elective-stereophonic
elective-stereophonic
Show Posts - capodieci singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.12.2

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - capodieci

Pages: 1 ... 65 66 [67] 68
1321
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:57:22 pm »
My main computer is OSX (Apple) and that Windows machine si the one for the meeting room of the office... No forum access there or any other thing.

The antivirus has completed the scan. The infected files are files I downloaded and not used. Only one infected app I did launch by mistake today, while I was on with the NXT client. If that app start logging when executed and sends out keylogs and screenshots, then whoever did watch me may have had the time to learn NXT before stealing. Eh, another way to get NXT known around.

Here is the report from Avira:

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended

Start of the scan: Saturday, June 21, 2014  03:18

Start scanning boot sectors:
Boot sector 'HDD0(C:)'
    [INFO]      No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'mbam-setup-2.0.2.1012.tmp' - '35' Module(s) have been scanned
Scan process 'mbam-setup-2.0.2.1012.exe' - '22' Module(s) have been scanned
Scan process 'mbam-setup-2.0.2.1012.tmp' - '33' Module(s) have been scanned
Scan process 'mbam-setup-2.0.2.1012.exe' - '22' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '30' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '122' Module(s) have been scanned
Scan process 'avcenter.exe' - '122' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'avshadow.exe' - '31' Module(s) have been scanned
Scan process 'avguard.exe' - '102' Module(s) have been scanned
Scan process 'avgnt.exe' - '96' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '42' Module(s) have been scanned
Scan process 'Avira.OE.Systray.exe' - '167' Module(s) have been scanned
Scan process 'Avira.OE.ServiceHost.exe' - '129' Module(s) have been scanned
Scan process 'taskhost.exe' - '55' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '76' Module(s) have been scanned
Scan process 'vncserverui.exe' - '52' Module(s) have been scanned
Scan process 'Caffeinated.exe' - '36' Module(s) have been scanned
Scan process 'StikyNot.exe' - '37' Module(s) have been scanned
Scan process 'jusched.exe' - '32' Module(s) have been scanned
Scan process 'CheckNDISPort_df.exe' - '45' Module(s) have been scanned
Scan process 'Explorer.EXE' - '173' Module(s) have been scanned
Scan process 'Dwm.exe' - '29' Module(s) have been scanned
Scan process 'taskhost.exe' - '69' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'python.exe' - '61' Module(s) have been scanned
Scan process 'python.exe' - '61' Module(s) have been scanned
Scan process 'python.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '34' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'python.exe' - '64' Module(s) have been scanned
Scan process 'PythonService.exe' - '47' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'python.exe' - '57' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'python.exe' - '62' Module(s) have been scanned
Scan process 'PythonService.exe' - '34' Module(s) have been scanned
Scan process 'mysqld-nt.exe' - '25' Module(s) have been scanned
Scan process 'memcached.exe' - '18' Module(s) have been scanned
Scan process 'conhost.exe' - '15' Module(s) have been scanned
Scan process 'vncserver.exe' - '47' Module(s) have been scanned
Scan process 'PythonService.exe' - '34' Module(s) have been scanned
Scan process 'vncservice.exe' - '31' Module(s) have been scanned
Scan process 'HPSIsvc.exe' - '49' Module(s) have been scanned
Scan process 'DpHost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'spoolsv.exe' - '89' Module(s) have been scanned
Scan process 'svchost.exe' - '75' Module(s) have been scanned
Scan process 'iZHost.exe' - '40' Module(s) have been scanned
Scan process 'atieclxx.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '154' Module(s) have been scanned
Scan process 'svchost.exe' - '82' Module(s) have been scanned
Scan process 'svchost.exe' - '109' Module(s) have been scanned
Scan process 'svchost.exe' - '80' Module(s) have been scanned
Scan process 'atiesrxx.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '70' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '1408' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Program Files\ZKTeco\AccessControl\ATTSMS.exe
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
   
  • Archive type: RSRC

    --> C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
        [1] Archive type: RSRC
      --> C:\Users\user\Desktop\others\LJP1100_P1560_P1600_Full_Solution.exe
          [2] Archive type: 7-Zip SFX (self extracting)
        --> C:\Users\user\Desktop\others\usb\Att2007_English.zip
            [3] Archive type: ZIP
          --> Att2007/ATTSMS.exe
              [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
              [WARNING]   Infected files in archives cannot be repaired
C:\Users\user\Desktop\others\usb\Att2007_English.zip
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
C:\Users\user\Desktop\others\usb\000-fingerprint\Att\ATTSMS.exe
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
C:\Users\user\Desktop\others\usb\000-fingerprint\att2007 no cutom reports\files\Att.exe
  [DETECTION] Is the TR/PWS.2184704 Trojan
C:\Users\user\Desktop\others\usb\000-fingerprint\att2007 no cutom reports\files\ATTSMS.exe
  [DETECTION] Is the TR/Orsam.A.852 Trojan
C:\Users\user\Desktop\others\usb\000-fingerprint\att2007 no cutom reports\files\Biokey.ocx
  [DETECTION] Is the TR/Orsam.A.171 Trojan
C:\Users\user\Desktop\others\usb\000-fingerprint\att2007 no cutom reports\files\Update.exe
  [DETECTION] Is the TR/PWS.541696.4 Trojan
        --> C:\Users\user\Desktop\others\usb\000-fingerprint\fingerprint software\20130723_255.rar
            [3] Archive type: RAR
          --> Access Control2.0_1043\Files\ATTSMS.exe
              [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
              [WARNING]   Infected files in archives cannot be repaired
C:\Users\user\Desktop\others\usb\000-fingerprint\fingerprint software\20130723_255.rar
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
C:\Users\user\Desktop\others\usb\000-fingerprint\fingerprint software\Access Control2.0_1043\Files\ATTSMS.exe
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
        --> C:\Users\user\Downloads\att2007.zip
            [3] Archive type: ZIP
          --> att2007/files/Biokey.ocx
              [DETECTION] Is the TR/Orsam.A.171 Trojan
              [WARNING]   Infected files in archives cannot be repaired
          --> att2007/files/Update.exe
              [DETECTION] Is the TR/PWS.541696.4 Trojan
              [WARNING]   Infected files in archives cannot be repaired
          --> att2007/files/Att.exe
              [DETECTION] Is the TR/PWS.2184704 Trojan
              [WARNING]   Infected files in archives cannot be repaired
          --> att2007/files/ATTSMS.exe
              [DETECTION] Is the TR/Orsam.A.852 Trojan
              [WARNING]   Infected files in archives cannot be repaired
C:\Users\user\Downloads\att2007.zip
  [DETECTION] Is the TR/Orsam.A.852 Trojan

Beginning disinfection:
C:\Users\user\Downloads\att2007.zip
  [DETECTION] Is the TR/Orsam.A.852 Trojan
  [NOTE]      The file was deleted.
C:\Users\user\Desktop\others\usb\000-fingerprint\fingerprint software\Access Control2.0_1043\Files\ATTSMS.exe
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
  [NOTE]      The file was deleted.
C:\Users\user\Desktop\others\usb\000-fingerprint\fingerprint software\20130723_255.rar
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
  [NOTE]      The file was deleted.
C:\Users\user\Desktop\others\usb\000-fingerprint\att2007 no cutom reports\files\Update.exe
  [DETECTION] Is the TR/PWS.541696.4 Trojan
  [NOTE]      The file was deleted.
C:\Users\user\Desktop\others\usb\000-fingerprint\att2007 no cutom reports\files\Biokey.ocx
  [DETECTION] Is the TR/Orsam.A.171 Trojan
  [NOTE]      The file was deleted.
C:\Users\user\Desktop\others\usb\000-fingerprint\att2007 no cutom reports\files\ATTSMS.exe
  [DETECTION] Is the TR/Orsam.A.852 Trojan
  [NOTE]      The file was deleted.
C:\Users\user\Desktop\others\usb\000-fingerprint\att2007 no cutom reports\files\Att.exe
  [DETECTION] Is the TR/PWS.2184704 Trojan
  [NOTE]      The file was deleted.
C:\Users\user\Desktop\others\usb\000-fingerprint\Att\ATTSMS.exe
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
  [NOTE]      The file was deleted.
C:\Users\user\Desktop\others\usb\Att2007_English.zip
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
  [NOTE]      The file was deleted.
C:\Program Files\ZKTeco\AccessControl\ATTSMS.exe
  [DETECTION] Is the TR/Drop.Drostuh.drz Trojan
  [NOTE]      The file was deleted.


End of the scan: Saturday, June 21, 2014  04:49
Used time:  1:22:24 Hour(s)

The scan has been done completely.

  20839 Scanned directories
 368644 Files were scanned
     16 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
     10 Files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
 368628 Files not concerned
   2233 Archives were scanned
      6 Warnings
     10 Notes
 476295 Objects were scanned with rootkit scan
      0 Hidden objects were found

1322
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:44:10 pm »
This is where my NXT are now:

http://www.mynxt.info/blockexplorer/details.php?action=ac&ac=18415586754565610063

Is there an anonymizer on NXT as there is in BitCoin? I will follow any single transaction out of that wallet and google them all ehehhe

1323
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:42:00 pm »
Berzerk, half password is the same as the full password, so yes, while it is not a 200chars random characters string, it still takes quite a lot of loops to brute force all the existing wallets with all possible text passwords for variable lengths (including 30 chars)...

Or at least, this is my feeling... but I am for sure not educated enough to state it as a fact.

I been victim of malware IMO.

More than all, if whoever stole my NXT used a non safe passphrase I wouldn't mind to get back my NXT as there is no outgoing transaction yet...

1324
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:35:29 pm »
My consideration, as it contains no vocabulary words, is that a brute force is quite a low possibility on how the NXT Coins got stolen. My 1st assumption is that my Windows machine is indeed full of spyware and malware and trojans and even the human flu virus. In fact Avira has already 16 detections. I will see the log as soon as it is over on what files and what treats those detection are.

I feel that the Android client I used has no involvement whatsoever, so the nodes I used with that app. I understood - if what I did read was true - that the passphrase would not have been sent to the server but just used locally to sign transactions.

Is there any way to bruteforce the creation of a passphrase that generate the wallet where my NXT have been sent to (18415586754565610063)?

1325
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:28:00 pm »
ChuckOne the passphrase is unique, but still - unless it could give me back my stolen NXT - I don't feel wise to share it. Not wise, true.

1326
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:26:31 pm »
PF That would be awesome to do, but I have no means, as the Internet connection here is too slow for such big chunk of data...

1327
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:25:24 pm »
I don't see a practical use for me to share my phrase...

1328
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:18:53 pm »
so if in a clear text part of a block someone add a virus signature, the clients running on PCs with antivirus activated will all "die" as the blockchain file gets put in quarantine...

1329
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:16:20 pm »
Davethetrousers no worries... Actually thanks for the public service! ;)

Here is such a mess that is not clear and will remain no clear how the person that took my NXT got my passphrase.

I tend to think that it is the windows machine that is compromised. Maybe a trojan/malware that sniffs for network traffic that match NXT clients? I mean, if it is done on a mass scale there must be something that trigger an "interesting machine" alarm, right?

Unless someone targeted me on purpose.

and yes, my passphrase sucks.

1330
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 08:08:30 pm »
yep the one that has the trojan detected is marcus03 app. You can try yourself (it may be wrong).

the antivir scan in my computer has detected a trojan, so that may be the cause.

Also, the passphrase yes, follows a pattern of sort...

1331
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 07:58:02 pm »
Nope, the wallet I did install is 100% clean.


1332
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 07:53:45 pm »
There is another wallet for Android, that I did not install. I did see the download link here: https://nxtforum.org/nxt-wallet-for-android/project-ideaoffer-nxt-wallet-for-android/ (this forum...) and The download link is https://dl.dropboxusercontent.com/u/23825856/NXTWallet/NXTWallet_v0.0.apk I did pass it on virustotal.com and got this:



Now I try with the one wallet I did install in my phone and I get ready to feel dumb.

1333
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 07:38:30 pm »
Then again, is it an SMS safe? 30% into the antivirus scan, and noting yet came up...

1334
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 07:36:02 pm »
Yes I typed the phrase myself, and never saved in a text file (I know it by heart, as it follows a pattern).

The app seemed legit (and I still believe it is) as the link is from a forum where people seemed to be into it in a proper way. Then I shouldn't trust not even my mom, but hey...

The android client app was asking for a 30 digit long passphrase, so I gave it one. It created the account, then I transferred some NXT from an exchange to that wallet, but the app could not update the balance, as when loading the transaction it would return nothing. Comes out it is not compatible with the latest NXT node software. I did search for nodes that were still running the 0.8 but I didn't find any, I did try several nodes with the oldest version as possible, but no results. I did then install that windows client, made an outgoing transaction, and after that outgoing transaction the Android app would crash if asked to load the transactions. So no use of it anyways. I kept using the Windows app for all the afternoon, transferring there the NXT from the cloud wallet I had temporary setup, as I didn't feel comfortable with the NXT there. If I only knew...

1335
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 07:20:54 pm »
Just started a quick scan, then I will do a deep one.

More than saddened for the loss of the NXT Coins, I am saddened by the fact that I am scared to open a new one and start over collecting coins :(

Like again all the process of buy bitcoin, convert them in NXT, transfer the NXT in the wallet... and then no sleep at night scared they will be gone.

1336
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 07:16:48 pm »
The link to download the app was in another NXT forum... Google it... here: https://nextcoin.org/index.php?topic=797.120

It seemed legit to me, but hey, maybe that app is innocuous and the problem is in my Windowze box

1337
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 07:08:05 pm »
The wallet for Android I did download it from here https://www.dropbox.com/s/tziibuetz70ks4z/NxtClient0.5.6.apk

1338
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 07:04:52 pm »
I am downloading Avira, and not, that is the only wallet on that machine as I got frustrated trying to install it on OSX for the conflict of the Java that needs to be installed... Oh, my... more than USD4k gone like this. If I had to go at a training on how dangerous it is to put value onto a computer file, and I had to pay USD4k for that training, it would have never been as efficient as this one!

1339
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 06:59:44 pm »
I installed the win client this afternoon (now here it is 3 am) and the NXT have gone 2h ago (that is a few hours after I started using the win client). Still before this afternoon there was no much into the wallet. So 10h after I started using the win client the money are gone.

1340
Nxt General Discussion / Re: Got NXT 64,757 stolen from my wallet :'(
« on: June 20, 2014, 06:52:35 pm »
so, the first node I used, I am afraid I don't recall, as it was super slow and I deleted it. Last ones are 109.230.224.65 and maybe 192.241.245.96? The app is simply called NXT with the logo of the coin. I believe I did found the link in this forum to download it (not from Google play). I really think it is yueye00's one

Pages: 1 ... 65 66 [67] 68
elective-stereophonic
elective-stereophonic
assembly
assembly