Author

Topic: Virus:DOS/Stoned from Bitcoin Core (Read 1670 times)

full member
Activity: 140
Merit: 100
May 16, 2014, 05:37:14 PM
#10
I wonder what the intentions were. A serious attack can't be realized as far as I know. And just for trolling? Why?
full member
Activity: 238
Merit: 100
Stand on the shoulders of giants
May 16, 2014, 05:29:22 PM
#9
We urgently need a statement from the bitcoin core developers.

Has anyone found one yet?

This is an absolute DEFCON 1 situation for bitcoin. I uploaded the sst file to virustotal.com and it gets recognized by all the common AV products so millions of Bitcoin users are going to see this!


yep, rebels .. the empire strikes back ..
full member
Activity: 140
Merit: 100
May 16, 2014, 04:58:54 PM
#8
We urgently need a statement from the bitcoin core developers.

Has anyone found one yet?

This is an absolute DEFCON 1 situation for bitcoin. I uploaded the sst file to virustotal.com and it gets recognized by all the common AV products so millions of Bitcoin users are going to see this!
donator
Activity: 1419
Merit: 1015
May 16, 2014, 03:40:47 PM
#7
It would appear others have been having this issue as well. Here's a clamAV report from a month ago:
http://www.opendevs.org/mvkwt/virus-infection-alerts-from-files-in-bitcoin-chainstate.html

I ran into this issue on my Synology which I rsync with my blockchain as well. I imagine they use clamAV for their virus scanning engine. We'll probably have to start excluding .SST files from virus scanners, which isn't too horrible because they aren't executables, but like sirky mentions, this isn't a great solution long-term for the average home user.
full member
Activity: 238
Merit: 100
Stand on the shoulders of giants
May 16, 2014, 11:38:40 AM
#6
is that why 80 bytes is too much  Huh Roll Eyes
sr. member
Activity: 404
Merit: 250
May 16, 2014, 08:21:14 AM
#5
I had this too - it crashed my core client because MSE automatically quarantined the blockchain file.

I saw people suggesting not scanning .sst files, or not scanning your blockchain dir in the github comments, but those don't really seem like acceptable solutions to overcautious me. I mean, I do have my (somewhat meager amount of) bitcoins accessible to the core client.

I love the idea of helping bitcoin out by running a full node, but don't really want to put this PC or my bitcoins at risk, and exempting locations and files in AV seems to be doing that to me. On the other hand, not exempting them will just allow annoying kids to crash my node over and over by putting these signatures into the blockchain at will.

Am I looking at something wrong? Should I just move my full node somewhere else to a PC I don't care about so I can make these exemptions, and keep my wallet with some other software on a more protected computer?

Sorry for seeming somewhat uptight about this, but my greatest fear as a bitcoin owner is viruses somehow taking my unlocked wallet so anytime I see anything with viruses and bitcoin it sort of psyches me out.
hero member
Activity: 655
Merit: 500
May 16, 2014, 05:04:19 AM
#4
stoned? I suddently feel so old Sad
a friend of mine had an alert for another virus while updating the blockchain (he too into a chainstate file). at the same time i was updating.
His av poped up mine didnt. Same av... we assumed it was a false positive like this one
legendary
Activity: 1792
Merit: 1111
May 16, 2014, 04:57:13 AM
#3
false positive. someone put the signature of the virus to the blockchain.
hero member
Activity: 532
Merit: 500
Worldcore - Banking for the Future
May 16, 2014, 04:46:36 AM
#2
the stoned virus.. wow i havnt seen that in ages..  for the record DOS in that case is not Denial of Service. its actually MS DOS  the " stoned " virus is  that old.  your normal virus scanner should take care of it .. however if it works the same way it use to DO NO REBOOT unless youve fixed it.

if it doesnt your going to have to fix your MBR as thats what the virus affects if you reboot you'll see a message " this pc is STONED" its already to late at that point time to format and start over
newbie
Activity: 51
Merit: 0
May 16, 2014, 04:38:06 AM
#1
So I was updating my full node today when suddenly this pops up

https://i.imgur.com/RNrC90h.png

What's going on? Did anyone also experienced this?
Jump to: