Author

Topic: MINING.ML malware (Read 1121 times)

hero member
Activity: 712
Merit: 500
August 29, 2015, 08:50:10 AM
#19
That asshole hacked this account, he didn't change the password luckily. Now I have bad rep Sad
hero member
Activity: 712
Merit: 500
August 22, 2015, 12:20:24 PM
#18
So do you need to download a software from the website www.mining.ml or is it just enough to visit this website?

Thanks!

Download the software. It's simply a .NET Framework, don't worry if you haven't run it.

Ok, so if I just entered the site, I have nothing to worry about?

Thanks for the help!

Nothing to worry about. Original domain: http://www.nutrilonexport.com/
hero member
Activity: 798
Merit: 1000
Move On !!!!!!
August 22, 2015, 12:17:31 PM
#17
So do you need to download a software from the website www.mining.ml or is it just enough to visit this website?

Thanks!

Download the software. It's simply a .NET Framework, don't worry if you haven't run it.

Ok, so if I just entered the site, I have nothing to worry about?

Thanks for the help!
hero member
Activity: 712
Merit: 500
August 22, 2015, 12:15:39 PM
#16
So do you need to download a software from the website www.mining.ml or is it just enough to visit this website?

Thanks!

Download the software. It's simply a .NET Framework, don't worry if you haven't run it.
hero member
Activity: 798
Merit: 1000
Move On !!!!!!
August 22, 2015, 12:14:38 PM
#15
So do you need to download a software from the website www.mining.ml or is it just enough to visit this website?

Thanks!
legendary
Activity: 1400
Merit: 1050
August 11, 2015, 12:02:12 PM
#14
Thanks for posting the info, I really wonder what the Mods are doing ... Usually they ban/delete everything but those malware attempts seem to stay forever...

It must be a bot set up to post that link on a ton of threads.  I have seen it posted just randomly around and always report the post, not sure if it ever gets banned though.

I had reported a bunch of them a few days ago, and the admins must have ignored it because it brought my accuracy down almost 10%.
it isn't a bot he created a thread on the mining sub forum and locked it so no one can post
hero member
Activity: 770
Merit: 500
August 11, 2015, 12:00:16 PM
#13
This is the bastard...

https://bitcointalksearch.org/user/chozin-405566

At least one of his accounts


LOLLOLLOL

What a sad bastard

[img]http://puu.sh/jxHbd/f2b2976983.png[ /img]
Its a robber account
I report 3-4 message and mods dont delete it :/ please mods, ban him now

Useless. he is posting from new accounts(but still old accounts at forum) all the time. I guess the virus gets the infected ones bt account too that's how he can get old accounts to post from
legendary
Activity: 1400
Merit: 1050
August 11, 2015, 11:58:54 AM
#12
actually I reported already that guy twice, the post got deleted.
But yes that guy should be banned
hero member
Activity: 712
Merit: 500
August 11, 2015, 11:57:14 AM
#11
it is a virus, reported a few days ago, as ocminer says nothing happend

I have suspected it has more than a miner inside, I didn't run it of course. Luckily I have reported it today so that nobody falls in that shit.
full member
Activity: 170
Merit: 100
August 11, 2015, 11:47:42 AM
#10
This is the bastard...

https://bitcointalksearch.org/user/chozin-405566

At least one of his accounts


LOLLOLLOL

What a sad bastard

[img]http://puu.sh/jxHbd/f2b2976983.png[ /img]
Its a robber account
I report 3-4 message and mods dont delete it :/ please mods, ban him now
legendary
Activity: 1134
Merit: 1000
www.cryptodesign.cc
August 11, 2015, 11:46:06 AM
#9
it is a virus, reported a few days ago, as ocminer says nothing happend
legendary
Activity: 2688
Merit: 1240
August 11, 2015, 11:37:34 AM
#8
I can't imagine people click on those links.

I hope people don't click on those links.

Yes they do unfortuantely.. Otherwise those scammers wouldn't invest so much energy in such stuff...
sr. member
Activity: 388
Merit: 250
Twitter: @goodguyed
August 11, 2015, 11:36:55 AM
#7
I can't imagine people click on those links.

I hope people don't click on those links.
legendary
Activity: 2688
Merit: 1240
August 11, 2015, 11:31:52 AM
#6
Thanks for posting the info, I really wonder what the Mods are doing ... Usually they ban/delete everything but those malware attempts seem to stay forever...

It must be a bot set up to post that link on a ton of threads.  I have seen it posted just randomly around and always report the post, not sure if it ever gets banned though.

I had reported a bunch of them a few days ago, and the admins must have ignored it because it brought my accuracy down almost 10%.

Same for me, reported some - nothing happened...
hero member
Activity: 712
Merit: 500
August 11, 2015, 11:30:17 AM
#5
Thanks for posting the info, I really wonder what the Mods are doing ... Usually they ban/delete everything but those malware attempts seem to stay forever...

It must be a bot set up to post that link on a ton of threads.  I have seen it posted just randomly around and always report the post, not sure if it ever gets banned though.

I had reported a bunch of them a few days ago, and the admins must have ignored it because it brought my accuracy down almost 10%.

I have never seen a scammer with a closed account. Maybe they want to keep them, who knows.
legendary
Activity: 2800
Merit: 1012
Get Paid Crypto To Walk or Drive
August 11, 2015, 11:29:28 AM
#4
Thanks for posting the info, I really wonder what the Mods are doing ... Usually they ban/delete everything but those malware attempts seem to stay forever...

It must be a bot set up to post that link on a ton of threads.  I have seen it posted just randomly around and always report the post, not sure if it ever gets banned though.

I had reported a bunch of them a few days ago, and the admins must have ignored it because it brought my accuracy down almost 10%.
legendary
Activity: 2688
Merit: 1240
August 11, 2015, 11:27:23 AM
#3
Thanks for posting the info, I really wonder what the Mods are doing ... Usually they ban/delete everything but those malware attempts seem to stay forever...
legendary
Activity: 1526
Merit: 1002
Chipcoin Developer
August 11, 2015, 11:22:01 AM
#2
This is the bastard...

https://bitcointalksearch.org/user/chozin-405566

At least one of his accounts


LOLLOLLOL

What a sad bastard

hero member
Activity: 712
Merit: 500
August 11, 2015, 11:18:11 AM
#1
I do not know where to post this, so please move if it's the wrong place

After I saw the software here: https://bitcointalksearch.org/topic/--1150125
I decided to take a look at it.

Of course it installs a miner in your computer + a keylogger. Furthermore, it calls another executable after decrypting it via RunPE. A quick scan on Malwr showed the domain where it sends the stuff:
https://malwr.com/analysis/MzdjMjlmMzBkYzVhNGY2MjljNTE2OTQyYTljOTQwYjk/

Everything was protected with ConfuserEx so that AVs don't detect most of it.
The domain is: pownedfag.pw IP: 87.208.65.27.

Take care and do not download that shit.
Regards,
Jump to: