Topic: Bitcoin Wallet Empty, no transactions, no nothing (Read 4255 times)
does the zipcoin client was installed in a separate machine or in the one with your money? i want to know if the virus moved from one pc to another
Hey all,
I need some help, I opened my wallet to discover it had a 0 balance and no transaction history, no nothing. The wallet is synced but there is no information in the wallet. Even saved addresses are gone.
The wallet.dat file is still there.
Have I been hacked?
Im using the Windows Bitcoin core wallet. Has this happened to anyone before and what can i do about it?
Thanks
becarefull someone hack your device and monitorng your activity and takes money from youI need some help, I opened my wallet to discover it had a 0 balance and no transaction history, no nothing. The wallet is synced but there is no information in the wallet. Even saved addresses are gone.
The wallet.dat file is still there.
Have I been hacked?
Im using the Windows Bitcoin core wallet. Has this happened to anyone before and what can i do about it?
Thanks
make sure you have backup
In the future, don't run windoze! Or, if you have to run windows for your day-to-day life, at least put your bitcoin wallet into a usb linux that you boot into and keep that clean. 99.9999999999999999999% of the viruses and keyloggers out there are targeting windows, if you just move to GNU/Linux (even if it's only for your bitcoins) you'll avoid the vast, vast majority of attacks.
Do you have any AV??
Check all downloaded files recently
Check all downloaded files recently
Yes, I used Avast and MalwareBytes. Avast picked it up but only after the damage was done. Reading the Zipcoin thread only 1 or 2 out of 50 antivirus programs picked it up
agree some people easy to move money in backup in other wallet . maybe you get infected in your pc . check it now.
Linux is only considered safer because you don't run everything as root while in Windows people have a tendency to log in with their admin account and hence when you run executable files they have access to pretty much everything. Also, it's just more economically feasible for hackers and thieves to go after the operating system which has the most number of users by far - your going to get a lot more people with a windows executable than you are with a tarball that needs to be compiled for Linux.
Agree with everything you've written.
Although one problem with Linux is how easy it is for malware to get root access on a Linux desktop OS (one with a GUI). A keylogger can be written in just a single line of bash script and it is capable of keylogging your root/sudo password because most Linux distros have no kind of GUI isolation at all. It can then use the password to gain root priviledges.
Microsoft have actually tried to do SOMETHING about this. I am sure it is probably defeatable though.
Good lawd! I guess that's why it's advisable not to install a GUI on a linux server. I'm guilty... totally guilty.
This is why I opted to go with Linux... felt it was a tidbit safer; perceived safer perhaps? Even though I have a PC and initially had Win8 installed on my server, I've learned what executables can do... so you're def right, there's a level of trust needed. Years ago and just because I learned it was possible, I stripped an exe file down to it's smallest pieces (I think) without installing it. It can be done, but I agree, not easy at all.
Linux definitely has more security features built in than Windows, but a badly configured or unpatched Linux system isn't safe. Just because you use Linux doesn't mean you are safe.
Additionally I think that it would be easier for malware to hide on a Linux system than on a Windows one. We've seen malware thats hidden at a kernel level, something that is not so easy to do in Windows as you'd probably need the source code for the kernel to do that.
On top of that most of the common Linux X servers do not do any kind of GUI isolation at all. Microsoft made an attempt at least, though I don't know how good it really is.
Windows gets a lot of flack, but really it's security isn't all that bad. A lot of PC manufcaturers preinstall tons of bloatware to make extra money and additionally lots of people run pirated copies of Windows which don't receive any security updates. When those people then get viruses/hacked they try to blame Microsoft when it is themselves or their PC manufacturer who is at fault.
A fully patched and properly configured Windows installation running software built from known good sources is safe.
Evidently you misunderstood what I wrote - I said SAFER, not that it is SAFE. Any system that connects to the www is no way safe. Just to clarify... there were two reasons I opted for Linux over Win8 (although I love the interface), but primarily because of the wallet files that I'd be forced to download - for windows they are exe... and like I said, I know what can hide in them.
Linux is only considered safer because you don't run everything as root while in Windows people have a tendency to log in with their admin account and hence when you run executable files they have access to pretty much everything. Also, it's just more economically feasible for hackers and thieves to go after the operating system which has the most number of users by far - your going to get a lot more people with a windows executable than you are with a tarball that needs to be compiled for Linux.
Agree with everything you've written.
Although one problem with Linux is how easy it is for malware to get root access on a Linux desktop OS (one with a GUI). A keylogger can be written in just a single line of bash script and it is capable of keylogging your root/sudo password because most Linux distros have no kind of GUI isolation at all. It can then use the password to gain root priviledges.
Microsoft have actually tried to do SOMETHING about this. I am sure it is probably defeatable though.
yea thats hacker activity to steal and infect device and controll our activity and steal all in keylogger and monitong . thats why before unfamiliar website i never touch anything .
Linux is only considered safer because you don't run everything as root while in Windows people have a tendency to log in with their admin account and hence when you run executable files they have access to pretty much everything. Also, it's just more economically feasible for hackers and thieves to go after the operating system which has the most number of users by far - your going to get a lot more people with a windows executable than you are with a tarball that needs to be compiled for Linux.
Agree with everything you've written.
Although one problem with Linux is how easy it is for malware to get root access on a Linux desktop OS (one with a GUI). A keylogger can be written in just a single line of bash script and it is capable of keylogging your root/sudo password because most Linux distros have no kind of GUI isolation at all. It can then use the password to gain root priviledges.
Microsoft have actually tried to do SOMETHING about this. I am sure it is probably defeatable though.
This is why I opted to go with Linux... felt it was a tidbit safer; perceived safer perhaps? Even though I have a PC and initially had Win8 installed on my server, I've learned what executables can do... so you're def right, there's a level of trust needed. Years ago and just because I learned it was possible, I stripped an exe file down to it's smallest pieces (I think) without installing it. It can be done, but I agree, not easy at all.
Linux definitely has more security features built in than Windows, but a badly configured or unpatched Linux system isn't safe. Just because you use Linux doesn't mean you are safe.
Additionally I think that it would be easier for malware to hide on a Linux system than on a Windows one. We've seen malware thats hidden at a kernel level, something that is not so easy to do in Windows as you'd probably need the source code for the kernel to do that.
On top of that most of the common Linux X servers do not do any kind of GUI isolation at all. Microsoft made an attempt at least, though I don't know how good it really is.
Windows gets a lot of flack, but really it's security isn't all that bad. A lot of PC manufcaturers preinstall tons of bloatware to make extra money and additionally lots of people run pirated copies of Windows which don't receive any security updates. When those people then get viruses/hacked they try to blame Microsoft when it is themselves or their PC manufacturer who is at fault.
A fully patched and properly configured Windows installation running software built from known good sources is safe.
This is why I opted to go with Linux... felt it was a tidbit safer; perceived safer perhaps? Even though I have a PC and initially had Win8 installed on my server, I've learned what executables can do... so you're def right, there's a level of trust needed. Years ago and just because I learned it was possible, I stripped an exe file down to it's smallest pieces (I think) without installing it. It can be done, but I agree, not easy at all.
Linux is only considered safer because you don't run everything as root while in Windows people have a tendency to log in with their admin account and hence when you run executable files they have access to pretty much everything. Also, it's just more economically feasible for hackers and thieves to go after the operating system which has the most number of users by far - your going to get a lot more people with a windows executable than you are with a tarball that needs to be compiled for Linux.
Reading that thread there are many people accusing the developer of putting viruses in the coin.
Be WAY more careful in the future. Don't run ANYTHING you aren't 9,001% sure is safe. If you are installing software that has the source code available, learn how to compile it from source. Running the exe puts a lot of trust in the developer as the exe can do ANYTHING. People can check the source code for viruses but they cannot easily check the exe.
Be WAY more careful in the future. Don't run ANYTHING you aren't 9,001% sure is safe. If you are installing software that has the source code available, learn how to compile it from source. Running the exe puts a lot of trust in the developer as the exe can do ANYTHING. People can check the source code for viruses but they cannot easily check the exe.
This is why I opted to go with Linux... felt it was a tidbit safer; perceived safer perhaps? Even though I have a PC and initially had Win8 installed on my server, I've learned what executables can do... so you're def right, there's a level of trust needed. Years ago and just because I learned it was possible, I stripped an exe file down to it's smallest pieces (I think) without installing it. It can be done, but I agree, not easy at all.
Do you have any AV??
Check all downloaded files recently
Check all downloaded files recently
Yes, I used Avast and MalwareBytes. Avast picked it up but only after the damage was done. Reading the Zipcoin thread only 1 or 2 out of 50 antivirus programs picked it up
Yer I installed the wallet from the exe. I dont even have any of these coins I just wanted to see if the "anon" feature of the coin was a scam. Which it was. Fuck.
Files located in that directory are ztor.exe and zipcoin-qt.exe
Lesson learnt about this crypto game. Certainly wont happen a second time.
Files located in that directory are ztor.exe and zipcoin-qt.exe
Lesson learnt about this crypto game. Certainly wont happen a second time.
That stinks. I'm at least glad you found the source...
Thanks for the help mate
Goes to show to have the right security in place for everything. I have now ordered a trezor BTC wallet and encrypted EVERYTHING on my PC's. Lesson learnt. Yer I installed the wallet from the exe. I dont even have any of these coins I just wanted to see if the "anon" feature of the coin was a scam. Which it was. Fuck.
Files located in that directory are ztor.exe and zipcoin-qt.exe
Lesson learnt about this crypto game. Certainly wont happen a second time.
Files located in that directory are ztor.exe and zipcoin-qt.exe
Lesson learnt about this crypto game. Certainly wont happen a second time.
That stinks. I'm at least glad you found the source...
Im using the Windows Bitcoin core wallet.
Bingo! That's the core problem too. Linux man.
Installing a fresh copy of windows now. I have also ran scans on all of my mining rigs to make sure they are not infected either and all seems to be ok for now
So I was looking at the history of Avast virus scans and it seems it did pick up a virus sometime yesterday while I was AFK. It came from the zipcoin.qt wallet.
The virus is called netsh.exe and was found in the directory: C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe\0x94D16BC4A71627A1
Is this a false positive? I dont want to jump on thread spreading accusations before I know a little at least
The virus is called netsh.exe and was found in the directory: C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe\0x94D16BC4A71627A1
Is this a false positive? I dont want to jump on thread spreading accusations before I know a little at least
Uh oh. netsh.exe is a similar name to a windows system file. There should not be a file named that in the zipcoin directory!
Looks this isn't the first virus accusation against this coin:
https://bitcointalksearch.org/topic/m.8190098
Did you install the binary (.exe, .msi) or did you compile it from source?
Can you go to the folder C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe and post a list of all the filenames in there? make sure you have "show hidden files and folders" enabled too:
http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/
Yer I installed the wallet from the exe. I dont even have any of these coins I just wanted to see if the "anon" feature of the coin was a scam. Which it was. Fuck.
Files located in that directory are ztor.exe and zipcoin-qt.exe
Lesson learnt about this crypto game. Certainly wont happen a second time.
Reading that thread there are many people accusing the developer of putting viruses in the coin.
Be WAY more careful in the future. Don't run ANYTHING you aren't 9,001% sure is safe. If you are installing software that has the source code available, learn how to compile it from source. Running the exe puts a lot of trust in the developer as the exe can do ANYTHING. People can check the source code for viruses but they cannot easily check the exe.
You should not just delete the directory like this guy recommends. You should do a fresh Windows install. This is the only way to be sure you've removed it.
Be WAY more careful in the future. Don't run ANYTHING you aren't 9,001% sure is safe. If you are installing software that has the source code available, learn how to compile it from source. Running the exe puts a lot of trust in the developer as the exe can do ANYTHING. People can check the source code for viruses but they cannot easily check the exe.
Hey,
Everyone that downloaded the windows wallet early needs to check that AppData\Local\Spoon directory. That is where the backdoor was installed, it doesn't come up on a lot of virus scans, and was packaged with the windows wallet. Seems that the dev has now removed the malicious wallet.
You need to delete that directory asap. The program installed after you ran the zipcoin wallet for the first time and ztor.exe remains running even after you close the zipcoin wallet.
Obviously the exchanges and people who complied from source weren't affected, as this was zipped with the original windows wallet that was posted in the announcement.
Digiguy seems like the attacker shilling to extend time cleaning people out, posting screenshots to direct attention from where the problem is.
So if you downloaded that original windows wallet you need to check that C:\USERS\youraccount\APPDATA\LOCAL\SPOON, delete that directory asap, and then look for all your wallet.dat files in the APPDATA roaming folder, if you were infected the "wallet.dat" files were renamed to whatever coin it was such as "Dogecoin.dat" and then sent to the attacker.
Gonna repeat, Zipcoin-qt.exe itself is not malicious it was the ztor.exe bullshit that was packaged with the windows wallet, maybe thats why the dev called it zipcoin heh.
Again this shit doesnt come up on a lot of antivirus scanners and you need to remove this manually if you were infected, and then there is no telling what else could have been installed so its best to reformat your harddrive.
I fear a good amount of people got cleaned out already if they had all their wallets on the infected PC, I guess we'll find out with time.
Everyone that downloaded the windows wallet early needs to check that AppData\Local\Spoon directory. That is where the backdoor was installed, it doesn't come up on a lot of virus scans, and was packaged with the windows wallet. Seems that the dev has now removed the malicious wallet.
You need to delete that directory asap. The program installed after you ran the zipcoin wallet for the first time and ztor.exe remains running even after you close the zipcoin wallet.
Obviously the exchanges and people who complied from source weren't affected, as this was zipped with the original windows wallet that was posted in the announcement.
Digiguy seems like the attacker shilling to extend time cleaning people out, posting screenshots to direct attention from where the problem is.
So if you downloaded that original windows wallet you need to check that C:\USERS\youraccount\APPDATA\LOCAL\SPOON, delete that directory asap, and then look for all your wallet.dat files in the APPDATA roaming folder, if you were infected the "wallet.dat" files were renamed to whatever coin it was such as "Dogecoin.dat" and then sent to the attacker.
Gonna repeat, Zipcoin-qt.exe itself is not malicious it was the ztor.exe bullshit that was packaged with the windows wallet, maybe thats why the dev called it zipcoin heh.
Again this shit doesnt come up on a lot of antivirus scanners and you need to remove this manually if you were infected, and then there is no telling what else could have been installed so its best to reformat your harddrive.
I fear a good amount of people got cleaned out already if they had all their wallets on the infected PC, I guess we'll find out with time.
You should not just delete the directory like this guy recommends. You should do a fresh Windows install. This is the only way to be sure you've removed it.
So I was looking at the history of Avast virus scans and it seems it did pick up a virus sometime yesterday while I was AFK. It came from the zipcoin.qt wallet.
The virus is called netsh.exe and was found in the directory: C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe\0x94D16BC4A71627A1
Is this a false positive? I dont want to jump on thread spreading accusations before I know a little at least
The virus is called netsh.exe and was found in the directory: C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe\0x94D16BC4A71627A1
Is this a false positive? I dont want to jump on thread spreading accusations before I know a little at least
Uh oh. netsh.exe is a similar name to a windows system file. There should not be a file named that in the zipcoin directory!
Looks this isn't the first virus accusation against this coin:
https://bitcointalksearch.org/topic/m.8190098
Did you install the binary (.exe, .msi) or did you compile it from source?
Can you go to the folder C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe and post a list of all the filenames in there? make sure you have "show hidden files and folders" enabled too:
http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/
So I was looking at the history of Avast virus scans and it seems it did pick up a virus sometime yesterday while I was AFK. It came from the zipcoin.qt wallet.
The virus is called netsh.exe and was found in the directory: C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe\0x94D16BC4A71627A1
Is this a false positive? I dont want to jump on thread spreading accusations before I know a little at least
The virus is called netsh.exe and was found in the directory: C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe\0x94D16BC4A71627A1
Is this a false positive? I dont want to jump on thread spreading accusations before I know a little at least
Jump to: