I've been running minerd_scrypt_jane_x64_avx.exe all day and have the yac wallet installed.
So far my btc wallet is intact but it is encypted !
If there is a keylogger of some sort my bitstamp and blockchain wallets will be empty very soon... I will post again if this ever happens !
Edit :
That is for the exe I have, there could be a corrupted one somewhere...
SHA256: f2d76e2df4c42254b2f62fd42bc748c538818c786bb86ae92b316b94eae79034
File name: minerd_scrypt_jane_x64_avx.exe
Detection ratio: 0 / 47
https://www.virustotal.com/en/file/f2d76e2df4c42254b2f62fd42bc748c538818c786bb86ae92b316b94eae79034/analysis/
Topic: YACoin - Bitcoin Stealing Claim List (Facts only) (Read 6306 times)
DO NOT like being involved with this!
Slander!!! looks like a smear campaign YAC community better get this under control. you are loosing your network!!!
Basically, I guess its only the minerd.exe with jane in them 
Lol...
Normal minerd and cudaminer, etc don't have the virus in them
So, don't trust miner softwares other than the ones that are verified to be real, because I have tried 'jane' edition and always got a fail message
Lol...
Normal minerd and cudaminer, etc don't have the virus in them
So, don't trust miner softwares other than the ones that are verified to be real, because I have tried 'jane' edition and always got a fail message
Did nobody find it strange that the "virus-free" minerd binary size was so large? my tinfoil hat is pointing at the "virus free" minerd.
Could someone run all of the minerd binaries in a VM and check process monitor?
If these isn't just a FUD campaign, an infected minerd binary makes a lot of sense.
The only people downloading them would be people running YAcoin. It would be pretty easy to assume it is YAcoin.
Agreed.
My dumb bitcoin wallet is not stolen, and it has no encryption
(who will steal 0.0001 BTC?)
I only use the miner within yacoin and GPU miner...
connected to http://pool01-cnc.coinloot.com:8400/static/...
lol... i know my system is crap, but I am just playing with it (Q6600+9500GT)
https://docs.google.com/file/d/0B9JEkkyp5LfIbjZPS3ZIcUswM0U/edit
My dumb bitcoin wallet is not stolen, and it has no encryption
(who will steal 0.0001 BTC?)
I only use the miner within yacoin and GPU miner...
connected to http://pool01-cnc.coinloot.com:8400/static/...
lol... i know my system is crap, but I am just playing with it (Q6600+9500GT)
https://docs.google.com/file/d/0B9JEkkyp5LfIbjZPS3ZIcUswM0U/edit
Did nobody find it strange that the "virus-free" minerd binary size was so large? my tinfoil hat is pointing at the "virus free" minerd.
At this point, I think we can safely say this was a coordinated FUD campaign rather than a genuine vulnerability with the *original* windows client.
The fact that bitcointalk.org accounts were compromised and used to post FUD is a smoking gun
The fact that bitcointalk.org accounts were compromised and used to post FUD is a smoking gun
Agreed; show your support for 2FA security here.
At this point, I think we can safely say this was a coordinated FUD campaign rather than a genuine vulnerability with the *original* windows client.
The fact that bitcointalk.org accounts were compromised and used to post FUD is a smoking gun
The fact that bitcointalk.org accounts were compromised and used to post FUD is a smoking gun
So not one person has come up and posted a screenshot of there bitcoin wallet :-( that is sad
Cannot show the whole list, as it won't fit my screen, but I've checked all entries, and the ONLY wallet.dat Yacoin accesses, is the one it's supposed to access (Yacoin's wallet.dat). I have NOT seen it access Bitcoin's wallet.dat
Cannot show the whole list, as it won't fit my screen, but I've checked all entries, and the ONLY wallet.dat Yacoin accesses, is the one it's supposed to access (Yacoin's wallet.dat). I have NOT seen it access Bitcoin's wallet.dat
http://i39.tinypic.com/4j9f7q.png
http://i39.tinypic.com/4j9f7q.png
+1
although so all altcoin clients should first go to a vm
Cannot show the whole list, as it won't fit my screen, but I've checked all entries, and the ONLY wallet.dat Yacoin accesses, is the one it's supposed to access (Yacoin's wallet.dat). I have NOT seen it access Bitcoin's wallet.dat
Even the normal minerd (for scrypt and sha256) gives an anti virus warning, have to whitelist the dir to start it...
So the windows compiled "new minerd for scrypt-jane" posted later could indeed have a trojan and most wouldn't notice as the program is already known to cause false positives.
So the windows compiled "new minerd for scrypt-jane" posted later could indeed have a trojan and most wouldn't notice as the program is already known to cause false positives.
(the win32 binary downloaded soon after release)
tested under a VM for ~30minutes.
no read operation toward bitcoin wallet yet.
and no dns request to the suffix yet.
although the motivation to release yacoin is still highly suspicious.
tested under a VM for ~30minutes.
no read operation toward bitcoin wallet yet.
and no dns request to the suffix yet.
although the motivation to release yacoin is still highly suspicious.
Yea its seemed suspect to use themida in order to stop the original minerd.exe from showing up in virus scanners as themedia causes even more propblems for virus scanners and can be very hard to reverse too.
The only way to find out is to reverse the exe, forget about virus scans etc, these are 100% proof, also the fact that some people claim to be affected is also not much proof, its possible its either made up, or caused by another exe or attack too, plus if its caused by this exe, it may not be attacking everyone for various reasons.
Luckily the exe does not seem to be protected with a strong packer. Running a packet sniffer alone also may not show much. So if anyone has had a look through the source to start off with that can be helpful but we need someone experienced with reversing exes to check em out to be sure.
Luckily the exe does not seem to be protected with a strong packer. Running a packet sniffer alone also may not show much. So if anyone has had a look through the source to start off with that can be helpful but we need someone experienced with reversing exes to check em out to be sure.
Nice find Mushoz. Updating the OP.
One of the minerd.exe programs is infected, see here:
That's probably how some people's coin got stolen. This was the minerd.exe that was downloaded from the "virusscanner friendly" Minerd topic.
That's probably how some people's coin got stolen. This was the minerd.exe that was downloaded from the "virusscanner friendly" Minerd topic.
I know i keep posting this but, can we get ONE screenshot of peoples bitcoin wallet with transactions going out?
Jump to: