Topic: Coins stolen from my wallet?!? - page 2. (Read 3482 times)
anyone can explain how to anticipate for stolen a bitcoin from wallet?
-snip-
Hm, I never played neither sleeping dogs nor COD2 on my computer. The thing is that I have received this copy of the OS from the university via MSDNAA and received a copy on my D:\ drive via an usb disk from one of my colleagues since he already downloaded it. So I just needed a new key from the university partner program with MS. Can it be that buddha.dll replicated it to my disk without somebody (antivir, etc.) knowing it? I remember that sometimes my colleagues played COD2 at the university in there spare time. I usually play LOL which is free to play.
Hm, I never played neither sleeping dogs nor COD2 on my computer. The thing is that I have received this copy of the OS from the university via MSDNAA and received a copy on my D:\ drive via an usb disk from one of my colleagues since he already downloaded it. So I just needed a new key from the university partner program with MS. Can it be that buddha.dll replicated it to my disk without somebody (antivir, etc.) knowing it? I remember that sometimes my colleagues played COD2 at the university in there spare time. I usually play LOL which is free to play.
I think we know how you got infected now. Your colleague should probably get a clean OS as well now.
I cannot explain it in a different way, because otherwise buddha.dll should be in a folder named "D:\CallOfDuty\buddha.dll" or something?!? Just as a guess.
Yes its a strange path for the dll to be, but probably thats just the path you copied it to.
so this all happened due to a trojan? 
I think, yes.
I doubled check my antivir now and I really have installed AVG Antivir AND Microsoft Essentials, but both were not enough to prevent the thief. However, a wallet without password protection was really dumb, life learns you the hard way, even if in that case it was not very hard at least.
From #3 and #1 I think you got infected while using IE, so a drive by infection most likely. Those few minutes while you are out there to get a safe browser... Oh well. Whats buddha.dll though? A quick research suggests sleeping dogs or Call of Duty Black Ops 2. I didnt dig to deep, but I suspect a pirated version/cheat/etc. I wouldnt know why an official release would require a download via 2shared. So #1 and #3 might have followed after you got the dll somewhere insecure. Again, I dont judge, I dont require an answer, just think about where you might have gotten the file.
Aaanyway seems like you are taking a safer route for now. While I usually argue that your own machine is safer than some server on the internet, this depends on what you are doing with your machine.
Bleib wachsam
Hm, I never played neither sleeping dogs nor COD2 on my computer. The thing is that I have received this copy of the OS from the university via MSDNAA and received a copy on my D:\ drive via an usb disk from one of my colleagues since he already downloaded it. So I just needed a new key from the university partner program with MS. Can it be that buddha.dll replicated it to my disk without somebody (antivir, etc.) knowing it? I remember that sometimes my colleagues played COD2 at the university in there spare time. I usually play LOL which is free to play.
I cannot explain it in a different way, because otherwise buddha.dll should be in a folder named "D:\CallOfDuty\buddha.dll" or something?!? Just as a guess.
Nevertheless, I learned my lesson and how "easy" BTC can be stolen from your wallet even if it was reckless to have a wallet without a password, since bitcoin-qt does not enforce it (!!) as for instance multibit does.
so this all happened due to a trojan?
I doubled check my antivir now and I really have installed AVG Antivir AND Microsoft Essentials, but both were not enough to prevent the thief. However, a wallet without password protection was really dumb, life learns you the hard way, even if in that case it was not very hard at least.
Yes a password is a must, with keepass you are also protected against keyloggers. Anti Virus is not a critical issue anymore. It is something you keep to make you feel safe and to hold of the old shit from last year, but the viruses and trojans that are currently active are seldomly known to anti viruses devs. I am a bit behind with my Ct reading, but I trust their judgement.
The OS is a legit copy, but after a complete scan of the system the antivir found three threats:
#1 "Virus found: Win32/Zperm, C:\Windows\Temp\49f48af4-b402-4745-9e9c-26cfb8983c1f\tmp0000116d\tmp00006408";"Saved"
#2 "Trojan: PSW.OnlineGames4.ZUJ, D:\buddha.dll";"Saved"
#3 "Trojan: CoinMiner.ASJ, C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLLU0VPX\wmpnetwk[1].dll";"Saved"
From #3 and #1 I think you got infected while using IE, so a drive by infection most likely. Those few minutes while you are out there to get a safe browser... Oh well. Whats buddha.dll though? A quick research suggests sleeping dogs or Call of Duty Black Ops 2. I didnt dig to deep, but I suspect a pirated version/cheat/etc. I wouldnt know why an official release would require a download via 2shared. So #1 and #3 might have followed after you got the dll somewhere insecure. Again, I dont judge, I dont require an answer, just think about where you might have gotten the file.
Aaanyway seems like you are taking a safer route for now. While I usually argue that your own machine is safer than some server on the internet, this depends on what you are doing with your machine.
Bleib wachsam
I doubled check my antivir now and I really have installed AVG Antivir AND Microsoft Essentials, but both were not enough to prevent the thief. However, a wallet without password protection was really dumb, life learns you the hard way, even if in that case it was not very hard at least.
Ya, after the first start of the newly setup OS I used the IE to download Chrome and Opera. Damn! My router has a very strong password generated using KeePass, which obfuscates even the copy and paste process.
At the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
OH DAMNNNNN Microsoft essential? Using that as a reference anti virus is a no no, they do not detect viruses well. Try installing fresh copy of official Linux OS. Windows have far too much virusesAt the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
Whats the best av? Essentials used to get listed as a good av.
The best is Bitdefender, the best free is the 3rd best called 360 Internet Security
Ya, after the first start of the newly setup OS I used the IE to download Chrome and Opera. Damn! My router has a very strong password generated using KeePass, which obfuscates even the copy and paste process.
At the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
OH DAMNNNNN Microsoft essential? Using that as a reference anti virus is a no no, they do not detect viruses well. Try installing fresh copy of official Linux OS. Windows have far too much virusesAt the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
Whats the best av? Essentials used to get listed as a good av.
Ya, after the first start of the newly setup OS I used the IE to download Chrome and Opera. Damn! My router has a very strong password generated using KeePass, which obfuscates even the copy and paste process.
At the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
OH DAMNNNNN Microsoft essential? Using that as a reference anti virus is a no no, they do not detect viruses well. Try installing fresh copy of official Linux OS. Windows have far too much virusesAt the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
Why not? I've been using Microsoft Essentials since years and have never had any problem with it.
Obviously I don't create cold storage wallets in this OS, but for trading small quantity of coin I think it's enough secure.
Ya, after the first start of the newly setup OS I used the IE to download Chrome and Opera. Damn! My router has a very strong password generated using KeePass, which obfuscates even the copy and paste process.
At the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
OH DAMNNNNN Microsoft essential? Using that as a reference anti virus is a no no, they do not detect viruses well. Try installing fresh copy of official Linux OS. Windows have far too much virusesAt the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
Why not? I've been using Microsoft Essentials since years and have never had any problem with it.
Obviously I don't create cold storage wallets in this OS, but for trading small quantity of coin I think it's enough secure.
I think the main issue of the BTC stolen was not setting up a password in my wallet, because the software does not force you to do so. Atm I am just tired of all these security procedures in order to keep your wallet save. As I already said, I now use blockchain.info as my wallet and activated every security settings provided by the mentioned wallet. For me the effort is to high to keep your wallet save. I hope now it is^^
If ever again some BTC get stolen from my wallet, I will try a linux live cd or I quit the adventure.
In the latest Ct (a highly esteemed computer magazin from Germany) Microsoft Essentials was the best free virus protection on the market, before that I used AVG, but was not satisified at all.
If ever again some BTC get stolen from my wallet, I will try a linux live cd or I quit the adventure.
In the latest Ct (a highly esteemed computer magazin from Germany) Microsoft Essentials was the best free virus protection on the market, before that I used AVG, but was not satisified at all.
Setting password on your wallet is a must....
Ya, after the first start of the newly setup OS I used the IE to download Chrome and Opera. Damn! My router has a very strong password generated using KeePass, which obfuscates even the copy and paste process.
At the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
OH DAMNNNNN Microsoft essential? Using that as a reference anti virus is a no no, they do not detect viruses well. Try installing fresh copy of official Linux OS. Windows have far too much viruses At the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
Ya, after the first start of the newly setup OS I used the IE to download Chrome and Opera. Damn! My router has a very strong password generated using KeePass, which obfuscates even the copy and paste process.
At the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
At the moment my antivir (Microsoft Essentials) states that my computer should be free, even after I rebooted etc. After that I created a new wallet using blockchain.info and I hope that now I am save?!?
No, I neither downloaded any file except the DOGE-Coin wallet nor opened anything in skype. It seems very strange to me too ...
Strange indeed. Legit OS copy or a pirated version? Those might have trojans, backdoors as well. You dont need to answer this, just consider it an option. Other possibilites I can think of are:
#1 infected machine in your LAN that used an undocumented exploit on your the unpatched OS (infected after/durring setup).
#2 infected infrastructure (e.g. your router) - this would also need some sort of vulnerability of your OS or local file sharing
#3 data leak (e.g. shared the data via dropbox with your colleges)
#4 someone had hardware access to your machine (made the TX from there/copied the wallet.dat/installed something)
#5 drive by infection
#6 you use(d) WinXP or older
The OS is a legit copy, but after a complete scan of the system the antivir found three threats:
#1 "Virus found: Win32/Zperm, C:\Windows\Temp\49f48af4-b402-4745-9e9c-26cfb8983c1f\tmp0000116d\tmp00006408";"Saved"
#2 "Trojan: PSW.OnlineGames4.ZUJ, D:\buddha.dll";"Saved"
#3 "Trojan: CoinMiner.ASJ, C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLLU0VPX\wmpnetwk[1].dll";"Saved"
I think we found the colprits, but again, it seems very strange to me how they could infect the system. Inever opened any suspicious software nor I am using IE as my browser. I am on Win7 using a brand new Cisco X3500 router and it is the only cmputer in my appartment, but I have learned my lesson: be paranoid as possible, but I doubt that BTC ever arrive to the "normal" users since it is that easy to get stolen and it is to complicated to be on a save side, e.g., using linux, live cds etc.
No, I neither downloaded any file except the DOGE-Coin wallet nor opened anything in skype. It seems very strange to me too ...
Strange indeed. Legit OS copy or a pirated version? Those might have trojans, backdoors as well. You dont need to answer this, just consider it an option. Other possibilites I can think of are:
#1 infected machine in your LAN that used an undocumented exploit on your the unpatched OS (infected after/durring setup).
#2 infected infrastructure (e.g. your router) - this would also need some sort of vulnerability of your OS or local file sharing
#3 data leak (e.g. shared the data via dropbox with your colleges)
#4 someone had hardware access to your machine (made the TX from there/copied the wallet.dat/installed something)
#5 drive by infection
#6 you use(d) WinXP or older
The OS is a legit copy, but after a complete scan of the system the antivir found three threats:
#1 "Virus found: Win32/Zperm, C:\Windows\Temp\49f48af4-b402-4745-9e9c-26cfb8983c1f\tmp0000116d\tmp00006408";"Saved"
#2 "Trojan: PSW.OnlineGames4.ZUJ, D:\buddha.dll";"Saved"
#3 "Trojan: CoinMiner.ASJ, C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLLU0VPX\wmpnetwk[1].dll";"Saved"
I think we found the colprits, but again, it seems very strange to me how they could infect the system. Inever opened any suspicious software nor I am using IE as my browser. I am on Win7 using a brand new Cisco X3500 router and it is the only cmputer in my appartment, but I have learned my lesson: be paranoid as possible, but I doubt that BTC ever arrive to the "normal" users since it is that easy to get stolen and it is to complicated to be on a save side, e.g., using linux, live cds etc.
You figured it out by yourself: " Or do I have to pay to learn the lesson?" that's it, keep your BTC safe.
No, I neither downloaded any file except the DOGE-Coin wallet nor opened anything in skype. It seems very strange to me too ...
Strange indeed. Legit OS copy or a pirated version? Those might have trojans, backdoors as well. You dont need to answer this, just consider it an option. Other possibilites I can think of are:
#1 infected machine in your LAN that used an undocumented exploit on your the unpatched OS (infected after/durring setup).
#2 infected infrastructure (e.g. your router) - this would also need some sort of vulnerability of your OS or local file sharing
#3 data leak (e.g. shared the data via dropbox with your colleges)
#4 someone had hardware access to your machine (made the TX from there/copied the wallet.dat/installed something)
#5 drive by infection
#6 you use(d) WinXP or older
No, I neither downloaded any file except the DOGE-Coin wallet nor opened anything in skype. It seems very strange to me too ...
First, the thief took all the BTC in my wallet. This was the transaction:
https://blockchain.info/tx/d6c75c6914c598d19fd6c0f73da0b009786e6585c57c6023ffbebdd6d7d0fecf
I used the Bitcoin-QT wallet, but I used it without any password protection. Could that be the entering gate of the thief? The thing is that the machine is a newly installed windows and I did not download anything special to it.
As a consequence, I opened an online wallet on blockchain.info with mobile 2FA and including all the security options they provide. I imported the old private key from Bitcoin-QT, where my miner sent some minor BTC:
https://blockchain.info/tx/fee2c98ead5078127b3cbb8812332f1fa110f7326d65f0f577fa0e6ee38fe861
Can this cause any risk to the new private key of the new BTC address? I will wait another week and the I delete this address from this wallet since my miner has still some immature BTC.
Thx for your advise and best regards
https://blockchain.info/tx/d6c75c6914c598d19fd6c0f73da0b009786e6585c57c6023ffbebdd6d7d0fecf
I used the Bitcoin-QT wallet, but I used it without any password protection. Could that be the entering gate of the thief? The thing is that the machine is a newly installed windows and I did not download anything special to it.
As a consequence, I opened an online wallet on blockchain.info with mobile 2FA and including all the security options they provide. I imported the old private key from Bitcoin-QT, where my miner sent some minor BTC:
https://blockchain.info/tx/fee2c98ead5078127b3cbb8812332f1fa110f7326d65f0f577fa0e6ee38fe861
Can this cause any risk to the new private key of the new BTC address? I will wait another week and the I delete this address from this wallet since my miner has still some immature BTC.
Thx for your advise and best regards
Sorry to hear your loss.
Have you clicked any suspicious links, downloaded email attachments, or received suspicious files through skype before your bitcoin get stolen?
Jump to: