please help, i think my PC / LTC wallet has been compromised

Kenshin

sr. member

Activity: 280

Merit: 250

Quote from: jtonthebike on December 31, 2013, 05:30:43 AM

So I simply backup my wallet there, or, store the wallet.dat (the linux equiv to %appdata%/Litecoin (and other alt-coins)?

I have some experience of encrypting entire operating systems with truecrypt, but not specific files, before i look into it, is that what you do? (encrypt files, not system)

In Truecrypt, create an encrypted volume. I used 1 MB per volume. Then once you have your triple algorithms encryption, you mount the volume, the file explorer will pop up. Then place your wallet.dat into it. Then you upload the volume into your Google Drive.

jtonthebike

member

Activity: 106

Merit: 10

Quote from: KingGoon on December 31, 2013, 05:34:18 AM

Can you upload the infected "qurakcoin" wallet for us? Just password protect it with pass:infected

I been using Quark for some time now and never had any issues,so i would like to see the wallet you used ......

this is it: https://bitcointalk.org/index.php?topic=381012.new#new I don't have it on my PC anymore. Though perhaps the offending items have since been removed.

edit ... sorry .. I said wallet, I meant miner.

eon89

sr. member

Activity: 308

Merit: 292

★YoBit.Net★ 350+ Coins Exchange & Dice

Wondering what wallet you used. Where did you find it on here?

jtonthebike

member

Activity: 106

Merit: 10

ugh .. sorry if this is not clear. blockchain reports 0 balance, but my wallet reports a balance of 12.14ltc.

is there anything i can do?

I'm getting my laptop as we 'speak' and setting that up.

KingGoon

member

Activity: 112

Merit: 10

Can you upload the infected "qurakcoin" wallet for us? Just password protect it with pass:infected

I been using Quark for some time now and never had any issues,so i would like to see the wallet you used ......

jwill

newbie

Activity: 3

Merit: 0

If you still have coins in your wallet, immediately transfer them to a wallet on a computer you trust. If you ever believe that a machine you have has been compromised, don't try to fix it, just backup, wipe and re-install. Keep an image of your drive if you want to study it later to find out what happened.

In the future, if you want to keep your system safe, install questionable wallets on a virtual machine. Kubuntu and Ubuntu are free and pretty easy to install with virtualbox. Compiling a wallet is pretty easy after you have done it a few times.

jtonthebike

member

Activity: 106

Merit: 10

So I simply backup my wallet there, or, store the wallet.dat (the linux equiv to %appdata%/Litecoin (and other alt-coins)?

I have some experience of encrypting entire operating systems with truecrypt, but not specific files, before i look into it, is that what you do? (encrypt files, not system)

Kenshin

sr. member

Activity: 280

Merit: 250

Quote from: jtonthebike on December 31, 2013, 05:21:57 AM

Quote from: Kenshin on December 31, 2013, 05:17:37 AM

Quote from: tk808 on December 31, 2013, 05:13:48 AM

Remember, the best place for digital currency is on a device that rarely or never gets connected to the internet, an old PC or whatever.

Or on a device where 2 Factor Authentication is used. I store all my offsite wallets on Google Drive, with 2 Factor Authentication. And my wallets are also encrypted.

I am fairly comfortable around linux and have an Ubuntu laptop. Can you please offer some detail in how to use google drive with 2FA for storing my wallet data?

But my wallet reports a balance of 12.14LTC ... ??

In the Gmail option, you select Google Authenticator in security. Also add your mobile phone number to help retrieve your account in case you need to unlock the account. That is all. Google Drive use the same security setting as your Gmail. That's it, easy and secured.

I also use truecrypt to encrypt the wallets before I upload then to my Google Drive.

jtonthebike

member

Activity: 106

Merit: 10

Quote from: jrslyrics on December 31, 2013, 05:21:45 AM

Have you tried to mine an alt coin lately by any chance?

look at this thread. https://bitcointalk.org/index.php?topic=310975.140

that's not the one I downloaded, but very similar. I'm devastated, I thought I had taken 'enough' security, sadly not.

jtonthebike

member

Activity: 106

Merit: 10

Quote from: Kenshin on December 31, 2013, 05:17:37 AM

Quote from: tk808 on December 31, 2013, 05:13:48 AM

Remember, the best place for digital currency is on a device that rarely or never gets connected to the internet, an old PC or whatever.

Or on a device where 2 Factor Authentication is used. I store all my offsite wallets on Google Drive, with 2 Factor Authentication. And my wallets are also encrypted.

I am fairly comfortable around linux and have an Ubuntu laptop. Can you please offer some detail in how to use google drive with 2FA for storing my wallet data?

But my wallet reports a balance of 12.14LTC ... ??

jrslyrics

member

Activity: 75

Merit: 10

Have you tried to mine an alt coin lately by any chance?

look at this thread. https://bitcointalk.org/index.php?topic=310975.140

Kenshin

sr. member

Activity: 280

Merit: 250

Quote from: tk808 on December 31, 2013, 05:13:48 AM

Remember, the best place for digital currency is on a device that rarely or never gets connected to the internet, an old PC or whatever.

Or on a device where 2 Factor Authentication is used. I store all my offsite wallets on Google Drive, with 2 Factor Authentication. And my wallets are also encrypted.

tk808

legendary

Activity: 1512

Merit: 1124

Invest in your knowledge

Quote from: jtonthebike on December 31, 2013, 05:09:20 AM

thanks i think ...

I use Microsoft AV and their Firewall. I'm researching alternatives now.

The download was scanned, though all future d/l's will be looked at in sandboxie.

So, assuming my wallet.dat keys have been obtained, any future deposits/transactions to this address are compromised. Is there anything I can do? If I uninstall & remove all references to litecoin on this PC will that be enough to then re-install?

Have the coins actually gone, despite what my wallet reports? Is there any chance of getting them back?

Anything that Microsoft makes is garbage. I recommend using Bitdefender. If all your coins have been already compromised, there is nothing you can to retrieve them.

If you have 0 coins in your wallet and trade sites, delete every trace of every wallet and start over. From wallet.dat, blockchains, wallet-qt... everything. Scan your computer with the new anti-virus/firewall program.

Configure your firewall to maximum security.

Start over. Remember, the best place for digital currency is on a device that rarely or never gets connected to the internet, an old PC or whatever.

Be cautious on what you download and what enters your PC

Goodluck

Kenshin

sr. member

Activity: 280

Merit: 250

Quote from: jtonthebike on December 31, 2013, 05:09:20 AM

thanks i think ...

I use Microsoft AV and their Firewall. I'm researching alternatives now.

The download was scanned, though all future d/l's will be looked at in sandboxie.

So, assuming my wallet.dat keys have been obtained, any future deposits/transactions to this address are compromised. Is there anything I can do? If I uninstall & remove all references to litecoin on this PC will that be enough to then re-install?

Have the coins actually gone, despite what my wallet reports? Is there any chance of getting them back?

Use Linux and get rid of your Windows, will prevent your PC from getting compromise in the future.

jtonthebike

member

Activity: 106

Merit: 10

thanks i think ...

I use Microsoft AV and their Firewall. I'm researching alternatives now.

The download was scanned, though all future d/l's will be looked at in sandboxie.

So, assuming my wallet.dat keys have been obtained, any future deposits/transactions to this address are compromised. Is there anything I can do? If I uninstall & remove all references to litecoin on this PC will that be enough to then re-install?

Have the coins actually gone, despite what my wallet reports? Is there any chance of getting them back?

tk808

legendary

Activity: 1512

Merit: 1124

Invest in your knowledge

Quote from: jtonthebike on December 31, 2013, 04:48:58 AM

Hi all,

I have been mining and trading litecoin for a while now, recently I downloaded a 'quarkcoin' wallet from bitcointalk, this appeared to leave a virus on my pc which I thought I had removed. My LTC wallet is encrypted.

I opened up my wallet today to transfer some coins and there is a transaction i do not recognise, i don't know the address and all transactions i submit I give them an address name. Anyway. I had a deposit of 13LTC on the 24th december, at this point I went on vacation. I opened it today and there is a transaction removing these 13LTC from my wallet/account.

When I opened my wallet this morning, I submitted 1LTC to coinex.pw and this now has a question mark next to it.

The transaction date for the unknown address is the 28th December, I wasn't here.

Here's the unknown transaction: http://block-explorer.com/address/LSk5fVCu22iVrjFdNccqWvxvmGKBKCi4S5

Here's a receiving address I use: http://block-explorer.com/address/Lc29CQHqVPdum2yWK2sf9dugH6AZv9aDQR the last two show the 13 being received and then sent out again.

Please help. Someone has already stolen 59LTC out of my btc-e account ;((( these funds were to go towards my wife and I buying our first house, I can't afford to loose any more ;((((

1) Protect yourself with stronger phrases and passwords, store them on an offline computer or encrypted USB drive.
2) Get a better Firewall/anti-virus software or don't allow have your firewall notify you of what's trying to access your computer.
3) Always scan everything you download, before you install or open the files from anywhere.

Let this be a lesson learned

jtonthebike

member

Activity: 106

Merit: 10

Hi all,

I have been mining and trading litecoin for a while now, recently I downloaded a 'quarkcoin' wallet from bitcointalk, this appeared to leave a virus on my pc which I thought I had removed. My LTC wallet is encrypted.

I opened up my wallet today to transfer some coins and there is a transaction i do not recognise, i don't know the address and all transactions i submit I give them an address name. Anyway. I had a deposit of 13LTC on the 24th december, at this point I went on vacation. I opened it today and there is a transaction removing these 13LTC from my wallet/account.

When I opened my wallet this morning, I submitted 1LTC to coinex.pw and this now has a question mark next to it.

The transaction date for the unknown address is the 28th December, I wasn't here.

Here's the unknown transaction: http://block-explorer.com/address/LSk5fVCu22iVrjFdNccqWvxvmGKBKCi4S5

Here's a receiving address I use: http://block-explorer.com/address/Lc29CQHqVPdum2yWK2sf9dugH6AZv9aDQR the last two show the 13 being received and then sent out again.

Please help. Someone has already stolen 59LTC out of my btc-e account ;((( these funds were to go towards my wife and I buying our first house, I can't afford to loose any more ;((((

Topic: please help, i think my PC / LTC wallet has been compromised (Read 781 times)