Better to invest an ideal anti-virus and not just the anti-virus with your windows or any OS you are using this could add an additional layer of security including the network to prevent...
Paying a lot of money for anti virus software isn't worth it in my opinion unless you are running a big business and need that in connection with powerful firewalls, anti-malware solutions, etc., to protect your company against some of the mistakes your workforce might commit. But for home use, logic, cautiousness, and a small and healthy dosage of paranoia will keep your systems healthy because you won't even visit or do things that might infect your computer. 
Topic: I have been scammed. (Read 337 times)
I think the OP has already accepted his faith, knowing that he is not replying anymore with this one. It's impossible to recover the funds anymore and maybe the OP should start looking for other ways to store his cryptocurrency in different ways like hardware wallet or cold wallet using a laptop or something.
The transaction is already irreversible and I guess it's considered a loss. @OP did you download any software?. Based on your statement you have an activated license window, next is if you download unsafe software or click any links that might possibly be a way for the attacker to access your files. Better to invest an ideal anti-virus and not just the anti-virus with your windows or any OS you are using this could add an additional layer of security including the network to prevent, next is to use a hardware wallet, seems you have a budget on it its good to have it as possible and don't store your seed or even password online or even in your computer.
I think there is definitely a language barrier here that prevents OP from writing and explaining the situation in a clear matter.
"When I turned the virus off" probably means that he disabled his antivirus to do something. The question is what?
Until that point, everything was ok with his wallet. The addresses that were emptied by the thief were funded between November 2023 and April 2024. The wallet was fine back then. Something happened on 7 May or at a time before that, resulting in his wallet and/or system to be compromised.
@mrooo what did you do? Did you disable your antivirus software, and for what purpose?
"When I turned the virus off" probably means that he disabled his antivirus to do something. The question is what?
Until that point, everything was ok with his wallet. The addresses that were emptied by the thief were funded between November 2023 and April 2024. The wallet was fine back then. Something happened on 7 May or at a time before that, resulting in his wallet and/or system to be compromised.
@mrooo what did you do? Did you disable your antivirus software, and for what purpose?
Every OS has bugs and vulnerabilities, some more, some less. It's a rather simple fact that malware creators will attack the platform with the largest market share because larger market share, more potential victims.
Malware creators might be choosing Windows as their primary target, but Linux isn't a "nerd's operating system" anymore. Android is based on the Linux kernel. Most web servers run on Linux. Exploiting a vulnerability in Linux could potentially lead to a more lucrative and advantageous disaster compared to targeting Windows."Don't trust, verify". If you don't know what's running behind Windows, how can you be confident it is secure?
Every OS has bugs and vulnerabilities, some more, some less. It's a rather simple fact that malware creators will attack the platform with the largest market share because larger market share, more potential victims.
If you were a malware creator or criminal buying some malware-as-a-service, what would you do? Attack a niche system or go for the big boats crowding the waters?
Ease of attack surface is certainly one important aspect and luckily the biggest player has rather diminishing software quality as I perceive it. But I doubt that this is a prominent reason. It's the larger numbers due to biggest market share of installations.
Choose a more niche platform for your important stuff, simply by the numbers you're less exposed to malware fuckery. I don't really miss much while working on a Linux box, YMMV.
If you were a malware creator or criminal buying some malware-as-a-service, what would you do? Attack a niche system or go for the big boats crowding the waters?
Ease of attack surface is certainly one important aspect and luckily the biggest player has rather diminishing software quality as I perceive it. But I doubt that this is a prominent reason. It's the larger numbers due to biggest market share of installations.
Choose a more niche platform for your important stuff, simply by the numbers you're less exposed to malware fuckery. I don't really miss much while working on a Linux box, YMMV.
I've been using it forever and with premium AV/firewall protection I've never had a problem with cryptocurrencies.
It's possible to smoke cigarettes and still live to be 100 years old. That doesn't mean smoking cigarettes is harmless. There have been numerous studies[1][2][3] comparing security vulnerabilities between Linux with Windows, and it's almost certainly the case that Linux is more difficult to compromise. And it's reasonable. Linux is open-source, freely available for code scrutiny at any time, addresses vulnerabilities promptly and follows a privilege model that reduces the risk of malware executing unauthorized actions.[1] https://www.researchgate.net/publication/366560877_Operating_Systems_Vulnerability_-_An_Examination_of_Windows_10_macOS_and_Ubuntu_from_2015_to_2021
[2] https://www.al-kindipublisher.com/index.php/jcsts/article/view/2763
[3] https://ijmirm.com/index.php/ijmirm/article/view/19
Having a licensed Windows is of course good when compared with pirated versions, but we must understand that Linux will not save the OP if he uses the computer for all his interests. Disabling the virus looks like a naive act; why is it protected at all if the owner refuses it on his own? OP, even the coolest firewall and antivirus won’t help you until you understand that Windows is an open window for scammers. It’s even strange how you managed to get Bitcoin with such knowledge.
Forget licensed Windows. Load a Linux distro and use that to create a wallet. Tails comes with Electrum pre-installed. You'll probably never find out what was the malware, but this is Windows. You need antivirus and other crap that load in the background to, ultimately, get less protection than an open-source alternative.
I've been using it forever and with premium AV/firewall protection I've never had a problem with cryptocurrencies. Even if the OP used Linux, given that he is obviously involved in downloading pirated software and who knows what else, sooner or later he would have encountered some virus/malware that (albeit to a lesser extent) also exists for other OS.
What is weird is that your wallet was compromised the moment you turned off your antivirus. Was there a program running in the background, which was monitoring that all the time? We'll never know.
I already wrote that his AV probably stopped the download or installation of some malware, and the only way for the OP to start it was to turn off the AV. At that moment, he compromised his system, and it is easily possible that he is one of those who keeps his seed as a plain text document - which means that he served the hacker his coins on a silver platter.
...
The link from OP to blockstream.info works fine for me.I took a little closer look at the destination address bc1qtckat8kjghl33lvm7m3ur2x23h5gqmyd2g7app and am a bit surprised to see that it has been reused multiple times. Understandable if it's hard-coded in some malware, otherwise not so much. If I were a criminal, I would avoid address reuse as much as possible because it ties criminal actions too easily together.
Interesting are tx 5f547a778366dae8ad14cf8f9d200d5a40b82f6273ef65cbe067c91ccb72bae7 and especially tx 32d5010f9218e99a98e53046621597687c11c5650f83672413c8570e1a3a1f08 where the latter moves 0.29001678BTC to two outputs with address bc1qaxljza7lx9gp6k5ue4377uuty2fengfqmk2ydw receiving the majority of it.
The amount is then transfered to address 3LqMzezxzzS6zcxRsck3CB3CKFcsGJvcUs which is part of a wallet that has seen ~7million transactions attributed to it. Could be an exchange or mixer (I haven't looked any deeper).
Total sum transferred closes to 0.004 BTC. Of course it's hard to loose even one Satoshi without a reason. But it is always better to be safe than sorry. Before initiating any transactions with crypto I've purchased hardwallet. All of them have decent support and educative sources. That may help a lot if studied thoroughly. Very strange thing to me was - your link which I couldn't follow with Error 403. Some problems with server? I could manage only by copying transaction hash and forwarding it to other service.
The first thing you do when you know your computer is hacked, you move all your assets from the connected wallets to your computer, change your accounts password and change everything from wallets, accounts and try to not connect the computer to internet until someone experienced deletes the malware and cut it completely.
If your wallet is compromised, then it is unlikely for you to still have any funds left there, since the hacker must have emptied the wallet. However, what do you mean when you say 'move funds from wallet to computer', i don't understand what you are talking about there.If hackers manage to compromise your wallet, then you should never use that wallet again, and the solution is not about connecting your device to the internet again, you have to follow the instructions that have been shared in this topic and make sure your device is 'clean' before you start using it.
Forget licensed Windows. Load a Linux distro and use that to create a wallet. Tails comes with Electrum pre-installed. You'll probably never find out what was the malware, but this is Windows. You need antivirus and other crap that load in the background to, ultimately, get less protection than an open-source alternative.
What is weird is that your wallet was compromised the moment you turned off your antivirus. Was there a program running in the background, which was monitoring that all the time? We'll never know.
What is weird is that your wallet was compromised the moment you turned off your antivirus. Was there a program running in the background, which was monitoring that all the time? We'll never know.
Well, I’m sorry for your loss and I believe that you are lucky for not having a big sum in your wallet, otherwise it would be a disaster for you. However, I could understand when you mentioned turning off a virus, so I assume you already knew that your pc is infected and you kept your funds inside electrum? The first thing you do when you know your computer is hacked, you move all your assets from the connected wallets to your computer, change your accounts password and change everything from wallets, accounts and try to not connect the computer to internet until someone experienced deletes the malware and cut it completely.
Unfortunately, the transaction can’t be reversed now, it’s only a valuable lesson to you, take my advice if you could, purchase a cold wallet, otherwise, use a computer that you don’t connect to internet, only for your wallet and never download programs from other non-official sources.
Unfortunately, the transaction can’t be reversed now, it’s only a valuable lesson to you, take my advice if you could, purchase a cold wallet, otherwise, use a computer that you don’t connect to internet, only for your wallet and never download programs from other non-official sources.
Where did you download your Electrum from?
You should only download it from site https://www.electrum.org, never skip to verify your download is genuine and has proper valid GPG signature. It's also better not to install your wallet on the computer where you do your daily internet shit. I recommend a Linux installation for crypto wallet stuff.
Did you store your recovery words of your Electrum wallet in digital form on an online device? Did you make a photo of your written backup of your recovery words?
Were you persuaded to enter your recovery words on any online website?
I'm just curious how your wallet got compromised and the details you provided so far leave a lot of room for speculation how you were actually scammed. It's interesting that the output of the transaction you presented is still unspent in address bc1qtckat8kjghl33lvm7m3ur2x23h5gqmyd2g7app.
You should only download it from site https://www.electrum.org, never skip to verify your download is genuine and has proper valid GPG signature. It's also better not to install your wallet on the computer where you do your daily internet shit. I recommend a Linux installation for crypto wallet stuff.
Did you store your recovery words of your Electrum wallet in digital form on an online device? Did you make a photo of your written backup of your recovery words?
Were you persuaded to enter your recovery words on any online website?
I'm just curious how your wallet got compromised and the details you provided so far leave a lot of room for speculation how you were actually scammed. It's interesting that the output of the transaction you presented is still unspent in address bc1qtckat8kjghl33lvm7m3ur2x23h5gqmyd2g7app.
I have been scammed, when I tunred the virus off I got scammed, someone opened my electrum and made this transfere.
~snip~
~snip~
I assume your antivirus warned you not to download some file, but you disabled it to do so and now you see how bad a move that was. Although AVs can sometimes have false detection, in most cases they protect you from malicious programs, which means that in the future do not disable your AV.
First you have to learn what risks are threatening you from the internet, and only then invest in Bitcoin again - otherwise, a cold or hardware wallet will not help you to prevent something similar from happening to you.
I have got acivated license.
What kind of programs did you have installed on your Windows computer?
Have you accidentally clicked on any suspicious links in your email recently?
Currently the most prevalent way people are losing their funds now is by downloading a malicious file from their email and opening it on their Windows computer.
I should reinstall windows and format c:
Format your hard drive (not only drive C) and then reinstall your operating system. I have got acivated license.
Do change your password to a strong one and enable additional security measures like using hardware wallets since they have their own two-factor authentication feature.
Changing the password of a wallet that has already been compromised does not do anything, op should never use that wallet again. A hardware wallet is a good recommendation, however, if it is the 2fa feature you are looking for, you can get that in Electrum, though i prefer to set up a multisig wallet, than to create a 2fa wallet. Another option for extra security is to extend your seed phrase with a passphrase, so an attacker will require seed phrase + passphrase before they can get to your funds. 
I should reinstall windows and format c:
Format your hard drive (not only drive C) and then reinstall your operating system. Jump to: