Topic: Trojan Horse/Malware Detected On My Bitcoin Machine (Read 4001 times)

Be sure to keep different wallets, and don't continue to use a compromised computer. Unless you want to end up like some unprepared forum members. There are plenty of threads on this subject, search away!

Viper I had not heard of Immunet before you mentioned it, it looks decent enough...  It seems to score well against a decent number of malware threats.  (better than many)

I don't know if I would use it in place of a licensed version of Malwarebytes... while Immunet scores better on the 2011 malware flash tests than something like AVG, it does not seem to surpass the protection of a program like Norton.   See below for recent statistics on Malware Related Security Products to Assess your own solution.*

I still recommend that every bitcoiner running the Windows Operating System should follow my steps listed above on your OS if you would like to confirm your malware health.

Here is the proper way to configure a Windows XP/Vista/Windows 7 PC to be "Technically Secure" against a malware infection devoid of any 3rd party security software.

A fully updated Operating System (including service packs), with Automatic Update ON, Updated Third Party Applications(Java, Adobe Flash, Adobe Reader, etc), Microsoft Security Essentials (MSSE) installed, Internet Explorer 8 or 9 default security settings (Reset all zones to default level), with SmartScreen Filter ON, and Pop-Up Blocker  ON.), Windows Firewall ON,  User Account Control (UAC) ON (Vista and Windows 7), and not running with elevated privileges, A good password policy in effect.

* http://malwareresearchgroup.com/malware-tests/flash-test-results/


The ONLY product that surpasses Malwarebytes is something called "Defense Wall", which is more of a sandbox system, than true antimalware solution.

I can't recommend Defense Wall as I have not used it, nor do I know for sure that it will not interfere with the operation of the Bitcoin client.

Hi Jimbobway,

Do you have JAVA installed on your system?  If it is less than Java 6 Update 26 you have a huge security hole there..  the little orange box in your system tray is annoying, but its your friend also.

http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html#AppendixJAVA

I'm not sure what antivirus you are using, but please take a moment and perform these tasks on your system for some extra peace of mind (or wipe your system with DBAN which will COMPLETELY erase every sector on your drive, then reinstall everything fresh and restore your backups)...  

For quick and dirty rootkit detection you can download GMER and do a preliminary scan..

http://www.gmer.net/

If GMER detects things that your antivirus has missed, then either manually hunt these buggers out of your system, or take my next recommendation...

Please boot your system with the CD/DVD/USB drive created from this website, and perform an Offline System Scan, typically capable of detecting some of the more advanced cloaking, rootkit techniques, and rogue JAVA code living on your drive that an Online System Scan will miss.

http://connect.microsoft.com/systemsweeper

Finally.. please consider purchasing Malwarebytes as an add on security layer to your existing antivirus solution, it co-exists well with most other antivirus solutions... You can get a free scan and clean from Malwarebytes following (or prior) to the MSSS boot scan.

It will scan and clean your computer for FREE, and if you would like it to actively protect your system its very cheap.  Malwarebytes has some sophisticated heuristics detection routines, a dynamic and fully automatic IP blocking system against the bad guys, and I have found that it does an AMAZING job for the money..

Please run GMER one last time... If GMER finds a modified MBR (Master Boot Record) you NEED to clean it manually.

For Windows XP you should be able to boot with your OS CD and pick "Recovery Console" as one of the first options.. Use the FIXMBR command..

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/bootcons_fixmbr.mspx

If you are on Windows 7 or Vista you will want to use the BOOTREC command.. here are some docs on that.

http://support.microsoft.com/kb/927392

If this doesn't help you, hopefully it helps someone!

Join a small pool.

I would join a big pool. Solo mining is not worth it unless you have a crazy hashrate. Also if I was just starting out I would invest whatever time is necessary to setup a linux box just to store coins I would mine.

Man every time I see you post I get this feeling like I have been kicked in the gut, as it reminds me of the greatest bitcoin tragedy to date.  It's Shakespearian in scope.  We feel your pain man.

yes I mine on slush and deepbit.  I'm using poclbm.

Did you download a Bitcoin miner?

no, you're safe.  you can have thousands of addresses stored in your wallet, not just 100.

A question:

If I open my bitcoin client, cycle through 100 addresses, copy the 101st, then send some BTC to that one, THEN encrypt and backup my wallet.dat file, are the coins I had in there before cycling through the addresses safe or only the new ones?

Thanks.

Send them to an online wallet or Mt Gox or something.

and then follow the instructions to create a secure wallet ASAP
http://forum.bitcoin.org/index.php?topic=16457.msg226657#msg226657

We don't need another "allinvain" tragedy.

given what happened to you, if you were just starting mining, would you join a big pool or stay independent?

If you have any BTC beyond 10 on that machine do yourself a big favor and move them to a secure wallet running on Mac OS X or Linux right NOW!

My AVG Antivirus caught the following a couple of weeks ago on my Windows (Yea I know Windows is no good) machine running bitcoin.

Trojan horse Generic22.BOFM
Malware Win32.Sasfix.bktc


Anybody else get something like this?