Author

Topic: Malicious proces on Ubuntu via crypto wallets: Rpigdnos (Read 1122 times)

full member
Activity: 182
Merit: 100
★YoBit.Net★ 350+ Coins Exchange & Dice
I skipped 1337 so haven't used that one. Rublebit was one of the last wallets I installed. Could also be the 'Blurry' wallet or the 'Digitalcredits' wallet.

If possible try to make a virtual machine and see if launching those wallets on different VM one of those shows the malicious process

I have, a few hours ago. None of the suspected wallets triggered the program.

Then close the whole thread and go in the rublebit thread telling sorry for raising such thing against the dev, and anyway next time check better what you download from websites you don't know....
legendary
Activity: 1453
Merit: 1030
I skipped 1337 so haven't used that one. Rublebit was one of the last wallets I installed. Could also be the 'Blurry' wallet or the 'Digitalcredits' wallet.

If possible try to make a virtual machine and see if launching those wallets on different VM one of those shows the malicious process

I have, a few hours ago. None of the suspected wallets triggered the program.
full member
Activity: 182
Merit: 100
★YoBit.Net★ 350+ Coins Exchange & Dice
Yes, that's true. In Linux you can never be safe from viruses  Wink Only in Windows, you can have protection through anti virus software  Grin

There are antiviruses even on linux but aren't so know like windows antivirus, But even mac os isn't safe from viruses at the end too
hero member
Activity: 658
Merit: 500
Yes, that's true. In Linux you can never be safe from viruses  Wink Only in Windows, you can have protection through anti virus software  Grin
full member
Activity: 182
Merit: 100
★YoBit.Net★ 350+ Coins Exchange & Dice
I skipped 1337 so haven't used that one. Rublebit was one of the last wallets I installed. Could also be the 'Blurry' wallet or the 'Digitalcredits' wallet.

If possible try to make a virtual machine and see if launching those wallets on different VM one of those shows the malicious process
legendary
Activity: 1453
Merit: 1030
I skipped 1337 so haven't used that one. Rublebit was one of the last wallets I installed. Could also be the 'Blurry' wallet or the 'Digitalcredits' wallet.
full member
Activity: 182
Merit: 100
★YoBit.Net★ 350+ Coins Exchange & Dice
Might be 1337 too. My cpu has been throttling for awhile and trying to isolate the issue. Rubit had too many flagged virus from virustotal so I used an exchange instead. I only install  99% of the wallets that are clean from virustotal.

I don't have the answer but want to say that virustotal can miss things. Use a VM unless you trust the software 100%

Or use sandbox with process explorer, sometimes is even better then using a virtual machine (some viruses have part of the code made for stop the execution if launched in a virtual machine)
sr. member
Activity: 414
Merit: 251
Might be 1337 too. My cpu has been throttling for awhile and trying to isolate the issue. Rubit had too many flagged virus from virustotal so I used an exchange instead. I only install  99% of the wallets that are clean from virustotal.

I don't have the answer but want to say that virustotal can miss things. Use a VM unless you trust the software 100%
hero member
Activity: 726
Merit: 504
Might be 1337 too. My cpu has been throttling for awhile and trying to isolate the issue. Rubit had too many flagged virus from virustotal so I used an exchange instead. I only install  99% of the wallets that are clean from virustotal.
full member
Activity: 182
Merit: 100
★YoBit.Net★ 350+ Coins Exchange & Dice
Which other wallets you have on the machine? and what let you think that rublebit is the source of the malicious process?
legendary
Activity: 1453
Merit: 1030
I've managed to clear my digital ocean droplet of this little bastard program that eats up 100% cpu and restarts itself through parent process 1:

I created another older droplet, copied the /sbin/init to the infected droplet, removed the init file, deleted the program Rpigdnos in /bin, overwrote /sbin/init with the clean version and rebooted.

Likely wallet is Rublebit. Not sure though.

17-11 Update: not a crypto wallet issue, probably.
Jump to: