Pages:
Author

Topic: QUEDOS is a Virus Trojan use malwarebytes for removal - page 3. (Read 4965 times)

full member
Activity: 140
Merit: 100

It would probably be helpful if someone could compile the win wallet from source so that we could compare both builds and see if there are any hidden "attachments" etc.


That would be helpful, i'll see if with current setup I can.

In the meantime, would you advise to remove everything, appdata, manually? And could I keep the dat file because perpetual moondelusion/greed?  Cheesy

there is nothing wrong with the client, just ocminer spreading fud because his mining pool is shitty

your malware scan showed zero results and your pc is fine

i call FUD

Regardless the coin is a scam.  The plagiarized whitepaper is all the proof needed.

The children making these copy/paste coins spend more time on fancy graphics than any actual technology.  
legendary
Activity: 2688
Merit: 1240

It would probably be helpful if someone could compile the win wallet from source so that we could compare both builds and see if there are any hidden "attachments" etc.


That would be helpful, i'll see if with current setup I can.

In the meantime, would you advise to remove everything, appdata, manually? And could I keep the dat file because perpetual moondelusion/greed?  Cheesy

You're pretty safe with the wallet.dat - no problem.

From what I know about the Artemis Trojan its an old, common trojan which enables remote access to your (windows) pc - However currently its unclear IF its Artemis or something else and/or if its modified and what exactly it is doing. Malwarebytes etc. works with certain signatures which can be circumvented/changed quite easily, so it's not a big deal to make an old virus/trojan "invisible" for some time...

It is clear though that its an obvious scam with a 1:1 copied white paper and a wallet created by a rather simple generator service and that VirusTotal rings all bells on this one.

It's currently probably the best to secure the PC with a firewall which examines outbound and inbound connections and only allow known connections and wait until someone can do a deep analysis of the file.
legendary
Activity: 1453
Merit: 1030
If these guys do not compile the windows wallets themselves, the culprits may have nothing to do with the developers.
RJX
legendary
Activity: 1078
Merit: 1003

It would probably be helpful if someone could compile the win wallet from source so that we could compare both builds and see if there are any hidden "attachments" etc.


That would be helpful, i'll see if with current setup I can.

In the meantime, would you advise to remove everything, appdata, manually? And could I keep the dat file because perpetual moondelusion/greed?  Cheesy
legendary
Activity: 2688
Merit: 1240
Malwarebytes threat scan just finished and result is 0. Wallet has been on pc for two days but no incidents. Is this not the right scan maybe?

I'm not saying it's not true, I'd like to keep the pc safe and just don't really know what I'm looking at.

I'm unsure if its (the trojan) modified or not - usually malwarebytes should be able to detect "Artemis" - However, maybe I'm totally wrong (unlikely) and it's clean.

It would probably be helpful if someone could compile the win wallet from source so that we could compare both builds and see if there are any hidden "attachments" etc.
RJX
legendary
Activity: 1078
Merit: 1003
Malwarebytes threat scan just finished and result is 0. Wallet has been on pc for two days but no incidents. Is this not the right scan maybe?

I'm not saying it's not true, I'd like to keep the pc safe and just don't really know what I'm looking at.
legendary
Activity: 2688
Merit: 1240
There are a lot of more things which could be posted here... Do your own research.

Post them all for us to see it here, we want to see MOAR Cheesy

Comparing the "Dev's" account history with yours, makes me think you're the "Dev" :-)


Thank you ocminer for exposing these scumbags for the pathetic scammers that they are.  Both adiyrie  and Prasmatic are the same entity.

Ah you're probably right.. I see its a bought account:

https://bitcointalksearch.org/topic/m.12921561

Well.. Unfortunately.. Good Graphics, a Homepage and a nice Whitepaper do not seem to proof anything today :-(
full member
Activity: 140
Merit: 100
There are a lot of more things which could be posted here... Do your own research.

Post them all for us to see it here, we want to see MOAR Cheesy

Comparing the "Dev's" account history with yours, makes me think you're the "Dev" :-)


Thank you ocminer for exposing these scumbags for the pathetic scammers that they are.  Both adiyrie  and Prasmatic are the same entity.
legendary
Activity: 2688
Merit: 1240
There are a lot of more things which could be posted here... Do your own research.

Post them all for us to see it here, we want to see MOAR Cheesy

Comparing the "Dev's" account history with yours, makes me think you're the "Dev" :-)
legendary
Activity: 2688
Merit: 1240
I'm unsure why there is so much "love" spread here now.. I'm not the bad guy here, I just noticed the threat based on my observations and tips I got from notsofast and after I did some research I decided to close the pool and post into "his" thread - this posting was deleted immediately which ultimatively lead me to create a new thread for the warning. If you are STILL certain that the wallet is correct/right - just ignore me and keep on doing what you're doing.

Just one thing:

The Whitepaper is a 1:1 copy of this White Paper:

http://www.tik.ee.ethz.ch/file/716b955c130e6c703fac336ea17b1670/duplex-micropayment-channels.pdf

He simply replaced "QUEDOS" in his file.

Proof:
Just copy a long sentence from the QUEDOS Whitepaper like

"to create long-lived channels over which an arbitrary number" (Page 1)

The Quedos WP:



into Google and you'll find:




You can do this with the whole white paper.

There are a lot of more things which could be posted here... Do your own research.
hero member
Activity: 658
Merit: 500
Told you
hero member
Activity: 1960
Merit: 547
DGbet.fun - Crypto Sportsbook
well if that all doesn't teach me to not download a wallet till ocminer gives the go ahead...   like most of the communitity ,  i trust him..   
legendary
Activity: 1162
Merit: 1000
Decentralizing Jesus on the Blockchain
told you guys both coins are fabricated and similar scamssssssss Smiley
legendary
Activity: 1517
Merit: 1042
@notsofast
yuck when is the last time any of you wierdos went outside?

I *am* outside, taking down your attempts to rob the cryptocurrency community from my mobile phone in my spare moments. It must suck to have your hard work undone by us in a few minutes. Looking forward to making it even harder for you.
legendary
Activity: 2688
Merit: 1240
Simply scan your box with malwarebytes..

Which reason has the dev for deleting my post that I am closing the pool
hero member
Activity: 508
Merit: 500
TekyBoy Crypto Services
I dont trust ocminer, he instantly replies every coin with pool (meaning he has no life and sits infront of screen all day hitting refresh button) as if anyone uses his shitty service

let him proove what he said

my friend next time i ll put up pool next to OC in one of the threads and you have to give us proof that you are mining on my pool instead of his Smiley

im not backing up his pool but there was seriously something wrong with quedos and xagon twin brothers and oc did pool bcoz he has better setup then most of us i almost compiled pool for quedos but didnt finished bcoz he was already thee.

thanks fr makig this forum friendly instead of hostile

keep smiling
legendary
Activity: 1517
Merit: 1042
@notsofast
I dont trust ocminer, he instantly replies every coin with pool (meaning he has no life and sits infront of screen all day hitting refresh button) as if anyone uses his shitty service

let him proove what he said

You are also likely an astroturf account owned by the Quedos scamdev.
legendary
Activity: 1517
Merit: 1042
@notsofast
Show us proof

Here is the Virustotal scan for quedos-qt.exe showing the hits for Artemis via McAfee.

https://www.virustotal.com/en/file/83abb7b3f28c363924beda4b0fc637f45df05ae20337040276f36ee40a26a756/analysis/

You are most likely an astroturf account owned by the Quedos scammer.
legendary
Activity: 1517
Merit: 1042
@notsofast
Dev is deleting posts

Same story with XAGON be aware and scan your system with malwarebytes

I can confirm this. Upload your windows QT wallet to Virustotal for each of the above coins and you will see the same.

XAGON is infected with StartPage.UY, which changes the homepage of all your browsers.

QUEDOS is infected with Artemis, which basically disables almost all functions of your machine-- you'll need to sideload or boot into an AV rescue program.

And these are the viruses that are showing up in Virustotal... they could also be a smokescreen to distract you from an additional hidden trojan (using crypter or another easily available fud program) as past trojan-altcoins have done, in order to steal any cryptocurrency wallets from the infected machine.

This trojan-altcoin developer is taking more time to write legitimate-looking whitepapers, produce graphics and copy in good English, PAY for CryptoID block explorers, and employ many astroturf bitcointalk accounts to fill up discussion in the offending launch announcement threads while the trojan dev quickly deletes any warnings from actual respected members of the community who've discovered the viruses.

Let's continue to raise the difficulty of this person's attempts to steal from us, and make him waste more fucking time and money by being smart about these new trojan-infested altcoins.

legendary
Activity: 1946
Merit: 1005
My mule don't like people laughing
Most of us trust what OCMiner says. Don't need proof, his word is good enough. Stay away.
Pages:
Jump to: