Pages:
Author

Topic: Candle coin wallet has a Trojan virus - Dave4You is probably a hacker (Read 1539 times)

hero member
Activity: 574
Merit: 500
Hopefully when i was part of that campaign i used c-cex exchange address, so i didn't risked to get infected, so i do with the currect avatar campaign by using an exchange address, better staying safe.

I did the same thing, i joined the campagin with c-cex address and that is why i did not discover that defected wallet before downloading it when i wanted to try skating.
i will never trust any free coin again except if it has an exchange and i can use that address
hero member
Activity: 798
Merit: 1000
Hopefully when i was part of that campaign i used c-cex exchange address, so i didn't risked to get infected, so i do with the currect avatar campaign by using an exchange address, better staying safe.
legendary
Activity: 1624
Merit: 1001
All cryptos are FIAT digital currency. Do not use.
Fyi..

How to detect RAT (remote admin tool) --> https://youtu.be/btn9nWE3X7o

Please check your "program files(x86) and the youruser/appdata/local/TEMP folders ! The ASN client is a remote desktop hack !

https://bitcointalksearch.org/topic/m.10951987



hero member
Activity: 602
Merit: 501
Ok so am I understanding this correctly?  The only wallet used to hold this shitcoin is a trojan and thus this was a scam from the start?  As I said, I'm a bit non-tech oriented, but this sounds kind of scary.

Yeah you're absolutely right. In the future, always run a scan before running it
legendary
Activity: 3556
Merit: 7011
Top Crypto Casino
Ok so am I understanding this correctly?  The only wallet used to hold this shitcoin is a trojan and thus this was a scam from the start?  As I said, I'm a bit non-tech oriented, but this sounds kind of scary.
full member
Activity: 182
Merit: 100
★YoBit.Net★ 350+ Coins Exchange & Dice
Thank god I used YoBit's CD coin address for joining avatar campaign. I got little suspicious when he was not paying for the last 2-3 days. I was going to create a scam accusation against him but he paid me before that.

Woof! Thanks op for this awareness. Luckily I dumped this shitty coin yesterday and got my equivalent BTC. Wink At least I don't have to hold a bag of shit coins now.

N.B I'm also quite suspicious about SwagBucks and AvatarCoin too. Huh

for what a user friend of mine told seems that some free distribution coin are in some kind of network made by scammers... i'm not sure if even those two coins you cited are involved but who knows....
hero member
Activity: 784
Merit: 502
Thank god I used YoBit's CD coin address for joining avatar campaign. I got little suspicious when he was not paying for the last 2-3 days. I was going to create a scam accusation against him but he paid me before that.

Woof! Thanks op for this awareness. Luckily I dumped this shitty coin yesterday and got my equivalent BTC. Wink At least I don't have to hold a bag of shit coins now.

N.B I'm also quite suspicious about SwagBucks and AvatarCoin too. Huh
legendary
Activity: 1204
Merit: 1000
Now that it seems highly likely that the wallet contained trojan, what about group of people who are still advertising the coin?

People who are/were advertising are the participants from the avatar campaign including me, i got a PM from EcuaMobi thanks to him I removed the avatar.
full member
Activity: 182
Merit: 100
★YoBit.Net★ 350+ Coins Exchange & Dice
Now that it seems highly likely that the wallet contained trojan, what about group of people who are still advertising the coin?

Good question, they maybe didn't even noticed that people found out that the wallet link get swapped time by time or maybe at the end (and i hope that) they used Yobit/Steps Candlecoin wallet (Which, being built from the source makes them clean) but still let's remember that all this debate started almost 3 months ago and there were 3 threads talking about this (Including this one). Even i'm curious to see if all the people advertising the coin will believe the lie of the dev, stop promoting the coin or wait for some serious person to take over (which i don't think will be possible because of the coin reputation)...

P.s. i just noticed that he is now abusing of the trust system by sending different red trust (so the one to EcuaMobi isn't the only one) and he even red trusted the OP like if he did a trade with he (Which never existed), i decided to put a red trust as well because what he did is seriously stupid
hero member
Activity: 924
Merit: 1005
4 Mana 7/7
Now that it seems highly likely that the wallet contained trojan, what about group of people who are still advertising the coin?
legendary
Activity: 3556
Merit: 7011
Top Crypto Casino
Good, I like seeing scammers getting the smackdown.

I don't know much about candlecoin other than it's avatar campaign.  Is this scammer one of the developers?  I'm a non-techie so I'm sure I would have just downloaded the trojan and lost everything.  Good job, guys.
legendary
Activity: 1672
Merit: 1014
@a7mos heres what i posted that was deleted, the guy also changed the link after he deleted.  
cache/snapshot of OP can be seen here https://archive.is/VbszE (20 Dec 2015 14:02:59 UTC), https://archive.is/BPKDA (12 Jan 2016 13:15:12 UTC), https://archive.is/HZpoI (12 Jan 2016 19:48:13 UTC)


I can not run the wallet because of the anti virus. is it clean or what is this message ?


confirmed
rar file - https://www.virustotal.com/en/file/433cff9ddd3038e7c7ac5b9245ce3cd0b739314078caf536be5353752e293ac2/analysis/1452604948/
extracted candleqt.exe - https://www.virustotal.com/en/file/b6b6072bda8202eb22aa5c8ace04f4b8a16516dfd3d192e4cb86ececc367732f/analysis/

VT results link in OP is for completely different file then what is downloaded from windowsqt link provided by dev  Angry

might be a false positive but then there is this it reports its internal/original name as "audioadg.exe" a windows7 system file



note its also not the first time this dev has been accused of hiding a trojan in his wallet links, and really concerning how distributed this wallet is from the signature campaign he is running

Candle have new dev from today!For all info and for giveaway please contact new dev.Thank you!
Contact dev  

i got a post deletion notice, checked the thread/OP and he had also edited again the links to windows qt download, i was allowing him some time give an explanation before i was going make a new post about it, but instead he has posted this and locked the thread.  
hero member
Activity: 566
Merit: 500
https://bitcointalksearch.org/topic/virus-in-candle-exe-are-we-surprised-1257893

Me and some others called this noob out a long time ago, and warned others but he just kept deleting posts in his main thread.

Glad the douche has finally been caught again, i just wonder how many folks he infected Sad
hero member
Activity: 602
Merit: 501
The thread is locked now and it appears that EcuaMobi is the new candlecoin DEV

https://bitcointalksearch.org/topic/m.13533306

Edie: Now this one too... https://bitcointalksearch.org/topic/m.13533312

the scammer is now butt hurt lol
legendary
Activity: 2296
Merit: 2262
BTC or BUST
The thread is locked now and it appears that EcuaMobi is the new candlecoin DEV

https://bitcointalksearch.org/topic/m.13533306

Edie: Now this one too... https://bitcointalksearch.org/topic/m.13533312
hero member
Activity: 602
Merit: 501
Link is not changed!
Only can be that account was violated and the hacker changed the wallets.But password not changed Huh
I will deep scan pc now.

Dude you have had a history of changing the files in the download link. Dont blame the hacker now, because you're the one doing it.
legendary
Activity: 1876
Merit: 1475
Link is not changed!
Only can be that account was violated and the hacker changed the wallets.But password not changed Huh
I will deep scan pc now.
The fact you just lie proves everything. Thanks for making it easy.
full member
Activity: 182
Merit: 100
Link is not changed!
Only can be that account was violated and the hacker changed the wallets.But password not changed Huh
I will deep scan pc now.
legendary
Activity: 3542
Merit: 1548
Get loan in just five minutes goo.gl/8WMW6n
about that I write month ago: https://bitcointalksearch.org/topic/beware-trojan-1296561


there is Two different version- healthy and infected with trojan.
hero member
Activity: 574
Merit: 500
I downloaded from the link with FySMA at the end of the url now on vps and I unrarthe file and tested it on virustool and here is the result : https://www.virustotal.com/en/file/543e3874be615567bb08b509685b4d527175de09501c6d6de329b34e9c4daeb4/analysis/

Quote
SHA256:   543e3874be615567bb08b509685b4d527175de09501c6d6de329b34e9c4daeb4
File name:   Candle-qt.exe
Detection ratio:   1 / 54
Analysis date:   2016-01-12 13:14:57 UTC ( 7 hours ago )

so even virus total said it is not completely clean !

Edit: I remembered something, the link i downloaded was bigger than 10 megabytes as i best as i remember. the current one is 8 megabytes

so maybe there is two files as zazarb said
Pages:
Jump to: