Pages:
Author

Topic: [ANN][OXN] OXEN | PoW/PoS Hybrid | Blake2s CPU | No Premine | Launched - page 2. (Read 15093 times)

full member
Activity: 196
Merit: 100
Marijuanacoin.org
Luckily I compile from source.. And I could not find anything virus related in that..

Some nasty tricks these guys are pulling here..  Cry
newbie
Activity: 39
Merit: 0
I just got done with a wipe to be safe, I went threw the event log and seen a lot of login and logout at like 5am when I was asleep so to be safe I just formatted and reinstalled windows
legendary
Activity: 1484
Merit: 1082
ccminer/cpuminer developer
Good question! @Epsylon3 can you compare the files and confirm that at least the miner is clean?

Yes ccminer binary seems clean, same CRC in 7-zip/Winrar : 3AC049EC, SHA256 hash starts with DAB89CD9FBFFF1...

was just repacked in a zip file, i sent a 7z archive

http://ccminer.org/preview/ccminer-rel1.7.5-blake2s-x64.7z
http://ccminer.org/preview/ccminer-blake2s-src.7z

BTC txid of the tip was 593381e546b8bde22229d8a94335131a5494aeab331f6e9a44dc66bc8c4e84ae (0.09987...)
newbie
Activity: 39
Merit: 0
I use 2fa on my google account and use google to store my passwords, There are probably more secure options out there but I think he made an attempt at me as I received an email saying that my Dropbox was locked out due to failed login attempts. although my Dropbox is empty and have not used it since high school it makes me wonder what else he could have gotten. That is all I have noticed so far, I am scanning as I type .... knew I shouldn't have trusted this coin and I don't know why I downloaded it. Can someone tell me where this trojan likes to hide so I can be sure im not still infected, malware bytes and avg say im good but I want to be sure.
hero member
Activity: 803
Merit: 501
Ok well I guess I knew what you guys would say. I will be off offline a bit. Lips sealed
sr. member
Activity: 379
Merit: 250
Following on Twitter @pyramusx
I have one question. If we havent been robbed yet are we good. I use a password manger, I use avast security, i use a vpn. I scanned and deleted all the crap that come from this thread. So am I waiting to be jacked or am I good? Huh

Read my post above. I got robbed clean earlier today/yesterday.
newbie
Activity: 18
Merit: 0
I have one question. If we havent been robbed yet are we good. I use a password manger, I use avast security, i use a vpn. I scanned and deleted all the crap that come from this thread. So am I waiting to be jacked or am I good? Huh

You really should reformat your drive
hero member
Activity: 803
Merit: 501
I have one question. If we havent been robbed yet are we good. I use a password manger, I use avast security, i use a vpn. I scanned and deleted all the crap that come from this thread. So am I waiting to be jacked or am I good? Huh
sr. member
Activity: 462
Merit: 250
Thank you, MisO69 and JJ12880!

Usually I'm doing a manual check as this guy did here using a hex-editor: https://bitcointalksearch.org/topic/m.12805304 (thanks for the link MissCrypto!)
Although the trojan is usually encrypted, the filename is still visible, like some 'taskhost.exe' or similar. Yet, not in this case, which is strange, so I wonder how he did it...  Huh

Learn C++ and go over every line of code... Well, I don't have that much spare time.  Grin

I guess the only option left is to run all new wallets in separate sandboxes  Undecided

I saw somebody else mention that he setup a nodes that distributed the malware. I'm not a programmer but maybe he left a vulnerability in the code trough which he then distributed the malware via the nodes, again I'm not a programmer so I'm not sure if that's even possible.  Tongue
hero member
Activity: 843
Merit: 1004
Thank you, MisO69 and JJ12880!

Usually I'm doing a manual check as this guy did here using a hex-editor: https://bitcointalksearch.org/topic/m.12805304 (thanks for the link MissCrypto!)
Although the trojan is usually encrypted, the filename is still visible, like some 'taskhost.exe' or similar. Yet, not in this case, which is strange, so I wonder how he did it...  Huh

Learn C++ and go over every line of code... Well, I don't have that much spare time.  Grin

I guess the only option left is to run all new wallets in separate sandboxes  Undecided
full member
Activity: 195
Merit: 100
Nutty about Crypto
I have run 2 virus checkers on my PC and both come up clean. I downloaded the wallet but nothing else. Does this mean my PC is clean ? This is the first time i have come across this, as i don't normally download wallets, so just want to know does this type of virus get detected on a scan or is my PC still possibley infected. Many thanks
legendary
Activity: 963
Merit: 1002
Nothing new,merely a clone of NEVA.

The thread......did you even read it bro? It has a trojan attached.
full member
Activity: 122
Merit: 100
Nothing new,merely a clone of NEVA.
hero member
Activity: 671
Merit: 501
Blockchain and stuff
Anyone figured out a way to find this type of trojan before actually running it? Like with some hex editor or something?  Huh

Anyone?  Huh

I remember this guy busting couple of them earlier https://bitcointalksearch.org/topic/m.12805304

Yes, thanks for your answer, I have checked this wallet the same way even before running it sandboxed and found nothing, so now I really need to learn how to check wallets for this new kind of shit lol 

You can't. This malware is probably encrypted, then after you run the wallet it installs the payload on your computer.

Best thing to do is get an old PC and test these wallets. Have the old PC running a decent antivirus or malwarebytes. Watch for suspicious activity and don't use that pc for anything other than testing these things.

You should also have an image of that computer so you can re-image it to a clean install if need be. The same can be done with virtual machines if you have no spare PC. Windows 7 supports VMs.

The only way to be 99% sure the code is clean, is to learn C++ and go over every line of code yourself. Even Crapsy missed an IRC backdoor in a wallet, that was only a few lines of code, that was incredibly well hidden. 

What I do, is i have a few older i5 laptops i use just as wallet servers. I have nothing other than untrusted wallets on those computers, so if something goes wrong, it does not affect my main computers.

JJ
legendary
Activity: 1946
Merit: 1005
My mule don't like people laughing
Anyone figured out a way to find this type of trojan before actually running it? Like with some hex editor or something?  Huh

Anyone?  Huh

I remember this guy busting couple of them earlier https://bitcointalksearch.org/topic/m.12805304

Yes, thanks for your answer, I have checked this wallet the same way even before running it sandboxed and found nothing, so now I really need to learn how to check wallets for this new kind of shit lol 

You can't. This malware is probably encrypted, then after you run the wallet it installs the payload on your computer.

Best thing to do is get an old PC and test these wallets. Have the old PC running a decent antivirus or malwarebytes. Watch for suspicious activity and don't use that pc for anything other than testing these things.

You should also have an image of that computer so you can re-image it to a clean install if need be. The same can be done with virtual machines if you have no spare PC. Windows 7 supports VMs.

hero member
Activity: 843
Merit: 1004
Anyone figured out a way to find this type of trojan before actually running it? Like with some hex editor or something?  Huh

Anyone?  Huh

I remember this guy busting couple of them earlier https://bitcointalksearch.org/topic/m.12805304

Yes, thanks for your answer, I have checked this wallet the same way even before running it sandboxed and found nothing, so now I really need to learn how to check wallets for this new kind of shit lol 
sr. member
Activity: 379
Merit: 250
Following on Twitter @pyramusx
After downloading either the wallet or the miner I had some suspicious attempts at login into my email. I had changed my password but that was no use since it must be a keylogger.

They cleaned out my Bittrex, YoBit, C-cex and Cryptopia accounts of BTC and Alts. Not sure what I can possibly do, probably nothing, but wondering if this happened to anyone else?

Or was I the only idiot who recently disabled 2 Step because I got annoying lol?
legendary
Activity: 2688
Merit: 1240
i hav some coin in suprnova.cc
webside's dead....hope my coin will  be safe....that is so fucked up
https://oxen.suprnova.cc/

Uhh.. Coins are worthless mate, it's a virus Smiley
hero member
Activity: 945
Merit: 1000
Anyone figured out a way to find this type of trojan before actually running it? Like with some hex editor or something?  Huh

Anyone?  Huh

I remember this guy busting couple of them earlier https://bitcointalksearch.org/topic/m.12805304
hero member
Activity: 843
Merit: 1004
Anyone figured out a way to find this type of trojan before actually running it? Like with some hex editor or something?  Huh

Anyone?  Huh
Pages:
Jump to: