Author

Topic: Potential Virus - Minerd related? Possible Coin stealer? (Read 1113 times)

newbie
Activity: 14
Merit: 0
Norton picked up a contaminated file when I first started mining ltc a month or so ago. I to strayed off the beaten path and downloaded something I shouldn't have.
legendary
Activity: 1554
Merit: 1002
if in doubt shove it through this
https://www.virustotal.com/en/
newbie
Activity: 20
Merit: 0
yeah i would be careful if you download mining software from non official websites (like somewhere on a form linked to a filehoster). i just download mining software from the official websites.
legendary
Activity: 1652
Merit: 1016
In the MEantime .... Just spend Bitcoins on Porn  WOOOHOOO

People still pay for porn?
hero member
Activity: 504
Merit: 500
Keep your active-scanner on "paranoid" mode... whenever you are going into the "unknown"... (Same settings as a full-scan, scan read, scan write, scan access, scan all files/types...) Setup a "Paranoid" profile, just for that... Tongue )
newbie
Activity: 28
Merit: 0
i'm sure i got it from the Miner software i downloaded as there is no other avenue it could have came from.

Um, It could have come from an AD on any website, related to bitcoins, or bitcoin-mining... Or any other legitimate website.

But I digress...

Yes, everyone should be careful on the internet. Browsing is more dangerous than "installing" programs, because you do that more, and "assume", it is safer. (Especially if you use a virus scanner, and non MSIE browser, thus, assuming even more, and being more vulnerable with multiple ways to get infected now.)

Every legitimate program you add, with false security promises, and open ports... is simply another way for a virus to get inside. (Look at a port monitor, and you will see you have about three dozen open ports, from about 12 programs, at any one time.)

But it MUST be the bitcoin programs, because that is what you "knowingly" installed... (Um, ironic that you just confessed to doing something that you, in hind-sight, know leads to infections. Tongue )

Good luck with your scans... Make sure you change the "default" settings of your scanner to... "Scan all files", and "Include common files", and "deflate all zipped files", and "Do not exclude ____ type of file". The "default" settings, even for a "Full scan" does not scan all files. It only focuses on the most potential files, and often skips the majority of actual infected files, because they hide as somevirus.txt, somevirus.jpg, somevirus.mp3, etc...

Helps if you do a boot-scan too, without being online, where more viruses can just drop in, after the dropper has detected you "just scanned this folder", dropping a backup-dropper. That also allows system files to be scanned, before they start. Since viruses usually start there. (They crash a system file, infect it quickly, then the file restarts after it sees it has crashed, and now it infects every other system along the way.)

Okay this i very helpful information and i thank you for it, and this has led me to think that i may stand corrected.

I am thinking that a rogue coin related website, as i have browsed an awful lot recently, may be just as likely (or more likely?) to have caused the virus. Thank you for pointing out.
hero member
Activity: 504
Merit: 500
i'm sure i got it from the Miner software i downloaded as there is no other avenue it could have came from.

Um, It could have come from an AD on any website, related to bitcoins, or bitcoin-mining... Or any other legitimate website.

But I digress...

Yes, everyone should be careful on the internet. Browsing is more dangerous than "installing" programs, because you do that more, and "assume", it is safer. (Especially if you use a virus scanner, and non MSIE browser, thus, assuming even more, and being more vulnerable with multiple ways to get infected now.)

Every legitimate program you add, with false security promises, and open ports... is simply another way for a virus to get inside. (Look at a port monitor, and you will see you have about three dozen open ports, from about 12 programs, at any one time.)

But it MUST be the bitcoin programs, because that is what you "knowingly" installed... (Um, ironic that you just confessed to doing something that you, in hind-sight, know leads to infections. Tongue )

Good luck with your scans... Make sure you change the "default" settings of your scanner to... "Scan all files", and "Include common files", and "deflate all zipped files", and "Do not exclude ____ type of file". The "default" settings, even for a "Full scan" does not scan all files. It only focuses on the most potential files, and often skips the majority of actual infected files, because they hide as somevirus.txt, somevirus.jpg, somevirus.mp3, etc...

Helps if you do a boot-scan too, without being online, where more viruses can just drop in, after the dropper has detected you "just scanned this folder", dropping a backup-dropper. That also allows system files to be scanned, before they start. Since viruses usually start there. (They crash a system file, infect it quickly, then the file restarts after it sees it has crashed, and now it infects every other system along the way.)
newbie
Activity: 28
Merit: 0
McAfee was going mad here this morning too.  Doesn't seem to like the Litecoin miners linked in the "alternative currency" forum.  I should have know better when it came off Rapidshare.  Roll Eyes


I think that could be my problem. I MAY have downloaded an alt-coin miner from a differing thread than the original as i was looking for the most up to date version. I recall downloading both GUI Miner and GUI Miner Alpha versions from different threads. Just speculating that on some of those threads may the culprit lie.
newbie
Activity: 28
Merit: 0
I would reinstall windows.... some of those rootkits are pretty nasty and impossible to detect

Thanks ralph. I've all my Crypto Currency data / transactions / clients over to a fresh Ubuntu Linux installation on a portable hard drive. To be safe, i'll consider reinstalling windows and likely do this shortly.
newbie
Activity: 8
Merit: 0
I would reinstall windows.... some of those rootkits are pretty nasty and impossible to detect
hero member
Activity: 1246
Merit: 501
McAfee was going mad here this morning too.  Doesn't seem to like the Litecoin miners linked in the "alternative currency" forum.  I should have know better when it came off Rapidshare.  Roll Eyes
newbie
Activity: 25
Merit: 0
In the MEantime .... Just spend Bitcoins on Porn  WOOOHOOO
newbie
Activity: 28
Merit: 0
Okay, so i would be very security conscientious at the most part but just recently i downloaded several miners, all linked to from these forums, for different crypto-currencies as a means of testing.

Having read someone who was asked to run a Java program randomly which proceeded to run an exploit to enable the hacker to remove his funds (cant recall the topic but it's here somewhere) i was fortunately prepared when i was asked to execute a very suspicious 'Java Upgrade' less than 10 minutes ago.

I'm now doing a full run of Anti Malware / Anti Virus searches and removing all the mining software i downloaded.

I am posting this to ask everyone to be very careful when downloading miners as i'm as certain as i could be that this was a virus (Java update was not from Oracle, some random address) and i'm sure i got it from the Miner software i downloaded as there is no other avenue it could have came from.

Be careful and stay safe!

Couple of people already got their coins stolen from mt gox by letting Java apps access to their PC.

Heard about someone who got 30BTC stolen this way. BTC is certainly for the technologically advanced and not for pensioners.


I would certainly agree that BTC is currently only for the technicallly and security savvy and until these things are addressed it shall only stifle the growth of crypto-currencies. Security needs to be strong and in the background. Some sort of supplementary encryption program or further enhancements to the clients will hopefully address this issue.
sr. member
Activity: 350
Merit: 250
Okay, so i would be very security conscientious at the most part but just recently i downloaded several miners, all linked to from these forums, for different crypto-currencies as a means of testing.

Having read someone who was asked to run a Java program randomly which proceeded to run an exploit to enable the hacker to remove his funds (cant recall the topic but it's here somewhere) i was fortunately prepared when i was asked to execute a very suspicious 'Java Upgrade' less than 10 minutes ago.

I'm now doing a full run of Anti Malware / Anti Virus searches and removing all the mining software i downloaded.

I am posting this to ask everyone to be very careful when downloading miners as i'm as certain as i could be that this was a virus (Java update was not from Oracle, some random address) and i'm sure i got it from the Miner software i downloaded as there is no other avenue it could have came from.

Be careful and stay safe!

Couple of people already got their coins stolen from mt gox by letting Java apps access to their PC.

Heard about someone who got 30BTC stolen this way. BTC is certainly for the technologically advanced and not for pensioners.
newbie
Activity: 28
Merit: 0
Okay, so i would be very security conscientious at the most part but just recently i downloaded several miners, all linked to from these forums, for different crypto-currencies as a means of testing.

Having read someone who was asked to run a Java program randomly which proceeded to run an exploit to enable the hacker to remove his funds (cant recall the topic but it's here somewhere) i was fortunately prepared when i was asked to execute a very suspicious 'Java Upgrade' less than 10 minutes ago.

I'm now doing a full run of Anti Malware / Anti Virus searches and removing all the mining software i downloaded.

I am posting this to ask everyone to be very careful when downloading miners as i'm as certain as i could be that this was a virus (Java update was not from Oracle, some random address) and i'm sure i got it from the Miner software i downloaded as there is no other avenue it could have came from.

Be careful and stay safe!
Jump to: