Possibly Phishing Haircomb Wallet & Using of Stock Image

logfiles

copper member

Activity: 2170

Merit: 1822

Top Crypto Casino

Quote from: desu2bdesu on November 01, 2020, 07:21:18 PM

to get Haircomb coins.

You have to be careful with such wallets mate, getting some coins is not worth your security. People have lost millions of dollars in crypto due to fake wallets that have malware in them. For example this user lost over $1M worth of crypto because he was trying to claim a forked coin (Bitcoin Diamond) so he downloaded a fake wallet that had malware.

7 months ago, only 3 antivirus detected malware in the wallet. Right now, over 9 of them say the wallet has malware https://www.virustotal.com/gui/file/d998e6a3a532e6a099d0a3ba31640526d9eb67dd07714e4b3b63c48227dce54e/detection

desu2bdesu

newbie

Activity: 4

Merit: 0

Quote from: logfiles on November 01, 2020, 06:34:21 PM

Among the many good wallets around, why did you choose Haircomb Wallet?

to get Haircomb coins.

logfiles

copper member

Activity: 2170

Merit: 1822

Top Crypto Casino

Quote from: desu2bdesu on November 01, 2020, 03:04:29 PM

I am running antivirus now because of computer issues - usb disconnects, lags, freezes while typing in apps. The only thing that I recently downloaded and ran was this haircomb wallet software.

If I were you, I would backup all my important media file and documents, and then carry out a fresh installation of windows as soon as possible. The people behind the wallet are very suspicious, on top of that, some antivirus engines have flagged the wallet to have some malware.

Among the many good wallets around, why did you choose Haircomb Wallet?

desu2bdesu

newbie

Activity: 4

Merit: 0

I am running antivirus now because of computer issues - usb disconnects, lags, freezes while typing in apps. The only thing that I recently downloaded and ran was this haircomb wallet software.

mikeshinobi

newbie

Activity: 1

Merit: 0

Does the normal Bitcoin wallet software give false positives like this or is it just the modified version created by the guy who's pretending to be a girl on the internet and using an alias which is an anagram of "Satoshi Nakamoto" to "subtly" hint to gullible retards that he's Satoshi?

espercrypt

newbie

Activity: 6

Merit: 0

bump

JeromeTash

legendary

Activity: 2338

Merit: 1261

Heisenberg

Quote from: natasha-otomoski on June 03, 2020, 01:43:09 PM

- my photo is really fake

Am not going to push hard on the side of the virus detection since i don't have technical knowledge until someone with coding knowledge can come and show us how malicious the file is.

But when it comes to fake image the I can not trust you. Why did you choose to use a fake image and lie to us?

natasha-otomoski

copper member

Activity: 82

Merit: 5

Yes I've compiled those combfullui.exe (personally) and I did it with pride
and dignity. I am prepared
to post the full source to prove the credibility of my project that I've put
lots of hours working on.

fe39f430cb93118326b3417499c77641d6b7e1345573e5dfbbd4681af59c3679 combfullui.exe
d998e6a3a532e6a099d0a3ba31640526d9eb67dd07714e4b3b63c48227dce54e combfullui.exe

TL;DR

- my photo is really fake
- i released those combfullui.exe
- I am aware about some false positives

Aveatrex

sr. member

Activity: 840

Merit: 375

Basically 2 out of 71 anti virus that I have never heard of detected that it has malicious content and the rest of them that are popular and known to be reliable didn't? These are called false positives https://support.virustotal.com/hc/en-us/articles/115002121185-I-am-experiencing-a-false-positive-my-file-or-site-should-not-be-detected-#:~:text=VirusTotal%20simply%20aggregates%20the%20output,that%20can%20fix%20the%20issue. Now I'm not saying that there isn't effectively viruses in comb wallet I'm just saying you should take these scans with a grain of salt because false positives are very known to happen especially for recently created files. If you are suspicious, install a VM and run the wallet there; even if it contains viruses your computer won't be affected.

Edit: Faking the dev picture is definitely sketchy though. This destroys the project credibility and user's trust and should not be tolerated.

invincible49

sr. member

Activity: 565

Merit: 268

Remember who u are, what u are & who you represent

Quote from: logfiles on May 31, 2020, 04:20:22 PM

If they can fake identity, there they are definitely faking more things about them and their project.

More importantly that wallet has a couple of viruses including Worm.Bereb. What does it do preciously?

Quote

This worm propagates by dropping copies of itself in any of the following folders:

C:\Windows\SYSDLL
OR
or C:\Windows\STARTRWIN
It then sets this folder as shared in the WinMX peer-to-peer network. It uses interesting file names to entice users into downloading its copies.
Upon execution, this worm drops a copy of itself as the following file:

C:\Windows\TASKMGR.COM
OR
C:\Windows\SVCKERNELL.COM

It then adds the following registry entry so that its copy automatically executes at every Windows startup:

HKEY_LOCAL_MACHINE\Sotware\Microsoft\Windows\
CurrentVersion\Run
Taskmanager = �C:\Windows\taskmgr.com�

OR
HKEY_LOCAL_MACHINE\Sotware\Microsoft\Windows\
CurrentVersion\Run
Svckernell=�c:\windows\svckernell.com�

This worm creates the following folder, where it drops copies of itself using interesting file names:

C:\Windows\SYSDLL
OR
C:\Windows\STARTRWIN
It propagates by sharing the dropped copies on the WinMX peer-to-peer network. To do this, it modifies the following file:

C:\Progra~1\WinMX\library.dat
The modification sets the worm folder as shared in WinMX.

This worm uses name of one of thousands of .exe files from a OS for its copies shared in WinMX:

Reference: https://www.trendmicro.com/vinfo/hk/threat-encyclopedia/archive/malware/worm_bereb.b

logfiles

copper member

Activity: 2170

Merit: 1822

Top Crypto Casino

I can never understand why someone who want to use stock images and make people believe that it's how the team member looks like?
It's faking Identity or Identity theft and such a person or project can never be trusted. What's the problem with leaving out the team part if they want to stay anonymous?

If they can fake identity, there they are definitely faking more things about them and their project.

invincible49

sr. member

Activity: 565

Merit: 268

Remember who u are, what u are & who you represent

Reserved!

invincible49

sr. member

Activity: 565

Merit: 268

Remember who u are, what u are & who you represent

***This is not a scam accusation FOR NOW!***
What happened: Possibly Phishing, Malicious Tools inside Haircomb Wallet. Along with Stealing One Person Team Identity/Picture.

Dev's (Not proven scammer as of now) Profile Link: https://bitcointalksearch.org/user/natasha-otomoski-2701336
ANN Thread: https://bitcointalksearch.org/topic/anncomb-haircomb-quantum-proof-anonymity-and-more-5195815
Archive: http://archive.is/wip/mls8X

Website: None
Archive: http://archive.is/nmmGy#msg52875759
Whitepaper: https://raw.githubusercontent.com/natasha-otomoski/haircomb/master/WhyTheCombOfNatashaOtomoskiHas21Teeth.txt

Haircomb Bounty Thread: https://bitcointalksearch.org/topic/79-reward-0009-btc-simple-task-this-weekend-please-read-5251391
Archive: http://archive.is/wip/3pjFK

Team Member: The Dev who uses "Natasha Otomoski"as alias works alone for his project.
Second most contributor to the ANN thread: kelozar

Stock Image used in ANN thread as Team Member:

Original Picture:

Reference: https://hrexpert.com.au/marketing-2/

Github: https://github.com/natasha-otomoski/haircomb
Archive: http://archive.is/wip/7GF23

Announcement of First releasing of Windows Wallet: https://bitcointalksearch.org/topic/m.52892009
Archive: http://archive.is/enQZc#msg52892009

First releasing of Windows Wallet on Github: https://github.com/natasha-otomoski/haircomb/commit/7922f6175b22b6a9f410b2586d308764a059be75#diff-48f11ca61784018b735166490c862694
Archive: http://archive.is/wip/Qeosw

I have downloaded the combfullui.exe which he/she submitted on Oct 27, 2019 a few hours ago and used VirusTotal to see if there is any malicious tool existing in the wallet or not. It showed that someone already checked it out months ago and the result is below.

Reference: https://www.virustotal.com/gui/file/d998e6a3a532e6a099d0a3ba31640526d9eb67dd07714e4b3b63c48227dce54e/detection

It shows that some engines found a couple of viruses of the first version of Haircomb wallet including Trojan.Multi.Generic.4!c
which is a very dangerous malicious tool and has been warned by Lafu previously.

Quote from: Lafu on November 08, 2019, 07:47:50 PM

Trojan.Multi.Generic.4!c
Trojan.Multi.Generic.4!c has been considered as one of the most dangerous OS threat.
It usually infect all famous browser by attaching add-ons, plug-ins and other suspicious code.
By modifying browser setting and attacking your browser, it will lead you to the third-party site and start to cause interruption while surfing the web.
Trojan.Multi.Generic.4!c will brings lots of serious problems to you.
Encrypts your files , Opens the System backdoor and allow hackers to access PC remotely.Collects victims all sensitive data and send them to the scammers.

Archive: http://archive.is/wip/xmR2I

After a couple of days the dev instructed how to sync Haircomb wallet. I am just quoting the summarize version of original post.

Quote from: natasha-otomoski on November 09, 2019, 10:25:10 AM

Syncing guide - windows.

Are you expecting a haircomb payment and want to receive it to your own wallet?
Do you want to pay with your haircombs?
Do you want to create commits.db file yourself, so that you don't need to trust others to give you the correct file?
Do you want to monitor people claiming combs in real time?

Then you need synced haircomb core wallet. Learn how to do this using this guide.
Prerequisites. You should have more than 250GB free disk space. Should have reliable electricity supply, with no planned power loss.
1. Download combfullui.exe from github and place it to it's own folder
2. Download btc.zip (the modified bitcoin qt 0.18.1) and unzip it.

Archive: http://archive.is/BSkqY#msg53030389

The dev has recently uploaded the latest version of the wallet 0.3.2 for both Windows and Linux.
Github Upload: https://github.com/natasha-otomoski/haircomb
Archive: http://archive.is/7GF23

I've again used VirusTotal to scan the Windows wallet file and found the following result.

Reference: https://www.virustotal.com/gui/file/fe39f430cb93118326b3417499c77641d6b7e1345573e5dfbbd4681af59c3679/detection

According to Microsoft - Worm.Bereb.i is from the category of Worm.Bereb malicious virus that does the below thing along with other similar viruses from Worm.Bereb.

Quote

This threat tries to use the Windows Autorun function to spread through removable drives, like USB flash drives.

Reference: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm%3AWin32%2FBereb.B&ThreatID=-2147464970

Topic: Possibly Phishing Haircomb Wallet & Using of Stock Image (Read 430 times)