Topic: Possible Compromised Laptop With Seed in Password Manager? (Read 601 times)

The best cure is, of course, not gambling with the security of your system by opening and running unknown files and apps. I wrote in a different thread recently that malware can be configured to recognize and "escape" the secure enclosure of a VM or sandbox as well. Even that isn't something to rely on nowadays. 

Yes, that would work, as would not downloading random files, opening everything you download in an isolated VM first, only downloading open source software, examining the code of the downloaded file yourself before running it, and so on. There are a thousand ways to mitigate against virus attacks, but we both know that most users don't do any of these things, browse the internet with very little care or due diligence, and download and run all kinds of add ons, apps, extensions, software, etc., without a second though.

How many average internet users do you think have ever right clicked -> properties on a file before?. And of the few who have, how many would know what they are looking for? We continue to see very basic security mistakes even in the crypto space with users who we assume are more technically competent than the average population.

That's why you should always check what type of file you are opening before you actually open it. Instead of double-clicking on it, right click and go to properties. Under the general tab you will see type of file. Even if the file is a .bat or an .exe disguised as a .txt, your system should show you what it really is. Unless those who are creating malware have found a way around this as well, this should work.

Than please STOP replying to this lunatic spam agent jerry007 translated topics/posts, click on Ignore button and don't let him drag you down with all other.
I am also seriously thinking about ignoring other members who continually keep replying to his empty posts... worse than spam topics and plagiarism we see in Bitcoin section.
I would understand if it happened one or two times, but if it's happening all the time than something is seriously wrong  

I think the problem with this approach is that it almost encourages users not to pay attention to their security and not to do any due diligence. We see countless fake wallet apps popping up on various app stores, and users downloading them and using them without a second though because they wrongly assume Apple or Google have done their due diligence for them.

If it is definitely just a .txt file and you only open it with notepad or similar, then you will almost certainly certainly be safe. However, I might send you a file called pgpkey.txt.exe or pgpkey.txt.bat, and since Windows hides file extensions by default, then it would show up as pgpkey.txt. You double click it and the virus runs. Or maybe I send it you as a .zip or a .rar which you think only contains a .txt file, but has other hidden files in there too. On Windows, I could create a shortcut to some malicious web address and rename it to pgpkey.txt and send it to you. You double click on it, and your browser opens the malicious link. I am by no means an expert, but I'm sure there are countless other ways to disguise a virus as a .txt file.

I'm not 100% sure about .txt, but definitely with images and music files. I read about these a long time ago; here's something I just found through a quick web search from 2002: Perrun virus

Here's also one of many StackOverflow topic about this matter.

I think the two main concepts are to either build an executable that executes a virus & displays a 'dummy' image when executed (double clicked), and naming it something.jpg or to exploit a bug in the image viewer and embed attack code into the file, which is executed when the bug is triggered during image loading.

You're right, 4 years is a long time. Should be enough to get familiar with the topic. To be honest, people should know how to protect their computer, regardless of using Bitcoin or not. Meaning when they do get into BTC, they should already know how to responsibly use their machines and how to protect and backup their data.

How's that? How can you infect my machine by sending me a .txt file? I only know that it's possible for programs that gain access to the sensitive data of Windows such as executables.

You may find more “diamonds” if you search their topic history. I mean, this guy is in bitcoin since 2017 at least, and they don't know how to protect themselves already?

This thread is going nooooowhere It's kind of hilarious and sad at the same time, sorry Jerry for saying this. But you're also losing people's time (sometimes even seems intentional) so I guess it's fine that I get some fun out of it as well.

Asking for something actually answered in the quote above it? Check.


The still ongoing, hopeless search for a 'magic pill' software that makes you 100% safe, without following basic precautions (which does not exist):

---

This is why I recommend Linux or even macOS. I myself use all platforms, professionally and personally, it depends. But I do feel it's easier to unintentionally download malware on Windows. Sure, you can operate Windows machines for decades without issues. But compared to macOS, especially people who have little idea about what they're doing, will be more secure downloading stuff from an 'AppStore' or package manager than having to web search for it.

It's also that in Windows, you're by default root and people are used to installing software with root privileges all the time (maybe unintentionally installing a RAT with alll the rights). Also, the much larger market share of Windows vs other OSes on the desktop means that it is financially more interesting to develop Windows malware.

Actually, I believe the safest OS 'for the masses' is not even a Desktop OS at all. Most people will be most secure using a tablet / iPad with a keyboard, probably. All software will need to come from the official 'AppStore', everything's sandboxed, there will be no drivers, no privileges, no .exe's from the web. These days, you can easily work on Microsoft Office documents and manage your photo / video library on a large iPad.

Theoretically, viruses can nest themselves into any file. So you would probably need to virus-check that thumb drive before inserting it into the fresh new PC (without infecting the machine that is meant to virus-check it)... so it does kind of become a cat-and-mouse problem. If I were to design such a virus, I'd probably have it immediately infect the OS / AV in the first place such that it won't detect / flag / delete the virus on the thumb drive.

You don't. You can't be 100% sure of it. That's what we have been trying to tell you.  

It's the same question as above but asked differently. If you introduce malware-infected files to a system with a clean virus-free OS, you are bringing malware onto that new setup, assuming there is some malware. 

Are there that many essential pieces of software that you have to write their names down on a piece of paper? Just install the things you need on a daily basis, not everything that's been sitting on your PC for years. Another thing, computer programs can also come with malware, adware, spyware, whatever. Especially if you are dealing with pirated software and torrents.
Don't install unnecessary bloatware on a system that handles your crypto and private keys.

Okay I will clean reinstall it.  But before I do this, what do you recommend I do first?


Again my issue is I have lot of files that I need to copy/paste to an external hard drive.  How do I know these files are not infected?  Again Kaspersky total scanned my entire laptop and it found nothing.  I ask this because say after I do a clean reinstall, then when I transfer these external files back, how I know for sure they aren't infected before I transfer these files?


Then with all the programs I have installed... just write down every single program name I have installed so I install it again after I do the clean reinstall right?

We keep going around in circles all the time. It comes down to this. You are not going to delete those files and most probably you aren't going to reinstall your OS either. So just keep them and do whatever you want.

Your computer has already been infected for who knows how long. Maybe it wasn't anything serious and your AVs picked up tracking cookies, but maybe not. You are too confident in the performances of AV software. Those are just pills and antibiotics that you take WHEN YOU ARE ALREADY SICK. You need to take precautions not to get sick in the first place.

If you believe your computer is now safe, keep using it.
If you don't think so, reinstall your OS and start fresh.

Are we going to discuss this several months until you make a decision?

So I did the kaspersky scans... all of them... full scan, vulnerability scan and background scan. It found 0 threats. So what are your thoughts on this? From what I read, kaspersky total is one of the best virus programs out there.


So does this mean most likely I do not have any malware/trojan/keylogger then? So windows defender had removed it earlier?


Yea the thing is if I had a recent macrium reflect image backup... I was told a while back this is when you do a backup of my your entire hard drive and copy it to an external hard drive... and basically whenever you want to do a clean reinstall, you do that... then when you copy from this backup image in the external hard drive, it will make your cleaned laptop look exactly the same as how it was when you saved it. But I did not do this. Thus I don't want to clean reinstall because if I do, then I have to download all the programs again etc. But the main issue is lot of my files are not transferred from it yet. And if I transfer it... I risk it being infected right? However, kaspersky did not find anything.

I downloaded kaspersky total and going to scan my computer now.  Someone mentioned this is the best antivirus that could find malware/trojan and keylogger.  So if it finds things and removes it, it still isn't safe?  I read kaspersky can find like 99% of keyloggers.



The files I want to transfer from the laptop are microsoft word/excel files.  But also some videos and pictures as well.



Also there is something I forgot to mention but not sure if it is that important.  I mentioned when I clicked on the link, my password manager was opened during that time.  Then I closed it.  I am actually still logged into my emails on my chrome browser during this time.  So if I visit the email site now, well it goes straight to my email.  So if my computer was compromised, wouldn't they be able to send emails and things like that already?  However, if you want to change your email password, they need the current password so unless I type it in again, they don't have it? 

Have less trust in anti-viruses. If your machine has caught anything, then for whatever “cleaning” program you install, you'll never be sure you're safe; I'd say not even close.

What kind of files are those you want to export? Are they just videos, images and wallet.dat kind of files? If that's the case, then just transfer them in a USB, wipe up the drive and re-install your OS. If there are closed-sourced executables included, then I advice against.

If we assume you copy it, then yeah. Keylogger will detect it. Note that there are screen recording kind of malwares, so just having the seed phrase on-screen on a virus-affected machine is neither safe.

---

I know we sound fearmongering, but it's the way computers and bitcoin work that makes us, completely justifiably, do.

Many of the other altcoins I have is not supported by nano ledger.  That is why I don't have it all transferred there.  Previously they were in an exchange and then I downloaded software wallets for it.  I do not do trading with these crapcoins.  I basically bought them years ago and held them in an exchange or wallet etc.  I am not doing any quick trading of any sort.


The reason why I use windows is because that is all I ever used.  Other thing is some programs I use... are not compatible with windows.  So using linux or mac won't work for me.


Someone else suggested what I can do is transfer all my files from the possibly compromised laptop to an external hard drive or the cloud.  Then wipe my windows clean and do a clean reinstall.  Then when using the new computer scan all those files in a non administrative account and then check to see if there is any malware before copying the files to the new computer.  Is there any issue with this?  Again I know the easiest thing to do is just clean reinstall my laptop, but I have files there I want to keep etc.  But is it risky transferring those files?  I know had i done a macrieum reflect backup, then I wouldn't had these issues etc. 


The other option is downloading kaspersky total or bitdefender and scanning the machine to see what it finds and then remove those threats.  And maybe continue using it?  Again I am just stumped on what to do because I don't have my full backups.


The big issue here is I have seed stored in my password manager, so if I open it up, if keylogger there, then I'm screwed?

I can relate to what you are saying and I am pretty much the same way. All I have ever used is Windows, but I don't go around poking and clicking on everything. I am cautious by nature and that has helped me avoid malware and viruses my entire adult life.

No, that would just confuse him even more. I don't think it would be much safer because he doesn't listen and does things his way.

I really don't know. He doesn't seem that active in the altcoin section and I can't remember he ever mentioned that he participates in bounties.

For BSC, you need to install a bridge as far as I know, but yes it should work. I have never owned any BSC so can't tell you much about it. Tron and their TRC10/TRC20 tokens can be stored on Ledger. They do require that you have Tron on the same account otherwise the portfolio seems empty and there are no records of your Tron transactions. I occasionally keep USDT on the Tron network on my Ledger and besides a longer sync time compared to Bitcoin, everything else is ok.

Honestly, me neither. The reason why I would stop using my Nano S will surely not be because I can't have 3 or more apps installed on it at the same time.

I avoid all shitcoins, so I'm totally out of the loop on this, but aren't there a bunch of other trash centralized coins which allow to you launch your own even trashier centralized tokens on top of them, such as Tron and BSC? Can you store those on a hardware wallet? Might be better to just stick to coins which are hardware wallet compatible if you can't figure out a better way to store the other ones other than to save a seed phrase on your computer. (Although if you can generate addresses for a coin via a seed phrase, then there is no reason that it couldn't be stored on a hardware wallet, except that the developers don't care enough to build wallet software which can do that (which is even more of a reason to dump said shitcoin)).

I've never understood why people make such a big deal of this. It takes literally 10 seconds to swap apps. Perhaps if everybody wasn't in such a rush they would take the time to double check addresses properly as well.

There are legitimate reasons to use Windows over Linux. I don't think "Linux is hard" is one of them. If you can use Windows, you can use Linux. I would suggest Linux Mint as a first stepping stone if you are a life long Windows user. You will struggle to stumble across an issue which doesn't have a step by step guide to resolve it written by someone in the community.

But yes, much like your bitcoin wallet, your OS is only going to be as safe as the person using it. If you go around saving seed phrases on the same computer you use to browse questionable sites, click on random links, and download random software with no due diligence, then no browser, no OS, no antimalware, etc., is going to protect you.

Besides not using Google, I find not using Windows equally difficult. I agree with all the privacy advantages and similar you may gain by using a Linux OS instead, but that isn't enough to make me a Linux user. I'm a windows user since I was a child. I've used in their terminology and as much as I've tried replacing it with Linux, I've failed.

So, if someone like Jerry faces such issues, you can't just tell them to use another operating system if they've used to use Windows their entire life. I find the following post very relevant:

---

Not that I like being biased, but he does look like the person who's here only for the quick profit without giving much attention to the potential risks buying shitcoins may have. What to say;

I can't stop but wondering what kind of coins and tokens those are. The majority of shitcoins are Ethereum-based, so he can just keep those on his Ethereum address on his Ledger. Maybe he doesn't know that and I wouldn't be surprised if he didn't. 

Even that is an overstatement right now. That handful is now 2 standalone apps, 3 if you are lucky (but I doubt it). You can still install a bunch of dependent apps that are forked of the standalone app. For everything else, you have to rely on installing/uninstalling to work with an app you need at that moment in time.

Slightly off topic, but that's simply how many apps it can support at a time. You can freely delete and install apps without affecting your private keys or coins. I could install the bitcoin app, send bitcoin to the Ledger wallet, and then uninstall the bitcoin app to install something else, and when I later reinstall the bitcoin app a month or more later, my coins will show up just fine.

Depends what programs you want to use. There are free and open source alternatives to the most common Windows packages, such as LibreOffice and GIMP. You can use Wine to run most Windows programs on a Linux machine. If you absolutely must use Windows for something, then you can always dual boot or have a separate Windows device.

Here is your problem - you have no idea regarding what constitutes good security or good internet practices. I suggest you do a lot of reading. Chrome is terrible, Edge is terrible, Brave is terrible. No, HTTPS and NoScript aren't some magical shield which will prevent any and all malware from accessing your computer. Such a thing does not exist, and the fact that you keep asking for one piece of software to keep you completely 100% safe just goes to show that you don't really understand computer security.

It is incredibly unlikely that clicking on a single link has resulted in "tons of threats" on your machine. As I said above, your security practices are so poor that I suspect you have been infected with multiple pieces of malware for a period of time and you have just been unaware until now.

Move anything you can to your Ledger, and any coin/token so small and unknown that you can't store it on your Ledger then find a separate device which you don't go clicking random links on to download a software wallet to (or, you know, just sell it for bitcoin).