Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Pages:
Author

Topic: BTC stolen from electrum wallet - page 2. (Read 2526 times)

edgebits
newbie
Activity: 37
Merit: 0
Re: BTC stolen from electrum wallet
April 01, 2014, 09:20:01 PM
#11
Quote from: LAMarcellus on April 01, 2014, 08:45:25 PM
How do you acquire your coins? Online exchange, mining, localbitcoin.com?
Also, Damien, what version of windows do you use?

Sorry for your loss  Sad

Please let us know how the Malware bytes scan turns out.

Well, here is the report.



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 01/04/2014
Scan Time: 9:17:54 PM
Logfile:
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.04.01.10
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Damien

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 268552
Time Elapsed: 16 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Trojan.MSIL, C:\Users\Damien\AppData\Roaming\Adobe\AdobeUpdate.exe, 2644, , [ba7479ac88f3df57e729af99629fc040]

Modules: 0
(No malicious items detected)

Registry Keys: 51
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{31DBE255-DED2-6664-AFE4-95F62E8195DE}, , [f13d2df899e2eb4b0b380f33c43db44c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31DBE255-DED2-6664-AFE4-95F62E8195DE}, , [f13d2df899e2eb4b0b380f33c43db44c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31DBE255-DED2-6664-AFE4-95F62E8195DE}, , [f13d2df899e2eb4b0b380f33c43db44c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\YoutubeAdblocker.YoutubeAdblocker, , [f13d2df899e2eb4b0b380f33c43db44c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\YoutubeAdblocker.YoutubeAdblocker.1.0, , [f13d2df899e2eb4b0b380f33c43db44c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YoutubeAdblocker.YoutubeAdblocker, , [f13d2df899e2eb4b0b380f33c43db44c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YoutubeAdblocker.YoutubeAdblocker.1.0, , [f13d2df899e2eb4b0b380f33c43db44c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31DBE255-DED2-6664-AFE4-95F62E8195DE}, , [f13d2df899e2eb4b0b380f33c43db44c],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31DBE255-DED2-6664-AFE4-95F62E8195DE}, , [f13d2df899e2eb4b0b380f33c43db44c],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31DBE255-DED2-6664-AFE4-95F62E8195DE}, , [f13d2df899e2eb4b0b380f33c43db44c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{31DBE255-DED2-6664-AFE4-95F62E8195DE}, , [f13d2df899e2eb4b0b380f33c43db44c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{31DBE255-DED2-6664-AFE4-95F62E8195DE}, , [f13d2df899e2eb4b0b380f33c43db44c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{31DBE255-DED2-6664-AFE4-95F62E8195DE}\INPROCSERVER32, , [f13d2df899e2eb4b0b380f33c43db44c],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{92175CF4-E534-6917-802D-73D1993E9B67}, , [e34b1a0bcdae80b655eeff43c93809f7],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{92175CF4-E534-6917-802D-73D1993E9B67}, , [e34b1a0bcdae80b655eeff43c93809f7],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{92175CF4-E534-6917-802D-73D1993E9B67}, , [e34b1a0bcdae80b655eeff43c93809f7],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\gRReaAttsavEur.gRReaAttsavEur, , [e34b1a0bcdae80b655eeff43c93809f7],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\gRReaAttsavEur.gRReaAttsavEur.2.7, , [e34b1a0bcdae80b655eeff43c93809f7],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\gRReaAttsavEur.gRReaAttsavEur, , [e34b1a0bcdae80b655eeff43c93809f7],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\gRReaAttsavEur.gRReaAttsavEur.2.7, , [e34b1a0bcdae80b655eeff43c93809f7],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{92175CF4-E534-6917-802D-73D1993E9B67}, , [e34b1a0bcdae80b655eeff43c93809f7],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{92175CF4-E534-6917-802D-73D1993E9B67}, , [e34b1a0bcdae80b655eeff43c93809f7],
PUP.Optional.MultiPlug.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{92175CF4-E534-6917-802D-73D1993E9B67}, , [e34b1a0bcdae80b655eeff43c93809f7],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{92175CF4-E534-6917-802D-73D1993E9B67}, , [e34b1a0bcdae80b655eeff43c93809f7],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{92175CF4-E534-6917-802D-73D1993E9B67}, , [e34b1a0bcdae80b655eeff43c93809f7],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\CLASSES\CLSID\{92175CF4-E534-6917-802D-73D1993E9B67}\INPROCSERVER32, , [e34b1a0bcdae80b655eeff43c93809f7],
PUP.Optional.TopArcadeHits.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF190686-9E72-403C-B99D-682ABDB63C5B}, , [71bd61c4710a1f172b151b2462a0817f],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, , [1f0f68bd4e2d82b4ca799ba712efac54],
PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CA41BB14-E67B-1653-C57B-5CA99418A866}, , [a48a889d92e94beb7ac9083aac55dc24],
PUP.Optional.DigitalSites.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DSite, , [0826fe27304bf145e4c8c267bc45c040],
PUP.Optional.FunMoods.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Funmoods, , [c16d0f16c5b656e0a78a521ac1412ed2],
PUP.Optional.HDVidCndec.A, HKLM\SOFTWARE\WOW6432NODE\HDvid Codec V6.0, , [3cf23ee76912ca6c62454b1b30d20ef2],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\SaveSenseLive, , [77b70223c0bb191dc7eca1ee46bdb24e],
PUP.Optional.TornTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Torntv V6.0, , [26082bfa37440d290cc1b0b4e31f9b65],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, , [dc529f86fc7f74c235d58002c2414ab6],
PUP.FunMoods, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Funmoods, , [31fdc263bebdd1659de0d39f3fc31be5],
PUP.Optional.SaveSense.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSense, , [7faf66bfe893db5b426d1c73828133cd],
PUP.Optional.SaveSense.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSenseLive, , [17179d884d2e2412931d533ca55e35cb],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [35f9e342e299a98dea63563f44bf0af6],
PUP.Optional.ValueApps.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\ValueApps, , [58d6899c1b60c76ff4f2dc8e80823bc5],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [98968e974d2e49ed9ed125453ec45fa1],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [0925ba6baccf59dd436ed2aeb74ca060],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\installdaddy, , [ef3f6db8c1babf775d3f324f927124dc],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [f935fc2987f40d298b8ed87c649ec33d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}, , [f935fc2987f40d298b8ed87c649ec33d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}, , [f935fc2987f40d298b8ed87c649ec33d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, , [f935fc2987f40d298b8ed87c649ec33d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}, , [f935fc2987f40d298b8ed87c649ec33d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}, , [f935fc2987f40d298b8ed87c649ec33d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, , [f935fc2987f40d298b8ed87c649ec33d],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, , [f935fc2987f40d298b8ed87c649ec33d],

Registry Values: 3
Trojan.MSIL, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Adobe Update, C:\Users\Damien\AppData\Roaming\Adobe\AdobeUpdate.exe, , [ba7479ac88f3df57e729af99629fc040]
PUP.Optional.NextLive.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|NextLive, C:\Windows\SysWOW64\rundll32.exe "C:\Users\Damien\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l, , [ed4135f0037874c21a7365e70cf52ad6]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1L1J1L1S1R1N, , [0925ba6baccf59dd436ed2aeb74ca060]

Registry Data: 1
PUP.Optional.Conduit, HKU\S-1-5-21-1765719292-827427354-1992714951-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.conduit.com?SearchSource=10&CUI=UN13507171334195564&UM=2&ctid=CT3289075, Good: (http://www.google.com), Bad: (http://search.conduit.com?SearchSource=10&CUI=UN13507171334195564&UM=2&ctid=CT3289075),,[2e002ef72457a88eaf05c54a44c0619f]

Folders: 20
PUP.Optional.Updater, C:\Users\Damien\AppData\Roaming\DigitalSites\UpdateProc, , [52dcff26a0db40f67743bab0b151b54b],
PUP.Optional.FunMoods.A, C:\Users\Damien\AppData\Roaming\Funmoods\UpdateProc, , [c16d0f16c5b656e0a78a521ac1412ed2],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, , [98963ee7ee8dd660a0d3b69cf9096b95],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3287810, , [98963ee7ee8dd660a0d3b69cf9096b95],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3289075, , [98963ee7ee8dd660a0d3b69cf9096b95],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3289847, , [98963ee7ee8dd660a0d3b69cf9096b95],
PUP.Optional.SaveSense, C:\Program Files (x86)\SaveSenseLive, , [d35bab7a7506e155fb5d054e788a16ea],
PUP.Optional.SaveSense, C:\Program Files (x86)\SaveSenseLive\CrashReports, , [d35bab7a7506e155fb5d054e788a16ea],
PUP.Optional.SaveSense, C:\ProgramData\SaveSenseLive, , [eb43e93c64172313a1b8f85b62a0c33d],
PUP.Optional.SaveSense, C:\ProgramData\SaveSenseLive\Update, , [eb43e93c64172313a1b8f85b62a0c33d],
PUP.Optional.SaveSense, C:\ProgramData\SaveSenseLive\Update\Log, , [eb43e93c64172313a1b8f85b62a0c33d],
PUP.Optional.SaveSense, C:\Users\Damien\AppData\Roaming\SaveSense, , [3fefe1448dee4fe763f77fd49c667987],
PUP.Optional.SaveSense, C:\Users\Damien\AppData\Roaming\SaveSense\UpdateProc, , [3fefe1448dee4fe763f77fd49c667987],
PUP.Optional.SaveSense.A, C:\Users\Damien\AppData\Local\SaveSenseLive, , [61cd0a1bf487b77fc599ca890ff3b64a],
PUP.Optional.SaveSense.A, C:\Users\Damien\AppData\Local\SaveSenseLive\CrashReports, , [61cd0a1bf487b77fc599ca890ff3b64a],
PUP.Optional.Visualbee, C:\Users\Damien\AppData\Local\VisualBeeExe, , [2c0271b4afcccf67582bd87ba0620ff1],
PUP.Optional.NextLive.A, C:\Users\Damien\AppData\Roaming\newnext.me, , [59d5141174073ef80a95d2816f932ad6],
PUP.Optional.NextLive.A, C:\Users\Damien\AppData\Roaming\newnext.me\cache, , [59d5141174073ef80a95d2816f932ad6],
PUP.Optional.Multiplug, C:\Program Files (x86)\YoutubeAdblocker, , [f935fc2987f40d298b8ed87c649ec33d],
PUP.Optional.YoutubeAdblocker.A, C:\ProgramData\YoutubeAdblocker, , [7eb04ed70f6c211560d363f39d6545bb],

Files: 40
Trojan.MSIL, C:\Users\Damien\AppData\Roaming\Adobe\AdobeUpdate.exe, , [ba7479ac88f3df57e729af99629fc040],
PUP.Optional.NextLive.A, C:\Users\Damien\AppData\Roaming\newnext.me\nengine.dll, , [ed4135f0037874c21a7365e70cf52ad6],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\YoutubeAdblocker\EczE2YPQl.x64.dll, , [f13d2df899e2eb4b0b380f33c43db44c],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\YoutubeAdblocker\EczE2YPQl.dll, , [f13d2df899e2eb4b0b380f33c43db44c],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\greatsaveer\y.x64.dll, , [e34b1a0bcdae80b655eeff43c93809f7],
PUP.Optional.MultiPlug.A, C:\Program Files (x86)\greatsaveer\y.dll, , [e34b1a0bcdae80b655eeff43c93809f7],
PUP.Optional.MultiPlug.A, C:\ProgramData\YoutubeAdblocker\17o36WPGCu.exe, , [1f0f68bd4e2d82b4ca799ba712efac54],
PUP.Optional.MultiPlug.A, C:\ProgramData\greatsaveer\jL.exe, , [a48a889d92e94beb7ac9083aac55dc24],
PUP.Optional.DigitalSites.A, C:\Users\Damien\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe, , [0826fe27304bf145e4c8c267bc45c040],
PUP.Optional.OneClickDownloader.A, C:\Users\Damien\Downloads\hdvid_codec_chrome.exe, , [ff2fed380576ae889e6287832bd6f50b],
PUP.Optional.NextLive.A, C:\Users\Damien\AppData\Local\genienext\nengine.dll, , [bd71f035a5d6a88ea0edaf9d8d74d927],
PUP.Optional.Pricegong, C:\Users\Damien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage, , [cc6248dd6813ea4c5d6a4226eb17cd33],
PUP.Optional.Pricegong, C:\Users\Damien\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal, , [7ab48f96c7b426107d4ab2b6679b9769],
PUP.Optional.Updater, C:\Users\Damien\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe, , [52dcff26a0db40f67743bab0b151b54b],
PUP.Optional.Updater, C:\Users\Damien\AppData\Roaming\DigitalSites\UpdateProc\config.dat, , [52dcff26a0db40f67743bab0b151b54b],
PUP.Optional.Updater, C:\Users\Damien\AppData\Roaming\DigitalSites\UpdateProc\info.dat, , [52dcff26a0db40f67743bab0b151b54b],
PUP.Optional.Updater, C:\Users\Damien\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, , [52dcff26a0db40f67743bab0b151b54b],
PUP.Optional.Updater, C:\Users\Damien\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, , [52dcff26a0db40f67743bab0b151b54b],
PUP.Optional.FunMoods.A, C:\Users\Damien\AppData\Roaming\Funmoods\UpdateProc\config.dat, , [c16d0f16c5b656e0a78a521ac1412ed2],
PUP.Optional.FunMoods.A, C:\Users\Damien\AppData\Roaming\Funmoods\UpdateProc\info.dat, , [c16d0f16c5b656e0a78a521ac1412ed2],
PUP.Optional.FunMoods.A, C:\Users\Damien\AppData\Roaming\Funmoods\UpdateProc\src.dat, , [c16d0f16c5b656e0a78a521ac1412ed2],
PUP.Optional.FunMoods.A, C:\Users\Damien\AppData\Roaming\Funmoods\UpdateProc\STTL.DAT, , [c16d0f16c5b656e0a78a521ac1412ed2],
PUP.Optional.FunMoods.A, C:\Users\Damien\AppData\Roaming\Funmoods\UpdateProc\TTL.DAT, , [c16d0f16c5b656e0a78a521ac1412ed2],
PUP.Optional.FunMoods.A, C:\Users\Damien\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe, , [c16d0f16c5b656e0a78a521ac1412ed2],
PUP.Optional.HDVidCodec.A, C:\Windows\Tasks\HDvid Codec V6.0-chromeinstaller.job, , [fc32ba6b215a20167037cfc020e3d030],
PUP.Optional.HDVidCodec.A, C:\Windows\Tasks\HDvid Codec V6.0-updater.job, , [47e7ac791f5cd0669710652ac43f7e82],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3287810\UninstallerUI.exe, , [98963ee7ee8dd660a0d3b69cf9096b95],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3289075\UninstallerUI.exe, , [98963ee7ee8dd660a0d3b69cf9096b95],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3289847\UninstallerUI.exe, , [98963ee7ee8dd660a0d3b69cf9096b95],
PUP.Optional.SaveSense, C:\ProgramData\SaveSenseLive\Update\Log\SaveSenseLive.log, , [eb43e93c64172313a1b8f85b62a0c33d],
PUP.Optional.SaveSense, C:\Users\Damien\AppData\Roaming\SaveSense\UpdateProc\config.dat, , [3fefe1448dee4fe763f77fd49c667987],
PUP.Optional.SaveSense, C:\Users\Damien\AppData\Roaming\SaveSense\UpdateProc\info.dat, , [3fefe1448dee4fe763f77fd49c667987],
PUP.Optional.SaveSense, C:\Users\Damien\AppData\Roaming\SaveSense\UpdateProc\STTL.DAT, , [3fefe1448dee4fe763f77fd49c667987],
PUP.Optional.SaveSense, C:\Users\Damien\AppData\Roaming\SaveSense\UpdateProc\TTL.DAT, , [3fefe1448dee4fe763f77fd49c667987],
PUP.Optional.SaveSense, C:\Users\Damien\AppData\Roaming\SaveSense\UpdateProc\UpdateTask.exe, , [3fefe1448dee4fe763f77fd49c667987],
PUP.Optional.NextLive.A, C:\Users\Damien\AppData\Roaming\newnext.me\nengine.cookie, , [59d5141174073ef80a95d2816f932ad6],
PUP.Optional.NextLive.A, C:\Users\Damien\AppData\Roaming\newnext.me\cache\spark.bin, , [59d5141174073ef80a95d2816f932ad6],
PUP.Optional.Multiplug, C:\Program Files (x86)\YoutubeAdblocker\EczE2YPQl.dat, , [f935fc2987f40d298b8ed87c649ec33d],
PUP.Optional.Multiplug, C:\Program Files (x86)\YoutubeAdblocker\EczE2YPQl.tlb, , [f935fc2987f40d298b8ed87c649ec33d],
PUP.Optional.YoutubeAdblocker.A, C:\ProgramData\YoutubeAdblocker\17o36WPGCu.dat, , [7eb04ed70f6c211560d363f39d6545bb],

Physical Sectors: 0
(No malicious items detected)


(end)
Taras
legendary
Activity: 1386
Merit: 1053
Please do not PM me loan requests!
Re: BTC stolen from electrum wallet
April 01, 2014, 09:19:40 PM
#10
 Why do people have to take what's not theirs... Undecided
Sickening.
edgebits
newbie
Activity: 37
Merit: 0
Re: BTC stolen from electrum wallet
April 01, 2014, 09:16:16 PM
#9
Quote from: chakra74 on April 01, 2014, 09:14:18 PM
Another precaution you can take against keyloggers is an on-screen keyboard that hides anything you enter into a password field.  I usually type all sensitive information with Neo's SafeKeys.  It's a small easy to install program, that gives me another layer of peace of mind.

There's many much more robust password programs out there, but I like the simplicity of just typing them in myself.  Even if you run a malware detector, it's possible that which ever one you use will let some malware through. 

Always assume you have malware installed.

thank you for the valuable info kind sir
chakra74
newbie
Activity: 29
Merit: 0
Re: BTC stolen from electrum wallet
April 01, 2014, 09:14:18 PM
#8
Another precaution you can take against keyloggers is an on-screen keyboard that hides anything you enter into a password field.  I usually type all sensitive information with Neo's SafeKeys.  It's a small easy to install program, that gives me another layer of peace of mind.

There's many much more robust password programs out there, but I like the simplicity of just typing them in myself.  Even if you run a malware detector, it's possible that which ever one you use will let some malware through. 

Always assume you have malware installed.
edgebits
newbie
Activity: 37
Merit: 0
Re: BTC stolen from electrum wallet
April 01, 2014, 08:59:32 PM
#7
Quote from: LAMarcellus on April 01, 2014, 08:45:25 PM
How do you acquire your coins? Online exchange, mining, localbitcoin.com?
Also, Damien, what version of windows do you use?

Sorry for your loss  Sad

Please let us know how the Malware bytes scan turns out.

Through online exchange. My windows version is 7 home premium. I will let you know what the scan tells me.
LAMarcellus
full member
Activity: 180
Merit: 100
Re: BTC stolen from electrum wallet
April 01, 2014, 08:45:25 PM
#6
How do you acquire your coins? Online exchange, mining, localbitcoin.com?
Also, Damien, what version of windows do you use?

Sorry for your loss  Sad

Please let us know how the Malware bytes scan turns out.
edgebits
newbie
Activity: 37
Merit: 0
Re: BTC stolen from electrum wallet
April 01, 2014, 08:38:19 PM
#5
Quote from: escrow.ms on April 01, 2014, 08:30:50 PM
Hi, please use imgur.com for uploading screenshot.

Ps: Scan your pc with malware byets anti malware and
did you have saved unencrypted wallet backup somewhere or saved seed in some insecure place like email?

thanks for the help. I did have a backup on a usb that was attached to the pc while the coins were stolen but it was still protected by the same password for withdrawal no? seed is only on paper no where is it saved on pc.
datafish
donator
Activity: 129
Merit: 100
Swimming in a sea of data
Re: BTC stolen from electrum wallet
April 01, 2014, 08:35:08 PM
#4
It's odd that they are seemingly random amounts.
escrow.ms
legendary
Activity: 1274
Merit: 1004
Re: BTC stolen from electrum wallet
April 01, 2014, 08:30:50 PM
#3
Hi, please use imgur.com for uploading screenshot.

Ps: Scan your pc with malware byets anti malware and
did you have saved unencrypted wallet backup somewhere or saved seed in some insecure place like email?
Joshuar
hero member
Activity: 504
Merit: 500
eidoo wallet
Re: BTC stolen from electrum wallet
April 01, 2014, 08:25:18 PM
#2
Someone found out your private key? Keylogger? Virus?
edgebits
newbie
Activity: 37
Merit: 0
Re: BTC stolen from electrum wallet
April 01, 2014, 08:24:28 PM
#1
Can anyone shine a light on how this happened??? I had a decent password to my understanding (~15 characters with numbers and symbols).

I've never had an issue and suddenly an hour ago my coins got withdrawed on six seperate transactions to the same address until they finally were all depleted..

heres a screenshot

https://i.imgur.com/LWXNChd.png

Im a noob so don't understand why the make it so complicated to post an image..

The coins were all sent to this address: 17avcFVaa9dWNXiEx9ALChvN77py9dmHwC

Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Jump to: