Hi guys, as you may know I run the Netcoin Forum. We had a guy PM some of the members regarding "netcoin messenger" which allows you to chat to each other via your wallet addy or some non-sense.
Anyway, 1 of my friends downloaded the thing and then warned me that it was malicious. It messed up his entire PC and they had to re-install to fix it.
Anyway today he loads up his wallet and the coins vanish soon as it syncs. Not just his Netcoins but ALL his coins.
This is the IP I have from the forum 176.10.115.120 He used the name all4coins.
We have this...
[17:39:43] Tristan Weir: 1 alan5 (193.62.127.129) 2.912 ms 0.897 ms 0.819 ms
2 gw-fw (193.63.74.131) 0.320 ms 0.268 ms 0.254 ms
3 c-pop (193.63.74.226) 30.257 ms 18.952 ms 16.952 ms
4 193.62.116.18 (193.62.116.18) 1.167 ms 1.095 ms 1.099 ms
5 ae6.manckh-sbr1.ja.net (146.97.41.61) 1.249 ms 1.231 ms 1.252 ms
6 ae29.erdiss-sbr1.ja.net (146.97.33.41) 3.124 ms 11.640 ms 3.116 ms
7 ae31.londpg-sbr1.ja.net (146.97.33.21) 6.970 ms 6.958 ms 6.969 ms
8 ae30.londtw-sbr1.ja.net (146.97.33.6) 7.530 ms 8.338 ms 7.499 ms
9 ae29.londtn-sbr1.ja.net (146.97.33.10) 7.549 ms 7.510 ms 7.535 ms
10 ae0.lond-gw-ixp4.ja.net (146.97.35.182) 7.550 ms 7.496 ms 7.473 ms
11 linx-1.solnet.ch (195.66.224.169) 7.667 ms 7.659 ms 9.574 ms
12 dexfra-bbr01.solnet.ch (212.101.0.122) 18.743 ms 18.785 ms 18.690 ms
13 iwbbas-bbr01.solnet.ch (212.101.0.117) 34.010 ms 24.271 ms 23.409 ms
14 eq1zrh-bbr01.solnet.ch (212.101.0.74) 34.268 ms 24.251 ms 24.375 ms
15 eq2zrh-bbr01.solnet.ch (212.101.0.61) 29.418 ms 24.333 ms 24.268 ms
16 datasource-gw-as51395.customer.solnet.ch (82.220.32.126) 24.827 ms 24.891 ms 24.805 ms
17 176.10.115.120 (176.10.115.120) 25.190 ms 25.106 ms 25.094 ms
I don't know if this will be of any use or if we can do anything at all but if someone knows how to help and if they have any experience with this then please get in touch... Also if you see this kind of message never download. I guess the lesson here is to never download anything at all.
Feel so bad about this and don't really know if we can do anything. Is there? Can we do anything?
EDIT More data
Abuse contact for '176.10.96.0 - 176.10.127.255' is 'noc@datasource.ch'
inetnum: 176.10.96.0 - 176.10.127.255
netname: CH-DATASOURCE-20110518
descr: Datasource AG
country: ch
org: ORG-DA327-RIPE
admin-c: RT488-RIPE
admin-c: RT4480-RIPE
tech-c: RT488-RIPE
tech-c: RT4480-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: ch-mgw
mnt-lower: MNT-DA327
mnt-routes: ch-mgw
mnt-routes: MNT-DA327
mnt-domains: MNT-DA327
source: RIPE # Filtered
organisation: ORG-DA327-RIPE
org-name: Datasource AG
org-type: LIR
address: Datasource AG
address: Christian Mitros
address: Boesch 69
address: 6331
address: Huenenberg
address: SWITZERLAND
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: CH-MGW
mnt-ref: MNT-DA327
mnt-by: RIPE-NCC-HM-MNT
tech-c: RT4480-RIPE
tech-c: RT4480-RIPE
admin-c: RT4480-RIPE
admin-c: MITR2-RIPE
abuse-mailbox: noc@datasource.ch
abuse-c: DA5093-RIPE
source: RIPE # Filtered
phone: +41417633088
fax-no: +41417633090
person: Rolf Tschumi
address: Datasource AG
address: Boesch 69
address: CH-6331 Huenenberg
phone: +41417633088
fax-no: +41417633090
nic-hdl: RT4480-RIPE
mnt-by: MNT-DA327
abuse-mailbox: noc@datasource.ch
source: RIPE # Filtered
person: Rolf Tschumi
address: mgw online service
address: Roetihalde 12
address: CH-8820 Waedenswil
mnt-by: CH-MGW
phone: +41 79 242 25 04
abuse-mailbox: abuse@mgw.ch
nic-hdl: RT488-RIPE
source: RIPE # Filtered
% Information related to '176.10.96.0/19AS51395'
route: 176.10.96.0/19
descr: Routing via Datasource-Schweiz
origin: AS51395
mnt-by: MNT-DA327
remarks: Info RT4480-RIPE
source: RIPE # Filtered
Anyway, 1 of my friends downloaded the thing and then warned me that it was malicious. It messed up his entire PC and they had to re-install to fix it.
Anyway today he loads up his wallet and the coins vanish soon as it syncs. Not just his Netcoins but ALL his coins.
This is the IP I have from the forum 176.10.115.120 He used the name all4coins.
We have this...
[17:39:43] Tristan Weir: 1 alan5 (193.62.127.129) 2.912 ms 0.897 ms 0.819 ms
2 gw-fw (193.63.74.131) 0.320 ms 0.268 ms 0.254 ms
3 c-pop (193.63.74.226) 30.257 ms 18.952 ms 16.952 ms
4 193.62.116.18 (193.62.116.18) 1.167 ms 1.095 ms 1.099 ms
5 ae6.manckh-sbr1.ja.net (146.97.41.61) 1.249 ms 1.231 ms 1.252 ms
6 ae29.erdiss-sbr1.ja.net (146.97.33.41) 3.124 ms 11.640 ms 3.116 ms
7 ae31.londpg-sbr1.ja.net (146.97.33.21) 6.970 ms 6.958 ms 6.969 ms
8 ae30.londtw-sbr1.ja.net (146.97.33.6) 7.530 ms 8.338 ms 7.499 ms
9 ae29.londtn-sbr1.ja.net (146.97.33.10) 7.549 ms 7.510 ms 7.535 ms
10 ae0.lond-gw-ixp4.ja.net (146.97.35.182) 7.550 ms 7.496 ms 7.473 ms
11 linx-1.solnet.ch (195.66.224.169) 7.667 ms 7.659 ms 9.574 ms
12 dexfra-bbr01.solnet.ch (212.101.0.122) 18.743 ms 18.785 ms 18.690 ms
13 iwbbas-bbr01.solnet.ch (212.101.0.117) 34.010 ms 24.271 ms 23.409 ms
14 eq1zrh-bbr01.solnet.ch (212.101.0.74) 34.268 ms 24.251 ms 24.375 ms
15 eq2zrh-bbr01.solnet.ch (212.101.0.61) 29.418 ms 24.333 ms 24.268 ms
16 datasource-gw-as51395.customer.solnet.ch (82.220.32.126) 24.827 ms 24.891 ms 24.805 ms
17 176.10.115.120 (176.10.115.120) 25.190 ms 25.106 ms 25.094 ms
I don't know if this will be of any use or if we can do anything at all but if someone knows how to help and if they have any experience with this then please get in touch... Also if you see this kind of message never download. I guess the lesson here is to never download anything at all.
Feel so bad about this and don't really know if we can do anything. Is there? Can we do anything?
EDIT More data
Abuse contact for '176.10.96.0 - 176.10.127.255' is 'noc@datasource.ch'
inetnum: 176.10.96.0 - 176.10.127.255
netname: CH-DATASOURCE-20110518
descr: Datasource AG
country: ch
org: ORG-DA327-RIPE
admin-c: RT488-RIPE
admin-c: RT4480-RIPE
tech-c: RT488-RIPE
tech-c: RT4480-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: ch-mgw
mnt-lower: MNT-DA327
mnt-routes: ch-mgw
mnt-routes: MNT-DA327
mnt-domains: MNT-DA327
source: RIPE # Filtered
organisation: ORG-DA327-RIPE
org-name: Datasource AG
org-type: LIR
address: Datasource AG
address: Christian Mitros
address: Boesch 69
address: 6331
address: Huenenberg
address: SWITZERLAND
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: CH-MGW
mnt-ref: MNT-DA327
mnt-by: RIPE-NCC-HM-MNT
tech-c: RT4480-RIPE
tech-c: RT4480-RIPE
admin-c: RT4480-RIPE
admin-c: MITR2-RIPE
abuse-mailbox: noc@datasource.ch
abuse-c: DA5093-RIPE
source: RIPE # Filtered
phone: +41417633088
fax-no: +41417633090
person: Rolf Tschumi
address: Datasource AG
address: Boesch 69
address: CH-6331 Huenenberg
phone: +41417633088
fax-no: +41417633090
nic-hdl: RT4480-RIPE
mnt-by: MNT-DA327
abuse-mailbox: noc@datasource.ch
source: RIPE # Filtered
person: Rolf Tschumi
address: mgw online service
address: Roetihalde 12
address: CH-8820 Waedenswil
mnt-by: CH-MGW
phone: +41 79 242 25 04
abuse-mailbox: abuse@mgw.ch
nic-hdl: RT488-RIPE
source: RIPE # Filtered
% Information related to '176.10.96.0/19AS51395'
route: 176.10.96.0/19
descr: Routing via Datasource-Schweiz
origin: AS51395
mnt-by: MNT-DA327
remarks: Info RT4480-RIPE
source: RIPE # Filtered