Pages:
Author

Topic: I've been hacked, and now I'm screwed (Can anyone help with a loan?) - page 5. (Read 12920 times)

hero member
Activity: 896
Merit: 532
Former curator of The Bitcoin Museum

My .5 BTC loan offer is still on the table as well.  0% interest.

I thought I PM'd you?  Maybe I just accidentally solicited a random bitcointalk user Tongue

I will take you up on your offer Jonald. thanks  Cool
legendary
Activity: 1302
Merit: 1008
Core dev leaves me neg feedback #abuse #political
So far Noella and I have received loans from...
Kind words & Support have come flooding in!
So far Noella & I have received...
nwfella BTC0.02 @ 0% Interest (thx buddy Smiley)
bigtimespaghetti BTC0.10 @ 0% Interest (you the man! Smiley)
eternalgloom BTC0.50 @ 0% Interest (I could kiss you on the mouth!  Grin)

I'd like to take the opportunity to thank you guys so very much.  I knew the community would help me out!  It's not 14BTC, but it's a fucking great start

Thanks again guys  Wink

My .5 BTC loan offer is still on the table as well.  0% interest.
legendary
Activity: 1050
Merit: 1016
I've posted in the other thread my offer to help.
hero member
Activity: 896
Merit: 532
Former curator of The Bitcoin Museum
So far Noella and I have received loans from...
Kind words & Support have come flooding in!
So far Noella & I have received...
nwfella BTC0.02 @ 0% Interest (thx buddy Smiley)
bigtimespaghetti BTC0.10 @ 0% Interest (you the man! Smiley)
eternalgloom BTC0.50 @ 0% Interest (I could kiss you on the mouth!  Grin)

I'd like to take the opportunity to thank you guys so very much.  I knew the community would help me out!  It's not 14BTC, but it's a fucking great start

Thanks again guys  Wink
hero member
Activity: 896
Merit: 532
Former curator of The Bitcoin Museum
Nothing can protect you against bad behavior like willingly downloading and executing an exe.

Perhaps I should clarify.

I have no idea where the original Trojan on my PC came from. I'll list what happened once they got into my laptop.

They got into teamviewer.

they then went to
http://69.31.136.5/defaults/sendspace-pop.html
then went
http://aff.trafficjmp.com/geo/preset/162/1/0/0
Then went to some of my bookmarks
then went to
https://www.sendspace.com/file/cwyxow
which downloaded said trojan.

at about the same time they went to my website's provider and uploaded via FTP
Quote
A few minutes ago, our anti-virus scanner reported that a malicious file has
been uploaded to your 1&1 webspace.
WARNING thebitcoinmuseum.com/coinwidget/404.php WARNING
They told me that it came from IP 119.81.27.176

That's all I have so far...
member
Activity: 72
Merit: 10
42
This basically means that the hacker is Spanish, or at least speaks spanish. We're onto something.
If we can get some IPs that would be useful.
Not particularly, there is other Spanish speaking countries.
It would help greatly to know where is the file originated from. Link/forum/email etc.
hero member
Activity: 798
Merit: 1000
Correct me if I am wrong but svchost.exe is actually a windows file.

You have mentioned windows defender before and I am pretty sure that windows defender uses svchost.exe

Perhaps it was infected?

The original service host (svchost) file is legit and it's signed by microsoft. and to make malicious files less suspicious hackers sometimes rename their files to match legit ones. So if you see it outside C:\Windows\System32 then that's not the real one.

In this case svchost acts like an archive file (zip or rar) and it's self extracting 3 files: dialected.exe, file.bin, and "Nuevo imagen de mapa de bits.bmp"
"Nuevo imagen de mapa de bits" is the translation of "New bitmap image" in spanish.

I am not sure the dialected.exe file is malicious, it's tagged by two antivirus engines but i can't analyze it, it keeps crashing inside the virtual machine.

This basically means that the hacker is Spanish, or at least speaks spanish. We're onto something.
If we can get some IPs that would be useful.
member
Activity: 72
Merit: 10
42
So could this be a weakness on windows defender?
Not being able to block malicious software?
Windows defender doesn't protect you from all bad things http://thenextweb.com/microsoft/2012/11/09/windows-8-protected-from-85-of-malware-detected-in-the-past-six-months-right-out-the-box/
And that's not only windows defender, you shouldn't rely on anti-virus software to fully protect you anyway, they do some protection but it's not 100% secure.
The senior vice president for information security of Symantec (who make Norton antivirus) said that antivirus is dead, it's not as good as it used to be, antivirus did get better but so did the malicious hackers.

Nothing can protect you against bad behavior like willingly downloading and executing an exe.
hero member
Activity: 1582
Merit: 502
Correct me if I am wrong but svchost.exe is actually a windows file.

You have mentioned windows defender before and I am pretty sure that windows defender uses svchost.exe

Perhaps it was infected?

The original service host (svchost) file is legit and it's signed by microsoft. and to make malicious files less suspicious hackers sometimes rename their files to match legit ones. So if you see it outside C:\Windows\System32 then that's not the real one.

In this case svchost acts like an archive file (zip or rar) and it's self extracting 3 files: dialected.exe, file.bin, and "Nuevo imagen de mapa de bits.bmp"
"Nuevo imagen de mapa de bits" is the translation of "New bitmap image" in spanish.

I am not sure the dialected.exe file is malicious, it's tagged by two antivirus engines but i can't analyze it, it keeps crashing inside the virtual machine.

So could this be a weakness on windows defender?
Not being able to block malicious software?

member
Activity: 72
Merit: 10
42
Correct me if I am wrong but svchost.exe is actually a windows file.

You have mentioned windows defender before and I am pretty sure that windows defender uses svchost.exe

Perhaps it was infected?

The original service host (svchost) file is legit and it's signed by microsoft. and to make malicious files less suspicious hackers sometimes rename their files to match legit ones. So if you see it outside C:\Windows\System32 then that's not the real one.

In this case svchost acts like an archive file (zip or rar) and it's self extracting 3 files: dialected.exe, file.bin, and "Nuevo imagen de mapa de bits.bmp"
"Nuevo imagen de mapa de bits" is the translation of "New bitmap image" in spanish.

I am not sure the dialected.exe file is malicious, it's tagged by two antivirus engines but i can't analyze it, it keeps crashing inside the virtual machine.
hero member
Activity: 1582
Merit: 502
Correct me if I am wrong but svchost.exe is actually a windows file.

You have mentioned windows defender before and I am pretty sure that windows defender uses svchost.exe

Perhaps it was infected?
hero member
Activity: 896
Merit: 532
Former curator of The Bitcoin Museum
Then transferred a file that I've identified as a Trojan. I think I may have tracked it on to the secure pc.
I am sorry for your loss.

And if you can upload and send me that file via PM i could know who is behind that hack.

Here is a link to the file
WARNING! TROJAN! WARNING! TROJAN! WARNING! TROJAN!
http://wikisend.com/download/420034/svchost.exe
WARNING! TROJAN! WARNING! TROJAN! WARNING! TROJAN!

It's an extractable archive
newbie
Activity: 56
Merit: 0
Oh yeah.  Forgot to add that part too.  No stress on timeline getting it back here either Smiley

I would be able to provide you with a loan of 0.50 btc
Since these are special circumstances, you can take as much time as you want to pay me back, and I do not want any interest.

I am moving some coins right now, but when everything is confirmed, I will send the 0.50 btc to you.

Edit: I will send when you confirm this is ok for you.

Insert sappy, girly quote here....

Thank you guys, you both rock  Grin
hero member
Activity: 602
Merit: 500
14 BTC big amount. wish you can get back again
hero member
Activity: 896
Merit: 532
Former curator of The Bitcoin Museum
We could start a gamble-gang for you? everybody just bet .5 :X

Whats a gamble gang, it sounds interesting!
hero member
Activity: 896
Merit: 532
Former curator of The Bitcoin Museum
Oh yeah.  Forgot to add that part too.  No stress on timeline getting it back here either Smiley

I would be able to provide you with a loan of 0.50 btc
Since these are special circumstances, you can take as much time as you want to pay me back, and I do not want any interest.

I am moving some coins right now, but when everything is confirmed, I will send the 0.50 btc to you.

Edit: I will send when you confirm this is ok for you.

Thank you so much guys!  You got no idea how much every little bit helps Smiley

Once loaned I'll pop it on the front page with status etc
newbie
Activity: 2
Merit: 0
We could start a gamble-gang for you? everybody just bet .5 :X
legendary
Activity: 1610
Merit: 1000
Well hello there!
Oh yeah.  Forgot to add that part too.  No stress on timeline getting it back here either Smiley
legendary
Activity: 1792
Merit: 1283
I would be able to provide you with a loan of 0.50 btc
Since these are special circumstances, you can take as much time as you want to pay me back, and I do not want any interest.

I am moving some coins right now, but when everything is confirmed, I will send the 0.50 btc to you.

Edit: I will send when you confirm this is ok for you.
Pages:
Jump to: