Topic: Got account access back (Read 1483 times)

+1. I miss the times of sending emails through telnet. Damn, I even miss my 300 bauds modem. Ok maybe not the 300 one, but the 2400 bauds one.


+111one1

Never heard of it. I use a Mac so WinPatrol is useless for me. I did run a quick search for it and the site looks pretty shady, but then again it is freeware. I don't think Intego will be of much use to you since you're running Windows. Intego is a Mac specific anti-virus. You should try Norton since It is a pretty popular PC anti-virus. As for the network monitor programs. I've heard of many that use Comodo Fire Wall because unfortunately Little Snitch is also a Mac only software.  

Running some virusscanners/malware checkers won't hurt. I would personally be interested in what virus it was so you can make sure you won't get it again. Other than that I basically said the same thing as you maybe I just didn't say it clear enough.

I could move to linux but am not familiar enough to know how to secure it as well. I will look into intego never heard of it.

Before you posted this I tried winpatrol. Winpatrol prompts me for every change anything program makes. I just recently got it today don't know if you have used it or if it would works like intego.

I don't know if winpatrol would have help with a keylogging virus. No way to test it.

You should download an anti-virus just in case. I use Intego. Also use network traffic monitors like Little Snitch it's annoying at first to have to confirm connection but it gets easier over time. This way you're aware of all incoming and outgoing connections and you have much more control of what goes in and out. Without you giving it the okay any program would be rendered useless if it can't connect properly.

I had 2 factor on all the exchanges except btc-e because they don't have that. I have now put two factor on my emails to so that accounts that don't have two factor can't withdraw by clicking the withdraw link in my email.

I was also using a different password for every site but it looks like this was a keylogger. I was also using lastpass I have to believe the hacker got my master password for that too. I have went and changed all my passwords but I think lastpass made it worse because there are lots of sites I didn't log onto when the key logger was there or sites I rarely use.  But since they keylog that one password they only had to know that one password to then have the passwords to all of my accounts on lastpass.

I saw other ip address and have an Idea of what was logged in.  None of the ip's where a proxy, and none of them are likely to trace back to the hacker either.  I believe these are other compromised machines that the hacker had routed through to login to my account.

I saw 3 different ip's that weren't mine at all that where all logged on.  It said on gmail my account was logged on in 3 other locations I knew this wasn't possible because I was at home. These 3 other ip's where even in the same state all logon at the same time as me on the same day. Even though I did not use my account at all that day on any other locations except at home. This email that they got into is an email I never logon to anywhere except home ever.

No my ip address at home has not changed its still the same one from a week ago.  It may change 1 every few months but these changes I am aware off.

I am not sure with lastpass at this moment keepass sounds better to me since if they get my password for it they can't go online to a site and log on. They would need to logon with my computer which I could just turn off. The only thing is if my computer get compromised I would need a copy of keepass sync with another computer otherwise not even me would know the passwords for this.

I had antivirus but it didn't catch anything with realtime scanner. The virus where packed in something probably so they could not be scanned or to avoid detections its common to do that. I had to run a deep scan and scan all zip files and had to do the boot scan with avast to get ride of this thing.  I found the virus nearly destroyed my factory restore partition. I found the virus in that partition so that probably why the realtime scanner didn't see them because it wasn't on the same partition that my computer runs on.

For know I don't trust any passwords saved on a computer even if the passwords are protected with another password.
I have moved to writing them on a safely secured and stored piece of paper where I can be sure the passwords aren't on a computer.

If anyone wants to add to this, correct something, or make suggestions on something that I should do to help protect my self feel free to do please feel free to at this time.



I am looking into lastpass two factor now too but I think you have to pay for it.  If there is some better password manager out there that can be backed up, that I can access on another machine, that can sync, and has two factor authentication then please let me know.

^^A lot of this was going around.

Note:
Take a read at the stay safe link in my sig or here > https://bitcointalksearch.org/topic/m.1685280

Wasn't there much reports / possible FUD about malware in Yacoin?

I didn't download anything except yacoin, worldcoin, and phoenixcoin. One of them must be a virus avast removed them. All the other coins like bitcoin, litecoin, namecoin, terracoin and even feathercoin came back clean for me.

key logger?

i wonder how bitcoins will ever be successful,  this isn't 1985 anymore, when the internets was all smart people

not to mention there is this garbage called 'java'

If someone's still controlling your computer, then you haven't disconnected it from the internet, have you.

For the hard of thinking:
DISCONNECT YOUR COMPUTER FROM THE INTERNET!

No offense, but I am not sure what part of "change your passwords" you don't understand. And obviously you should not do that on the same PC.

This is really bad now the hacker hacked into my bitcointalk account and is changed the post here.

They are posting trades to scam people this was not me.

Then never mind about finding the virus etc yet. First change all your passwords especially the ones saved in Google Chrome and important ones.

Is I am not connecting it to the internet at this point.

Did you disconnect your infected PC already? That is the first thing you must do. Then check the password manager and change your passwords on another PC or phone for the "most important" sites first (eg the one where you keep money, e-mails, etc.)

use linux computer to operate, which will help much!

Holy fuck that would be scary.

It's malware. Disconnect from the internet, download a offline malware scanner, put it on a W (no RW) disc, scan for malware.

Disable java in your browser.

Sounds very much like a virus/trojan to remotely control your computer (because of the cursor thing
- it's kinda same like TeamViewer.) So I do not think they have your password (edit: well actually they might have, but I mean that they even have much more than that since they can control your PC.) You should change your passwords. And run some virusscanners/malware checkers while not being connected to the internet (I assume it's a different PC than you are using now.) If you don't find anything I would personally still make backups and format/reinstall your PC.

Thanks everyone problem fixed.

Some one gained unauthorized access to my into my bittalk account and changed this thread and deleted what I said and changed stuff.

Problem is know solved change all passwords which took alot of time and have since moved to a secure machine. Am know wiping the infected machines and installing a fresh copy of windows.