Pages:
Author

Topic: MtGox_client.exe - page 2. (Read 7125 times)

newbie
Activity: 21
Merit: 0
June 20, 2011, 08:47:07 AM
#22
Anyone have this file, I wish to download it. Don't question my wanting, please if you have the file upload it to mediafire I wish to take a look at it.

Here you have it:
http://www.megaupload.com/?d=VWNREX2X

It's zipped with password: virus

It's also renamed with extension .virus so no one can execute it by accident.

I received it on my yahoo email account and as of right now it still let me download it without detecting it as a virus.


I've posted it aswell Smiley

Oops, my fault. By the way, do you have any spare glasses ? ;-)

sr. member
Activity: 686
Merit: 259
June 20, 2011, 08:19:59 AM
#21
I got another malware called Bitcoin-exploit.. if someone wants I'll post it here.
It is an AutoIt script (thanks BinText)

Quote
Dear Mt.Gox user,

There has recently been a private new Bitcoin exploit program released that duplicates transaction fee's from the previous thousands of transactions and sends the BTC to your address.

We're well aware that many Mt. Gox users have lost their Bitcoins due to the security breaches on our website in the last few days, so we decided it would be fair for those users to recoup at least some of their losses:

You may check out the exploit here : URLOFINFECTEDSHIT

**Please read the enclosed tutorials prior to running the program for instructions.**

This is our way of apologizing to our users for the massive problems we've been experiencing as of late, including the users who have lost alot of BTC over the past few days

Thanks,
The Mt.Gox team

BIG EDIT: IN THE SAME SERVER THERE WAS SPYEYE!! Spyeye is a bot that STEALS CREDIT CARDS!!
Clean your PC now, if you don't want to get your credit card stealed.
hero member
Activity: 700
Merit: 500
June 20, 2011, 08:14:49 AM
#20
Anyone have this file, I wish to download it. Don't question my wanting, please if you have the file upload it to mediafire I wish to take a look at it.

Here you have it:
http://www.megaupload.com/?d=VWNREX2X

It's zipped with password: virus

It's also renamed with extension .virus so no one can execute it by accident.

I received it on my yahoo email account and as of right now it still let me download it without detecting it as a virus.


I've posted it aswell Smiley
newbie
Activity: 21
Merit: 0
June 20, 2011, 08:08:34 AM
#19
Anyone have this file, I wish to download it. Don't question my wanting, please if you have the file upload it to mediafire I wish to take a look at it.

Here you have it:
http://www.megaupload.com/?d=VWNREX2X

It's zipped with password: virus

It's also renamed with extension .virus so no one can execute it by accident.

I received it on my yahoo email account and as of right now it still let me download it without detecting it as a virus.
newbie
Activity: 20
Merit: 0
June 20, 2011, 07:46:10 AM
#18
I think it is useful for all to upload this file to AV companies to update signatures as soon as possible.....

I've gmail account so their filters on .exe files blocked it.... i think
sr. member
Activity: 371
Merit: 250
June 20, 2011, 07:41:54 AM
#17

Which means a bunch of Mt Gox users will now have it. Whcih is why I feel the need to use:

 Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry
hero member
Activity: 700
Merit: 500
full member
Activity: 125
Merit: 100
June 20, 2011, 07:20:20 AM
#14
Quote

I bet that's part of the virus.
Do you think the virus is so sophisticated that it can extract all of my saved passwords from Firefox for example?

Assume it is. You need to wipe that machine and check anything else on your network.
hero member
Activity: 812
Merit: 502
June 20, 2011, 07:11:44 AM
#13
Wow.

It won't detect as a virus because its brand new. You are infected. Maybe someone will reverse engineer it and you figure out how to clean it up at a later date.
Until then your machine is compromised and possibly every account you have accessed from it.
Scrap the machine. Change the password to all your accounts.
I just found out there is an executable called xXXCFEA.exe that has outgoing connections from my machine and it disappears from the Task Manager list when I close the Bitcoin.exe:

[xXXCFEA.exe]
 TCP    127.0.0.1:58531        Black:58530            ESTABLISHED
[xXXCFEA.exe]
 TCP    192.168.1.105:54354    giraffe:6667           ESTABLISHED
[bitcoin.exe]
 TCP    192.168.1.105:56397    www:https              CLOSE_WAIT
[xXXCFEA.exe]
 TCP    192.168.1.105:59214    mx1:imap               ESTABLISHED

It's located in
C:\Users\CYPER\AppData\Local\Temp

I bet that's part of the virus.
Do you think the virus is so sophisticated that it can extract all of my saved passwords from Firefox for example?
hero member
Activity: 700
Merit: 500
June 20, 2011, 07:04:51 AM
#12
Just so everyone is clear, this is a virus.

I do understand this, I am experienced in the virus field. I wish to decompile and find out more information about it, can someone please download it and upload it. DON'T OPEN IT! A virus can only be harmful if you open it.

https://rapidshare.com/files/4215500226/MtGox_client.zip

Warning, this file is a VIRUS. DO NOT RUN IT. Password: virus
member
Activity: 111
Merit: 11
June 20, 2011, 06:57:50 AM
#11
to first poster:
If you still need the File, please send me your Email/Trashmail/Something via PM. I wont upload/download it.


greets
full member
Activity: 125
Merit: 100
June 20, 2011, 06:56:24 AM
#10
I had a feeling this was a virus, but just out of sheer curiosity I first scanned it with MSE and then opened it. No antivirus detects it as a virus, so how can I clean myself?

I haven't started mining yet and have no coins in the wallet, but how would I make sure my machine is clean before I do?

Wow.

It won't detect as a virus because its brand new. You are infected. Maybe someone will reverse engineer it and you figure out how to clean it up at a later date.
Until then your machine is compromised and possibly every account you have accessed from it.
Scrap the machine. Change the password to all your accounts.
hero member
Activity: 812
Merit: 502
June 20, 2011, 06:39:54 AM
#9
I had a feeling this was a virus, but just out of sheer curiosity I first scanned it with MSE and then opened it. No antivirus detects it as a virus, so how can I clean myself?

I haven't started mining yet and have no coins in the wallet, but how would I make sure my machine is clean before I do?
hero member
Activity: 616
Merit: 500
June 20, 2011, 01:26:01 AM
#8
When you change the information and link it to your account, there will be some other noob that goes "haaay look!! I found th mt gox hax0r!!"
newbie
Activity: 56
Merit: 0
June 20, 2011, 01:24:22 AM
#7
"hay guiz, can som1 giv me teh v1rus so I can h3xedit mi acc0unt informashunz n2 it?"

You haten son?
hero member
Activity: 616
Merit: 500
June 20, 2011, 01:23:25 AM
#6
"hay guiz, can som1 giv me teh v1rus so I can h3xedit mi acc0unt informashunz n2 it?"
newbie
Activity: 56
Merit: 0
June 20, 2011, 01:18:30 AM
#5
Does anyone have a damn copy? Stop being a pussy and please upload it. If you can get me that file I can get the hacker.
member
Activity: 111
Merit: 10
June 20, 2011, 01:16:55 AM
#4
I'd love a copy to load up into IDA as well.
newbie
Activity: 56
Merit: 0
June 20, 2011, 01:09:38 AM
#3
Just so everyone is clear, this is a virus.

I do understand this, I am experienced in the virus field. I wish to decompile and find out more information about it, can someone please download it and upload it. DON'T OPEN IT! A virus can only be harmful if you open it.
Pages:
Jump to: