Topic: Possible Compromised Laptop With Seed in Password Manager? (Read 682 times)

The best cure is, of course, not gambling with the security of your system by opening and running unknown files and apps. I wrote in a different thread recently that malware can be configured to recognize and "escape" the secure enclosure of a VM or sandbox as well. Even that isn't something to rely on nowadays. 

Yes, that would work, as would not downloading random files, opening everything you download in an isolated VM first, only downloading open source software, examining the code of the downloaded file yourself before running it, and so on. There are a thousand ways to mitigate against virus attacks, but we both know that most users don't do any of these things, browse the internet with very little care or due diligence, and download and run all kinds of add ons, apps, extensions, software, etc., without a second though.

How many average internet users do you think have ever right clicked -> properties on a file before?. And of the few who have, how many would know what they are looking for? We continue to see very basic security mistakes even in the crypto space with users who we assume are more technically competent than the average population.

That's why you should always check what type of file you are opening before you actually open it. Instead of double-clicking on it, right click and go to properties. Under the general tab you will see type of file. Even if the file is a .bat or an .exe disguised as a .txt, your system should show you what it really is. Unless those who are creating malware have found a way around this as well, this should work.

Than please STOP replying to this lunatic spam agent jerry007 translated topics/posts, click on Ignore button and don't let him drag you down with all other.
I am also seriously thinking about ignoring other members who continually keep replying to his empty posts... worse than spam topics and plagiarism we see in Bitcoin section.
I would understand if it happened one or two times, but if it's happening all the time than something is seriously wrong  

I think the problem with this approach is that it almost encourages users not to pay attention to their security and not to do any due diligence. We see countless fake wallet apps popping up on various app stores, and users downloading them and using them without a second though because they wrongly assume Apple or Google have done their due diligence for them.

If it is definitely just a .txt file and you only open it with notepad or similar, then you will almost certainly certainly be safe. However, I might send you a file called pgpkey.txt.exe or pgpkey.txt.bat, and since Windows hides file extensions by default, then it would show up as pgpkey.txt. You double click it and the virus runs. Or maybe I send it you as a .zip or a .rar which you think only contains a .txt file, but has other hidden files in there too. On Windows, I could create a shortcut to some malicious web address and rename it to pgpkey.txt and send it to you. You double click on it, and your browser opens the malicious link. I am by no means an expert, but I'm sure there are countless other ways to disguise a virus as a .txt file.

I'm not 100% sure about .txt, but definitely with images and music files. I read about these a long time ago; here's something I just found through a quick web search from 2002: Perrun virus

Here's also one of many StackOverflow topic about this matter.

I think the two main concepts are to either build an executable that executes a virus & displays a 'dummy' image when executed (double clicked), and naming it something.jpg or to exploit a bug in the image viewer and embed attack code into the file, which is executed when the bug is triggered during image loading.

You're right, 4 years is a long time. Should be enough to get familiar with the topic. To be honest, people should know how to protect their computer, regardless of using Bitcoin or not. Meaning when they do get into BTC, they should already know how to responsibly use their machines and how to protect and backup their data.

How's that? How can you infect my machine by sending me a .txt file? I only know that it's possible for programs that gain access to the sensitive data of Windows such as executables.

You may find more “diamonds” if you search their topic history. I mean, this guy is in bitcoin since 2017 at least, and they don't know how to protect themselves already?

This thread is going nooooowhere It's kind of hilarious and sad at the same time, sorry Jerry for saying this. But you're also losing people's time (sometimes even seems intentional) so I guess it's fine that I get some fun out of it as well.

Asking for something actually answered in the quote above it? Check.


The still ongoing, hopeless search for a 'magic pill' software that makes you 100% safe, without following basic precautions (which does not exist):

---

This is why I recommend Linux or even macOS. I myself use all platforms, professionally and personally, it depends. But I do feel it's easier to unintentionally download malware on Windows. Sure, you can operate Windows machines for decades without issues. But compared to macOS, especially people who have little idea about what they're doing, will be more secure downloading stuff from an 'AppStore' or package manager than having to web search for it.

It's also that in Windows, you're by default root and people are used to installing software with root privileges all the time (maybe unintentionally installing a RAT with alll the rights). Also, the much larger market share of Windows vs other OSes on the desktop means that it is financially more interesting to develop Windows malware.

Actually, I believe the safest OS 'for the masses' is not even a Desktop OS at all. Most people will be most secure using a tablet / iPad with a keyboard, probably. All software will need to come from the official 'AppStore', everything's sandboxed, there will be no drivers, no privileges, no .exe's from the web. These days, you can easily work on Microsoft Office documents and manage your photo / video library on a large iPad.

Theoretically, viruses can nest themselves into any file. So you would probably need to virus-check that thumb drive before inserting it into the fresh new PC (without infecting the machine that is meant to virus-check it)... so it does kind of become a cat-and-mouse problem. If I were to design such a virus, I'd probably have it immediately infect the OS / AV in the first place such that it won't detect / flag / delete the virus on the thumb drive.

You don't. You can't be 100% sure of it. That's what we have been trying to tell you.  

It's the same question as above but asked differently. If you introduce malware-infected files to a system with a clean virus-free OS, you are bringing malware onto that new setup, assuming there is some malware. 

Are there that many essential pieces of software that you have to write their names down on a piece of paper? Just install the things you need on a daily basis, not everything that's been sitting on your PC for years. Another thing, computer programs can also come with malware, adware, spyware, whatever. Especially if you are dealing with pirated software and torrents.
Don't install unnecessary bloatware on a system that handles your crypto and private keys.

Okay I will clean reinstall it.  But before I do this, what do you recommend I do first?


Again my issue is I have lot of files that I need to copy/paste to an external hard drive.  How do I know these files are not infected?  Again Kaspersky total scanned my entire laptop and it found nothing.  I ask this because say after I do a clean reinstall, then when I transfer these external files back, how I know for sure they aren't infected before I transfer these files?


Then with all the programs I have installed... just write down every single program name I have installed so I install it again after I do the clean reinstall right?

We keep going around in circles all the time. It comes down to this. You are not going to delete those files and most probably you aren't going to reinstall your OS either. So just keep them and do whatever you want.

Your computer has already been infected for who knows how long. Maybe it wasn't anything serious and your AVs picked up tracking cookies, but maybe not. You are too confident in the performances of AV software. Those are just pills and antibiotics that you take WHEN YOU ARE ALREADY SICK. You need to take precautions not to get sick in the first place.

If you believe your computer is now safe, keep using it.
If you don't think so, reinstall your OS and start fresh.

Are we going to discuss this several months until you make a decision?

So I did the kaspersky scans... all of them... full scan, vulnerability scan and background scan. It found 0 threats. So what are your thoughts on this? From what I read, kaspersky total is one of the best virus programs out there.


So does this mean most likely I do not have any malware/trojan/keylogger then? So windows defender had removed it earlier?


Yea the thing is if I had a recent macrium reflect image backup... I was told a while back this is when you do a backup of my your entire hard drive and copy it to an external hard drive... and basically whenever you want to do a clean reinstall, you do that... then when you copy from this backup image in the external hard drive, it will make your cleaned laptop look exactly the same as how it was when you saved it. But I did not do this. Thus I don't want to clean reinstall because if I do, then I have to download all the programs again etc. But the main issue is lot of my files are not transferred from it yet. And if I transfer it... I risk it being infected right? However, kaspersky did not find anything.

I downloaded kaspersky total and going to scan my computer now.  Someone mentioned this is the best antivirus that could find malware/trojan and keylogger.  So if it finds things and removes it, it still isn't safe?  I read kaspersky can find like 99% of keyloggers.



The files I want to transfer from the laptop are microsoft word/excel files.  But also some videos and pictures as well.



Also there is something I forgot to mention but not sure if it is that important.  I mentioned when I clicked on the link, my password manager was opened during that time.  Then I closed it.  I am actually still logged into my emails on my chrome browser during this time.  So if I visit the email site now, well it goes straight to my email.  So if my computer was compromised, wouldn't they be able to send emails and things like that already?  However, if you want to change your email password, they need the current password so unless I type it in again, they don't have it? 

Have less trust in anti-viruses. If your machine has caught anything, then for whatever “cleaning” program you install, you'll never be sure you're safe; I'd say not even close.

What kind of files are those you want to export? Are they just videos, images and wallet.dat kind of files? If that's the case, then just transfer them in a USB, wipe up the drive and re-install your OS. If there are closed-sourced executables included, then I advice against.

If we assume you copy it, then yeah. Keylogger will detect it. Note that there are screen recording kind of malwares, so just having the seed phrase on-screen on a virus-affected machine is neither safe.

---

I know we sound fearmongering, but it's the way computers and bitcoin work that makes us, completely justifiably, do.

Many of the other altcoins I have is not supported by nano ledger.  That is why I don't have it all transferred there.  Previously they were in an exchange and then I downloaded software wallets for it.  I do not do trading with these crapcoins.  I basically bought them years ago and held them in an exchange or wallet etc.  I am not doing any quick trading of any sort.


The reason why I use windows is because that is all I ever used.  Other thing is some programs I use... are not compatible with windows.  So using linux or mac won't work for me.


Someone else suggested what I can do is transfer all my files from the possibly compromised laptop to an external hard drive or the cloud.  Then wipe my windows clean and do a clean reinstall.  Then when using the new computer scan all those files in a non administrative account and then check to see if there is any malware before copying the files to the new computer.  Is there any issue with this?  Again I know the easiest thing to do is just clean reinstall my laptop, but I have files there I want to keep etc.  But is it risky transferring those files?  I know had i done a macrieum reflect backup, then I wouldn't had these issues etc. 


The other option is downloading kaspersky total or bitdefender and scanning the machine to see what it finds and then remove those threats.  And maybe continue using it?  Again I am just stumped on what to do because I don't have my full backups.


The big issue here is I have seed stored in my password manager, so if I open it up, if keylogger there, then I'm screwed?

I can relate to what you are saying and I am pretty much the same way. All I have ever used is Windows, but I don't go around poking and clicking on everything. I am cautious by nature and that has helped me avoid malware and viruses my entire adult life.

No, that would just confuse him even more. I don't think it would be much safer because he doesn't listen and does things his way.

I really don't know. He doesn't seem that active in the altcoin section and I can't remember he ever mentioned that he participates in bounties.

For BSC, you need to install a bridge as far as I know, but yes it should work. I have never owned any BSC so can't tell you much about it. Tron and their TRC10/TRC20 tokens can be stored on Ledger. They do require that you have Tron on the same account otherwise the portfolio seems empty and there are no records of your Tron transactions. I occasionally keep USDT on the Tron network on my Ledger and besides a longer sync time compared to Bitcoin, everything else is ok.

Honestly, me neither. The reason why I would stop using my Nano S will surely not be because I can't have 3 or more apps installed on it at the same time.

I avoid all shitcoins, so I'm totally out of the loop on this, but aren't there a bunch of other trash centralized coins which allow to you launch your own even trashier centralized tokens on top of them, such as Tron and BSC? Can you store those on a hardware wallet? Might be better to just stick to coins which are hardware wallet compatible if you can't figure out a better way to store the other ones other than to save a seed phrase on your computer. (Although if you can generate addresses for a coin via a seed phrase, then there is no reason that it couldn't be stored on a hardware wallet, except that the developers don't care enough to build wallet software which can do that (which is even more of a reason to dump said shitcoin)).

I've never understood why people make such a big deal of this. It takes literally 10 seconds to swap apps. Perhaps if everybody wasn't in such a rush they would take the time to double check addresses properly as well.

There are legitimate reasons to use Windows over Linux. I don't think "Linux is hard" is one of them. If you can use Windows, you can use Linux. I would suggest Linux Mint as a first stepping stone if you are a life long Windows user. You will struggle to stumble across an issue which doesn't have a step by step guide to resolve it written by someone in the community.

But yes, much like your bitcoin wallet, your OS is only going to be as safe as the person using it. If you go around saving seed phrases on the same computer you use to browse questionable sites, click on random links, and download random software with no due diligence, then no browser, no OS, no antimalware, etc., is going to protect you.

Besides not using Google, I find not using Windows equally difficult. I agree with all the privacy advantages and similar you may gain by using a Linux OS instead, but that isn't enough to make me a Linux user. I'm a windows user since I was a child. I've used in their terminology and as much as I've tried replacing it with Linux, I've failed.

So, if someone like Jerry faces such issues, you can't just tell them to use another operating system if they've used to use Windows their entire life. I find the following post very relevant:

---

Not that I like being biased, but he does look like the person who's here only for the quick profit without giving much attention to the potential risks buying shitcoins may have. What to say;

I can't stop but wondering what kind of coins and tokens those are. The majority of shitcoins are Ethereum-based, so he can just keep those on his Ethereum address on his Ledger. Maybe he doesn't know that and I wouldn't be surprised if he didn't. 

Even that is an overstatement right now. That handful is now 2 standalone apps, 3 if you are lucky (but I doubt it). You can still install a bunch of dependent apps that are forked of the standalone app. For everything else, you have to rely on installing/uninstalling to work with an app you need at that moment in time.

Slightly off topic, but that's simply how many apps it can support at a time. You can freely delete and install apps without affecting your private keys or coins. I could install the bitcoin app, send bitcoin to the Ledger wallet, and then uninstall the bitcoin app to install something else, and when I later reinstall the bitcoin app a month or more later, my coins will show up just fine.

Depends what programs you want to use. There are free and open source alternatives to the most common Windows packages, such as LibreOffice and GIMP. You can use Wine to run most Windows programs on a Linux machine. If you absolutely must use Windows for something, then you can always dual boot or have a separate Windows device.

Here is your problem - you have no idea regarding what constitutes good security or good internet practices. I suggest you do a lot of reading. Chrome is terrible, Edge is terrible, Brave is terrible. No, HTTPS and NoScript aren't some magical shield which will prevent any and all malware from accessing your computer. Such a thing does not exist, and the fact that you keep asking for one piece of software to keep you completely 100% safe just goes to show that you don't really understand computer security.

It is incredibly unlikely that clicking on a single link has resulted in "tons of threats" on your machine. As I said above, your security practices are so poor that I suspect you have been infected with multiple pieces of malware for a period of time and you have just been unaware until now.

Move anything you can to your Ledger, and any coin/token so small and unknown that you can't store it on your Ledger then find a separate device which you don't go clicking random links on to download a software wallet to (or, you know, just sell it for bitcoin).

I am pretty sure my windows defender had firewall protection on.  My windows defender and malwarebyte was on the entire time when I clicked on the link.  Again, the windows scan detected tons of threats when I did a scan right after I clicked on the link.  My concern here is I stored seed in the password manager in the computer.  So if it could read my seeds from my password manager, that is not good.


I have a hardware wallet.  But some of my coins are not compatible with the hardware wallet.  So I have those software wallets on the computer.  There isn't an option for some of the coins I have because you can only use software wallets for it.  But the issue is i wrote the seed down in the password manager.  

---

I had no idea using google is bad.  I been using it for years.  Yes i heard lot of scammer sites appear on google with those ads.  So which search is the best to use then?  You say duckduckgo and startpage.  So are these the best two?  I always used google because it was simple and clean looking site etc.  Yea its very easy to misclick stuff on google.


Well if you look for an answer to a technical question... how would google not post a bad site at the top?  Imagine say you want to find a link to an actual copy of windows from microsoft or a driver and then find it but it was some scammer getting that link to the top of google.  Then aren't you screwed when you search for it and click on it?  Yes the food recipe thing i mentioned... im sayin surely its possible for someone to post something like that?  Imagine looking for food recipe and then it opens up to be an ad for crypto and it might be malware etc.


What do you mean check incognito model on google the link.. you will see.  Can you explain what you mean by this exactly?


You say


uBlock Origin and HTTPS Everywhere are adviseable



So download both of these programs into your browser then?  So what about adblock plus? That is what i use for chrome and thought that is good for it. 


So the ideal setup is which web browser?  And having both of those two things you mentioned?  But that will protect you from almost everything?

Well the reason I use windows is because many programs I use... use windows.  A while back I considered buying a macbook laptop even though its expensive but then I found out lot of programs I would use is not compatible with mac.  Isn't that an even bigger issue with linux?


I had no idea chrome was not recommended.  Years ago I used firefox and then switched to chrome.  I heard of Tor... but never used it because I don't know anything about it.  I never even heard of Ublock origin.  The only thing i heard of is adblock plus which is what I use with chrome.


I normally do not use the same computer i store my coins and web browse.  I have a chromebook for that.  But issue here is I was web browsing... and that link opened up from google on my computer.  That has never happened before when you check an answer to a question.  I did not download any random files ever on my computer.  I only visited the site.


So which is the best browser you recommend then?  I heard of brave and microsoft edge.  But make sure you use ublock origin with it?  Is it better than adblock plus?  The https everywhere and no script... i never heard of this.  So these two programs would prevent any malware on the site you visit?


The thing is this laptop of mine still will be my main laptop whether I clean reinstall or not.  So the best suggestion is just clean reinstall it?  So don't open up any files up?  Is entering my password manager password a very bad thing to do?  But what if I moved all my coins and changed my passwords for the important things?


So do you recommend kaspersky total or bitdefender and it checking for everything and see where I can go from there?  I know the safest thing is just clean reinstall it... but my issue is I didn't make backup of it.  I do have some files transferred to a usb a while back.

This is a big one for me. When I stopped using Google, it delivered better results than the alternatives, but I still switched for privacy reasons. However, recently I sat at another person's PC, which used Google by default and man, those results are hideous. Not only are the first few results ads; but also visually pretty well disguised. And lots of the actual results are totally trash and obviously paid to get those high rankings. While not actually being labelled as ads at all!
I can see how it's easy to misclick on some of those when looking for innocent stuff.

However - and I'm making an assumption here - it also depends what you're searching for. While this should all be common sense, obviously when looking for example for cracked software and other kinds of piracy, the probability is higher that someone is going to try to grab your money another way. I sincerely doubt you will get scammer links when sincerely looking just for recipes or technical questions online. Of course I can only judge this as someone using DuckDuckGo and Startpage; it's possible that Google will show you scam links in top positions when looking for recipes. But on the engines I use, I would almost guarantee the results are clean.

Also, after a while on the net, you should already see from the URL if it's something familiar, normal-looking or if it looks fishy. Like, the actual domain name, for instance. Above all search results (also in Google; just checked via Incognito window), you see it; and you also see the whole link when hovering.

Long story short: this should all be considered standard, basic precautions when surfing the web; but I guess some people don't want to bother. Then it's on them.

I also agree that a few extensions like uBlock Origin and HTTPS Everywhere are adviseable; some scammer sites don't get a certificate (or don't want to - since usually proof of ID is needed) and Origin removes some scammy shit like ads on Google by default, I think. Depends on your lists. Of course also great for privacy due to tracker blocking, but that's another story.

He already said that he invests heavily in shitcoins so shitty that Ledger doesn't even have apps for them in their list of 1300+ coins.
It also seems like he just has a ton of different coins and I just discovered the other day that you can basically just install a handful of coins onto a Ledger Nano S, even if it 'supports' hundreds.

To be honest, if you're dabbling with these kinds of coins; while it's not my topic of interest, from what I know, these are used as very-short-term investments. Meaning, you buy a bunch, if they skyrocket, you insta-sell and then go to the next one. So, while I'm super duper pro-cold storage, hardware wallets, and all that; it may be financially smarter to keep them on an exchange so you can sell quicker. It also seems to me that a (reputable!!!) exchange might even be a safer custodian of those coins than someone keeping the seeds in the password manager.
Just an idea.

I don't understand why you've made it such a big deal. A computer that does not have a firewall protection is more vulnerable to be compromised. Just turn on your anti-virus, it will detect malicious sites and files. It's not recommended to keep bitcoins in such computer that connects to the internet either way.

You said you have a hardware wallet? What stops you from using it?

Don't use Windows. Keep your Linux OS and browser software up to date. Don't use Chrome. Don't use Google since they happily accept money from scammers and criminals to promote their ads. If you aren't using Tor, then use Firefox and install uBlock Origin, HTTPS Everywhere, and NoScript. Don't browse for random things on the same computer you are using to secure your bitcoin. Don't download random files.

Lots of threats? It sounds like your machine has been infected for a while and you were just unaware up until now.

Bob.  So let say you were googling things such as how to clean your computer or download files you need.  Or it could be something as wanting to find a recipe for cooking.  You go on google and look at links for cooking recipes etc.  Then when you click on a link that seems to get you to a recipe on google, then it gets you to a bad link.


How you do protect yourself in these situations?  You say by not clicking dumb things.  Well with my windows laptop, I am extremely careful with it throughout the years.  Only once or twice did I click on a link like that.  Last time it was through a website that is legit so I wasn't that concerned because windows defender didn't find anything.



The people that say don't click random links.  Of course i understand that.  Again im very careful with this normally until this time.  It wasn't even a link, it was an answer to a question on google where i thought it would just open up an answer,,, the link opened up.  Then i did virus scan on windows scan and it found lot of threats.  Then how in the world do you protect yourself when googling things then?  I mean are you suppose to inspect every single site you want to visit?  So imagine you looking for cooking recipes and found a bunch of sites... you have to make sure its a cooking recipe site?  So would kasperky or bitdefender alert you when you click on it that its a dangerous site and then you can go back?  This is getting beyond ridiculous because how can anyone web browse at all if things are like this.  Again im extremely careful when web browsing and downloading things.  This site just opened up when I thought all it does was give an answer to a question.

I remember telling him 2 or 3 years ago.




Do whatever you want to.
Then please also accept any consequences.

I really don't get what your problem is. If you coins got stolen, you kind of asked for it. If they weren't, you were lucky.
If it is the first, stop doing nonsense and listen to the valuable advices. If it's the latter, secure your coins and do whatever you want to.




How? By not clicking dumb shit.
Does this software protect you? No (as mentioned multiple times already).

Then carry a good hardware wallet with you. This is infinitely more secure than carrying around you seed phrase.

Literally every account which lets me use 2FA.

This defeats the entire point of 2FA. If someone compromises your password manager, then they have both your password and your 2FA code, and so your 2FA achieves nothing.

I have a tiny amount of coins stored on hot wallets. Yes, if I was to become infected with malware those coins would be at risk. That is a risk I am willing to take because of the tiny amount of coins and the fact that I have never once been infected with malware because I don't go around clicking on random links.

Aegis or a hardware key. Google Authenticator and Authy are bad choices.

I don't click on random links and I don't use Windows.

Those can all be reset. You forget your password, you reset it and request a new one over your email. If you lose or forget your email, you contact your bank, verify yourself, and have them change whatever details are needed so you an have access to your account again. And like o_e_l_e_o mentioned, you can use 2FA with online banking. Who are you going to contact if you lose your passphrase or get it hacked/stolen? There is no customer service to change it for you and give you a new one. You are the customer service, the bank director, and the bank clerk.

Yeah do that if it's safe and malware-free. Brand-new from the shop or just recently had its OP reinstalled.   

What kind of shitcoins are you into that Ledger doesn't support them? They support over 1.000 different assets. That's not a reason to store your seeds digitally, nothing is. 

 There is this thing called a pen and paper. Some would say that it's obsolete technology, but it still works wonders you know!

How do you accidently click on wrong links all the time? Yes, it can happen sometimes, but it shouldn't. You are not careful about anything Jerry.

You are asking what to do, but you have already made up your mind to keep all your files, so keep them. Some of them may or may not be infected, who knows.

Not necessarily. If I wanted to steal your crypto and your seed phrases, I don't need access to your email. 

That's why you check what you click on before you click on it.

And? What do you want us to do about it? Your AV picked something up. It could be connected to the site you visited or it's from something earlier.

Changing them from time to time is a good idea anyways. Why not do it now when there is a possibility of an infection.

There is something seriously wrong with you.

That's the whole point of having 2FA. No one can access your accounts with just the standard login details unless they also have the 2FA code. Jesus Christ!

JSON files just encrypt your private keys. If you have multiple copies of your seed phrase (written down on paper Jerry, not in password managers) you don't need copies of private keys or JSON files.

Any of them is better than having none. Here, use this source for some more info.   

That's irrelevant. If you stick your dick into a beehive, you are bound to get stung. 

When I mean accessing seed easily, I mean like if you don't have your seed with you because you are in another location.  Yea writing it on paper and carrying it with me is not good.  That is why i stored my seed on the password manager.



Okay so you set up two factor authorization with all your important accounts.  Can you tell me what accounts these are that are not bitcoin wallet?  You mean like email, banking and crypto exchanges?  So basically even if someone has your username/password to the email, banking and crypto exchange passwords, unless they get your two factor authorization code, its useless for them right?  Unless you actually wrote that two factor authorization on the password manager?



I had thought you put your two factor authorization on password manager.  Then I thought that isn't good idea because if someone has that, they can just access your account on their phone.  So you are saying... when writing physically on paper... do the seed phrase and any two factor authorization codes right?  Is there anything else?  What if its like those json files that is access to a certain crypto wallet?  I forgot the name of it but its starts with a J and its like json file or something like that?  So where do you store those then?  If you have a copy on your computer, then isn't it risky if you ever catch malware then?  So that you put it in a usb flash drive an encrypt it?  I'm not sure what is the exact name of these files but I know you can't write or type it down.  Its like a file.  What is the name of this?



What two factor authorization do you use for all your accounts?  I assume google authenticator?  Or something else?  I heard things about authy which is similar to google authenticator and yubikey?



Again the issue here is many people accidentally click on links on their computer or on their phone.  On their phone is much more likely though since the screen is small.  So how do you protect yourself in situations like this?  Make sure you have kaspersky or bitdefender?  Does anyone here use these programs and it always protects them when visiting sites that might be dangerous?

Why would you need to access the seed phrase easily? That's what wallets are for. Even so, if you must access it easily then write it on paper and carry it in your pocket (although that's also an incredibly stupid thing to do).

Yes, I use a password manager. The difference here is I have 2FA set up on all my important accounts, and I receive a notification on my phone whenever someone who isn't me tries to log in to anything important. You don't get that with a bitcoin wallet.

Oh my god no. Write down your 2FA codes on paper! What is the point of having 2FA if you store the back up code for it in the same place as you store the password for all your accounts? It isn't two factors if they are both stored side by side.

The exact same it's been the last dozen times you have asked.

Also im sure people here accidentally clicked on wrong links all the time.  Again im usually very careful with this which is why i haven't had issues.  I only have windows defender and malwarebytes free.  


The issue is if i want to backup the things in my laptop, i dont want to back any infected files to it.  So what is the suggestion now?  I do not want to wipe all my files because there are some files that i did not transfer to either my usb flash drive or the cloud.



The other thing is this.  I do not see anything suspicious about my email addresses.  So would that mean most likely im not compromised?  Again when this happened, I clicked on something and it went to a website that is not a legit site because the name of the site is not suppose to end the way its suppose to.  Also windows defender scanned a lot of threats on it which I rarely ever have etc.  It did seem to remove it but im note sure if its fully removed or not.  But I clicked on the link, my password manager was opened at the time which was my concern.  But I then closed it.  Since the, I have not tried to log in to my password manager on my laptop but has turned on the laptop few times etc.



Someone here suggested kaspersky and just scan it and that is the best option.  Again im overwhelmed by all of this.  So you suggest changing my email passwords on my new computer and phone for any active email im currently using?  



But wouldn't this situation happen to many people who have accounts though like with exchanges?  Thus someone has access to their username/password and then log in?  But if they have google authenticator, they are safe right?  But what if someone put their google authenticator private key or thing like that on program manager.  They are essentially screwed then?  The same with if someone click on wrong link on their iphone?  What about that?

First off, I know you all say don't put your seed phrases on the password manager.  I understand that.  The thing is some seeds i want access to easily so that is why i stored it in password manager.



The thing is what should you put in your password manager then?  I got to assume most of you put your email and banking information passwords there right?  Again my email and banking passwords, i don' even know what it is because its generated by the password manager.  I heard back then you should not use a regular password and make password manager generate it for you.  Don't most of you do that?  Can't imagine you write down your password on paper for each bank and email... especially if the password could be a 50 word character etc.



The reason I couldn't use my other computer is its chromebook.  I actually got another windows computer recently.  So go and try to restore the seeds on the new device is what everyone here suggest right?  Again I didn't have a spare windows computer to just do things.   Yes i do have a nano ledger.  The issue is lot of the coins i have and the seeds, they do not support the coin.  If they did, i would transfer every single coin of mine that has a seed phrase into nano ledger.



The other thing is this.  Do you write down your google authenticator for sites like coinbase and binance etc on password manager?  So that is not safe as well?  I have to assume you all put your username/password on password manager for exchanges right?  No way you guys are writing it on paper and log in each time that way especially if its a very long seed.

And most importantly, don't waste our time or your own time by asking people for help and advice on how to do things as safe and as efficient as possible only to do the exact opposite in the end. What's the purpose of it all? I don't understand the logic of asking and trying to learn about the dangers of storing mnemonics and private data digitally, only to tell us 2 years later that you disregarded everything you possibly could you put your coins in danger.     

So, jerry, to sum up;

• Don't store your seed phrases anywhere electronically. Whether that's a txt file or a password manager. Consider just keeping them on paper.
• Always verify the authenticity of the software you install.
• Don't keep important information (such as money or personal stuff) on a computer that can be easily compromised.
• Don't feel unstressed or secure by installing anti-viruses on an operating system that relies on anti-viruses.

This thread remind of proverb You can lead a horse to water, but you can't make it drink.


You could try https://www.virustotal.com/ and choose "URL" or "Search" option, but obviously this website can't detect all kinds of malware, keylogger, etc.


He has, check https://bitcointalksearch.org/topic/m.58445037.


I doubt he'll bother doing it when he use password manager to store seed.

I don't think it is.
 
I think his seed was already saved in a password manager before he started asking if that is ok to do. He was probably looking for confirmation from someone that it's a good way to protect the seed. But even after multiple people told him it isn't, he felt there was no reason to change anything.

If you give Jerry advice, he asks other people if the advice you gave is good. If he gets confirmation that it is, he will tell you that he has decided not to do it the way you told him to.

Yeah, he has a hardware wallet, but he doesn't always have access to it. Or more precisely to its seed. He has been asking questions about passphrases and how to set one up on Ledger for over 2 years. He never did of course. He can surely send his coins to his Nano S even if he uses a potentially vulnerable computer. But his paranoia levels are extremely high and I don't think he wants to connect it to that potentially infected PC.

---

@Jerry
What is the problem with the other computer you mentioned that you have? You said it doesn't have Windows. Ledger Live is available for Linux and MAC as well. I am not sure about the other software you are trying to save but you should check it out.

He has a Nano S? He should just import the paper seed into a fresh Electrum wallet or even BlueWallet on his mobile if he only has that one infected machine; then send all funds to the Ledger & that's it. Coins secured. That's the simplicity of hardware wallets.. Of course he could also buy a new laptop, rip out connectivity & set it up as an airgapped, dedicated Bitcoin machine, but that will probably need more money and time.

After that, backup files & pictures that are important, however stay careful, as you said, since they could all be infected. So maybe scan them or shit like that before putting them back onto a 'clean' machine.

I truly hope this is a joke.

You are asking these questions for years now.
We have exchanged multiple PM's. And there were way more people in contact with you via PM to help you set up something secure.

Every single person told you to not store your mnemonic code / seed of the hardware wallet on your PC.. and you still did that?

You know.. you are probably lucky.
Simply visiting a phishing site doesn't result in your computer getting compromised. Especially since the people behind phishing sites usually aren't the smartest one. Definitely not smart enough to find an exploit for the browsers sandbox.
However.. how could you possibly store your mnemonic code on your daily computer? Didn't you listen to everyone talking to you?

Forget about the password manager if you have that same seed on your computer. You have a Ledger Nano S. Why are your coins not on the Ledger?

You ask for advice. People give you advice. Then you ask if the given advice is good or if you should do it in a different way. Ultimately, you are probably not going to listen to what people tell you anyway. An anti-virus or anti-malware software is not some magical eraser that undoes your mistakes. It could find and neutralize a malware on your computer, but it is also possible that it doesn't detect it at all. In case of new malware, the software might not have the definitions to classify it as malicious. We don't know what you clicked on and if the site was configured to automatically download and execute some type of malware.

You have played with fire and now you got burned. You have been told multiple times not to store your seed digitally and you keep finding excuses why that's OK for you.

Your computer might be compromised. If you are lucky, it wasn't. Buying a new computer won't solve the problem that the files you have on your old one are potentially infected. If your coins are your priority, reformat your computer, and start from scratch.

If your coins are gone, they are gone. There is very little you can do about it. Buying a new computer just to restore your wallet will only tell you if they are there or not. What are you going to do with the old one and the data you keep on it?

Except it isn't because you unlock your password manager constantly every single time you use your computer, whereas you might only enter your wallet password a couple of times a month.

There is no malware scanner or similar in existence which can guarantee it will find 100% of viruses/malware.

What OS are you using? What software wallet are you trying to use? Why not just use something like Electrum?

My issue with this is in order for me to access my software wallet, I need to enter my seed on that computer.  I have my seed on paper but also in my password manager.  Thus me entering my seed into the laptop could compromise it if if already wasn't compromised.



So based on that, what should i do?  Im typing this on another computer right now.  But I can't use this computer to download the software wallet because this computer does not support windows.



So is best option to get a new computer and then install those software and then enter my seed in it?  Then if my coins are there, create another seed for that coin and send all my coins there?  Thus do this all on another device?  Then when I use my possible compromised laptop and log into my password manager, even if they could see everything, well the coins are moved from there?



Someone recommended me to download kapersky total and scan for virus/malware.  But would that work?  Such that if it finds any malware/trojan or browser hijacking, then it could remove all of it?  And thus I could continue to use my possible compromised laptop as is?



Advice on this? 

Nobody can exactly tell you what happened and what didn't. Best case scenario, they gained 0 information, worst case they could have everything; real-life scenario it would probably be somewhere in between.

Personally, to be on the safe side, I'd disconnect the device from any network right now, send all the coins to a new, fresh, safe wallet ('what's a safe wallet' is a different topic). Then next day go buy an external HDD, export important files onto it; maybe run an antivirus over the drive and if it's all good, wipe the laptop, reinstall OS (it's adviseable from time to time for performance improvement by clearing out junk files imho) and restore the pictures. After all is done, reconnect the network connection. You don't want a potential virus spreading to your other devices.

But first priority would be disconnecting connectivity & securing those BTC.

There is no issue using it from the US right?  Did some googling and apparently kapersky got banned in the US a while back?  Are you in the US?


So there is a link for US people and different link for people outside the US?


Okay I will download the free trial.  But you are saying if there is any malware, keylogger, browser hijack and things like that, then would total kapersky pick it up and remove it?  Or some malware/trojan are so hard to pick up?   Is there a big difference I went to that site already though?  Thing is you say you never had an issue with it and it blocks sites but you been using it ever since. 

That one is medium-security I suggest you use the Kaspersky total which is the premium one. It has a 30 days trial but before you scan the whole PC make sure to update the database first so that it has all possible threats. It will also disable any autorun unknown program
and add a new plugin extension in your browser to protect your browser from any attack. I'm using it for almost 11 years never had any issue except on auto-delete and blocked infected files you can't easily revert it if it was deleted/blocked automatically if it detects any possible threats in your system and it will ask for a reboot for fully disinfect your system.

To make sure no malware/keylogger in your system also scans it with malwarebytes combination of these two is powerful.

Is it usa kapersky site to try it?  So would it find things if it was already there?  So you telling me if it finds nothing at all, then my computer is safe from anytype of malware/keylogger etc?


https://usa.kaspersky.com/downloads/thank-you/internet-security-free-trial

Yes I know to not store seeds in password manager.  But I did do that with some of them.  But I guess this situation is similar to using software wallet.  Because if your computer is compromised, you typing it in a software wallet would be the same thing right?


My question is... is there a way to check if the website I went to indeed had malware/trojan/keylogger etc?  Such that if you post that link on a website, it would scan if there is anything malicious?  Or its possible it could be hidden where a website can't even scan it?  


My main computer has all my information it.  Well I do have some of my seed written as well on paper.  My question is... should i be concerned about logging into my password manager now because of this issue?  The thing was what if my password manager was already opened when i clicked on the link earlier?  


I want to know is there a way for any computer virus scan to check everything on my laptop to see if there is any malware/keylogger/virus?  I don't mind buying any virus program to check that but is there any for that?  I just use windows defender.


But the best thing is get a new computer or device, then type in the seed on it then?  Thus to see if my coins are still there?  


I mean im sure people have accidentally clicked on links before right?  So thus you are compromised so isn't this similar?  Example if you now type in your password to sites, now the malware/keylogger could see it.  Thus any software wallet you use is now at risk right?  


So I want to know what should I do right now based on this situation.

Honestly jerry, every time you make a new thread I am continually amazed at just how bad your OPSEC is despite all the advice you have received multiple times from multiple users.

You have been told dozens of times not to do this. Stop doing it.

If you have malware on your computer, it is entirely possible for it to log everything you type and everything you copy to your clipboard.

Yes. You should move any coins from any wallet which has a seed phrase store electronically to a new wallet which has its seed phrase stored only on paper.

So you have your main computer with years of important information on it (including seed phrases!) which you have never backed up, which you use to click on unfamiliar links and browse risky sites, on which you run no firewall or antiviral software, and which you have never scanned for malware. I can't even begin to tell you what a terrible idea this all is. You are one simple mistake away from losing everything, data and coins included.

you can get infected just by visiting a compromised website, no clicking or dl needed. all the page has to do is load in your browser and boom youre infected.

check it out:
https://www.kaspersky.com/resource-center/definitions/drive-by-download
https://en.wikipedia.org/wiki/Drive-by_download

I think you are a little paranoid.
What system are you using? Which password manager?
Or is it a regular browser that stores passwords? Then what is this browser?
If you are using Linux, it is doubtful that the software could have gotten there without your knowledge and permission. If Windows disconnect the laptop from the network, check the laptop with several antiviruses, Kaspersky offers several solutions.
Clear all cookies from your browser. Check the Task Manager for new processes that may have left a virus running in the background or a keylogger.
If you didn’t download anything from a phishing site, didn’t enter your data and passwords, but simply closed the site and left, there should be no drama. We often find ourselves on phishing sites, but without entering our information there, we simply leave them, erasing everything in the browser in the future. And also a lot depends on the password manager. Some of them also store their information encrypted, which is also a kind of protection.

I would treat my passwords as compromised if I were you, and would go on and change those passwords immediately, and perhaps transfer the funds from those affected wallets with the exposed seeds, too. After that, I'd clean my PC, and ensure that I will place protections (ad blockers and the likes) in order to prevent this from happening again. Also, better treat your seed phrases with extra care. I have mine written down on some paper and it has been that way ever since. Not worried of getting hacked since my backups exist offline, and my seed phrases exist offline as well.

yes its possible the password database/file and the wallet has already been uploaded to the hackers. they can work on those at their leisure at that point, no matter what you (the op) do with the laptop now.

op, assume your password database and wallet file will be compromised at some point, so on a known clean computer change all your passwords and create a new password database with the changed passwords. also create a new wallet and xfer everything over to it.

seeds are generally written down on paper (or something more permanent) and should never be in digital form.

If you don't have any protection in your browser and in your laptop maybe you have already been infected after you visit the phishing site.

Based on what I experienced if a visits any phishing sites some of them automatically download a file that is unauthorized download and install.
That is why I decided to protect my PC with Kaspersky both my PC and browser are protected by any phishing sites and malware that silently transfer/download files in your laptop/PC.

So maybe your laptop is already compromised. What I think is try to install a Kaspersky total you can use the trial it's free and then fully scan the whole PC and also scan it with Malwarebytes before you access the password manager for safety purposes.

I have learned my lesson and for the best I can offer you advise base on experience is that consult a computer tech and ask what to do. I was hijacked once and all my assets were gone in an instant. They are quicker this time.
Now my seed phrases are on another gadget in case of something like this happens, and all my wallets are 2fa authenticated. I also have back up in case I lost my phone were you can use a code once for accessing your accounts.
We better be ahead of them in terms of securing our assets, we are talking about money here. The thing that got me was a phishing site, I was randomly clicking spam messages on my email and they've got me really hard, guessed it was my mistake at the first place for being dumb. And remember guys, there is no such thing as free money out there! It's the bait they usually use for noobs like me back then.

That would be the best option, whether there is or there is not an existence of an external malware, virus, file, threat, keylogger, whatever term you can use that could compromise your pc. The fact is, you visited a fake site, and there was a chance that you had malware or whatnot downloaded.

Honestly, I wouldn't bother about it most of the time since afaik, you need to download something from their site, and only then would they be able to access whatever there is inside since that downloaded file acts as a gate of sorts. This is only what I know though, there might be possibilities of malware being downloaded without you doing anything.

Try regular anti-virus software. Malwarebytes adware cleaner works afaik. You can also check some signs of malware though, win defender detecting malware, cpu/gpu usage to the roof, files being encrypted stuff like that.

If you have already downloaded malware, then most likely cybercriminals can already collect data about you and your passwords, when they collect everything, they can easily crack your passwords and pump out your hard-earned money, I had this with a friend if a virus lives on a computer. this does not mean that he is inactive or does not carry any kind of threat, it just may not have collected enough information for hacking.

After cleaning up your computer, you should install uBlock Origin and WoT (or better). uBlock Origin will hide the ads, WoT may mark the suspicious websites in.. anything else than green hence signaling you for caution and double checking the link.

The browser can download malware, but it may need you click an OK, at least that's how it was many years ago.

Keep in mind that it's enough you have a browser/clipboard virus altering the recipient's address when you want to send (or receive) coins and getting you this way send the money to hacker's address.

Depending on what password manager you have and whether it's encrypted or not, third party may get (or not) access to the whole content of the password manager data, including the seed. Since you are obviously not good on handling your seed, why don't you just buy a cheaper hardware wallet?

In order to check whether your computer is infected, my recommended way is a bootable antivirus CD/DVD you can download from known antivirus companies. Download, burn, boot from it, update signatures database if needed, spend half a day and disinfect. You can pick your favorite from this list: https://www.techradar.com/best/best-antivirus-rescue-disk
It's the best method I know, but I don't claim it to be perfect.

I have password manager on my computer, on the cloud and a usb stick.  I have it on my computer for obvious reasons since if i want to visit a site, log into email or banking, well i just copy/paste. 


But my issue is if my computer is compromised, does that mean anything I type on my computer going to be seen by a hacker?  Thus it doesn't matter if my seed is in my password manager since even if i type it into the software wallet each time i log in, it would see it?  That is my concern here.


So would best option now be use a clean computer or device, download that wallet and type in the seed on it and see if the coins are still there?  If so, create new address for it and move the coins there?  So even if I log into my password manager and the wallet on the maybe compromised computer, then they can't move it if the coins are already moved?


I basically want to know has anyone had their wallets compromised by clicking on a link or visiting any site such as a redirect site or dangerous site.


Because I think if you click on those links, then anytime you enter a seed into a software wallet, or information into binance or gemini or say bank, they could see everything you type?


And is there a way to check if there is any malware/keylogger or anything like that on my computer now?  Such as what virus program to buy etc?  I know if i wipe my hard drive clean and start fresh, obviously the any compromised would be gone.  But I don't want to do that. 

Does your password manager keep it offline or something? I know some password managers have the option to encrypt the note/file that you have stored and possibly keep it in another layer of security other than your master password. Have you done this? Maybe this could help your thinking if it's compromised or something. But I would still recommend you backup your stuff and possibly change PC or something. If you have this "just to be safe attitude,"

Okay so if you click on a dangerous site, could malware/keylogger be automatically downloaded without you knowing?  So basically anything you type is going straight to the hacker?


But are you saying the moment you click on that link, any program you have opened on your computer and things like that... the hacker could literally see everything?  Example say you are logged into your email during this time on your computer.  Could they check everything?


So for example if now you enter your password to get into your password manager or your bank or binance or your email, could they track every single keystroke from now?  If so, what program should you download to check for this?  Or is there malware/keylogger so good where no program could find it?  Because right now i don't want to use my computer because of this reason.  So if you have software wallets and you have to enter your seed whether copy/pasting it from a password manager or typing it, is one at big risk then?  So you suggest entering your seed in another computer or no malware device then right to see if your coins are still there?  Then if so, move them to another address?  Then even if you log into your password manager on your laptop, even if they see your keystrokes, well if they see your seed now, you would have moved your coins from one address to another assuming it didn't already moved?

You should store it in offline equipment, in airgapped computer, etc. Store seeds, private keys, passwords in online devices is not good method and it reduce safety.

If you click on link of phishing site from any source, it is very dangerous. There are different threats when you visit phishing site and enter your information to log in account is one type of risk.
Officially visit websites & download apps, not fake ones
Good topics on security and privacy

I have coins stored in a software wallet on my laptop.  The thing is I do have the seed stored in my password manager.  Yes I know people tell me you should never do this in case your computer gets compromised.



My concern now is I clicked on a redirect link when using my laptop earlier.  The thing is that site that I went to... I clicked on it through google, and then it redirected me to a fake site.  I then just closed it but then noticed this was a phishing site.  I didn't enter anything on that site.



My concern is i read this malware I have could be some browser hijack and keylogger etc.  So that means if i log into my password manager on my compromised laptop, they could track everything I typed?  What if your password manager was open at the time?  I do also have my seed written on paper as well.  My concern is if i log into my password manager now on my computer, that means the hacker could literally see all my passwords and everything i wrote on it?  I know about the phishing links hackers post where you download a fake wallet and enter the seed.  But if you don't enter your seed, I read its safe.   But could clicking on a link to a website without downloading anything also do this?  I did not see any program download.  But I'm pretty sure it was a dangerous site.



The thing that I considered was to not log into my password manager.  But then use another device and enter my seed into it to access the wallet.  Then assuming my coins are still there, create a new wallet and send all of them there and get a new seed.  Is that recommended?



I don't want to wipe my laptop as I have so many things on it for years etc.  I also didn't do a backup of it as well.  The thing is I do have a copy of my password manager on a usb drive.  But is there any virus program I could use or buy where it would find any type of malware, keylogger or browser hijack etc on it?  So that way I could continue to use my laptop without wiping it clean?



I have heard of that browser hijack where when people send coins, their browser would copy/paste another address etc.  But in this situation, what would you do?  I guess this is the same like if your computer is compromised and you use software wallets and sites since anything you type into binance or coinbase etc... well that person could record your keystrokes?