Author

Topic: [SDC] ShadowCash | Welcome to the UMBRA - page 206. (Read 1289707 times)

sr. member
Activity: 686
Merit: 320
Shadow-qt that's 736k in size? That doesn't seem right. My exe is > 11M in size, not to mention all the other files that come with it in the zip.
hero member
Activity: 812
Merit: 1000
i dunno how big the exe should be - im not a winman
dasource is awesome and thanks for his time.
wouldnt wanna be a thief with ds on my ass  Shocked Smiley

clean as a whistle
sr. member
Activity: 420
Merit: 250


lawgicc: where did u buy ur new PC?

Costco in california. San Luis Obispo to be precise


and Dclogs was pre-installed? howd u get it?


ps


r trojans so clever now? feels like there was human involvement in ur hack Sad

No idea. Dclogs was in my roaming....All i have downloaded and installed so far has been -  Wickr, Spotify, Steam, Skype, Shadowcoin-qt, which one do you think would contain malware?

I purchased the computer yesterday. It either came with Dclogs on it, or one of those applications infected my computer.

i initially downloaded the SDC wallet QT from the repost of rynomaster



Then that didnt work so i used the OP...


hero member
Activity: 812
Merit: 1000


lawgicc: where did u buy ur new PC?

Costco in california. San Luis Obispo to be precise


and Dclogs was pre-installed? howd u get it?


ps


r trojans so clever now? feels like there was human involvement in ur hack Sad
sr. member
Activity: 420
Merit: 250
.....
The only wallet qt I have is the newest SDC wallet.

 Roll Eyes
did you download the wallet from the OP never download from Quotes!!!

Do a check against the versions: checksum

How, example:

https://www.youtube.com/watch?v=C7ZZqnkrj48


checksuming a good idea (tho few will do it).
ive never seen a prog that checked its own cheksum b4 launch. If the app verified it's checksum by comparing to a value stored on the blockchain… then hmm… is this a solution?

nevertheless in lawgic's case the coins have been stolen by some other means.
what do we know?

1) the attacker did not use shadowsend
2) the attacker staked the wallet with the stolen funds
3) the attacker made 2 withdrawals (robberies) seperated by several hours
4) the wallet was protected with a 30+char pass
5) the PC was brand new


My Q
How did they know the pass? lawgic: did u ever enter it? was there maybe a keystroke logger that grabbed it?





I think the attempts to log in to the blockchain.info account are a valuable clue.

didnt look at those screens close but yes lawgicc appears to have fallen prey to a targeted attack.
my q again however is how did they know his pass for his shadow wallet? he must have entered it (typed it) at some point on his new PC which had a keylogger.

lawgicc: where did u buy ur new PC?

Costco in california. San Luis Obispo to be precise
sr. member
Activity: 420
Merit: 250
I thought we verified in slack and on the blockchain that the stolen coins transferred 24 hours ago and your new computer want done syncing 24 hours ago. That means that the breach happened on your old system not the new one. The new one only verified the theft once synced. It was the most current version of the chain you could read.

It's like trading wallet.dats around different computers. You move it to one computer and do a couple transactions, move it to the next and do the same. When you restart the original computer the wallet.dat saved had all the coins you had before the transfers but once you're in sync the other coins come out.

Tldr: the beach was on the old computer, not the new one.

No it was not verified. All that was verified was that the transactions were not sent from my old or new computer.


you got infected with a rat i got infected too i got accused of stealing viral which i did not!


wow...yep Dclogs is malware..............
full member
Activity: 126
Merit: 100
Moon
I thought we verified in slack and on the blockchain that the stolen coins transferred 24 hours ago and your new computer want done syncing 24 hours ago. That means that the breach happened on your old system not the new one. The new one only verified the theft once synced. It was the most current version of the chain you could read.

It's like trading wallet.dats around different computers. You move it to one computer and do a couple transactions, move it to the next and do the same. When you restart the original computer the wallet.dat saved had all the coins you had before the transfers but once you're in sync the other coins come out.

Tldr: the beach was on the old computer, not the new one.

No it was not verified. All that was verified was that the transactions were not sent from my old or new computer.


you got infected with a rat i got infected too i got accused of stealing viral which i did not! look for the dclogs in my pic too!

sr. member
Activity: 420
Merit: 250
I thought we verified in slack and on the blockchain that the stolen coins transferred 24 hours ago and your new computer want done syncing 24 hours ago. That means that the breach happened on your old system not the new one. The new one only verified the theft once synced. It was the most current version of the chain you could read.

It's like trading wallet.dats around different computers. You move it to one computer and do a couple transactions, move it to the next and do the same. When you restart the original computer the wallet.dat saved had all the coins you had before the transfers but once you're in sync the other coins come out.

Tldr: the beach was on the old computer, not the new one.

No it was not verified. All that was verified was that the transactions were not sent from my old or new computer.

full member
Activity: 126
Merit: 100
Moon
lawgicc : ur shadow wallet had a 30+char password, yes?
how the hell could he get it without the pass?

ur blockchain.info is a separate issue, yes?

btw u r handling this remarkably well. u have my sympathy.

Not sure if seperate or the same person. They both happened within the same time frame. It came to my attention when i was alerted through email my blockchain account had been attempted to be logged in.  

I have no fucking idea. no fucking idea...

I guess, appreciate it. Im beyond upset no question but its just currency. ill get it back. just not sure if i can trust these altcoins. Might just have to stay with bitcoin. Never in my 3-4 years using crypto have i had this problem.

People probably think im a scrub first learning crypto....as to why im so fuckin frustrated. I dont get how this fuckin happened at all. Im even more upset because this may potentially negatively impact SDC...I fuckin love this SDC....my social media is blasted with SDC and ive told countless people i know personally that this will take Bitcoin's place, just give it time...

now i dont even want to speak about crypto.





what does the dclogs folder belong to?

fairly certain this is a keylogger and you may find logs of your keystrokes in that folder
hes infected!
hero member
Activity: 812
Merit: 1000
lawgicc : ur shadow wallet had a 30+char password, yes?
how the hell could he get it without the pass?

ur blockchain.info is a separate issue, yes?

btw u r handling this remarkably well. u have my sympathy.

Not sure if seperate or the same person. They both happened within the same time frame. It came to my attention when i was alerted through email my blockchain account had been attempted to be logged in. 

I have no fucking idea. no fucking idea...

I guess, appreciate it. Im beyond upset no question but its just currency. ill get it back. just not sure if i can trust these altcoins. Might just have to stay with bitcoin. Never in my 3-4 years using crypto have i had this problem.

People probably think im a scrub first learning crypto....as to why im so fuckin frustrated. I dont get how this fuckin happened at all. Im even more upset because this may potentially negatively impact SDC...I fuckin love this SDC....my social media is blasted with SDC and ive told countless people i know personally that this will take Bitcoin's place, just give it time...

now i dont even want to speak about crypto.





what does the dclogs folder belong to?


hmmm


spearfishing blockchain.info users?
click email and DL trojan?

maybe?
legendary
Activity: 1133
Merit: 1050
I thought we verified in slack and on the blockchain that the stolen coins transferred 24 hours ago and your new computer want done syncing 24 hours ago. That means that the breach happened on your old system not the new one. The new one only verified the theft once synced. It was the most current version of the chain you could read.

It's like trading wallet.dats around different computers. You move it to one computer and do a couple transactions, move it to the next and do the same. When you restart the original computer the wallet.dat saved had all the coins you had before the transfers but once you're in sync the other coins come out.

Tldr: the beach was on the old computer, not the new one.
hero member
Activity: 812
Merit: 1000

**I did unlock my wallet (for staking only) on my new computer while my wallet was still half synced....Never knew thatd cause problems but Idk what else it could be. I dont know how its even feasible for me to get keylogged without downloading anything/clicking any links....I didnt hop on a computer for the first time yesterday...I dont tell anyone my password, i dont even have it written down, on paper, or in text on my computer. Unless my Asus Transformer Book Flip TP300 is bugged from the jump...i have no fuckin clue. I got 90 days to return this shit, so i got some time before i go tauren

ive heard of hw arriving infected - thats why i asked where u bought it.
but as WC noticed that exe is too small (right?-im not on windows) suggesting a malicious wallet.

any more confirms on wallet exe file size?
hero member
Activity: 606
Merit: 500
lawgicc : ur shadow wallet had a 30+char password, yes?
how the hell could he get it without the pass?

ur blockchain.info is a separate issue, yes?

btw u r handling this remarkably well. u have my sympathy.

Not sure if seperate or the same person. They both happened within the same time frame. It came to my attention when i was alerted through email my blockchain account had been attempted to be logged in.  

I have no fucking idea. no fucking idea...

I guess, appreciate it. Im beyond upset no question but its just currency. ill get it back. just not sure if i can trust these altcoins. Might just have to stay with bitcoin. Never in my 3-4 years using crypto have i had this problem.

People probably think im a scrub first learning crypto....as to why im so fuckin frustrated. I dont get how this fuckin happened at all. Im even more upset because this may potentially negatively impact SDC...I fuckin love this SDC....my social media is blasted with SDC and ive told countless people i know personally that this will take Bitcoin's place, just give it time...

now i dont even want to speak about crypto.





what does the dclogs folder belong to?

fairly certain this is a keylogger and you may find logs of your keystrokes in that folder
sr. member
Activity: 420
Merit: 250
lawgicc : ur shadow wallet had a 30+char password, yes?
how the hell could he get it without the pass?

ur blockchain.info is a separate issue, yes?

btw u r handling this remarkably well. u have my sympathy.

Not sure if seperate or the same person. They both happened within the same time frame. It came to my attention when i was alerted through email my blockchain account had been attempted to be logged in. 

I have no fucking idea. no fucking idea...

I guess, appreciate it. Im beyond upset no question but its just currency. ill get it back. just not sure if i can trust these altcoins. Might just have to stay with bitcoin. Never in my 3-4 years using crypto have i had this problem.

People probably think im a scrub first learning crypto....as to why im so fuckin frustrated. I dont get how this fuckin happened at all. Im even more upset because this may potentially negatively impact SDC...I fuckin love this SDC....my social media is blasted with SDC and ive told countless people i know personally that this will take Bitcoin's place, just give it time...

now i dont even want to speak about crypto.



hero member
Activity: 812
Merit: 1000
dunno if it can be done, im no dev.

can we get wallets to verify (b4 launch) against a checksum value stored on the blockchain thus preventing the malicious node from joining the nwtwork?

or is this gestapo tactics making development of unofficial wallets more diff?
sr. member
Activity: 420
Merit: 250
.....
The only wallet qt I have is the newest SDC wallet.

 Roll Eyes
did you download the wallet from the OP never download from Quotes!!!

Do a check against the versions: checksum

How, example:

https://www.youtube.com/watch?v=C7ZZqnkrj48


checksuming a good idea (tho few will do it).
ive never seen a prog that checked its own cheksum b4 launch. If the app verified it's checksum by comparing to a value stored on the blockchain… then hmm… is this a solution?

nevertheless in lawgic's case the coins have been stolen by some other means.
what do we know?

1) the attacker did not use shadowsend
2) the attacker staked the wallet with the stolen funds
3) the wallet was protected with a 30+char pass
4) the PC was brand new


My Q
How did they know the pass? lawgic: did u ever enter it? was there maybe a keystroke logger that grabbed it?





It fucking beats me. I literally unwrapped this computer yesterday....No idea how a key logger would have got my new PC key logged that quick....My chromebook with linux was encrypted with 2 paraphrases, and my paraphrases are encrypted with pgp 30+ characters long, numbers+letters+symbols.


Never seen these files before?



any idea?

The Shadow-Qt with the shadow logo does nothing when clicked. I use a different folder/exe to open up the qt. Also the file below was added around the time my coins were lifted and someone tried to access my blockchain wallet.

for as long as I can remember, shadow.exe has been the file included in the .zip releases. and the most recent shadow.exe is ~12MB.

my best guess is i downloaded a bugged version of the wallet, pasted my original wallet.dat file into my roaming folder, started the SDC wallet qt and unlocked my wallet while the wallet was still syncing on my new computer. 


**I did unlock my wallet (for staking only) on my new computer while my wallet was still half synced....Never knew thatd cause problems but Idk what else it could be. I dont know how its even feasible for me to get keylogged without downloading anything/clicking any links....I didnt hop on a computer for the first time yesterday...I dont tell anyone my password, i dont even have it written down, on paper, or in text on my computer. Unless my Asus Transformer Book Flip TP300 is bugged from the jump...i have no fuckin clue. I got 90 days to return this shit, so i got some time before i go tauren
hero member
Activity: 503
Merit: 500
.....
The only wallet qt I have is the newest SDC wallet.

 Roll Eyes
did you download the wallet from the OP never download from Quotes!!!

Do a check against the versions: checksum

How, example:

https://www.youtube.com/watch?v=C7ZZqnkrj48


checksuming a good idea (tho few will do it).
ive never seen a prog that checked its own cheksum b4 launch. If the app verified it's checksum by comparing to a value stored on the blockchain… then hmm… is this a solution?

nevertheless in lawgic's case the coins have been stolen by some other means.
what do we know?

1) the attacker did not use shadowsend
2) the attacker staked the wallet with the stolen funds
3) the attacker made 2 withdrawals (robberies) seperated by several hours
4) the wallet was protected with a 30+char pass
5) the PC was brand new


My Q
How did they know the pass? lawgic: did u ever enter it? was there maybe a keystroke logger that grabbed it?





I think the attempts to log in to the blockchain.info account are a valuable clue.

The attacker never entered the right paraphrase to my Blockchain.info wallet or it wouldve logged it. The only log of the attacker was from the TOR ip that was blocked because of my settings. The keylogger has yet to access any of my other accounts..

Are you running a Tor node anywhere else on your network, any place where a Tor sleaze could have slithered in?
full member
Activity: 126
Merit: 100
Moon
what do you prefer? i run the malwarebytes pro version all i know is i had avg installed at one point and it would come up clean system, and then i download free version of malwarebytes and it came up with like 100+ viruses! what a joke that was a paid for version of AVG also, that was also a computer i had no crypto on at the time so i was lucky i found how useless the mainstream anti virus programs are.
Gibs187x do you live in the states? did you have your computer delivered? if you had it delivered it would of had to go thru the postal service and that's a government agency would not surprise me if they are hijacking packages with computers of interest, like yours would be being heavily involved in crypto for 4 years, and put shit on it.
yeah sounds like a conspiracy.
but the truth  stranger then fiction i have come to find.
trust nothing and nobody anymore those days are long gone.


i totally agree with you 100% im in the states but fresh pc..
hero member
Activity: 812
Merit: 1000

for as long as I can remember, shadow.exe has been the file included in the .zip releases. and the most recent shadow.exe is ~12MB.


agreed. good eyes. where did u dl the wallet lawgicc?
legendary
Activity: 1190
Merit: 1002
Pecvniate obedivnt omnia.
what do you prefer? i run the malwarebytes pro version all i know is i had avg installed at one point and it would come up clean system, and then i download free version of malwarebytes and it came up with like 100+ viruses! what a joke that was a paid for version of AVG also, that was also a computer i had no crypto on at the time so i was lucky i found how useless the mainstream anti virus programs are.
Gibs187x do you live in the states? did you have your computer delivered? if you had it delivered it would of had to go thru the postal service and that's a government agency would not surprise me if they are hijacking packages with computers of interest, like yours would be being heavily involved in crypto for 4 years, and put shit on it.
yeah sounds like a conspiracy.
but the truth  stranger then fiction i have come to find.
trust nothing and nobody anymore those days are long gone.

Jump to: