WARNING: BTCStats-QT.exe installs a keylogger/backdoor

substratum

newbie

Activity: 36

Merit: 0

Quote from: yenom on March 03, 2014, 05:04:06 AM

I feel like such an idiot. Anyway, the above program has been promoted in bitcoin chat rooms/channels and some websites. If you downloaded it assume you have a remote backdoor and keylogger on your system. Remove it with Anti-Malware program.

Where was the original file downloaded from? I'd like to analyze it.

yenom

full member

Activity: 168

Merit: 100

This page was the best help. None of the malware removal programs I tried could remove it. But doing it manually this way did:

http://www.enigmasoftware.com/msdcscexe-removal/

yenom

full member

Activity: 168

Merit: 100

Just one slip-up can be costly. I remember when I downloaded it, my gut-feel was 'this could be a virus', so I scanned the file with avast anti-virus and it came up clean. Malwarebytes Anti-malware found it and cleaned it, but when I rebooted, it appeared again as an msdcsc.exe process. Evil!

Currently doing a full system scan with four different anti-malware and anti-virus scanners, and have disconnected that machine from the network.

I hope this thread saves someone from losing their coins.

IamCANADIAN013

hero member

Activity: 714

Merit: 503

Quote from: yenom on March 03, 2014, 05:04:06 AM

I feel like such an idiot. Anyway, the above program has been promoted in bitcoin chat rooms/channels and some websites. If you downloaded it assume you have a remote backdoor and keylogger on your system. Remove it with Anti-Malware program.

On windows 7 it creates many msdcsc.exe processes and is difficult to remove. They don't appear for a few days to stop arousing suspicion, and only appear after you have done a reboot.

A full virus scan, anti-malware scan is recommended. I haven't lost any bitcoin because my private keys are on an offline linux machine, but I'm going to change all my bitcoin related passwords and reinstall my system. PITA.

Did I mention I feel like an idiot? I'm usually very careful with these kinds of things.

I wouldn't feel like too much on an idiot, especially if you didn't lose anything. I'm insanely careful myself with stuff like that, but it's almost impossible to keep guard up 24/7.

I try to do a Google search of pretty much anything I download, but even the other day I slipped up and ended up with a virus. It can happen to the best of us. Thanks for the heads up though!

dlevine01

newbie

Activity: 5

Merit: 0

Yikes! Thanks for the warning! I'm glad I caught your post in time. Cheesy

Much appreciated!

yenom

full member

Activity: 168

Merit: 100

I feel like such an idiot. Anyway, the above program has been promoted in bitcoin chat rooms/channels and some websites. If you downloaded it assume you have a remote backdoor and keylogger on your system. Remove it with Anti-Malware program.

On windows 7 it creates many msdcsc.exe processes and is difficult to remove. They don't appear for a few days to stop arousing suspicion, and only appear after you have done a reboot.

A full virus scan, anti-malware scan is recommended. I haven't lost any bitcoin because my private keys are on an offline linux machine, but I'm going to change all my bitcoin related passwords and reinstall my system. PITA.

Did I mention I feel like an idiot? I'm usually very careful with these kinds of things.

Topic: WARNING: BTCStats-QT.exe installs a keylogger/backdoor (Read 1183 times)