Topic: PC hacked, QT robbed, MtGox account hacked on the same time- how? - page 2. (Read 2029 times)
January 31, 2014, 07:00:30 AM
Sorry to hear that. Check for unknown processes running in the background, your virus software should've prompted when a process tried to establish a connection.
January 30, 2014, 02:16:31 AM
Cripes- that's a total PC takeover. Kind of scary how sophisticated malware is getting. Glad I don't run Windows
January 30, 2014, 12:55:42 AM
How login into a PC without any sign?
Without any sign?A friend of mine today he realised there's some strange things happens on his PC. Webcam starts, emails opens etc.
The webcam is a dead giveaway. The only reason your webcam will start is if a person want to record video of you. If that person is someone other than yourself, you should start freaking out at this point. The correct response is to pull the network cable, nuke the hard drive, and restore everything from backups.(no known remote desktop apps were used)
Remote desktop apps generally work better (for the person using them) when you don't know they're there. January 29, 2014, 10:48:28 PM
It is very bad.... Almost 10 BTC ??
I am not an IT guy, so I can't help anything. Just feel sorry to hear this sad news. I do really hope MtGox could cancel those withdrawal.
I am not an IT guy, so I can't help anything. Just feel sorry to hear this sad news. I do really hope MtGox could cancel those withdrawal.
January 29, 2014, 10:26:46 PM
Here is the story - you might able to help.
A friend of mine today he realised there's some strange things happens on his PC. Webcam starts, emails opens etc. Than he shutted down all the apps and later on some even more stranger things happened - Bitcoin QT asked for a new password. Like a normal user he changed his password - it seemed like the wallet itself asked for it - gave the old one and set up a new pass. (that was a huge mistake)
Later on, he received an email from MtGox that they are started to process his withdrawal - he doesnt even started one. The password was not stored on the pc, but there were a 2FA so we have no idea how they logged in. (we were thinking about with the RTBTC api code, but it seems like it wasnt able to do withdrawals) He also has 2 withdrawals from the mtgox account, we wrote to the support for the confirmation emails that he did NOT requested any payouts, hopefully it will be stopped by MtGox (almost 10 BTC) -
As he changed the password of the QT, it seemed like they simply recorded his password, and you can see here the transaction( https://blockchain.info/address/1CpiFiAtwr2TcF6X7TTRVzNUbkqnbVwKxJ ) 3.95 BTC is missing.
Now we took the PC offline and try to find out how was it made. It was a trojan for sure, but the exact method was something that we havent seen before. The owner is not an IT guy, but quite far from the noobs. So if you have any idea, any knowledge on that we'd be really happy if you share with us, it was quite an expensive experience on crypto currencies for him.
But the main question is still on: How to login to mtgox if you have the pass and dont have the device for 2FA. How login into a PC without any sign? (no known remote desktop apps were used) - The last part is quite easy, to dump a private key for a wallet if you know the key.
Any help appreciated! Of yourse, he stll has 2 unconfirmed withfrawals from Mtgox. If they dont aprove it, it will kind of save the day. (plenty tickets and emails submitted) Still dont know how it can happen, antivirus software firewall etc was on a well configured pc.
UPDATE 1: MTgox replied that they see a usual login and withdraw, o they dont do anything we should call the police. WTF? They send an email in case of withsrawals if that wasnt you... WE TOLD THEM IT WASN US! So they have to cancel the transaction. It still seems on Blockchain that the transaction wasnt started yet
A friend of mine today he realised there's some strange things happens on his PC. Webcam starts, emails opens etc. Than he shutted down all the apps and later on some even more stranger things happened - Bitcoin QT asked for a new password. Like a normal user he changed his password - it seemed like the wallet itself asked for it - gave the old one and set up a new pass. (that was a huge mistake)
Later on, he received an email from MtGox that they are started to process his withdrawal - he doesnt even started one. The password was not stored on the pc, but there were a 2FA so we have no idea how they logged in. (we were thinking about with the RTBTC api code, but it seems like it wasnt able to do withdrawals) He also has 2 withdrawals from the mtgox account, we wrote to the support for the confirmation emails that he did NOT requested any payouts, hopefully it will be stopped by MtGox (almost 10 BTC) -
As he changed the password of the QT, it seemed like they simply recorded his password, and you can see here the transaction( https://blockchain.info/address/1CpiFiAtwr2TcF6X7TTRVzNUbkqnbVwKxJ ) 3.95 BTC is missing.
Now we took the PC offline and try to find out how was it made. It was a trojan for sure, but the exact method was something that we havent seen before. The owner is not an IT guy, but quite far from the noobs. So if you have any idea, any knowledge on that we'd be really happy if you share with us, it was quite an expensive experience on crypto currencies for him.
But the main question is still on: How to login to mtgox if you have the pass and dont have the device for 2FA. How login into a PC without any sign? (no known remote desktop apps were used) - The last part is quite easy, to dump a private key for a wallet if you know the key.
Any help appreciated! Of yourse, he stll has 2 unconfirmed withfrawals from Mtgox. If they dont aprove it, it will kind of save the day. (plenty tickets and emails submitted) Still dont know how it can happen, antivirus software firewall etc was on a well configured pc.
UPDATE 1: MTgox replied that they see a usual login and withdraw, o they dont do anything we should call the police. WTF? They send an email in case of withsrawals if that wasnt you... WE TOLD THEM IT WASN US! So they have to cancel the transaction. It still seems on Blockchain that the transaction wasnt started yet
Jump to: