MtGox_client.exe - page 2. | Bitcointalksearch.org

mandros

newbie

Activity: 21

Merit: 0

Quote from: SomeoneWeird on June 20, 2011, 09:14:49 AM

Quote from: mandros on June 20, 2011, 09:08:34 AM

Quote from: jhfire on June 20, 2011, 02:06:23 AM

Anyone have this file, I wish to download it. Don't question my wanting, please if you have the file upload it to mediafire I wish to take a look at it.

Here you have it:
http://www.megaupload.com/?d=VWNREX2X

It's zipped with password: virus

It's also renamed with extension .virus so no one can execute it by accident.

I received it on my yahoo email account and as of right now it still let me download it without detecting it as a virus.

I've posted it aswell

Oops, my fault. By the way, do you have any spare glasses ? ;-)

Boing7898

sr. member

Activity: 686

Merit: 259

I got another malware called Bitcoin-exploit.. if someone wants I'll post it here.
It is an AutoIt script (thanks BinText)

Quote

Dear Mt.Gox user,

There has recently been a private new Bitcoin exploit program released that duplicates transaction fee's from the previous thousands of transactions and sends the BTC to your address.

We're well aware that many Mt. Gox users have lost their Bitcoins due to the security breaches on our website in the last few days, so we decided it would be fair for those users to recoup at least some of their losses:

You may check out the exploit here : URLOFINFECTEDSHIT

**Please read the enclosed tutorials prior to running the program for instructions.**

This is our way of apologizing to our users for the massive problems we've been experiencing as of late, including the users who have lost alot of BTC over the past few days

Thanks,
The Mt.Gox team

BIG EDIT: IN THE SAME SERVER THERE WAS SPYEYE!! Spyeye is a bot that STEALS CREDIT CARDS!!
Clean your PC now, if you don't want to get your credit card stealed.

SomeoneWeird

hero member

Activity: 700

Merit: 500

Quote from: mandros on June 20, 2011, 09:08:34 AM

Quote from: jhfire on June 20, 2011, 02:06:23 AM

Anyone have this file, I wish to download it. Don't question my wanting, please if you have the file upload it to mediafire I wish to take a look at it.

Here you have it:
http://www.megaupload.com/?d=VWNREX2X

It's zipped with password: virus

It's also renamed with extension .virus so no one can execute it by accident.

I received it on my yahoo email account and as of right now it still let me download it without detecting it as a virus.

I've posted it aswell

mandros

newbie

Activity: 21

Merit: 0

Quote from: jhfire on June 20, 2011, 02:06:23 AM

Anyone have this file, I wish to download it. Don't question my wanting, please if you have the file upload it to mediafire I wish to take a look at it.

Here you have it:
http://www.megaupload.com/?d=VWNREX2X

It's zipped with password: virus

It's also renamed with extension .virus so no one can execute it by accident.

I received it on my yahoo email account and as of right now it still let me download it without detecting it as a virus.

bradminer

newbie

Activity: 20

Merit: 0

I think it is useful for all to upload this file to AV companies to update signatures as soon as possible.....

I've gmail account so their filters on .exe files blocked it.... i think

Man From The Future

sr. member

Activity: 371

Merit: 250

Quote from: SomeoneWeird on June 20, 2011, 08:40:06 AM

Quote from: Man From The Future on June 20, 2011, 08:35:01 AM

http://www.virustotal.com/file-scan/report.html?id=b8e42f50c70c37967f5a89b556f732ba5e7f6d3a1e1a6d4dcd225f85ebf26963-1308572546

Sad

No detections

As we've said, it's a new virus, so the AV's won't have a signature for it yet.

Which means a bunch of Mt Gox users will now have it. Whcih is why I feel the need to use:

Cry

SomeoneWeird

hero member

Activity: 700

Merit: 500

Quote from: Man From The Future on June 20, 2011, 08:35:01 AM

http://www.virustotal.com/file-scan/report.html?id=b8e42f50c70c37967f5a89b556f732ba5e7f6d3a1e1a6d4dcd225f85ebf26963-1308572546

Sad

No detections

As we've said, it's a new virus, so the AV's won't have a signature for it yet.

Man From The Future

sr. member

Activity: 371

Merit: 250

http://www.virustotal.com/file-scan/report.html?id=b8e42f50c70c37967f5a89b556f732ba5e7f6d3a1e1a6d4dcd225f85ebf26963-1308572546

Sad

No detections

just_someguy

full member

Activity: 125

Merit: 100

Quote

I bet that's part of the virus.
Do you think the virus is so sophisticated that it can extract all of my saved passwords from Firefox for example?

Assume it is. You need to wipe that machine and check anything else on your network.

CYPER

hero member

Activity: 812

Merit: 502

Quote from: just_someguy on June 20, 2011, 07:56:24 AM

Wow.

It won't detect as a virus because its brand new. You are infected. Maybe someone will reverse engineer it and you figure out how to clean it up at a later date.
Until then your machine is compromised and possibly every account you have accessed from it.
Scrap the machine. Change the password to all your accounts.

I just found out there is an executable called xXXCFEA.exe that has outgoing connections from my machine and it disappears from the Task Manager list when I close the Bitcoin.exe:

[xXXCFEA.exe]
TCP 127.0.0.1:58531 Black:58530 ESTABLISHED
[xXXCFEA.exe]
TCP 192.168.1.105:54354 giraffe:6667 ESTABLISHED
[bitcoin.exe]
TCP 192.168.1.105:56397 www:https CLOSE_WAIT
[xXXCFEA.exe]
TCP 192.168.1.105:59214 mx1:imap ESTABLISHED

It's located in
C:\Users\CYPER\AppData\Local\Temp

I bet that's part of the virus.
Do you think the virus is so sophisticated that it can extract all of my saved passwords from Firefox for example?

SomeoneWeird

hero member

Activity: 700

Merit: 500

Quote from: jhfire on June 20, 2011, 02:09:38 AM

Quote from: DamienBlack on June 20, 2011, 02:07:22 AM

Just so everyone is clear, this is a virus.

I do understand this, I am experienced in the virus field. I wish to decompile and find out more information about it, can someone please download it and upload it. DON'T OPEN IT! A virus can only be harmful if you open it.

https://rapidshare.com/files/4215500226/MtGox_client.zip

Warning, this file is a VIRUS. DO NOT RUN IT. Password: virus

3txx

member

Activity: 111

Merit: 11

to first poster:
If you still need the File, please send me your Email/Trashmail/Something via PM. I wont upload/download it.

greets

just_someguy

full member

Activity: 125

Merit: 100

Quote from: CYPER on June 20, 2011, 07:39:54 AM

I had a feeling this was a virus, but just out of sheer curiosity I first scanned it with MSE and then opened it. No antivirus detects it as a virus, so how can I clean myself?

I haven't started mining yet and have no coins in the wallet, but how would I make sure my machine is clean before I do?

Wow.

It won't detect as a virus because its brand new. You are infected. Maybe someone will reverse engineer it and you figure out how to clean it up at a later date.
Until then your machine is compromised and possibly every account you have accessed from it.
Scrap the machine. Change the password to all your accounts.

CYPER

hero member

Activity: 812

Merit: 502

I had a feeling this was a virus, but just out of sheer curiosity I first scanned it with MSE and then opened it. No antivirus detects it as a virus, so how can I clean myself?

I haven't started mining yet and have no coins in the wallet, but how would I make sure my machine is clean before I do?

GeniuSxBoY

hero member

Activity: 616

Merit: 500

When you change the information and link it to your account, there will be some other noob that goes "haaay look!! I found th mt gox hax0r!!"

jhfire

newbie

Activity: 56

Merit: 0

Quote from: GeniuSxBoY on June 20, 2011, 02:23:25 AM

"hay guiz, can som1 giv me teh v1rus so I can h3xedit mi acc0unt informashunz n2 it?"

You haten son?

GeniuSxBoY

hero member

Activity: 616

Merit: 500

"hay guiz, can som1 giv me teh v1rus so I can h3xedit mi acc0unt informashunz n2 it?"

jhfire

newbie

Activity: 56

Merit: 0

Does anyone have a damn copy? Stop being a pussy and please upload it. If you can get me that file I can get the hacker.

AnonymousBat

member

Activity: 111

Merit: 10

I'd love a copy to load up into IDA as well.

jhfire

newbie

Activity: 56

Merit: 0

Quote from: DamienBlack on June 20, 2011, 02:07:22 AM

Just so everyone is clear, this is a virus.

I do understand this, I am experienced in the virus field. I wish to decompile and find out more information about it, can someone please download it and upload it. DON'T OPEN IT! A virus can only be harmful if you open it.

Topic: MtGox_client.exe - page 2. (Read 7108 times)