Jump to content
Kelker11

Ledger Wallet file Malware

Recommended Posts

Just wanted to give everyone an FYI concerning a strange thing that happened to my Ledger Wallet exe file.  This morning I got up and started watching a movie on my laptop.  This is my primary computer, and it's only used by me.  After the movie ended (I was watching in full screen mode), I noticed that my security software light was notifying me of a problem (Webroot Secure Anywhere).  After clicking the link, I was informed that I had malware on my computer, and I started the security scan.  As it turns out, the malware was in my Ledger Wallet exe file.  The scan removed the file which deleted the malware.  I just wanted to let everyone know to watch for weird stuff like this.  I don't go to dubious sites.  I stick with the basics like Youtube, Yahoo,  Amazon, and XRPChat.  I haven't used my ledger program since I put my xrp on it in February. And between last night when I shut down my pc and this morning when I powered up, there is nothing that should have exposed my pc to any kind of malware.  I thought it was especially strange that it targeted my Ledger file.  I'm not a techie by any means, but this is surprising to me as I've never really had any type of malware or virus issues...especially any that targeted something so specific. Anyway, keep your eyes open...weird stuff is afoot.

Share this post


Link to post
Share on other sites
9 hours ago, Kelker11 said:

Just wanted to give everyone an FYI concerning a strange thing that happened to my Ledger Wallet exe file.  This morning I got up and started watching a movie on my laptop.  This is my primary computer, and it's only used by me.  After the movie ended (I was watching in full screen mode), I noticed that my security software light was notifying me of a problem (Webroot Secure Anywhere).  After clicking the link, I was informed that I had malware on my computer, and I started the security scan.  As it turns out, the malware was in my Ledger Wallet exe file.  The scan removed the file which deleted the malware.  I just wanted to let everyone know to watch for weird stuff like this.  I don't go to dubious sites.  I stick with the basics like Youtube, Yahoo,  Amazon, and XRPChat.  I haven't used my ledger program since I put my xrp on it in February. And between last night when I shut down my pc and this morning when I powered up, there is nothing that should have exposed my pc to any kind of malware.  I thought it was especially strange that it targeted my Ledger file.  I'm not a techie by any means, but this is surprising to me as I've never really had any type of malware or virus issues...especially any that targeted something so specific. Anyway, keep your eyes open...weird stuff is afoot.

copy and paste or screen shot the log so we can see what it says

 

Open the program > System Tools > Reports tab > Scan log... save report

not that i don't believe you of course, but the information you provided doesn't help the community in determining the cause.

1. you said you haven't used it since February which means you didn't do the update, right?

2. this doesn't affect anything security-wise for your XRP. your XRP are not stored on the computer nor the Nano S. you could have NotPetya and Wannacry on your machine and your Nano S would still be secure.

you keep using the word 'targeted' but thats obscure at the moment. we do not know that this (if anything) actually targeted this specific file on purpose.

again, it would greatly help to see those logs.

Edited by MegaNerd

Share this post


Link to post
Share on other sites
7 minutes ago, MegaNerd said:

Webroot Secure Anywhere

also, i take it your version has Anti-virus and a firewall? 

you need antivirus, firewall, and malwarebytes (free version) run once a week.

 

Share this post


Link to post
Share on other sites

Yes, I have anti-virus and a firewall.  I need to download the malware program (though my security software is suppose to scan for that).  No updates to the Ledger Wallet since February 2018.  

I ran the scan logs through VirusTotal.  Nothing was flagged.

I also emailed Ledger.  I'm waiting on a response at this time.

If the information below is not what you're looking for, please let me know.  And thanks for all your help.  I appreciate you guys!

This is the threat that was deleted:  

Starting Routine> Removing c:\program files (x86)\ledger wallet ripple\ledger_wallet_ripple.exe...#(PX5: 8607DBFE208EC160AEF5666A9EB9080C67105881 - MD5: 451E4AA149DE916A0B94F152AF2F9758 - UniqueID: 0E61FBB8)...
Deleting File> c:\program files (x86)\ledger wallet ripple\ledger_wallet_ripple.exe
Deleting File> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ledger Wallet Ripple.lnk
Deleting File> C:\Users\Public\Desktop\Ledger Wallet Ripple.lnk

And the scan log:

Thu 2018-08-09 03:47:45.0359    WF Configuration : 0x1E7
Thu 2018-08-09 03:47:46.0899    WF Configuration : 0x1E7
Thu 2018-08-09 03:47:47.0324    >>> Service started [v9.0.21.18]
Thu 2018-08-09 03:47:47.0324    Version state: PBN: 09001512, DBN: 09001426, HVN: $Revision: #25 $
Thu 2018-08-09 03:47:47.0544    User process connected successfully from PID 1976, Session 1
Thu 2018-08-09 03:47:48.0459    Connecting to 96 - 96
Thu 2018-08-09 03:47:57.0852    Global Data: GCV: 1.0, $Revision: #20 $, GCS: 0x00000001
Thu 2018-08-09 03:47:57.0852    Global Data: GCV: 1.0, $Revision: #20 $, GCS: 0x00000001
Thu 2018-08-09 03:48:02.0665    User process connected successfully from PID 0, Session 0
Thu 2018-08-09 03:49:44.0914    Begin passive write scan (1 file(s))
Thu 2018-08-09 03:49:45.0838    End passive write scan (1 file(s))
Thu 2018-08-09 03:52:50.0206    Scan Started:  [ID: 311 - Flags: 551/0]
Thu 2018-08-09 03:52:50.0658    Agent Bits : 72057594037927941
Thu 2018-08-09 03:56:35.0431    Begin passive write scan (2 file(s))
Thu 2018-08-09 03:56:36.0882    End passive write scan (2 file(s))
Thu 2018-08-09 03:56:38.0498    Begin passive write scan (5 file(s))
Thu 2018-08-09 03:56:41.0702    End passive write scan (5 file(s))
Thu 2018-08-09 04:02:00.0518    Connected to C20
Thu 2018-08-09 04:02:00.0596    Infection detected: c:\program files (x86)\ledger wallet ripple\ledger_wallet_ripple.exe [SHA256: 893FA0E65BD3124F3A1BD7ED25938B58D639A671BD0B65BF406DF0329716A497] [MD5: 451E4AA149DE916A0B94F152AF2F9758] [3/00091000] [W32.Adware.Gen]
Thu 2018-08-09 04:02:00.0941    Scan Results: Files Scanned: 41674, Duration: 9m 10s, Malicious Files: 1
Thu 2018-08-09 04:02:01.0023    Scan Finished: [ID: 311 - Seq: 232185723]
Thu 2018-08-09 10:01:32.0655    User process connected successfully from PID 0, Session 0
Thu 2018-08-09 10:01:32.0656    User process connected successfully from PID 5308, Session 1
Thu 2018-08-09 10:01:45.0095    Scan Started:  [ID: 312 - Flags: 551/16]
Thu 2018-08-09 10:06:22.0365    Infection detected: c:\program files (x86)\ledger wallet ripple\ledger_wallet_ripple.exe [SHA256: 893FA0E65BD3124F3A1BD7ED25938B58D639A671BD0B65BF406DF0329716A497] [MD5: 451E4AA149DE916A0B94F152AF2F9758] [3/00091000] [W32.Adware.Gen]
Thu 2018-08-09 10:06:22.0670    Scan Results: Files Scanned: 49076, Duration: 4m 37s, Malicious Files: 1
Thu 2018-08-09 10:06:22.0822    Scan Finished: [ID: 312 - Seq: 232207585]
Thu 2018-08-09 10:06:40.0818    Determination flags modified: c:\program files (x86)\ledger wallet ripple\ledger_wallet_ripple.exe - UniqueID: E6A03F89, MD5: 451E4AA149DE916A0B94F152AF2F9758, Size: 208055840 bytes, Flags: 00000020
Thu 2018-08-09 10:07:11.0201    Performing cleanup entry: 2
Thu 2018-08-09 10:07:47.0206    Scan Started:  [ID: 313 - Flags: 551/144]
Thu 2018-08-09 10:11:28.0803    Scan Results: Files Scanned: 48683, Duration: 3m 41s, Malicious Files: 0
Thu 2018-08-09 10:11:28.0939    Scan Finished: [ID: 313 - Seq: 232207892]
Thu 2018-08-09 10:13:00.0573    Saved updated configuration
Thu 2018-08-09 10:16:05.0285    Scan Started:  [ID: 314 - Flags: 551/0]
Thu 2018-08-09 10:19:42.0537    Scan Results: Files Scanned: 41955, Duration: 3m 37s, Malicious Files: 0
Thu 2018-08-09 10:19:42.0708    Scan Finished: [ID: 314 - Seq: 232208385]
Thu 2018-08-09 12:54:10.0416    Begin passive write scan (3 file(s))
Thu 2018-08-09 12:54:11.0449    End passive write scan (3 file(s))
Thu 2018-08-09 12:54:22.0426    Begin passive write scan (3 file(s))
Thu 2018-08-09 12:54:22.0991    System shutting down.
Thu 2018-08-09 12:54:23.0463    End passive write scan (3 file(s))
Thu 2018-08-09 12:54:25.0674    Configuration Saved: CSCS51E12FCC8F90889244755FA136AE864C,00011,00021,00031,00041,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,001025,001117,00120,00130,00140,00151,00161,00170,00181,00191,001A0,001B0,001C1,001D0,001E0,001F1,00201,00211,00221,00231,00240,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00431,00441,00451,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C0,005D0,005E0,005F0,00601,00613,00620,00630,00641,00653,00663,00673,00681,00693,006A0,006B0,006C1,006D2,006E0,006F0,00701,00711,00720,00730,00741,00753,00760,00770,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00891,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B11,00B20,00B30,00B40,00B51,00B61,00B71,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0,00BF0,00C00,
Thu 2018-08-09 12:54:25.0674    
Thu 2018-08-09 12:54:25.0674    <<< Service shut down successfully. Uptime: 546 minute(s)

 

Edited by Kelker11

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...