Pages:
Author

Topic: MY BTC just went POOF [and then mostly UNPOOFED!]! oooeeeooo - page 2. (Read 4564 times)

member
Activity: 84
Merit: 10
I yam what I yam. - Popeye
OK now the moron is totally confused. Restarted bitcoin and it cam up just fine showing .301 btc.

searching system for wallet.dat said no files found literally dozens of times

Now was given option to reindex the system and there it is:

C:\Users\me\AppData\Roaming\Bitcoin\wallet.dat

Now I'm convinced I am both the stupidest noob in here and am totally confused as to why bitcoin wound not work this morning, nor would it find wal*.* or any combination of searches including "wallet.dat"

I can only guess it had something to do with the virus scan and the fact that I have now rebooted a few times.

Stupid is as stupid does.

Now time to backup and learn something about this encryption crap. Sheesh!
jr. member
Activity: 56
Merit: 1
To the grouchy olde phartes I am an admitted noob who made a mistake. That is why I am trying to slowly reconstruct what happened and why on this TEST system. I am posting this for other noobs not to follow in my foolish footsteps and "encrypt and backup later"

This post is coming from the miner computer. AVG had nothing in the virus vault, which I find strange as the notice was an AVG notice.

MSSE has two removed yesterday:
1) Trojan:JS/Redirector.GQ
2) Rogue:Win32/Winwebsec   <------ AHA! This is the one mentioned in the AVG warning
file:C:\Users\DAVe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FB9FPCHH\pack[1].exe

I remember the reference to pack[1]

still no wallet.dat file and I don't feel like restoring these viri in the chance that the wallet file is in their stuff

Now on to finding a free undelete prog.

We thank you for your efforts.

Neither of those should have the power to delete your wallet, although, it could be a new winwebsec variant (but I kind of doubt that, if your antivirus detected it, it shouldn't have had the chance to be run). I thought you said you had one you couldn't remove?

Now this is really funny. The hdd light is blinking away just like when it was mioning and the pool seems to still be working on my part but guiminer is not listed in Applications or Processes.

bitcoin.exe is in process but will not come up on screen

This sounds like a bitcoin related trojan, one custom designed that wouldn't show up on the AV program. Is the bitcoin process using a lot of CPU? Kill the bitcoin process and see if it restarts itself.
sr. member
Activity: 322
Merit: 252

Yeah I know, there have been a lot of these threads. But they've all gone nowhere. I always hope I'll be able to nail down some detail because I am curious how this happens. I know if it were my computer, I would decompile every last executable until I find something that opens my wallet. This would get solved. But it isn't my computer, and it isn't going to be, so I try and solve the mystery for others.

This doesn't sound like the other cases. The coins weren't transferred, and the wallet.dat is missing. This hasn't happened before. It doesn't seem like a trojan to me. It could be a newly found bug. We should investigate.
[/quote]

This sounds like a case of Noob Sausage Fingers to me.
member
Activity: 84
Merit: 10
I yam what I yam. - Popeye
Now this is really funny. The hdd light is blinking away just like when it was mioning and the pool seems to still be working on my part but guiminer is not listed in Applications or Processes.

bitcoin.exe is in process but will not come up on screen
jr. member
Activity: 56
Merit: 1
If you dropped $4 worth of singles, would you have posted an ad on Craigslist about it?  Just curious.

Hey now, it is important to find the source of these issues. Better it something small than something like the allinvain situation (I still think someone he knew took it).

If he were one of the first 5 people to complain about losing BTC, or read any of the dozen or so security posts on how to avoid these issues since, maybe...

As far as allinvain, I'm on the fence as to whether or not that really happened... not sure one way or the other.  As far as who took it if it did happen, well, to me, it's a sort of leaving your house unlocked with 500,000$ worth of shit and no insurance, coupled with all of your eggs in one basket.

You don't get to 25,000 BTC without ACCIDENTALLY learning SOMETHING about how to protect your shit.

Yeah I know, there have been a lot of these threads. But they've all gone nowhere. I always hope I'll be able to nail down some detail because I am curious how this happens. I know if it were my computer, I would decompile every last executable until I find something that opens my wallet. This would get solved. But it isn't my computer, and it isn't going to be, so I try and solve the mystery for others.

This doesn't sound like the other cases. The coins weren't transferred, and the wallet.dat is missing. This hasn't happened before. It doesn't seem like a trojan to me. It could be a newly found bug. We should investigate.
member
Activity: 84
Merit: 10
I yam what I yam. - Popeye
To the grouchy olde phartes I am an admitted noob who made a mistake. That is why I am trying to slowly reconstruct what happened and why on this TEST system. I am posting this for other noobs not to follow in my foolish footsteps and "encrypt and backup later"

This post is coming from the miner computer. AVG had nothing in the virus vault, which I find strange as the notice was an AVG notice.

MSSE has two removed yesterday:
1) Trojan:JS/Redirector.GQ
2) Rogue:Win32/Winwebsec   <------ AHA! This is the one mentioned in the AVG warning
file:C:\Users\DAVe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FB9FPCHH\pack[1].exe

I remember the reference to pack[1]

still no wallet.dat file and I don't feel like restoring these viri in the chance that the wallet file is in their stuff

Now on to finding a free undelete prog.
sr. member
Activity: 322
Merit: 252
If you dropped $4 worth of singles, would you have posted an ad on Craigslist about it?  Just curious.

Hey now, it is important to find the source of these issues. Better it something small than something like the allinvain situation (I still think someone he knew took it).

If he were one of the first 5 people to complain about losing BTC, or read any of the dozen or so security posts on how to avoid these issues since, maybe...

As far as allinvain, I'm on the fence as to whether or not that really happened... not sure one way or the other.  As far as who took it if it did happen, well, to me, it's a sort of leaving your house unlocked with 500,000$ worth of shit and no insurance, coupled with all of your eggs in one basket.

You don't get to 25,000 BTC without ACCIDENTALLY learning SOMETHING about how to protect your shit.
hero member
Activity: 504
Merit: 500
If you dropped $4 worth of singles, would you have posted an ad on Craigslist about it?  Just curious.

I likes cheese!
jr. member
Activity: 56
Merit: 1
If you dropped $4 worth of singles, would you have posted an ad on Craigslist about it?  Just curious.

Hey now, it is important to find the source of these issues. Better it something small than something like the allinvain situation (I still think someone he knew took it).
sr. member
Activity: 322
Merit: 252
If you dropped $4 worth of singles, would you have posted an ad on Craigslist about it?  Just curious.
hero member
Activity: 504
Merit: 500
I realise .3 BTC isn't really worth putting a lot of energy into but it would be beneficial to the community if you do deicide to investigate the source of the missing wallet. Especially if its viral. If we can gather enough info on it, they are much easier to stop or at the very least just provide more to add to the list for places to avoid, etc.
member
Activity: 84
Merit: 10
I yam what I yam. - Popeye
Disappeared/stolen wallet.dat was to:

17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m

Doubt if it will be found and who cares. Next one will be treated "properly".

I'm still a total noob and it was a test that I am not surprised at all that it flew the coop.


Am I now reading correctly that you located your wallet file? If so, where was it?
If not, how did you find that address? 17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m

Block explorer has not seen it yet so I am not sure how your client could show a transaction to it yet or if its just that it is so new a block has not been created for the trasnaction yet..?? someone with more knowledge will have to try and explain or verify my assumption correct or not..?


The number above was in my sig and I cut it from there to paste here in the hopes of keeping track of any funds flowing in from the forum. There was another address 16QVvNfQ5RdvNY65ZWhBJAJ5Vva2KTesdh that I had the miner pool directed to. I'm grateful I was able to find it. Why? I don't know just seem to like to find stuff that I thought was lost. 8^)

Have not re-searched for the wallet file yet in AVG or MSSE quarrenting, nor have I tried to undelete it yet. I will probably go thru those exercises just for the fun of it soon.


I misread then, I was under the impression the address you posted was where the stolen money went to.

LOL that was my bad. I had forgotten that I had used the two different ones untill I want back and reviewed my PAPER notes. (steal those mr trojan! 8^)
member
Activity: 80
Merit: 10
If anti-virus software has moved it.. check the "virus vault"? - thats the first place to look.

Next, there are "undelete" type programs (since all "deleting" a file does is remove the entry from the file system's entries.. it doesnt remove the file itself) - there are lots available - personally I would probably use a linux liveCD.

The first thing to do if your wallet has been deleted is to make a backup image of the whole HDD and work with that.. this will stop the possibility of the data being overwritten. Once its been overwritten you're pretty much outta luck!

Nice place to start is: https://help.ubuntu.com/community/DataRecovery

good luck - hope your wallet has just been misplaced/deleted, rather than stolen Smiley

Edit: If you do recover that wallet.dat btw - make sure you send the coins to a fresh wallet created on a system you know is safe!!
hero member
Activity: 504
Merit: 500
Could also be possible if a virus hijacked it, it would have been sent to an ftp dump or other such place and has just not been retrieved yet. 
Would be nice to find if there is anything lurking on your comp and to find out what it is.  A google search for Gmer and Tdsskiller would be a good place to start. Gmer will search boot time files as well as MBR... Might want to search out an up to date root kit finder as well.

On the deletion thing, if a virus has deleted it what methods could be used to recover it easily?
hero member
Activity: 504
Merit: 500
That second address, 16QVvNfQ5RdvNY65ZWhBJAJ5Vva2KTesdh, has the money. It hasn't been moved.

http://blockexplorer.com/address/16QVvNfQ5RdvNY65ZWhBJAJ5Vva2KTesdh

Keep looking in the places I told you for your wallet.dat, the money should still be in your control if you find it.

Was just about to post that. ;p
jr. member
Activity: 56
Merit: 1
That second address, 16QVvNfQ5RdvNY65ZWhBJAJ5Vva2KTesdh, has the money. It hasn't been moved.

http://blockexplorer.com/address/16QVvNfQ5RdvNY65ZWhBJAJ5Vva2KTesdh

Keep looking in the places I told you for your wallet.dat, the money should still be in your control if you find it.

If this were a hacker, I feel he would have moved the money. It looks to me like your wallet just got misplaced.
hero member
Activity: 504
Merit: 500
Disappeared/stolen wallet.dat was to:

17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m

Doubt if it will be found and who cares. Next one will be treated "properly".

I'm still a total noob and it was a test that I am not surprised at all that it flew the coop.


Am I now reading correctly that you located your wallet file? If so, where was it?
If not, how did you find that address? 17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m

Block explorer has not seen it yet so I am not sure how your client could show a transaction to it yet or if its just that it is so new a block has not been created for the trasnaction yet..?? someone with more knowledge will have to try and explain or verify my assumption correct or not..?


The number above was in my sig and I cut it from there to paste here in the hopes of keeping track of any funds flowing in from the forum. There was another address 16QVvNfQ5RdvNY65ZWhBJAJ5Vva2KTesdh that I had the miner pool directed to. I'm grateful I was able to find it. Why? I don't know just seem to like to find stuff that I thought was lost. 8^)

Have not re-searched for the wallet file yet in AVG or MSSE quarrenting, nor have I tried to undelete it yet. I will probably go thru those exercises just for the fun of it soon.


I misread then, I was under the impression the address you posted was where the stolen money went to.
jr. member
Activity: 56
Merit: 1
Thanks for the extra info Smalleyster.

The address you gave, 17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m, has never been used. How did you get that address. Please remember that a wallet contains many addresses at once.

A search might not find wallet.dat if your antivirus put it in quarantine. Open AVG and look for a "quarantined files" option. Although, I really don't see why it would quarantine your wallet.dat, it is just plaintext.

Also, are you sure you checked "%APPDATA%\Roaming\bitcoin\wallet.dat"? Searches might not get that either. Go to start, press run (or vista+, just put it in the text box), and type copy/paste the exact sting inside the quotes (but without the quotes) and tell us what is in that folder.

member
Activity: 84
Merit: 10
I yam what I yam. - Popeye
Disappeared/stolen wallet.dat was to:

17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m

Doubt if it will be found and who cares. Next one will be treated "properly".

I'm still a total noob and it was a test that I am not surprised at all that it flew the coop.


Am I now reading correctly that you located your wallet file? If so, where was it?
If not, how did you find that address? 17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m

Block explorer has not seen it yet so I am not sure how your client could show a transaction to it yet or if its just that it is so new a block has not been created for the trasnaction yet..?? someone with more knowledge will have to try and explain or verify my assumption correct or not..?


The number above was in my sig and I cut it from there to paste here in the hopes of keeping track of any funds flowing in from the forum. There was another address 16QVvNfQ5RdvNY65ZWhBJAJ5Vva2KTesdh that I had the miner pool directed to. I'm grateful I was able to find it. Why? I don't know just seem to like to find stuff that I thought was lost. 8^)

Have not re-searched for the wallet file yet in AVG or MSSE quarrenting, nor have I tried to undelete it yet. I will probably go thru those exercises just for the fun of it soon.
hero member
Activity: 504
Merit: 500
Disappeared/stolen wallet.dat was to:

17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m

Doubt if it will be found and who cares. Next one will be treated "properly".

I'm still a total noob and it was a test that I am not surprised at all that it flew the coop.


Am I now reading correctly that you located your wallet file? If so, where was it?
If not, how did you find that address? 17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m

Block explorer has not seen it yet so I am not sure how your client could show a transaction to it yet or if its just that it is so new a block has not been created for the trasnaction yet..?? someone with more knowledge will have to try and explain or verify my assumption correct or not..?
Pages:
Jump to: