Pages:
Author

Topic: Possible Compromise Laptop With Seed in Password Manager? (Read 280 times)

legendary
Activity: 1932
Merit: 1273
I use one of the popular password managers out there.  Yes i know storing seeds there is not good idea.  I know that now.  I have a hardware wallet.  My hardware wallet seed is not stored there though.  But my other seeds are. 


So concern is if I use my computer as normal, well I need to log into my password manager and copy/paste any passwords for sites/banking/email etc.  Does that make sense?


That is why I want to know if there is a way to confirm I do not have any type of malware on my laptop... if there is a way to find this out.
As on OP, if you are just visiting a suspicious site it won't automatically make your device compromised, not unless you are somehow running or executing an application from the site. But that is just one case, I don't know how you used your device, so I can't confirm whether your laptop got infected or not. After all, storing your seed phrase on your day-to-day device isn't recommended especially you have a hardware wallet.

The idea is you should transfer any coins on your non-HW seed phrase into your hardware wallet, ideally, you should do it on another clean and safe device. After that, just to be sure it would be a good idea if you just simply reformat and reinstall your laptop.
hero member
Activity: 2534
Merit: 605
Look, I do not understand why reinstalling Windows is such a big deal to you. I do it at least once every year on my machines. Simply save all your files on an external drive, make a list of all the apps you use, and ensure that you have all the necessary installation files or can download them from the internet. It shouldn't take more than one working day to finish the whole process and you'll have a fresh installation that will be safer and faster.
It is not just only that, I also feel that the Microsoft Windows Defender is not enough for anyone to rely entirely on it. Anyone who is making use of a windows computer also needs to have another antivirus installed to their system, if not you are likely going to run into a problem that might affect your computer.

Especially when you are always used to downloading things online and receiving files randomly from other people. So, he really needs to have another antivirus installed that is able to protect his computer always. The one he has installed is OK, and if possible he should as well do what you have said here to be sure of his computer being OK and free from any form of malware or virus.
full member
Activity: 1750
Merit: 186
The word/excel and files I have do not contain virus.  Im concerned if i have malware, then it could be infected.


Kaspersky scanned my computer and it found nothing.  But windows scan is my concern here when it found things.


I use one of the popular password managers out there.  Yes i know storing seeds there is not good idea.  I know that now.  I have a hardware wallet.  My hardware wallet seed is not stored there though.  But my other seeds are. 


So concern is if I use my computer as normal, well I need to log into my password manager and copy/paste any passwords for sites/banking/email etc.  Does that make sense?


That is why I want to know if there is a way to confirm I do not have any type of malware on my laptop... if there is a way to find this out.
legendary
Activity: 1932
Merit: 1273
Storing your seed phrase on your password manager is worrisome. If I might ask, what application do you use for the password manager? Though, even if you are using a secure and recommended password manager, storing a seed on there is not a suitable option. There is a better way to securely store your seed, and by storing it on the password manager, is really put your security risk on a single vector.

~
So based on that, what are my options?  My concern is entering my password to the password manager... which if I do that.. then my passwords and seed would be exposed.
I think the most recommended way is to use a hardware wallet, with that, the seed phrase never really goes out into your main device. If you take the worst-case scenario like your PC got infected, the seed phrase will not get compromised.
legendary
Activity: 1526
Merit: 1359
The big issue is... is there a way to make sure the files I have on my computer is clean before I transfer these files back to a clean reinstall laptop?

Yes. Some documents may contain viruses known as macro viruses, such as word and excel files and even PDF files. However, those files are unlikely to be infected if you created them, and such viruses are almost always detectable by anti-virus software. Make sure you scan all your personal data and, if there are no viruses, copy them to an external drive.
full member
Activity: 1750
Merit: 186
I have a password manager with my seeds there.  I have lot of documents like word/excel there.  The issue though is some of these are encrypted.  So only way to open these would be to enter my encryption password.  Thoughts on that?


I have software wallets in my computer that if you open it.. you need to enter the password.  So I have not done that yet. 


So based on that, what are my options?  My concern is entering my password to the password manager... which if I do that.. then my passwords and seed would be exposed.  The thing though is I did use another windows laptop and entered my seed into another computer and did saw my coins were still there for that coin though.  That would mean my seed was not seed for that coin.  So thoughts on that?



full member
Activity: 1750
Merit: 186
My issue is this.  All the files that I have on my computer... im talking about word/excel and files... I'm concerned if I right now transfer it to an external hard drive... even after I clean reinstall my laptop... how do i know none of those files I have is infected then?


Yes you are correct I can just write down every single program I downloaded on my computer and then download them later on.  But I have so many things in those programs that I have to start over which I"m not a fan of.  But I get your point here.


The big issue is... is there a way to make sure the files I have on my computer is clean before I transfer these files back to a clean reinstall laptop?
legendary
Activity: 1526
Merit: 1359
So does this mean most likely I do not have any malware/trojan/keylogger then? So windows defender had removed it earlier?

Most likely.

Look, I do not understand why reinstalling Windows is such a big deal to you. I do it at least once every year on my machines. Simply save all your files on an external drive, make a list of all the apps you use, and ensure that you have all the necessary installation files or can download them from the internet. It shouldn't take more than one working day to finish the whole process and you'll have a fresh installation that will be safer and faster.
full member
Activity: 1750
Merit: 186
Okay so I did the kaspersky scans... all of them... full scan, vulnerability scan and background scan. It found 0 threats. So what are your thoughts on this? From what I read, kaspersky total is one of the best virus programs out there.


So does this mean most likely I do not have any malware/trojan/keylogger then? So windows defender had removed it earlier?


Yea the thing is if I had a recent macrium reflect image backup... I was told a while back this is when you do a backup of my your entire hard drive and copy it to an external hard drive... and basically whenever you want to do a clean reinstall, you do that... then when you copy from this backup image in the external hard drive, it will make your cleaned laptop look exactly the same as how it was when you saved it. But I did not do this. Thus I don't want to clean reinstall because if I do, then I have to download all the programs again etc. But the main issue is lot of my files are not transferred from it yet. And if I transfer it... I risk it being infected right? However, kaspersky did not find anything.
full member
Activity: 1750
Merit: 186
I downloaded kaspersky total and going to scan my computer now.  Someone mentioned this is the best antivirus that could find malware/trojan and keylogger.  So if it finds things and removes it, it still isn't safe?  I read kaspersky can find like 99% of keyloggers.



I have files I want to transfer from this computer to external hard drive.  Now If I made a complete backup of my computer not long ago, obviously this wouldn't be a big issue etc.


Also there is something I forgot to mention but not sure if it is that important.  I mentioned when I clicked on the link, my password manager was opened during that time.  Then I closed it.  I am actually still logged into my emails on my chrome browser during this time.  So if I visit the email site now, well it goes straight to my email.  So if my computer was compromised, wouldn't they be able to send emails and things like that already?  However, if you want to change your email password, they need the current password so unless I type it in again, they don't have it?

sr. member
Activity: 1428
Merit: 250
A CA's private key should be stored in hardware-based protection, such as a Hardware Security Module (HSM). This provides tamper-resistant secure storage. A Private key for an end entity could be stored in a Trusted Platform Module (TPM) chip or a USB tamper-resistant security token.
legendary
Activity: 2716
Merit: 1102
Leading Crypto Sports Betting & Casino Platform
I didn't download any files but my virus scanner detected a ton of threats on it.  That is the issue here.
There might be a system update on your device and that includes the antivirus as well, so try to do that first and see how it goes

My issue is the other things I do on my computer, I use windows.  Thats why i dont have OS or linux.
If you are using Windows 10 then you need to see an update on your windows settings, but if you are using windows 11 then I don't think there will be any problem.
sr. member
Activity: 2520
Merit: 280
Hire Bitcointalk Camp. Manager @ r7promotions.com
I didn't download any files but my virus scanner detected a ton of threats on it.  That is the issue here.


My issue is the other things I do on my computer, I use windows.  Thats why i dont have OS or linux.
Unless you entered anything your seeds are not vulnerable to the phishing links but for the safe side its better to move the funds to newly created wallet with new seeds so you won't be worrying all the time about the security of your wallet. And password managers are kind of safe but its not recommended to store your private keys there and no where in the digital format.
full member
Activity: 1750
Merit: 186
I didn't download any files but my virus scanner detected a ton of threats on it.  That is the issue here.


My issue is the other things I do on my computer, I use windows.  Thats why i dont have OS or linux.
legendary
Activity: 2506
Merit: 1394
Well can i download kaspersky now and scan everything to remove everything if its possible?  That way i don't need to clean reinstall my computer?

Of course you can. But as mentioned earlier, no antivirus software is 100% effective. If you suspect a malware infection, a clean reinstall of your Operating System is probably the safest solution. Antiviruses are good for prevention, though.



My issue is I didn't back up a ton of files on my laptop.  I also never did a backup of it as in that backup image of windows.  Because if I had that, I know I could just clean reinstall and have it like how it was.


So for example some files I do have saved on a flash drive.


Also I remember there was an option in windows that lets you go back before there were issues.  Like a restore point where it could go back a month or whenever.  Does windows do that for you periodically or you have to do this yourself?  But if you go back to a restore point, this would not work if I was infected... correct?


Well if i use kaspersky and scan and it removes everything, would it be safe to continue using it like normal for a few days to see if i have any issue?

Be careful, the more paranoid you are it could lead you to lose your funds. Relax first, as they said above that using such antivirus could not guarantee your safety, it's still from your end.

As long as you didn't download anything random files from the internet you are safe, starting to remove your seed phrases from your computer or try to store it offline or store it with multiple copies.

Also, even with what operating system you are using, it will still not be guaranteed, but I believe that Windows OS is more prone to this, but I also tried windows before, I got no problem at all about security, I am now using MAC Os.

Start to learn basic precautions on how to avoid scammers or hackers.
full member
Activity: 1750
Merit: 186
Well can i download kaspersky now and scan everything to remove everything if its possible?  That way i don't need to clean reinstall my computer?

Of course you can. But as mentioned earlier, no antivirus software is 100% effective. If you suspect a malware infection, a clean reinstall of your Operating System is probably the safest solution. Antiviruses are good for prevention, though.



My issue is I didn't back up a ton of files on my laptop.  I also never did a backup of it as in that backup image of windows.  Because if I had that, I know I could just clean reinstall and have it like how it was.


So for example some files I do have saved on a flash drive.


Also I remember there was an option in windows that lets you go back before there were issues.  Like a restore point where it could go back a month or whenever.  Does windows do that for you periodically or you have to do this yourself?  But if you go back to a restore point, this would not work if I was infected... correct?


Well if i use kaspersky and scan and it removes everything, would it be safe to continue using it like normal for a few days to see if i have any issue?


legendary
Activity: 1526
Merit: 1359
Well can i download kaspersky now and scan everything to remove everything if its possible?  That way i don't need to clean reinstall my computer?

Of course you can. But as mentioned earlier, no antivirus software is 100% effective. If you suspect a malware infection, a clean reinstall of your Operating System is probably the safest solution. Antiviruses are good for prevention, though.
full member
Activity: 1750
Merit: 186
How do you know if I didn't had anything downloaded into my computer?  I read its possible just by going to the site without doing anything.  I read examples of this and someone said that happened to them and their coins in their software wallet got taken.


Well can i download kaspersky now and scan everything to remove everything if its possible?  That way i don't need to clean reinstall my computer?
hero member
Activity: 2996
Merit: 598
Leading Crypto Sports Betting & Casino Platform

My concern now is I clicked on a redirect link when using my laptop earlier.  The thing is that site that I went to... I clicked on it through google, and then it redirected me to a fake site.  I then just closed it but then noticed this was a phishing site.  I didn't enter anything on that site.


You are safe if you did not download anything or enter anything in the phishing site, it only happens if you download or enter your private key or passphrase on the site, just visiting a site will not get you in trouble as long the phishing site did not download anything in your device, as a crypto investor you need a good anti-virus and malware fighter that can block a phishing site like Kaspersky
legendary
Activity: 1526
Merit: 1359
How do i check my coins using block explorer?  Don't I need the address of the address of it though?  If so, its on my password manager that I would need to log in to.

Yes. The block explorer requires your public address to check your balance. It is not sensitive information that requires special security, so I don't know why you would need a password manager.

But is there a way to see if the website i went to has malware/keylogger etc?  Such that if i post the link, it would show it? 

Sure, there is a way. You can try using tools such as VirusTotal or Sucuri SiteCheck to scan the website.

https://www.virustotal.com/
https://sitecheck.sucuri.net/
Pages:
Jump to: