Author

Topic: delevic was banned by mistake (Read 680 times)

legendary
Activity: 3136
Merit: 3213
April 15, 2020, 04:08:55 PM
#26
Dont worry about my Research, i doing that the most time!
Your link was more as Suspicious and that it was not downloadable from the original Website and run your Script with a root command!

Also there is no need to advert now your Program and Software here.
You can post that in the ETH thread or in the mining Board.
Have a great day!
jr. member
Activity: 30
Merit: 4
April 15, 2020, 02:29:04 PM
#25
@JaredKaragen

Thank you for your support.

@Lafu

Lets my and Jared case be good example that you don't ask for ban immediately. Just do a little more research before that.
Fortunately, everything ended well Smiley

By the way, an increase of ETH  Dag file and recent problems with Phoniex miner and 4gb GPUs ,  users will need to migrate to Linux around 1.7.2020 if they want to continue mining ETH. So, my Watchdog program will be welcome to them if they use usb wathchdogs.




legendary
Activity: 1848
Merit: 1166
My AR-15 ID's itself as a toaster. Want breakfast?
April 14, 2020, 07:33:33 PM
#24
Finally. Thanks  theymos.

Awesome.   Glad to see a good result come of this.    It's always a tough position.

I was in your place simply for compiling source with housekeeping mods (version number, remove extra useless strings ("fluff"))... but all the detections from my app were directly linked to "cryptocurrency mining app"/"potentially unwanted"
legendary
Activity: 3136
Merit: 3213
April 14, 2020, 07:05:09 PM
#23
Thanks theymos for looking into that case and that it is solved now!

@delevic
Sry for all the trouble and also thanks for understanding.
Glad that this case is solved and that you are unbanned.
Maybe look in the future for Posting links like that one you have done, maybe its possible to just Post the Website link so users can get there.
Also I will remove my negative Feedback!
Sry for my misstake on that case.
jr. member
Activity: 30
Merit: 4
April 14, 2020, 05:16:54 PM
#22
Finally. Thanks  theymos.
administrator
Activity: 5222
Merit: 13032
April 14, 2020, 04:49:55 PM
#21
His file (hosted on Mega) is the same as the one on AliExpress (https://yadi.sk/d/4RDeoiyv3UoaWj).

SHA-256: 91799acfd28857cbf3a03389adbf46c9edb74c5f527cd1f89b1b1f4cb80976aa

Also, the first verification of the file on VirusTotal was made in 2018 (check the "details" tab).
"First Submission:   2018-05-06 06:33:35"

Thanks, so that looks fine at least as far as delevic is concerned. (You can't rule out malware in the official software, of course.)

I don't have any particular confidence that the Linux file on github is safe, and I don't recommend using any of this stuff, but there's not enough evidence of malware at this point for delevic to remain banned.
newbie
Activity: 9
Merit: 0
April 14, 2020, 02:55:32 PM
#20
virustotal is trash. It can't be used as "proof" of malware, only a very vague hint. It is mighty suspicious when someone posts a binary without source which you're supposed to run as root, though.


I can't download the firmware from there. Someone should check whether the official firmware indeed gives the same virustotal detections.

May I get unbanned now ? Smiley
legendary
Activity: 2758
Merit: 6830
April 13, 2020, 06:24:31 PM
#19
His file (hosted on Mega) is the same as the one on AliExpress (https://yadi.sk/d/4RDeoiyv3UoaWj).

SHA-256: 91799acfd28857cbf3a03389adbf46c9edb74c5f527cd1f89b1b1f4cb80976aa

Also, the first verification of the file on VirusTotal was made in 2018 (check the "details" tab).
"First Submission:   2018-05-06 06:33:35"
sr. member
Activity: 1414
Merit: 254
April 13, 2020, 06:01:23 PM
#18
virustotal is trash. It can't be used as "proof" of malware, only a very vague hint.
I thought it can be 80% trusted, but now I know. Because things related to software I usually check there, is it safe or not.
newbie
Activity: 9
Merit: 0
April 13, 2020, 03:02:56 PM
#17
Quote
Thats not the link you posted !

Yes, It was easier to upload  the file on Mega rather than to look for a live link on Aliexpress like I did it tonight. 

I was looking for live link on Ali just to prove that program is the same and that it also has 21 detections Smiley

Quote
Hope understand that , and if i am wrong on my report im sry !


Yes I understand. Its ok.


legendary
Activity: 3136
Merit: 3213
April 13, 2020, 02:40:12 PM
#16
https://www.aliexpress.com/item/32828833847.html  

there is a link:

User's Manual
1.   Download the software and the drivers, product after January 2018 do not need drivers.
    https://yadi.sk/d/4RDeoiyv3UoaWj

It's working just tested it.

Thats not the link you posted !

And your link now here has 3 more detections as the old one !

Just in case i reported your post and link you have done , because it wasnt clickable on aliexpress and its still not clickable !
Why you dont just posted the website link ?

For sure Virustotal maybe is trash but its also show some stuff and that there is something wrong !

I can't download the firmware from there. Someone should check whether the official firmware indeed gives the same virustotal detections.

The new link has 3 more detections as the other he has posted , and 2 days ago it wasnt possible to download it , dont know but something is strange !
https://www.virustotal.com/gui/file/91799acfd28857cbf3a03389adbf46c9edb74c5f527cd1f89b1b1f4cb80976aa/detection

If theymos trust you and you get unbanned i have no problem with that !
I just reported your post because it looks very Suspicious !
And we got a lot of Suspicious links in the past here , just look at this thread https://bitcointalksearch.org/topic/report-malware-and-suspicious-links-here-so-mods-can-take-action-5182222 !
Hope understand that , and if i am wrong on my report im sry !
newbie
Activity: 9
Merit: 0
April 13, 2020, 02:27:45 PM
#15
virustotal is trash. It can't be used as "proof" of malware, only a very vague hint.

I absolutely agree.

Quote
It is mighty suspicious when someone posts a binary without source which you're supposed to run as root, though.

I was not very active on this forum, but someone who uses the same name in all forums is certainly not very suspicious. Smiley

https://forum.xda-developers.com/poco-f1/how-to/xposed-installation-guide-t3928155

https://hwbot.org/user/delevic/

https://forum.benchmark.rs/member.php?45621-delevic
...
newbie
Activity: 9
Merit: 0
April 13, 2020, 02:15:43 PM
#14
https://www.aliexpress.com/item/32828833847.html   

there is a link:

User's Manual
1.   Download the software and the drivers, product after January 2018 do not need drivers.
    https://yadi.sk/d/4RDeoiyv3UoaWj

It's working just tested it.

administrator
Activity: 5222
Merit: 13032
April 13, 2020, 01:56:20 PM
#13
virustotal is trash. It can't be used as "proof" of malware, only a very vague hint. It is mighty suspicious when someone posts a binary without source which you're supposed to run as root, though.


I can't download the firmware from there. Someone should check whether the official firmware indeed gives the same virustotal detections.
newbie
Activity: 9
Merit: 0
April 13, 2020, 02:13:32 AM
#12
You can see on this video how this program looks on my PC and how it passed Norton security check.

https://www.flickr.com/photos/141637543@N07/49766000333/in/dateposted-public/

legendary
Activity: 2758
Merit: 6830
April 12, 2020, 02:38:22 PM
#10
Why don’t you open source your application, let people build themselves and potentially compare the hashes with the ones you posted?
newbie
Activity: 9
Merit: 0
April 12, 2020, 02:15:05 PM
#9
Quote
And the Miner Software files on Virustotal have not a single one of what your link has in it !

No they just have W64/Trojan.SQQA-1034, Malware (ai Score=70), Trojan.Miner.Win64.2032 .... Yes ,  detected threats are not exactly the same but they are  form the same family Smiley


legendary
Activity: 1848
Merit: 1166
My AR-15 ID's itself as a toaster. Want breakfast?
April 12, 2020, 03:24:39 AM
#8
If there is no difference, will you banned Claymore and Phoenix ?
Please post a link to where those are posted.

Phoenix: https://bitcointalksearch.org/topic/phoenixminer-62c-fastest-ethereumethash-miner-with-lowest-devfee-winlinux-2647654 (same SHA-256 hash results)
Claymore: https://bitcointalksearch.org/topic/claymores-dual-ethereum-amdnvidia-gpu-miner-v150-windowslinux-1433925

The false positives are mostly because it's a mining app though. Most anvir consider miner app as virus.

for instance;  I was compiling and uploading XMR-stak with no devfee.

It would be flagged by antivirus software;  because it was a mining app; and there numerous malwares that would be using mining apps.... so they were flagged as potentially unwanted.  But those detections are specifically for mining apps;  not what the OP's are being detected for AFAICT.   I had quite a chat with someone about this on BCT before... being accused of malware, when in fact, he was mistaken.

Apparently as well;  someone must have used my free devfee compilation in a part of a malware package (go figure).

legendary
Activity: 2170
Merit: 1789
April 12, 2020, 02:22:00 AM
#7
If there is no difference, will you banned Claymore and Phoenix ?
Please post a link to where those are posted.

Phoenix: https://bitcointalksearch.org/topic/phoenixminer-62c-fastest-ethereumethash-miner-with-lowest-devfee-winlinux-2647654 (same SHA-256 hash results)
Claymore: https://bitcointalksearch.org/topic/claymores-dual-ethereum-amdnvidia-gpu-miner-v150-windowslinux-1433925

The false positives are mostly because it's a mining app though. Most anvir consider miner app as virus.
legendary
Activity: 3136
Merit: 3213
April 12, 2020, 01:59:43 AM
#6
Thats the detected files from your link!
And the Miner Software files on Virustotal have not a single one of what your link has in it !

Quote
Trojan:Win32/Occamy.C

Trojan:Win32/Occamy.C is a threat identified by Microsoft Security Software. This is a typical malware that targets the core system of Windows in order to complete its tasks.
Trojan:Win32/Occamy.C will make a copy of itself under system files. Then, registry entry is created to call the file on each Windows boot-up. Apart from that, this malware will also drop non-malicious files on various folders of the compromised PC
Trojan:Win32/Occamy.C occasionally connects to a remote host to execute tasks like the following:

Notify attacker on the new infection
Sends gathered data from the infected computer
Download and execute additional files including an updated version of the trojan
Accept command from a remote attacker

Trojan:Win32/Occamy.C is a malware that can drop malicious files onto the computer, which tend to lock files and demand payment from users in order to regain access. Some security programs deemed this threat as a Ransomware with that causes high potential damage.

This Trojan will drop the following files:

C:\Users\Username\AppData\Local\Microsoft\Windows\INet Cache\IE\MIPY49MB\MicrosoftSecurity[1].exe
C:\ProgramData\update.exe
C:\Users\Username\AppData\LocalLow\Microsoft\Cryptnet Url Cache\Content\5CEA8CFB8047B569B331D0E79D28457D
Source : https://malwarefixes.com/threats/trojanwin32-occamy-c/

Next one :

Quote
Trojan.Win32.Generic.4!c
Trojan.Win32.Generic.4!c is another harmful virus that slips into OS without your awareness and cause great destruction.
Trojan.Win32.Generic.4!c brings more malware and sponsored links on your OS.
Trojan.Win32.Generic.4!c creates further damage to your OS, by altering your browsers settings, spy on your online activities, manages your personal banking accounts, brings crashes your browsers and OS too, and much more.
Source : http://uninstallvirusinfection.blogspot.com/2019/01/remove-trojanwin32generic4c-easily-anti.html

Next one :

Quote
Trj/GdSda.A

Trj/GdSda.A is a detection name that AV companies might use to refer to a Remote Access Trojan (RAT).
Trj/GdSda.A RAT is classified as a mid-tier threat that is employed in campaigns to steal user credentials for online banking portals and social media accounts.
Trj/GdSda.A is what some cyber security researchers might call an info stealer Trojan.
Threats like the Trj/GdSda.A include a keylogger module that can be used to record your keyboard (virtual keyboard included) input and clicks on online forms.
Trj/GdSda.A is reported to include the ability to copy user credentials saved in software like Mozilla Thunderbird, Skype, mIRC, XChat, FileZilla, Google Chrome, Mozilla Firefox, Opera and Internet Explorer.
Source : https://www.enigmasoftware.com/trjgdsdaa-removal/

hero member
Activity: 1659
Merit: 687
LoyceV on the road. Or couch.
April 12, 2020, 01:28:30 AM
#5
If there is no difference, will you banned Claymore and Phoenix ?
Please post a link to where those are posted.
hero member
Activity: 1372
Merit: 783
better everyday ♥
April 12, 2020, 01:09:55 AM
#4
There are many people on this forum who use that site to check the malicious status of files and software. I don't think some bullshit can be trusted by many people, it must have been accurate many times. Although the information you give seems accurate, this needs to be reviewed  Wink Will the administrators of this forum check the accuracy of the report (by other software or website) before executing the ban? Anyway, make this topic pop up for better exposure  Cheesy
newbie
Activity: 9
Merit: 0
April 12, 2020, 12:32:28 AM
#3
Quote
Also I was not the first that has written that in your second Post you have done and posted the link that it include malware and trojan.

Yes. I was first reported  by the user who asked me for Win. version. Irony isn't it  Smiley
Now I fully understand aphorism "The road to hell is paved with good intentions "  Smiley

Quote
And i have done some Research on the original link and the link is not anymore aviable on every platform that share the link.
Guess why the link not anymore aviable on other Websites ?

That is why I uploaded the file to Mega and did not share the original link.
When you buy the watchdog on Ali. afterwards you have to contact the seller  to give you a new download link . They just want be sure that you bought the device from them.

Quote
The checked file i have downloaded is infected with 18 cases of malware and trojans thats the fact.

Yes it is the fact. But also is the fact that Claymores' miner and Phoenix miner  (all miner apps) are also is infected with significantly more cases. But we all use them because we know that they are false reports.
Also I am using Norton int. sec. neither he detect this program as a virus. I am using that program on my Pc and rigs too... but probably because my account has newbie status you didn't believe me.  

Quote
And there is no difference if the other files are ok when 18 detections are showing up for bad.

If there is no difference, will you banned Claymore and Phoenix ?

https://www.virustotal.com/gui/file/cbed2c8395426c49a557c76e9e666aac81145c75aeeaa1624b4421cf81ca47d3/detection

https://www.virustotal.com/gui/file/152eb2d7325a594fb446b81373615fa7eabc4c0133dcfaab056706b4a5688b01/detection

You cannot blindly trust this site.
legendary
Activity: 3136
Merit: 3213
April 11, 2020, 10:21:05 PM
#2
Yes i reported your thread and Post!
Also I was not the first that has written that in your second Post you have done and posted the link that it include malware and trojan.
And i have done some Research on the original link and the link is not anymore aviable on every platform that share the link.
Guess why the link not anymore aviable on other Websites ?
The checked file i have downloaded is infected with 18 cases of malware and trojans thats the fact.
If you dont have posted this link all would be good.
And there is no difference if the other files are ok when 18 detections are showing up for bad.
newbie
Activity: 9
Merit: 0
April 11, 2020, 02:02:18 PM
#1
Hi,

I (delevic) was banned because legendary member Lafu reported my thread :

https://bitcointalksearch.org/topic/m.54193277

First of all there is no official Linux program for usb whtachdog devices.

That's why I decided to write a linux program and share it with other users who mine on Linux.

The program is free, but is not open source.  You can read all readme.txt file on GitHub and see my tutorial on YouTube ( https://www.youtube.com/watch?v=VN_Kk9RTEpA ). You will see that it is not virus. I made it for x86-64 and ARM (Raspberry Pi) Linux platform.

The first accusation is that  in my readme file writes : chmod +x ./*

Yes, you must add execute permission with  chmod + x to start a program.  That's how Linux works.

The second accusation is for a file that I uploaded at the request of a member because  he doesn't have a Windows version of the program, that is free and is obtained from the Chinese after purchasing wathcdog
on Aliexpress.

Yes, virustotal.com reported that file like virus by 18/58   antivirus programs, as does claymore's miner with 41/64 .

18/58 or 69% antivirus programs did not detect the threat(among them are the best antivirus programs nod and Kaspersky).

https://www.virustotal.com/gui/file/152eb2d7325a594fb446b81373615fa7eabc4c0133dcfaab056706b4a5688b01/detection

I didn't delete nothing. Files are there, you can check that there is no virus and that detections are false, and then please unbanned my account and restore my thread.

https://github.com/delevic

https://mega.nz/file/HR9F2RiY#aixWE07Iq7vwHRYzczVQmAJihefRrY3lbuMzfXmzx20

Best regards
Delevic  

Jump to: