22 PM
Luckily I compile from source.. And I could not find anything virus related in that..
Some nasty tricks these guys are pulling here..
Some nasty tricks these guys are pulling here..
March 15, 2016, 08:20:50 PM
I just got done with a wipe to be safe, I went threw the event log and seen a lot of login and logout at like 5am when I was asleep so to be safe I just formatted and reinstalled windows
March 15, 2016, 07:34:19 PM
Good question! @Epsylon3 can you compare the files and confirm that at least the miner is clean?
Yes ccminer binary seems clean, same CRC in 7-zip/Winrar : 3AC049EC, SHA256 hash starts with DAB89CD9FBFFF1...
was just repacked in a zip file, i sent a 7z archive
http://ccminer.org/preview/ccminer-rel1.7.5-blake2s-x64.7z
http://ccminer.org/preview/ccminer-blake2s-src.7z
BTC txid of the tip was 593381e546b8bde22229d8a94335131a5494aeab331f6e9a44dc66bc8c4e84ae (0.09987...)
March 15, 2016, 07:12:43 PM
I use 2fa on my google account and use google to store my passwords, There are probably more secure options out there but I think he made an attempt at me as I received an email saying that my Dropbox was locked out due to failed login attempts. although my Dropbox is empty and have not used it since high school it makes me wonder what else he could have gotten. That is all I have noticed so far, I am scanning as I type .... knew I shouldn't have trusted this coin and I don't know why I downloaded it. Can someone tell me where this trojan likes to hide so I can be sure im not still infected, malware bytes and avg say im good but I want to be sure.
March 15, 2016, 05:29:50 PM
Ok well I guess I knew what you guys would say. I will be off offline a bit. 
March 15, 2016, 05:21:12 PM
I have one question. If we havent been robbed yet are we good. I use a password manger, I use avast security, i use a vpn. I scanned and deleted all the crap that come from this thread. So am I waiting to be jacked or am I good? 
Read my post above. I got robbed clean earlier today/yesterday.
March 15, 2016, 05:13:56 PM
I have one question. If we havent been robbed yet are we good. I use a password manger, I use avast security, i use a vpn. I scanned and deleted all the crap that come from this thread. So am I waiting to be jacked or am I good?
You really should reformat your drive
March 15, 2016, 04:41:28 PM
I have one question. If we havent been robbed yet are we good. I use a password manger, I use avast security, i use a vpn. I scanned and deleted all the crap that come from this thread. So am I waiting to be jacked or am I good?
March 15, 2016, 02:59:33 PM
Thank you, MisO69 and JJ12880!
Usually I'm doing a manual check as this guy did here using a hex-editor: https://bitcointalksearch.org/topic/m.12805304 (thanks for the link MissCrypto!)
Although the trojan is usually encrypted, the filename is still visible, like some 'taskhost.exe' or similar. Yet, not in this case, which is strange, so I wonder how he did it...
Learn C++ and go over every line of code... Well, I don't have that much spare time.
I guess the only option left is to run all new wallets in separate sandboxes
Usually I'm doing a manual check as this guy did here using a hex-editor: https://bitcointalksearch.org/topic/m.12805304 (thanks for the link MissCrypto!)
Although the trojan is usually encrypted, the filename is still visible, like some 'taskhost.exe' or similar. Yet, not in this case, which is strange, so I wonder how he did it...
Learn C++ and go over every line of code... Well, I don't have that much spare time.
I guess the only option left is to run all new wallets in separate sandboxes
I saw somebody else mention that he setup a nodes that distributed the malware. I'm not a programmer but maybe he left a vulnerability in the code trough which he then distributed the malware via the nodes, again I'm not a programmer so I'm not sure if that's even possible.
March 15, 2016, 02:07:09 PM
Thank you, MisO69 and JJ12880!
Usually I'm doing a manual check as this guy did here using a hex-editor: https://bitcointalksearch.org/topic/m.12805304 (thanks for the link MissCrypto!)
Although the trojan is usually encrypted, the filename is still visible, like some 'taskhost.exe' or similar. Yet, not in this case, which is strange, so I wonder how he did it...
Learn C++ and go over every line of code... Well, I don't have that much spare time.
I guess the only option left is to run all new wallets in separate sandboxes
Usually I'm doing a manual check as this guy did here using a hex-editor: https://bitcointalksearch.org/topic/m.12805304 (thanks for the link MissCrypto!)
Although the trojan is usually encrypted, the filename is still visible, like some 'taskhost.exe' or similar. Yet, not in this case, which is strange, so I wonder how he did it...
Learn C++ and go over every line of code... Well, I don't have that much spare time.
I guess the only option left is to run all new wallets in separate sandboxes
March 15, 2016, 01:09:17 PM
I have run 2 virus checkers on my PC and both come up clean. I downloaded the wallet but nothing else. Does this mean my PC is clean ? This is the first time i have come across this, as i don't normally download wallets, so just want to know does this type of virus get detected on a scan or is my PC still possibley infected. Many thanks
March 15, 2016, 12:07:31 PM
Nothing new,merely a clone of NEVA.
The thread......did you even read it bro? It has a trojan attached.
March 15, 2016, 12:04:51 PM
Nothing new,merely a clone of NEVA.
March 15, 2016, 10:52:19 AM
Anyone figured out a way to find this type of trojan before actually running it? Like with some hex editor or something?
Anyone?
I remember this guy busting couple of them earlier https://bitcointalksearch.org/topic/m.12805304
Yes, thanks for your answer, I have checked this wallet the same way even before running it sandboxed and found nothing, so now I really need to learn how to check wallets for this new kind of shit lol
You can't. This malware is probably encrypted, then after you run the wallet it installs the payload on your computer.
Best thing to do is get an old PC and test these wallets. Have the old PC running a decent antivirus or malwarebytes. Watch for suspicious activity and don't use that pc for anything other than testing these things.
You should also have an image of that computer so you can re-image it to a clean install if need be. The same can be done with virtual machines if you have no spare PC. Windows 7 supports VMs.
The only way to be 99% sure the code is clean, is to learn C++ and go over every line of code yourself. Even Crapsy missed an IRC backdoor in a wallet, that was only a few lines of code, that was incredibly well hidden.
What I do, is i have a few older i5 laptops i use just as wallet servers. I have nothing other than untrusted wallets on those computers, so if something goes wrong, it does not affect my main computers.
JJ
March 15, 2016, 10:43:28 AM
Anyone figured out a way to find this type of trojan before actually running it? Like with some hex editor or something?
Anyone?
I remember this guy busting couple of them earlier https://bitcointalksearch.org/topic/m.12805304
Yes, thanks for your answer, I have checked this wallet the same way even before running it sandboxed and found nothing, so now I really need to learn how to check wallets for this new kind of shit lol
You can't. This malware is probably encrypted, then after you run the wallet it installs the payload on your computer.
Best thing to do is get an old PC and test these wallets. Have the old PC running a decent antivirus or malwarebytes. Watch for suspicious activity and don't use that pc for anything other than testing these things.
You should also have an image of that computer so you can re-image it to a clean install if need be. The same can be done with virtual machines if you have no spare PC. Windows 7 supports VMs.
March 15, 2016, 10:04:25 AM
Anyone figured out a way to find this type of trojan before actually running it? Like with some hex editor or something?
Anyone?
I remember this guy busting couple of them earlier https://bitcointalksearch.org/topic/m.12805304
Yes, thanks for your answer, I have checked this wallet the same way even before running it sandboxed and found nothing, so now I really need to learn how to check wallets for this new kind of shit lol
March 15, 2016, 09:44:49 AM
After downloading either the wallet or the miner I had some suspicious attempts at login into my email. I had changed my password but that was no use since it must be a keylogger.
They cleaned out my Bittrex, YoBit, C-cex and Cryptopia accounts of BTC and Alts. Not sure what I can possibly do, probably nothing, but wondering if this happened to anyone else?
Or was I the only idiot who recently disabled 2 Step because I got annoying lol?
They cleaned out my Bittrex, YoBit, C-cex and Cryptopia accounts of BTC and Alts. Not sure what I can possibly do, probably nothing, but wondering if this happened to anyone else?
Or was I the only idiot who recently disabled 2 Step because I got annoying lol?
March 15, 2016, 07:36:09 AM
i hav some coin in suprnova.cc
webside's dead....hope my coin will be safe....that is so fucked up
https://oxen.suprnova.cc/
webside's dead....hope my coin will be safe....that is so fucked up
https://oxen.suprnova.cc/
Uhh.. Coins are worthless mate, it's a virus
March 15, 2016, 07:30:11 AM
Anyone figured out a way to find this type of trojan before actually running it? Like with some hex editor or something?
Anyone?
I remember this guy busting couple of them earlier https://bitcointalksearch.org/topic/m.12805304
March 15, 2016, 07:10:03 AM
Anyone figured out a way to find this type of trojan before actually running it? Like with some hex editor or something?
Anyone?
Jump to: