Shadow-qt that's 736k in size? That doesn't seem right. My exe is > 11M in size, not to mention all the other files that come with it in the zip.
problem solved he got infected 
Topic: [SDC] ShadowCash | Welcome to the UMBRA - page 206. (Read 1289636 times)
Shadow-qt that's 736k in size? That doesn't seem right. My exe is > 11M in size, not to mention all the other files that come with it in the zip.
i dunno how big the exe should be - im not a winman
dasource is awesome and thanks for his time.
wouldnt wanna be a thief with ds on my ass
clean as a whistle
dasource is awesome and thanks for his time.
wouldnt wanna be a thief with ds on my ass
clean as a whistle
lawgicc: where did u buy ur new PC?
Costco in california. San Luis Obispo to be precise
and Dclogs was pre-installed? howd u get it?
ps
r trojans so clever now? feels like there was human involvement in ur hack
No idea. Dclogs was in my roaming....All i have downloaded and installed so far has been - Wickr, Spotify, Steam, Skype, Shadowcoin-qt, which one do you think would contain malware?
I purchased the computer yesterday. It either came with Dclogs on it, or one of those applications infected my computer.
i initially downloaded the SDC wallet QT from the repost of rynomaster
Then that didnt work so i used the OP...
lawgicc: where did u buy ur new PC?
Costco in california. San Luis Obispo to be precise
and Dclogs was pre-installed? howd u get it?
ps
r trojans so clever now? feels like there was human involvement in ur hack
.....
The only wallet qt I have is the newest SDC wallet.
The only wallet qt I have is the newest SDC wallet.
Do a check against the versions: checksum
How, example:
https://www.youtube.com/watch?v=C7ZZqnkrj48
checksuming a good idea (tho few will do it).
ive never seen a prog that checked its own cheksum b4 launch. If the app verified it's checksum by comparing to a value stored on the blockchain… then hmm… is this a solution?
nevertheless in lawgic's case the coins have been stolen by some other means.
what do we know?
1) the attacker did not use shadowsend
2) the attacker staked the wallet with the stolen funds
3) the attacker made 2 withdrawals (robberies) seperated by several hours
4) the wallet was protected with a 30+char pass
5) the PC was brand new
My Q
How did they know the pass? lawgic: did u ever enter it? was there maybe a keystroke logger that grabbed it?
I think the attempts to log in to the blockchain.info account are a valuable clue.
didnt look at those screens close but yes lawgicc appears to have fallen prey to a targeted attack.
my q again however is how did they know his pass for his shadow wallet? he must have entered it (typed it) at some point on his new PC which had a keylogger.
lawgicc: where did u buy ur new PC?
Costco in california. San Luis Obispo to be precise
I thought we verified in slack and on the blockchain that the stolen coins transferred 24 hours ago and your new computer want done syncing 24 hours ago. That means that the breach happened on your old system not the new one. The new one only verified the theft once synced. It was the most current version of the chain you could read.
It's like trading wallet.dats around different computers. You move it to one computer and do a couple transactions, move it to the next and do the same. When you restart the original computer the wallet.dat saved had all the coins you had before the transfers but once you're in sync the other coins come out.
Tldr: the beach was on the old computer, not the new one.
It's like trading wallet.dats around different computers. You move it to one computer and do a couple transactions, move it to the next and do the same. When you restart the original computer the wallet.dat saved had all the coins you had before the transfers but once you're in sync the other coins come out.
Tldr: the beach was on the old computer, not the new one.
No it was not verified. All that was verified was that the transactions were not sent from my old or new computer.
wow...yep Dclogs is malware..............
I thought we verified in slack and on the blockchain that the stolen coins transferred 24 hours ago and your new computer want done syncing 24 hours ago. That means that the breach happened on your old system not the new one. The new one only verified the theft once synced. It was the most current version of the chain you could read.
It's like trading wallet.dats around different computers. You move it to one computer and do a couple transactions, move it to the next and do the same. When you restart the original computer the wallet.dat saved had all the coins you had before the transfers but once you're in sync the other coins come out.
Tldr: the beach was on the old computer, not the new one.
It's like trading wallet.dats around different computers. You move it to one computer and do a couple transactions, move it to the next and do the same. When you restart the original computer the wallet.dat saved had all the coins you had before the transfers but once you're in sync the other coins come out.
Tldr: the beach was on the old computer, not the new one.
No it was not verified. All that was verified was that the transactions were not sent from my old or new computer.
I thought we verified in slack and on the blockchain that the stolen coins transferred 24 hours ago and your new computer want done syncing 24 hours ago. That means that the breach happened on your old system not the new one. The new one only verified the theft once synced. It was the most current version of the chain you could read.
It's like trading wallet.dats around different computers. You move it to one computer and do a couple transactions, move it to the next and do the same. When you restart the original computer the wallet.dat saved had all the coins you had before the transfers but once you're in sync the other coins come out.
Tldr: the beach was on the old computer, not the new one.
It's like trading wallet.dats around different computers. You move it to one computer and do a couple transactions, move it to the next and do the same. When you restart the original computer the wallet.dat saved had all the coins you had before the transfers but once you're in sync the other coins come out.
Tldr: the beach was on the old computer, not the new one.
No it was not verified. All that was verified was that the transactions were not sent from my old or new computer.
lawgicc : ur shadow wallet had a 30+char password, yes?
how the hell could he get it without the pass?
ur blockchain.info is a separate issue, yes?
btw u r handling this remarkably well. u have my sympathy.
how the hell could he get it without the pass?
ur blockchain.info is a separate issue, yes?
btw u r handling this remarkably well. u have my sympathy.
Not sure if seperate or the same person. They both happened within the same time frame. It came to my attention when i was alerted through email my blockchain account had been attempted to be logged in.
I have no fucking idea. no fucking idea...
I guess, appreciate it. Im beyond upset no question but its just currency. ill get it back. just not sure if i can trust these altcoins. Might just have to stay with bitcoin. Never in my 3-4 years using crypto have i had this problem.
People probably think im a scrub first learning crypto....as to why im so fuckin frustrated. I dont get how this fuckin happened at all. Im even more upset because this may potentially negatively impact SDC...I fuckin love this SDC....my social media is blasted with SDC and ive told countless people i know personally that this will take Bitcoin's place, just give it time...
now i dont even want to speak about crypto.
what does the dclogs folder belong to?
fairly certain this is a keylogger and you may find logs of your keystrokes in that folder
lawgicc : ur shadow wallet had a 30+char password, yes?
how the hell could he get it without the pass?
ur blockchain.info is a separate issue, yes?
btw u r handling this remarkably well. u have my sympathy.
how the hell could he get it without the pass?
ur blockchain.info is a separate issue, yes?
btw u r handling this remarkably well. u have my sympathy.
Not sure if seperate or the same person. They both happened within the same time frame. It came to my attention when i was alerted through email my blockchain account had been attempted to be logged in.
I have no fucking idea. no fucking idea...
I guess, appreciate it. Im beyond upset no question but its just currency. ill get it back. just not sure if i can trust these altcoins. Might just have to stay with bitcoin. Never in my 3-4 years using crypto have i had this problem.
People probably think im a scrub first learning crypto....as to why im so fuckin frustrated. I dont get how this fuckin happened at all. Im even more upset because this may potentially negatively impact SDC...I fuckin love this SDC....my social media is blasted with SDC and ive told countless people i know personally that this will take Bitcoin's place, just give it time...
now i dont even want to speak about crypto.
what does the dclogs folder belong to?
hmmm
spearfishing blockchain.info users?
click email and DL trojan?
maybe?
I thought we verified in slack and on the blockchain that the stolen coins transferred 24 hours ago and your new computer want done syncing 24 hours ago. That means that the breach happened on your old system not the new one. The new one only verified the theft once synced. It was the most current version of the chain you could read.
It's like trading wallet.dats around different computers. You move it to one computer and do a couple transactions, move it to the next and do the same. When you restart the original computer the wallet.dat saved had all the coins you had before the transfers but once you're in sync the other coins come out.
Tldr: the beach was on the old computer, not the new one.
It's like trading wallet.dats around different computers. You move it to one computer and do a couple transactions, move it to the next and do the same. When you restart the original computer the wallet.dat saved had all the coins you had before the transfers but once you're in sync the other coins come out.
Tldr: the beach was on the old computer, not the new one.
**I did unlock my wallet (for staking only) on my new computer while my wallet was still half synced....Never knew thatd cause problems but Idk what else it could be. I dont know how its even feasible for me to get keylogged without downloading anything/clicking any links....I didnt hop on a computer for the first time yesterday...I dont tell anyone my password, i dont even have it written down, on paper, or in text on my computer. Unless my Asus Transformer Book Flip TP300 is bugged from the jump...i have no fuckin clue. I got 90 days to return this shit, so i got some time before i go tauren
ive heard of hw arriving infected - thats why i asked where u bought it.
but as WC noticed that exe is too small (right?-im not on windows) suggesting a malicious wallet.
any more confirms on wallet exe file size?
lawgicc : ur shadow wallet had a 30+char password, yes?
how the hell could he get it without the pass?
ur blockchain.info is a separate issue, yes?
btw u r handling this remarkably well. u have my sympathy.
how the hell could he get it without the pass?
ur blockchain.info is a separate issue, yes?
btw u r handling this remarkably well. u have my sympathy.
Not sure if seperate or the same person. They both happened within the same time frame. It came to my attention when i was alerted through email my blockchain account had been attempted to be logged in.
I have no fucking idea. no fucking idea...
I guess, appreciate it. Im beyond upset no question but its just currency. ill get it back. just not sure if i can trust these altcoins. Might just have to stay with bitcoin. Never in my 3-4 years using crypto have i had this problem.
People probably think im a scrub first learning crypto....as to why im so fuckin frustrated. I dont get how this fuckin happened at all. Im even more upset because this may potentially negatively impact SDC...I fuckin love this SDC....my social media is blasted with SDC and ive told countless people i know personally that this will take Bitcoin's place, just give it time...
now i dont even want to speak about crypto.
what does the dclogs folder belong to?
fairly certain this is a keylogger and you may find logs of your keystrokes in that folder
lawgicc : ur shadow wallet had a 30+char password, yes?
how the hell could he get it without the pass?
ur blockchain.info is a separate issue, yes?
btw u r handling this remarkably well. u have my sympathy.
how the hell could he get it without the pass?
ur blockchain.info is a separate issue, yes?
btw u r handling this remarkably well. u have my sympathy.
Not sure if seperate or the same person. They both happened within the same time frame. It came to my attention when i was alerted through email my blockchain account had been attempted to be logged in.
I have no fucking idea. no fucking idea...
I guess, appreciate it. Im beyond upset no question but its just currency. ill get it back. just not sure if i can trust these altcoins. Might just have to stay with bitcoin. Never in my 3-4 years using crypto have i had this problem.
People probably think im a scrub first learning crypto....as to why im so fuckin frustrated. I dont get how this fuckin happened at all. Im even more upset because this may potentially negatively impact SDC...I fuckin love this SDC....my social media is blasted with SDC and ive told countless people i know personally that this will take Bitcoin's place, just give it time...
now i dont even want to speak about crypto.
dunno if it can be done, im no dev.
can we get wallets to verify (b4 launch) against a checksum value stored on the blockchain thus preventing the malicious node from joining the nwtwork?
or is this gestapo tactics making development of unofficial wallets more diff?
can we get wallets to verify (b4 launch) against a checksum value stored on the blockchain thus preventing the malicious node from joining the nwtwork?
or is this gestapo tactics making development of unofficial wallets more diff?
.....
The only wallet qt I have is the newest SDC wallet.
The only wallet qt I have is the newest SDC wallet.
Do a check against the versions: checksum
How, example:
https://www.youtube.com/watch?v=C7ZZqnkrj48
checksuming a good idea (tho few will do it).
ive never seen a prog that checked its own cheksum b4 launch. If the app verified it's checksum by comparing to a value stored on the blockchain… then hmm… is this a solution?
nevertheless in lawgic's case the coins have been stolen by some other means.
what do we know?
1) the attacker did not use shadowsend
2) the attacker staked the wallet with the stolen funds
3) the wallet was protected with a 30+char pass
4) the PC was brand new
My Q
How did they know the pass? lawgic: did u ever enter it? was there maybe a keystroke logger that grabbed it?
It fucking beats me. I literally unwrapped this computer yesterday....No idea how a key logger would have got my new PC key logged that quick....My chromebook with linux was encrypted with 2 paraphrases, and my paraphrases are encrypted with pgp 30+ characters long, numbers+letters+symbols.
Never seen these files before?
any idea?
The Shadow-Qt with the shadow logo does nothing when clicked. I use a different folder/exe to open up the qt. Also the file below was added around the time my coins were lifted and someone tried to access my blockchain wallet.
for as long as I can remember, shadow.exe has been the file included in the .zip releases. and the most recent shadow.exe is ~12MB.
my best guess is i downloaded a bugged version of the wallet, pasted my original wallet.dat file into my roaming folder, started the SDC wallet qt and unlocked my wallet while the wallet was still syncing on my new computer.
**I did unlock my wallet (for staking only) on my new computer while my wallet was still half synced....Never knew thatd cause problems but Idk what else it could be. I dont know how its even feasible for me to get keylogged without downloading anything/clicking any links....I didnt hop on a computer for the first time yesterday...I dont tell anyone my password, i dont even have it written down, on paper, or in text on my computer. Unless my Asus Transformer Book Flip TP300 is bugged from the jump...i have no fuckin clue. I got 90 days to return this shit, so i got some time before i go tauren
.....
The only wallet qt I have is the newest SDC wallet.
The only wallet qt I have is the newest SDC wallet.
Do a check against the versions: checksum
How, example:
https://www.youtube.com/watch?v=C7ZZqnkrj48
checksuming a good idea (tho few will do it).
ive never seen a prog that checked its own cheksum b4 launch. If the app verified it's checksum by comparing to a value stored on the blockchain… then hmm… is this a solution?
nevertheless in lawgic's case the coins have been stolen by some other means.
what do we know?
1) the attacker did not use shadowsend
2) the attacker staked the wallet with the stolen funds
3) the attacker made 2 withdrawals (robberies) seperated by several hours
4) the wallet was protected with a 30+char pass
5) the PC was brand new
My Q
How did they know the pass? lawgic: did u ever enter it? was there maybe a keystroke logger that grabbed it?
I think the attempts to log in to the blockchain.info account are a valuable clue.
The attacker never entered the right paraphrase to my Blockchain.info wallet or it wouldve logged it. The only log of the attacker was from the TOR ip that was blocked because of my settings. The keylogger has yet to access any of my other accounts..
Are you running a Tor node anywhere else on your network, any place where a Tor sleaze could have slithered in?
what do you prefer? i run the malwarebytes pro version all i know is i had avg installed at one point and it would come up clean system, and then i download free version of malwarebytes and it came up with like 100+ viruses! what a joke that was a paid for version of AVG also, that was also a computer i had no crypto on at the time so i was lucky i found how useless the mainstream anti virus programs are.
Gibs187x do you live in the states? did you have your computer delivered? if you had it delivered it would of had to go thru the postal service and that's a government agency would not surprise me if they are hijacking packages with computers of interest, like yours would be being heavily involved in crypto for 4 years, and put shit on it.
yeah sounds like a conspiracy.
but the truth stranger then fiction i have come to find.
trust nothing and nobody anymore those days are long gone.
i totally agree with you 100% im in the states but fresh pc.. Gibs187x do you live in the states? did you have your computer delivered? if you had it delivered it would of had to go thru the postal service and that's a government agency would not surprise me if they are hijacking packages with computers of interest, like yours would be being heavily involved in crypto for 4 years, and put shit on it.
yeah sounds like a conspiracy.
but the truth stranger then fiction i have come to find.
trust nothing and nobody anymore those days are long gone.
for as long as I can remember, shadow.exe has been the file included in the .zip releases. and the most recent shadow.exe is ~12MB.
agreed. good eyes. where did u dl the wallet lawgicc?
Jump to: