QUEDOS is a Virus Trojan use malwarebytes for removal - page 3.

realcryptodisciple

full member

Activity: 140

Merit: 100

Quote from: ?? on ??

Quote from: RJX on November 13, 2015, 11:56:58 AM

Quote from: ocminer on November 13, 2015, 11:50:37 AM

It would probably be helpful if someone could compile the win wallet from source so that we could compare both builds and see if there are any hidden "attachments" etc.

That would be helpful, i'll see if with current setup I can.

In the meantime, would you advise to remove everything, appdata, manually? And could I keep the dat file because perpetual moondelusion/greed? Cheesy

there is nothing wrong with the client, just ocminer spreading fud because his mining pool is shitty

your malware scan showed zero results and your pc is fine

i call FUD

Regardless the coin is a scam. The plagiarized whitepaper is all the proof needed.

The children making these copy/paste coins spend more time on fancy graphics than any actual technology.

ocminer

legendary

Activity: 2688

Merit: 1240

Quote from: RJX on November 13, 2015, 11:56:58 AM

Quote from: ocminer on November 13, 2015, 11:50:37 AM

It would probably be helpful if someone could compile the win wallet from source so that we could compare both builds and see if there are any hidden "attachments" etc.

That would be helpful, i'll see if with current setup I can.

In the meantime, would you advise to remove everything, appdata, manually? And could I keep the dat file because perpetual moondelusion/greed? Cheesy

You're pretty safe with the wallet.dat - no problem.

From what I know about the Artemis Trojan its an old, common trojan which enables remote access to your (windows) pc - However currently its unclear IF its Artemis or something else and/or if its modified and what exactly it is doing. Malwarebytes etc. works with certain signatures which can be circumvented/changed quite easily, so it's not a big deal to make an old virus/trojan "invisible" for some time...

It is clear though that its an obvious scam with a 1:1 copied white paper and a wallet created by a rather simple generator service and that VirusTotal rings all bells on this one.

It's currently probably the best to secure the PC with a firewall which examines outbound and inbound connections and only allow known connections and wait until someone can do a deep analysis of the file.

samspaces

legendary

Activity: 1453

Merit: 1030

If these guys do not compile the windows wallets themselves, the culprits may have nothing to do with the developers.

RJX

legendary

Activity: 1078

Merit: 1003

Quote from: ocminer on November 13, 2015, 11:50:37 AM

It would probably be helpful if someone could compile the win wallet from source so that we could compare both builds and see if there are any hidden "attachments" etc.

That would be helpful, i'll see if with current setup I can.

In the meantime, would you advise to remove everything, appdata, manually? And could I keep the dat file because perpetual moondelusion/greed? Cheesy

ocminer

legendary

Activity: 2688

Merit: 1240

Quote from: RJX on November 13, 2015, 11:47:04 AM

Malwarebytes threat scan just finished and result is 0. Wallet has been on pc for two days but no incidents. Is this not the right scan maybe?

I'm not saying it's not true, I'd like to keep the pc safe and just don't really know what I'm looking at.

I'm unsure if its (the trojan) modified or not - usually malwarebytes should be able to detect "Artemis" - However, maybe I'm totally wrong (unlikely) and it's clean.

It would probably be helpful if someone could compile the win wallet from source so that we could compare both builds and see if there are any hidden "attachments" etc.

RJX

legendary

Activity: 1078

Merit: 1003

Malwarebytes threat scan just finished and result is 0. Wallet has been on pc for two days but no incidents. Is this not the right scan maybe?

I'm not saying it's not true, I'd like to keep the pc safe and just don't really know what I'm looking at.

ocminer

legendary

Activity: 2688

Merit: 1240

Quote from: realcryptodisciple on November 13, 2015, 11:33:38 AM

Quote from: ocminer on November 13, 2015, 11:28:24 AM

Quote from: ?? on ??

Quote from: ocminer on November 13, 2015, 11:08:14 AM

There are a lot of more things which could be posted here... Do your own research.

Post them all for us to see it here, we want to see MOAR Cheesy

Comparing the "Dev's" account history with yours, makes me think you're the "Dev" :-)

Thank you ocminer for exposing these scumbags for the pathetic scammers that they are. Both adiyrie and Prasmatic are the same entity.

Ah you're probably right.. I see its a bought account:

https://bitcointalksearch.org/topic/m.12921561

Well.. Unfortunately.. Good Graphics, a Homepage and a nice Whitepaper do not seem to proof anything today :-(

realcryptodisciple

full member

Activity: 140

Merit: 100

Quote from: ocminer on November 13, 2015, 11:28:24 AM

Quote from: ?? on ??

Quote from: ocminer on November 13, 2015, 11:08:14 AM

There are a lot of more things which could be posted here... Do your own research.

Post them all for us to see it here, we want to see MOAR Cheesy

Comparing the "Dev's" account history with yours, makes me think you're the "Dev" :-)

Thank you ocminer for exposing these scumbags for the pathetic scammers that they are. Both adiyrie and Prasmatic are the same entity.

ocminer

legendary

Activity: 2688

Merit: 1240

Quote from: ?? on ??

Quote from: ocminer on November 13, 2015, 11:08:14 AM

There are a lot of more things which could be posted here... Do your own research.

Post them all for us to see it here, we want to see MOAR Cheesy

Comparing the "Dev's" account history with yours, makes me think you're the "Dev" :-)

ocminer

legendary

Activity: 2688

Merit: 1240

I'm unsure why there is so much "love" spread here now.. I'm not the bad guy here, I just noticed the threat based on my observations and tips I got from notsofast and after I did some research I decided to close the pool and post into "his" thread - this posting was deleted immediately which ultimatively lead me to create a new thread for the warning. If you are STILL certain that the wallet is correct/right - just ignore me and keep on doing what you're doing.

Just one thing:

The Whitepaper is a 1:1 copy of this White Paper:

http://www.tik.ee.ethz.ch/file/716b955c130e6c703fac336ea17b1670/duplex-micropayment-channels.pdf

He simply replaced "QUEDOS" in his file.

Proof:
Just copy a long sentence from the QUEDOS Whitepaper like

"to create long-lived channels over which an arbitrary number" (Page 1)

The Quedos WP:

into Google and you'll find:

You can do this with the whole white paper.

There are a lot of more things which could be posted here... Do your own research.

bitspender

hero member

Activity: 658

Merit: 500

Told you

DanWalker

hero member

Activity: 1960

Merit: 547

Vave.com - Crypto Casino

well if that all doesn't teach me to not download a wallet till ocminer gives the go ahead... like most of the communitity , i trust him..

kevin1234a

legendary

Activity: 1162

Merit: 1000

Decentralizing Jesus on the Blockchain

told you guys both coins are fabricated and similar scamssssssss

notsofast

legendary

Activity: 1517

Merit: 1042

@notsofast

Quote from: ?? on ??

yuck when is the last time any of you wierdos went outside?

I *am* outside, taking down your attempts to rob the cryptocurrency community from my mobile phone in my spare moments. It must suck to have your hard work undone by us in a few minutes. Looking forward to making it even harder for you.

ocminer

legendary

Activity: 2688

Merit: 1240

Simply scan your box with malwarebytes..

Which reason has the dev for deleting my post that I am closing the pool

tekyboy

hero member

Activity: 508

Merit: 500

TekyBoy Crypto Services

Quote from: ?? on ??

I dont trust ocminer, he instantly replies every coin with pool (meaning he has no life and sits infront of screen all day hitting refresh button) as if anyone uses his shitty service

let him proove what he said

my friend next time i ll put up pool next to OC in one of the threads and you have to give us proof that you are mining on my pool instead of his

im not backing up his pool but there was seriously something wrong with quedos and xagon twin brothers and oc did pool bcoz he has better setup then most of us i almost compiled pool for quedos but didnt finished bcoz he was already thee.

thanks fr makig this forum friendly instead of hostile

keep smiling

notsofast

legendary

Activity: 1517

Merit: 1042

@notsofast

Quote from: ?? on ??

I dont trust ocminer, he instantly replies every coin with pool (meaning he has no life and sits infront of screen all day hitting refresh button) as if anyone uses his shitty service

let him proove what he said

You are also likely an astroturf account owned by the Quedos scamdev.

notsofast

legendary

Activity: 1517

Merit: 1042

@notsofast

Quote from: ?? on ??

Show us proof

Here is the Virustotal scan for quedos-qt.exe showing the hits for Artemis via McAfee.

https://www.virustotal.com/en/file/83abb7b3f28c363924beda4b0fc637f45df05ae20337040276f36ee40a26a756/analysis/

You are most likely an astroturf account owned by the Quedos scammer.

notsofast

legendary

Activity: 1517

Merit: 1042

@notsofast

Quote from: ocminer on November 13, 2015, 09:15:54 AM

Dev is deleting posts

Same story with XAGON be aware and scan your system with malwarebytes

I can confirm this. Upload your windows QT wallet to Virustotal for each of the above coins and you will see the same.

XAGON is infected with StartPage.UY, which changes the homepage of all your browsers.

QUEDOS is infected with Artemis, which basically disables almost all functions of your machine-- you'll need to sideload or boot into an AV rescue program.

And these are the viruses that are showing up in Virustotal... they could also be a smokescreen to distract you from an additional hidden trojan (using crypter or another easily available fud program) as past trojan-altcoins have done, in order to steal any cryptocurrency wallets from the infected machine.

This trojan-altcoin developer is taking more time to write legitimate-looking whitepapers, produce graphics and copy in good English, PAY for CryptoID block explorers, and employ many astroturf bitcointalk accounts to fill up discussion in the offending launch announcement threads while the trojan dev quickly deletes any warnings from actual respected members of the community who've discovered the viruses.

Let's continue to raise the difficulty of this person's attempts to steal from us, and make him waste more fucking time and money by being smart about these new trojan-infested altcoins.

MisO69

legendary

Activity: 1946

Merit: 1005

My mule don't like people laughing

Most of us trust what OCMiner says. Don't need proof, his word is good enough. Stay away.

Topic: QUEDOS is a Virus Trojan use malwarebytes for removal - page 3. (Read 4947 times)