I just noticed that someone has sent me a tip and coverd my losses (several days ago)! I dont know who you are, but I want to thank you! This was a huge surprise to me!
It was my first time I opened my LTC wallet after I deleted the old one and created this new one, just to notice there are some great people in this forum!
Topic: SCAM alert! The coin creator software by Xevox is a wallet stealer! (Read 3699 times)
May 16, 2014, 09:50:52 AM
some years ago I tried an av from kasperky that would ask me confirmation for ANY suspicious event
"do you want to allow this registry write?"
"X wants to read the registry"
"Y wants to access the internet"
it was totally unbearable, after a few days I got rid of it, because I was blindly allowing everything
"do you want to allow this registry write?"
"X wants to read the registry"
"Y wants to access the internet"
it was totally unbearable, after a few days I got rid of it, because I was blindly allowing everything
May 16, 2014, 09:44:31 AM
do you have any idea on how incredibly laggy would become your computer if the AV starts to decompile EVERY SINGLE EXECUTABLE to see if there's malicious intent?
What real time protection does, is comparing the executable to a known list of malware.
And then, even if such an antivirus would exist (but nobody would ever buy it), virus writers simply encrypt/obfuscate their app and that would be useless.
A firewall could have stopped the ftp uploading process, but the average user would have dismissed the "are you sure to allow..." dialog in a heartbeat, without even read it
What real time protection does, is comparing the executable to a known list of malware.
And then, even if such an antivirus would exist (but nobody would ever buy it), virus writers simply encrypt/obfuscate their app and that would be useless.
A firewall could have stopped the ftp uploading process, but the average user would have dismissed the "are you sure to allow..." dialog in a heartbeat, without even read it
May 16, 2014, 09:17:18 AM
While scanning can be done without executing the program.
Did you see the code? With such a simple code, the antivirus would report as suspicious 95% of software, and the users will click "run anyway" without reading.
About warnings, since he is using Windows, OP totally ignored the microsoft smartscreen warning saying that this is an untrusted app from the internet.
Do you think that another warning, that would appear by running almost every app downloaded from the net would have been more effective?
And also, don't forget that the app is compiled, would you accept a delay of 3-4 seconds in opening every app because the AV has to check if the decompiled code is "safe"? (and also must check in the future, against tamperings)
95% of software do not upload your local files to a remote FTP, so they won't trigger this warning.
I was talking about scanning the file without executing it. The "run time scanner" don't have to be this thorough, but there's no reason for the regular scanner not able to spend the time to decompile and warn. I think most people would depend on the "regular scanner" to scan unknown files, they don't usually just execute unknown files from Internet and pray the "run time scanner" can intercept bad things.
May 16, 2014, 03:02:54 AM
While scanning can be done without executing the program.
Did you see the code? With such a simple code, the antivirus would report as suspicious 95% of software, and the users will click "run anyway" without reading.
About warnings, since he is using Windows, OP totally ignored the microsoft smartscreen warning saying that this is an untrusted app from the internet.
Do you think that another warning, that would appear by running almost every app downloaded from the net would have been more effective?
And also, don't forget that the app is compiled, would you accept a delay of 3-4 seconds in opening every app because the AV has to check if the decompiled code is "safe"? (and also must check in the future, against tamperings)
May 15, 2014, 08:13:58 PM
Why not? the program takes multiple files from the user's computer, and uploads to a remote FTP, that seems pretty malicious to me, or at least warrants a BIG RED warning to the user:
"This program will try to upload your files to a remote FTP, if this is not the desired behavior, don't fucking run it".
"This program will try to upload your files to a remote FTP, if this is not the desired behavior, don't fucking run it".
So, any software that has libraries to access FTP (browsers, ftp clients, file uploaders, dropbox clones, html editors) will be detected as virii?
This is social engineering, only an human can detect it
Next time the OP will install a good firewall like this http://www.sphinx-soft.com/Vista/order.html or run unknown software in a virtual machine
Not detected as virus, but just popup a warning, then the user will know if the program is doing what it suppose to do. Firewall is basically the same thing, it will popup a warning when the program first trying to upload something. The downside to firewall is that it only works when the program has already ran, and firewall could fail to work. While scanning can be done without executing the program.
May 11, 2014, 10:05:53 AM
The funny part is that people come and post "these scumbags!" and stuff, but in reality at least 1 of these people commenting is a thief too, if not more.
May 11, 2014, 09:40:14 AM
jukka - gotta say you've done a great job with exposing this fraudster.
A lot of people wouldn't have been able to notice what you did and you've likely saved many people from losing a lot of money. Credit where credit is due!!!
A lot of people wouldn't have been able to notice what you did and you've likely saved many people from losing a lot of money. Credit where credit is due!!!
Thank you! I really appreciate it!
May 10, 2014, 04:25:05 PM
jukka - gotta say you've done a great job with exposing this fraudster.
A lot of people wouldn't have been able to notice what you did and you've likely saved many people from losing a lot of money. Credit where credit is due!!!
A lot of people wouldn't have been able to notice what you did and you've likely saved many people from losing a lot of money. Credit where credit is due!!!
May 10, 2014, 02:34:02 PM
What about this other question I had regarding the product you proposed:
Regarding the FW is free version enough for a regular user?
Regarding the FW is free version enough for a regular user?
yes
it will ask you permission to access the internet for ANY application on your pc (hence, for the first two weeks is extremely annoying, as it wil ask for ANY app, even system apps)
Ok, I will check that! Thanks!
May 10, 2014, 02:29:04 AM
Thank you for reminding me.
I will be away from this coin, thank you.
I will be away from this coin, thank you.
May 10, 2014, 02:11:58 AM
What about this other question I had regarding the product you proposed:
Regarding the FW is free version enough for a regular user?
Regarding the FW is free version enough for a regular user?
yes
it will ask you permission to access the internet for ANY application on your pc (hence, for the first two weeks is extremely annoying, as it wil ask for ANY app, even system apps)
May 09, 2014, 02:34:43 PM
For those who would like to examine the virus, here is a link of the original file. Please don't run the CoinGen.exe
Thanks for uploading this file so we can have a look at it for ourselves.
May 09, 2014, 02:29:44 PM
when i scanned it with virustotal, it reported 1 red flag
Well that goes to show that you cannot trust virus total. Last time I trust that bitch.
You do know that virus total is scanned with 52 virus software engines, so if you cant trust virustotal you cant trust all virus protection softwares made
Best to use new shady softwares on a computer separate from your main system
May 09, 2014, 02:11:39 PM
I think the FTP password changed sadly, would be interesting to see what is stored on the scammers account.
I know the LTC addres the fucker is using but I think that I will keep that as my little secret. God damn, a whole pint of beer! That is robbery!
May 09, 2014, 02:06:13 PM
I think the FTP password changed sadly, would be interesting to see what is stored on the scammers account.
May 09, 2014, 01:43:17 PM
I'll never understand these morons. He did all that work for 1 Litecoin. If he actually directed his energy towards something good, he could've made way more money with those programming skills. And now he's going to hell, if there is a hell.
Hey! It was my precious litecoin you are now talking!
But honestly, he could have more if he would not had become greedy and asked BTC for the application, and yes, I also like to think that maby I helped somebody by telling about this and decompiling the code.
However, some people, even in this thread, have been attacking me for opening this thread (and yes, also requesting a little donation (havent got anything though)). It looks like that in this forum it is ok, to just beg coins in some thread but not ask donation if you have lost something and by doing that maybe helping others!
It really makes me sad!
May 09, 2014, 01:29:38 PM
I'll never understand these morons. He did all that work for 1 Litecoin. If he actually directed his energy towards something good, he could've made way more money with those programming skills. And now he's going to hell, if there is a hell.
he can just make another aka and create client with wallet stealer, which is even worse
May 09, 2014, 01:28:40 PM
But applications which upload wallets could be at least be warned!
From a computer point of view, the wallet it's just a file
Suppose you want to copy the wallet to another computer, is this a legitimate action, or is a virus?
How can an antivirus do such decisions? What an AV does is to just compare it to a known list of malware. Or detect something suspicious, like editing critical files/place itself in autorun
Ok, I (CLEARLY)
am not expert in this area What about this other question I had regarding the product you proposed:
Regarding the FW is free version enough for a regular user?
May 09, 2014, 01:14:39 PM
when i scanned it with virustotal, it reported 1 red flag
Well that goes to show that you cannot trust virus total. Last time I trust that bitch.
vt is junk. upload to malwr and you would have seen very clearly.
common sense would have been best defense though.
Tested this and here is the result, so that could not helped either!
Error: Analysis failed: The package "modules.packages.exe" start function raised an error: Unable to execute initial process, analysis aborted
File Details
File Name CoinGen.exe
File Size 500736 bytes
File Type PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 c2ab580d501cbc47d5cebd920abb2e84
SHA1 bf990585b666e8dc0084aa6ef079e14c747e002e
SHA256 dab61b5f3270ca9b72540a29b1f7777e147fb543a4e87cc33378dafcafb20ccf
SHA512 6fbe68e3c64e81029bfa1de8beaefed9cca7b6a5c735ec339419b5addac9363773cd159b325d317 b3c94bade9d4b834844872bdf6cd2fb3b08b863897bb89778
CRC32 B5DA53E1
Ssdeep 12288:gzn45Ov0iZJxBy18nBHhfivB8HGEBzkSyD2k/kwHlbjaqOwr4b9JBQ2Y6MCIaZf2:5
Yara None matched
Jump to: