Possible Compromise Laptop With Seed in Password Manager?

vv181

legendary

Activity: 1932

Merit: 1273

Quote from: jerry0 on December 15, 2021, 06:55:56 PM

I use one of the popular password managers out there. Yes i know storing seeds there is not good idea. I know that now. I have a hardware wallet. My hardware wallet seed is not stored there though. But my other seeds are.

So concern is if I use my computer as normal, well I need to log into my password manager and copy/paste any passwords for sites/banking/email etc. Does that make sense?

That is why I want to know if there is a way to confirm I do not have any type of malware on my laptop... if there is a way to find this out.

As on OP, if you are just visiting a suspicious site it won't automatically make your device compromised, not unless you are somehow running or executing an application from the site. But that is just one case, I don't know how you used your device, so I can't confirm whether your laptop got infected or not. After all, storing your seed phrase on your day-to-day device isn't recommended especially you have a hardware wallet.

The idea is you should transfer any coins on your non-HW seed phrase into your hardware wallet, ideally, you should do it on another clean and safe device. After that, just to be sure it would be a good idea if you just simply reformat and reinstall your laptop.

barbara44

hero member

Activity: 2520

Merit: 605

Quote from: Stalker22 on December 15, 2021, 02:33:20 PM

Look, I do not understand why reinstalling Windows is such a big deal to you. I do it at least once every year on my machines. Simply save all your files on an external drive, make a list of all the apps you use, and ensure that you have all the necessary installation files or can download them from the internet. It shouldn't take more than one working day to finish the whole process and you'll have a fresh installation that will be safer and faster.

It is not just only that, I also feel that the Microsoft Windows Defender is not enough for anyone to rely entirely on it. Anyone who is making use of a windows computer also needs to have another antivirus installed to their system, if not you are likely going to run into a problem that might affect your computer.

Especially when you are always used to downloading things online and receiving files randomly from other people. So, he really needs to have another antivirus installed that is able to protect his computer always. The one he has installed is OK, and if possible he should as well do what you have said here to be sure of his computer being OK and free from any form of malware or virus.

jerry0

full member

Activity: 1750

Merit: 186

The word/excel and files I have do not contain virus. Im concerned if i have malware, then it could be infected.

Kaspersky scanned my computer and it found nothing. But windows scan is my concern here when it found things.

I use one of the popular password managers out there. Yes i know storing seeds there is not good idea. I know that now. I have a hardware wallet. My hardware wallet seed is not stored there though. But my other seeds are.

So concern is if I use my computer as normal, well I need to log into my password manager and copy/paste any passwords for sites/banking/email etc. Does that make sense?

That is why I want to know if there is a way to confirm I do not have any type of malware on my laptop... if there is a way to find this out.

vv181

legendary

Activity: 1932

Merit: 1273

Storing your seed phrase on your password manager is worrisome. If I might ask, what application do you use for the password manager? Though, even if you are using a secure and recommended password manager, storing a seed on there is not a suitable option. There is a better way to securely store your seed, and by storing it on the password manager, is really put your security risk on a single vector.

Quote from: jerry0 on December 15, 2021, 05:10:51 PM

~
So based on that, what are my options? My concern is entering my password to the password manager... which if I do that.. then my passwords and seed would be exposed.

I think the most recommended way is to use a hardware wallet, with that, the seed phrase never really goes out into your main device. If you take the worst-case scenario like your PC got infected, the seed phrase will not get compromised.

Stalker22

legendary

Activity: 1526

Merit: 1359

Quote from: jerry0 on December 15, 2021, 04:18:29 PM

The big issue is... is there a way to make sure the files I have on my computer is clean before I transfer these files back to a clean reinstall laptop?

Yes. Some documents may contain viruses known as macro viruses, such as word and excel files and even PDF files. However, those files are unlikely to be infected if you created them, and such viruses are almost always detectable by anti-virus software. Make sure you scan all your personal data and, if there are no viruses, copy them to an external drive.

jerry0

full member

Activity: 1750

Merit: 186

I have a password manager with my seeds there. I have lot of documents like word/excel there. The issue though is some of these are encrypted. So only way to open these would be to enter my encryption password. Thoughts on that?

I have software wallets in my computer that if you open it.. you need to enter the password. So I have not done that yet.

So based on that, what are my options? My concern is entering my password to the password manager... which if I do that.. then my passwords and seed would be exposed. The thing though is I did use another windows laptop and entered my seed into another computer and did saw my coins were still there for that coin though. That would mean my seed was not seed for that coin. So thoughts on that?

jerry0

full member

Activity: 1750

Merit: 186

My issue is this. All the files that I have on my computer... im talking about word/excel and files... I'm concerned if I right now transfer it to an external hard drive... even after I clean reinstall my laptop... how do i know none of those files I have is infected then?

Yes you are correct I can just write down every single program I downloaded on my computer and then download them later on. But I have so many things in those programs that I have to start over which I"m not a fan of. But I get your point here.

The big issue is... is there a way to make sure the files I have on my computer is clean before I transfer these files back to a clean reinstall laptop?

Stalker22

legendary

Activity: 1526

Merit: 1359

Quote from: jerry0 on December 15, 2021, 12:45:17 AM

So does this mean most likely I do not have any malware/trojan/keylogger then? So windows defender had removed it earlier?

Most likely.

Look, I do not understand why reinstalling Windows is such a big deal to you. I do it at least once every year on my machines. Simply save all your files on an external drive, make a list of all the apps you use, and ensure that you have all the necessary installation files or can download them from the internet. It shouldn't take more than one working day to finish the whole process and you'll have a fresh installation that will be safer and faster.

jerry0

full member

Activity: 1750

Merit: 186

Okay so I did the kaspersky scans... all of them... full scan, vulnerability scan and background scan. It found 0 threats. So what are your thoughts on this? From what I read, kaspersky total is one of the best virus programs out there.

So does this mean most likely I do not have any malware/trojan/keylogger then? So windows defender had removed it earlier?

Yea the thing is if I had a recent macrium reflect image backup... I was told a while back this is when you do a backup of my your entire hard drive and copy it to an external hard drive... and basically whenever you want to do a clean reinstall, you do that... then when you copy from this backup image in the external hard drive, it will make your cleaned laptop look exactly the same as how it was when you saved it. But I did not do this. Thus I don't want to clean reinstall because if I do, then I have to download all the programs again etc. But the main issue is lot of my files are not transferred from it yet. And if I transfer it... I risk it being infected right? However, kaspersky did not find anything.

jerry0

full member

Activity: 1750

Merit: 186

I downloaded kaspersky total and going to scan my computer now. Someone mentioned this is the best antivirus that could find malware/trojan and keylogger. So if it finds things and removes it, it still isn't safe? I read kaspersky can find like 99% of keyloggers.

I have files I want to transfer from this computer to external hard drive. Now If I made a complete backup of my computer not long ago, obviously this wouldn't be a big issue etc.

Also there is something I forgot to mention but not sure if it is that important. I mentioned when I clicked on the link, my password manager was opened during that time. Then I closed it. I am actually still logged into my emails on my chrome browser during this time. So if I visit the email site now, well it goes straight to my email. So if my computer was compromised, wouldn't they be able to send emails and things like that already? However, if you want to change your email password, they need the current password so unless I type it in again, they don't have it?

Rahman11

sr. member

Activity: 1428

Merit: 250

A CA's private key should be stored in hardware-based protection, such as a Hardware Security Module (HSM). This provides tamper-resistant secure storage. A Private key for an end entity could be stored in a Trusted Platform Module (TPM) chip or a USB tamper-resistant security token.

Republikcoin.com

legendary

Activity: 2716

Merit: 1102

Leading Crypto Sports Betting & Casino Platform

Quote from: jerry0 on December 14, 2021, 03:11:01 AM

I didn't download any files but my virus scanner detected a ton of threats on it. That is the issue here.

There might be a system update on your device and that includes the antivirus as well, so try to do that first and see how it goes

Quote from: jerry0 on December 14, 2021, 03:11:01 AM

My issue is the other things I do on my computer, I use windows. Thats why i dont have OS or linux.

If you are using Windows 10 then you need to see an update on your windows settings, but if you are using windows 11 then I don't think there will be any problem.

jrrsparkles

sr. member

Activity: 2436

Merit: 272

Hire Bitcointalk Camp. Manager @ r7promotions.com

Quote from: jerry0 on December 14, 2021, 03:11:01 AM

I didn't download any files but my virus scanner detected a ton of threats on it. That is the issue here.

My issue is the other things I do on my computer, I use windows. Thats why i dont have OS or linux.

Unless you entered anything your seeds are not vulnerable to the phishing links but for the safe side its better to move the funds to newly created wallet with new seeds so you won't be worrying all the time about the security of your wallet. And password managers are kind of safe but its not recommended to store your private keys there and no where in the digital format.

jerry0

full member

Activity: 1750

Merit: 186

I didn't download any files but my virus scanner detected a ton of threats on it. That is the issue here.

My issue is the other things I do on my computer, I use windows. Thats why i dont have OS or linux.

GreatArkansas

legendary

Activity: 2338

Merit: 1354

Quote from: jerry0 on December 12, 2021, 07:28:01 PM

Quote from: Stalker22 on December 12, 2021, 07:16:35 PM

Quote from: jerry0 on December 12, 2021, 07:06:03 PM

Well can i download kaspersky now and scan everything to remove everything if its possible? That way i don't need to clean reinstall my computer?

Of course you can. But as mentioned earlier, no antivirus software is 100% effective. If you suspect a malware infection, a clean reinstall of your Operating System is probably the safest solution. Antiviruses are good for prevention, though.

My issue is I didn't back up a ton of files on my laptop. I also never did a backup of it as in that backup image of windows. Because if I had that, I know I could just clean reinstall and have it like how it was.

So for example some files I do have saved on a flash drive.

Also I remember there was an option in windows that lets you go back before there were issues. Like a restore point where it could go back a month or whenever. Does windows do that for you periodically or you have to do this yourself? But if you go back to a restore point, this would not work if I was infected... correct?

Well if i use kaspersky and scan and it removes everything, would it be safe to continue using it like normal for a few days to see if i have any issue?

Be careful, the more paranoid you are it could lead you to lose your funds. Relax first, as they said above that using such antivirus could not guarantee your safety, it's still from your end.

As long as you didn't download anything random files from the internet you are safe, starting to remove your seed phrases from your computer or try to store it offline or store it with multiple copies.

Also, even with what operating system you are using, it will still not be guaranteed, but I believe that Windows OS is more prone to this, but I also tried windows before, I got no problem at all about security, I am now using MAC Os.

Start to learn basic precautions on how to avoid scammers or hackers.

jerry0

full member

Activity: 1750

Merit: 186

Quote from: Stalker22 on December 12, 2021, 07:16:35 PM

Quote from: jerry0 on December 12, 2021, 07:06:03 PM

Well can i download kaspersky now and scan everything to remove everything if its possible? That way i don't need to clean reinstall my computer?

Of course you can. But as mentioned earlier, no antivirus software is 100% effective. If you suspect a malware infection, a clean reinstall of your Operating System is probably the safest solution. Antiviruses are good for prevention, though.

My issue is I didn't back up a ton of files on my laptop. I also never did a backup of it as in that backup image of windows. Because if I had that, I know I could just clean reinstall and have it like how it was.

So for example some files I do have saved on a flash drive.

Also I remember there was an option in windows that lets you go back before there were issues. Like a restore point where it could go back a month or whenever. Does windows do that for you periodically or you have to do this yourself? But if you go back to a restore point, this would not work if I was infected... correct?

Well if i use kaspersky and scan and it removes everything, would it be safe to continue using it like normal for a few days to see if i have any issue?

Stalker22

legendary

Activity: 1526

Merit: 1359

Quote from: jerry0 on December 12, 2021, 07:06:03 PM

Well can i download kaspersky now and scan everything to remove everything if its possible? That way i don't need to clean reinstall my computer?

Of course you can. But as mentioned earlier, no antivirus software is 100% effective. If you suspect a malware infection, a clean reinstall of your Operating System is probably the safest solution. Antiviruses are good for prevention, though.

jerry0

full member

Activity: 1750

Merit: 186

How do you know if I didn't had anything downloaded into my computer? I read its possible just by going to the site without doing anything. I read examples of this and someone said that happened to them and their coins in their software wallet got taken.

Well can i download kaspersky now and scan everything to remove everything if its possible? That way i don't need to clean reinstall my computer?

coin-investor

hero member

Activity: 2940

Merit: 593

Leading Crypto Sports Betting & Casino Platform

Quote from: jerry0 on December 08, 2021, 02:56:21 AM

My concern now is I clicked on a redirect link when using my laptop earlier. The thing is that site that I went to... I clicked on it through google, and then it redirected me to a fake site. I then just closed it but then noticed this was a phishing site. I didn't enter anything on that site.

You are safe if you did not download anything or enter anything in the phishing site, it only happens if you download or enter your private key or passphrase on the site, just visiting a site will not get you in trouble as long the phishing site did not download anything in your device, as a crypto investor you need a good anti-virus and malware fighter that can block a phishing site like Kaspersky

Stalker22

legendary

Activity: 1526

Merit: 1359

Quote from: jerry0 on December 08, 2021, 04:14:18 PM

How do i check my coins using block explorer? Don't I need the address of the address of it though? If so, its on my password manager that I would need to log in to.

Yes. The block explorer requires your public address to check your balance. It is not sensitive information that requires special security, so I don't know why you would need a password manager.

Quote from: jerry0 on December 08, 2021, 04:14:18 PM

But is there a way to see if the website i went to has malware/keylogger etc? Such that if i post the link, it would show it?

Sure, there is a way. You can try using tools such as VirusTotal or Sucuri SiteCheck to scan the website.

https://www.virustotal.com/
https://sitecheck.sucuri.net/

Topic: Possible Compromise Laptop With Seed in Password Manager? (Read 262 times)