Possible Compromised Laptop With Seed in Password Manager? - page 3.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Quote from: jerry0 on December 08, 2021, 03:42:56 PM

Yes I know to not store seeds in password manager. But I did do that with some of them. But I guess this situation is similar to using software wallet.

Except it isn't because you unlock your password manager constantly every single time you use your computer, whereas you might only enter your wallet password a couple of times a month.

Quote from: jerry0 on December 08, 2021, 04:29:08 PM

So you telling me if it finds nothing at all, then my computer is safe from anytype of malware/keylogger etc?

There is no malware scanner or similar in existence which can guarantee it will find 100% of viruses/malware.

Quote from: jerry0 on December 08, 2021, 08:24:52 PM

But I can't use this computer to download the software wallet because this computer does not support windows.

What OS are you using? What software wallet are you trying to use? Why not just use something like Electrum?

jerry0

full member

Activity: 1708

Merit: 185

My issue with this is in order for me to access my software wallet, I need to enter my seed on that computer. I have my seed on paper but also in my password manager. Thus me entering my seed into the laptop could compromise it if if already wasn't compromised.

So based on that, what should i do? Im typing this on another computer right now. But I can't use this computer to download the software wallet because this computer does not support windows.

So is best option to get a new computer and then install those software and then enter my seed in it? Then if my coins are there, create another seed for that coin and send all my coins there? Thus do this all on another device? Then when I use my possible compromised laptop and log into my password manager, even if they could see everything, well the coins are moved from there?

Someone recommended me to download kapersky total and scan for virus/malware. But would that work? Such that if it finds any malware/trojan or browser hijacking, then it could remove all of it? And thus I could continue to use my possible compromised laptop as is?

Advice on this?

n0nce

hero member

Activity: 882

Merit: 5818

not your keys, not your coins!

Quote from: jerry0 on December 08, 2021, 03:07:27 AM

Okay so if you click on a dangerous site, could malware/keylogger be automatically downloaded without you knowing? So basically anything you type is going straight to the hacker?

Nobody can exactly tell you what happened and what didn't. Best case scenario, they gained 0 information, worst case they could have everything; real-life scenario it would probably be somewhere in between.

Personally, to be on the safe side, I'd disconnect the device from any network right now, send all the coins to a new, fresh, safe wallet ('what's a safe wallet' is a different topic). Then next day go buy an external HDD, export important files onto it; maybe run an antivirus over the drive and if it's all good, wipe the laptop, reinstall OS (it's adviseable from time to time for performance improvement by clearing out junk files imho) and restore the pictures. After all is done, reconnect the network connection. You don't want a potential virus spreading to your other devices.

But first priority would be disconnecting connectivity & securing those BTC.

jerry0

full member

Activity: 1708

Merit: 185

Quote from: BitMaxz on December 08, 2021, 07:06:20 PM

Quote from: jerry0 on December 08, 2021, 04:29:08 PM

Is it usa kapersky site to try it? So would it find things if it was already there? So you telling me if it finds nothing at all, then my computer is safe from anytype of malware/keylogger etc?

https://usa.kaspersky.com/downloads/thank-you/internet-security-free-trial

That one is medium-security I suggest you use the Kaspersky total which is the premium one. It has a 30 days trial but before you scan the whole PC make sure to update the database first so that it has all possible threats. It will also disable any autorun unknown program
and add a new plugin extension in your browser to protect your browser from any attack. I'm using it for almost 11 years never had any issue except on auto-delete and blocked infected files you can't easily revert it if it was deleted/blocked automatically if it detects any possible threats in your system and it will ask for a reboot for fully disinfect your system.

To make sure no malware/keylogger in your system also scans it with malwarebytes combination of these two is powerful.

There is no issue using it from the US right? Did some googling and apparently kapersky got banned in the US a while back? Are you in the US?

So there is a link for US people and different link for people outside the US?

Okay I will download the free trial. But you are saying if there is any malware, keylogger, browser hijack and things like that, then would total kapersky pick it up and remove it? Or some malware/trojan are so hard to pick up? Is there a big difference I went to that site already though? Thing is you say you never had an issue with it and it blocks sites but you been using it ever since.

BitMaxz

legendary

Activity: 3234

Merit: 2943

Block halving is coming.

Quote from: jerry0 on December 08, 2021, 04:29:08 PM

Is it usa kapersky site to try it? So would it find things if it was already there? So you telling me if it finds nothing at all, then my computer is safe from anytype of malware/keylogger etc?

https://usa.kaspersky.com/downloads/thank-you/internet-security-free-trial

That one is medium-security I suggest you use the Kaspersky total which is the premium one. It has a 30 days trial but before you scan the whole PC make sure to update the database first so that it has all possible threats. It will also disable any autorun unknown program
and add a new plugin extension in your browser to protect your browser from any attack. I'm using it for almost 11 years never had any issue except on auto-delete and blocked infected files you can't easily revert it if it was deleted/blocked automatically if it detects any possible threats in your system and it will ask for a reboot for fully disinfect your system.

To make sure no malware/keylogger in your system also scans it with malwarebytes combination of these two is powerful.

jerry0

full member

Activity: 1708

Merit: 185

Quote from: BitMaxz on December 08, 2021, 07:37:28 AM

If you don't have any protection in your browser and in your laptop maybe you have already been infected after you visit the phishing site.

Based on what I experienced if a visits any phishing sites some of them automatically download a file that is unauthorized download and install.
That is why I decided to protect my PC with Kaspersky both my PC and browser are protected by any phishing sites and malware that silently transfer/download files in your laptop/PC.

So maybe your laptop is already compromised. What I think is try to install a Kaspersky total you can use the trial it's free and then fully scan the whole PC and also scan it with Malwarebytes before you access the password manager for safety purposes.

Is it usa kapersky site to try it? So would it find things if it was already there? So you telling me if it finds nothing at all, then my computer is safe from anytype of malware/keylogger etc?

https://usa.kaspersky.com/downloads/thank-you/internet-security-free-trial

jerry0

full member

Activity: 1708

Merit: 185

Yes I know to not store seeds in password manager. But I did do that with some of them. But I guess this situation is similar to using software wallet. Because if your computer is compromised, you typing it in a software wallet would be the same thing right?

My question is... is there a way to check if the website I went to indeed had malware/trojan/keylogger etc? Such that if you post that link on a website, it would scan if there is anything malicious? Or its possible it could be hidden where a website can't even scan it?

My main computer has all my information it. Well I do have some of my seed written as well on paper. My question is... should i be concerned about logging into my password manager now because of this issue? The thing was what if my password manager was already opened when i clicked on the link earlier?

I want to know is there a way for any computer virus scan to check everything on my laptop to see if there is any malware/keylogger/virus? I don't mind buying any virus program to check that but is there any for that? I just use windows defender.

But the best thing is get a new computer or device, then type in the seed on it then? Thus to see if my coins are still there?

I mean im sure people have accidentally clicked on links before right? So thus you are compromised so isn't this similar? Example if you now type in your password to sites, now the malware/keylogger could see it. Thus any software wallet you use is now at risk right?

So I want to know what should I do right now based on this situation.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18509

Honestly jerry, every time you make a new thread I am continually amazed at just how bad your OPSEC is despite all the advice you have received multiple times from multiple users.

Quote from: jerry0 on December 08, 2021, 02:50:00 AM

The thing is I do have the seed stored in my password manager.

You have been told dozens of times not to do this. Stop doing it.

Quote from: jerry0 on December 08, 2021, 02:50:00 AM

So that means if i log into my password manager on my compromised laptop, they could track everything I typed?

If you have malware on your computer, it is entirely possible for it to log everything you type and everything you copy to your clipboard.

Quote from: jerry0 on December 08, 2021, 02:50:00 AM

The thing that I considered was to not log into my password manager. But then use another device and enter my seed into it to access the wallet. Then assuming my coins are still there, create a new wallet and send all of them there and get a new seed. Is that recommended?

Yes. You should move any coins from any wallet which has a seed phrase store electronically to a new wallet which has its seed phrase stored only on paper.

Quote from: jerry0 on December 08, 2021, 02:50:00 AM

I don't want to wipe my laptop as I have so many things on it for years etc. I also didn't do a backup of it as well. The thing is I do have a copy of my password manager on a usb drive. But is there any virus program I could use or buy where it would find any type of malware, keylogger or browser hijack etc on it? So that way I could continue to use my laptop without wiping it clean?

So you have your main computer with years of important information on it (including seed phrases!) which you have never backed up, which you use to click on unfamiliar links and browse risky sites, on which you run no firewall or antiviral software, and which you have never scanned for malware. I can't even begin to tell you what a terrible idea this all is. You are one simple mistake away from losing everything, data and coins included.

vapourminer

legendary

Activity: 4312

Merit: 3517

what is this "brake pedal" you speak of?

Quote from: lovesmayfamilis on December 08, 2021, 10:37:57 AM

If you didn’t download anything from a phishing site, didn’t enter your data and passwords, but simply closed the site and left, there should be no drama.

you can get infected just by visiting a compromised website, no clicking or dl needed. all the page has to do is load in your browser and boom youre infected.

check it out:
https://www.kaspersky.com/resource-center/definitions/drive-by-download
https://en.wikipedia.org/wiki/Drive-by_download

lovesmayfamilis

legendary

Activity: 2072

Merit: 4265

✿♥‿♥✿

I think you are a little paranoid.
What system are you using? Which password manager?
Or is it a regular browser that stores passwords? Then what is this browser?
If you are using Linux, it is doubtful that the software could have gotten there without your knowledge and permission. If Windows disconnect the laptop from the network, check the laptop with several antiviruses, Kaspersky offers several solutions.
Clear all cookies from your browser. Check the Task Manager for new processes that may have left a virus running in the background or a keylogger.
If you didn’t download anything from a phishing site, didn’t enter your data and passwords, but simply closed the site and left, there should be no drama. We often find ourselves on phishing sites, but without entering our information there, we simply leave them, erasing everything in the browser in the future. And also a lot depends on the password manager. Some of them also store their information encrypted, which is also a kind of protection.

dothebeats

legendary

Activity: 3542

Merit: 1352

Excel is fun

I would treat my passwords as compromised if I were you, and would go on and change those passwords immediately, and perhaps transfer the funds from those affected wallets with the exposed seeds, too. After that, I'd clean my PC, and ensure that I will place protections (ad blockers and the likes) in order to prevent this from happening again. Also, better treat your seed phrases with extra care. I have mine written down on some paper and it has been that way ever since. Not worried of getting hacked since my backups exist offline, and my seed phrases exist offline as well.

vapourminer

legendary

Activity: 4312

Merit: 3517

what is this "brake pedal" you speak of?

Quote from: MIner1448 on December 08, 2021, 05:49:06 AM

If you have already downloaded malware, then most likely cybercriminals can already collect data about you and your passwords, when they collect everything, they can easily crack your passwords and pump out your hard-earned money, I had this with a friend if a virus lives on a computer. this does not mean that he is inactive or does not carry any kind of threat, it just may not have collected enough information for hacking.

yes its possible the password database/file and the wallet has already been uploaded to the hackers. they can work on those at their leisure at that point, no matter what you (the op) do with the laptop now.

op, assume your password database and wallet file will be compromised at some point, so on a known clean computer change all your passwords and create a new password database with the changed passwords. also create a new wallet and xfer everything over to it.

seeds are generally written down on paper (or something more permanent) and should never be in digital form.

BitMaxz

legendary

Activity: 3234

Merit: 2943

Block halving is coming.

If you don't have any protection in your browser and in your laptop maybe you have already been infected after you visit the phishing site.

Based on what I experienced if a visits any phishing sites some of them automatically download a file that is unauthorized download and install.
That is why I decided to protect my PC with Kaspersky both my PC and browser are protected by any phishing sites and malware that silently transfer/download files in your laptop/PC.

So maybe your laptop is already compromised. What I think is try to install a Kaspersky total you can use the trial it's free and then fully scan the whole PC and also scan it with Malwarebytes before you access the password manager for safety purposes.

kaya11

full member

Activity: 1302

Merit: 110

Quote from: jerry0 on December 08, 2021, 02:50:00 AM

I have coins stored in a software wallet on my laptop. The thing is I do have the seed stored in my password manager. Yes I know people tell me you should never do this in case your computer gets compromised.

My concern now is I clicked on a redirect link when using my laptop earlier. The thing is that site that I went to... I clicked on it through google, and then it redirected me to a fake site. I then just closed it but then noticed this was a phishing site. I didn't enter anything on that site.

My concern is i read this malware I have could be some browser hijack and keylogger etc. So that means if i log into my password manager on my compromised laptop, they could track everything I typed? What if your password manager was open at the time? I do also have my seed written on paper as well. My concern is if i log into my password manager now on my computer, that means the hacker could literally see all my passwords and everything i wrote on it? I know about the phishing links hackers post where you download a fake wallet and enter the seed. But if you don't enter your seed, I read its safe. But could clicking on a link to a website without downloading anything also do this? I did not see any program download. But I'm pretty sure it was a dangerous site.

The thing that I considered was to not log into my password manager. But then use another device and enter my seed into it to access the wallet. Then assuming my coins are still there, create a new wallet and send all of them there and get a new seed. Is that recommended?

I don't want to wipe my laptop as I have so many things on it for years etc. I also didn't do a backup of it as well. The thing is I do have a copy of my password manager on a usb drive. But is there any virus program I could use or buy where it would find any type of malware, keylogger or browser hijack etc on it? So that way I could continue to use my laptop without wiping it clean?

I have heard of that browser hijack where when people send coins, their browser would copy/paste another address etc. But in this situation, what would you do? I guess this is the same like if your computer is compromised and you use software wallets and sites since anything you type into binance or coinbase etc... well that person could record your keystrokes?

I have learned my lesson and for the best I can offer you advise base on experience is that consult a computer tech and ask what to do. I was hijacked once and all my assets were gone in an instant. They are quicker this time.
Now my seed phrases are on another gadget in case of something like this happens, and all my wallets are 2fa authenticated. I also have back up in case I lost my phone were you can use a code once for accessing your accounts.
We better be ahead of them in terms of securing our assets, we are talking about money here. The thing that got me was a phishing site, I was randomly clicking spam messages on my email and they've got me really hard, guessed it was my mistake at the first place for being dumb. And remember guys, there is no such thing as free money out there! It's the bait they usually use for noobs like me back then.

Wexnident

hero member

Activity: 2506

Merit: 628

I don't take loans, ask for sig if I ever do.

Quote from: jerry0 on December 08, 2021, 03:26:27 AM

So would best option now be use a clean computer or device, download that wallet and type in the seed on it and see if the coins are still there? If so, create new address for it and move the coins there? So even if I log into my password manager and the wallet on the maybe compromised computer, then they can't move it if the coins are already moved?

That would be the best option, whether there is or there is not an existence of an external malware, virus, file, threat, keylogger, whatever term you can use that could compromise your pc. The fact is, you visited a fake site, and there was a chance that you had malware or whatnot downloaded.

Honestly, I wouldn't bother about it most of the time since afaik, you need to download something from their site, and only then would they be able to access whatever there is inside since that downloaded file acts as a gate of sorts. This is only what I know though, there might be possibilities of malware being downloaded without you doing anything.

Quote from: jerry0 on December 08, 2021, 03:26:27 AM

And is there a way to check if there is any malware/keylogger or anything like that on my computer now? Such as what virus program to buy etc? I know if i wipe my hard drive clean and start fresh, obviously the any compromised would be gone. But I don't want to do that.

Try regular anti-virus software. Malwarebytes adware cleaner works afaik. You can also check some signs of malware though, win defender detecting malware, cpu/gpu usage to the roof, files being encrypted stuff like that.

MIner1448

member

Activity: 938

Merit: 13

Tontogether | Save Smart & Win Big

If you have already downloaded malware, then most likely cybercriminals can already collect data about you and your passwords, when they collect everything, they can easily crack your passwords and pump out your hard-earned money, I had this with a friend if a virus lives on a computer. this does not mean that he is inactive or does not carry any kind of threat, it just may not have collected enough information for hacking.

NeuroticFish

legendary

Activity: 3500

Merit: 6205

Looking for campaign manager? Contact icopress!

After cleaning up your computer, you should install uBlock Origin and WoT (or better). uBlock Origin will hide the ads, WoT may mark the suspicious websites in.. anything else than green hence signaling you for caution and double checking the link.

The browser can download malware, but it may need you click an OK, at least that's how it was many years ago.

Keep in mind that it's enough you have a browser/clipboard virus altering the recipient's address when you want to send (or receive) coins and getting you this way send the money to hacker's address.

Depending on what password manager you have and whether it's encrypted or not, third party may get (or not) access to the whole content of the password manager data, including the seed. Since you are obviously not good on handling your seed, why don't you just buy a cheaper hardware wallet?

In order to check whether your computer is infected, my recommended way is a bootable antivirus CD/DVD you can download from known antivirus companies. Download, burn, boot from it, update signatures database if needed, spend half a day and disinfect. You can pick your favorite from this list: https://www.techradar.com/best/best-antivirus-rescue-disk
It's the best method I know, but I don't claim it to be perfect.

jerry0

full member

Activity: 1708

Merit: 185

I have password manager on my computer, on the cloud and a usb stick. I have it on my computer for obvious reasons since if i want to visit a site, log into email or banking, well i just copy/paste.

But my issue is if my computer is compromised, does that mean anything I type on my computer going to be seen by a hacker? Thus it doesn't matter if my seed is in my password manager since even if i type it into the software wallet each time i log in, it would see it? That is my concern here.

So would best option now be use a clean computer or device, download that wallet and type in the seed on it and see if the coins are still there? If so, create new address for it and move the coins there? So even if I log into my password manager and the wallet on the maybe compromised computer, then they can't move it if the coins are already moved?

I basically want to know has anyone had their wallets compromised by clicking on a link or visiting any site such as a redirect site or dangerous site.

Because I think if you click on those links, then anytime you enter a seed into a software wallet, or information into binance or gemini or say bank, they could see everything you type?

And is there a way to check if there is any malware/keylogger or anything like that on my computer now? Such as what virus program to buy etc? I know if i wipe my hard drive clean and start fresh, obviously the any compromised would be gone. But I don't want to do that.

crwth

copper member

Activity: 2744

Merit: 1250

Try Gunbot for a month go to -> https://gunbot.ph

Does your password manager keep it offline or something? I know some password managers have the option to encrypt the note/file that you have stored and possibly keep it in another layer of security other than your master password. Have you done this? Maybe this could help your thinking if it's compromised or something. But I would still recommend you backup your stuff and possibly change PC or something. If you have this "just to be safe attitude,"

jerry0

full member

Activity: 1708

Merit: 185

Okay so if you click on a dangerous site, could malware/keylogger be automatically downloaded without you knowing? So basically anything you type is going straight to the hacker?

But are you saying the moment you click on that link, any program you have opened on your computer and things like that... the hacker could literally see everything? Example say you are logged into your email during this time on your computer. Could they check everything?

So for example if now you enter your password to get into your password manager or your bank or binance or your email, could they track every single keystroke from now? If so, what program should you download to check for this? Or is there malware/keylogger so good where no program could find it? Because right now i don't want to use my computer because of this reason. So if you have software wallets and you have to enter your seed whether copy/pasting it from a password manager or typing it, is one at big risk then? So you suggest entering your seed in another computer or no malware device then right to see if your coins are still there? Then if so, move them to another address? Then even if you log into your password manager on your laptop, even if they see your keystrokes, well if they see your seed now, you would have moved your coins from one address to another assuming it didn't already moved?

Topic: Possible Compromised Laptop With Seed in Password Manager? - page 3. (Read 601 times)