Bitcoin Forum

Hi everyone, new folk here.
So basically I was mining for about a year now, and gained 93bitcoins. I mined on 2 different pools (deepbit, btcguild) and sent all the btc to my wallet-qt. Now, the problem is that a week ago i did a virus scan and found malware and spyware and got really really paranoid about it.
My wallet-qt is encrypted (I used the encryption feature in the Wallet) and since reading here and hearing stories about viruses and hacks that steals bitcoins, i'm getting constantly worried about my hardly mined coins.I don't really know what to do, because my 2 workers (Deepbit, btcguild) are connected to my wallet (auto payment every week).

Because i'm not thinking about spending them soon, I thought to create 5 Paper Wallets via www.bitaddress.org, and store 20 coins on each paper wallet, and when i'd like to use let's say 20 coins, I will have only to send the coins to the receipent address. But my question is - How can I create paper wallets when offline? I tried to access the site, but it won't load, because I'm not connected to the interenet, so how should I do that? And should I print the Paper wallets, or should I write them down on papers and hide them securely in a very secure places that only I know?

My second question - Where should I send my new coins (from the pools)? I was thinking to keep sending the mined btc from the pools to my bitcoin-qt wallet, and every time transfer them right away to my Paper Wallets. Is that sounds good?
Maybe I should move to the Armory Wallet, which is much safer? If so, can I replace my current "wallet.dat" from my bitcoin-qt wallet to the Armory Wallet and that will work?

Thanks a lot guys, would love to come back and see some help from someone.
Thanks

The .html from BitAddress contains all the javascript, images, css, etc., so all you need to do is View Source -> Save As (or whatever method your browser uses to save a copy of the .html to disk) and store it to a flash drive. 

Then when you boot to an offline LIveOS, just open the .html from the flash drive. 

If you are using a Linux-based LiveOS, you can probably do a sha1sum and it should be identical to the sha1sum the latest (to verify that the version on the thumb drive matches the one served by BitAddress):
 - http://bitcointalk.org/index.php?topic=43496.msg1492594#msg1492594

You should try Armory, I've heard that's the #1 most secure BTC wallet on the web.

So:

1. You had a bitcoin wallet.dat running on windows with password #1,
2. you copy the Bitcoin wallet to an Ubuntu machine,
3. on the Ubuntu machine you change the password to password #2,
4. you are surprised that when you boot back into Windows and the password is still #1?

before starting anything: re-backup your windows wallet.dat to a different media (USB stick, encrypted 7zip with a strong password and email it to your gmail, etc.)

If you think you will be happy only using Ubuntu, you can migrate your day-to-day Bitcoin to that, which will be less likely to pick up viruses and spyware. You'll want to install Ubuntu on your computer, running off a live CD is inconvenient and it's storage of persistent data is capricious. The best way would be to use a fresh install of Bitcoin on the new Ubuntu (remove the .bitcoin directory and start again), which will give you a new wallet and new addresses, then close that Bitcoin and back up the new Ubuntu wallet.dat to a USB stick and store it safely. Then send all your Windows bitcoins to an address in the new wallet. Then even if someone has compromised the old install or stolen your old wallet, they will have no access to your Bitcoins.

Easy way to do this:

Open bitaddress.org on your web browser (connected to internet). Hit file>Save As and save it to a flash drive.

Boot your Ubuntu Live OS with internet disconnected, insert the flash drive with the bitaddress.org files, and open the .html file.

Print the paper wallets & transfer your BTC to them.

I would then recommend you copy any important files off of your PC, reformat and do an operating reinstall.

I would also recommend not using the old wallet.dat file in case it has been copied & the virus-writer tries to brute-force the encryption password (or your password may have been keylogged). I would stop giving out those BTC addresses, export all your private keys from the wallet.dat and import them into mtgox.com, anytime new funds arrive at these addresses by accident, mtgox will sweep them out of the addresses automatically.

For extra security, get rid of windows and use Linux.

Wow, thank you so much guys. You rock

All solutions sound REALLY good, I'm going to create the paper wallets and move my btc there. Currently my PC is during a wipe process with CCleaner, and then I'll use the Ubuntu as you suggested, print 5 paper wallets and spread my btc balance to them.


I'm registered to the pools with 2 addresses of my wallet, and they (deepbit/btcguild) do not let me change the addresses for some reasons, so how do I import my private keys out of my wallet?
Getting the mined btc directly to blockchain (only on payouts-once in a week) and then manually to my Paper Wallet would be more secure than my current payout method, right?

Thanks everyone, was really excited to see an amazing support for a newb like me. Bless you

Sounds perfect. This is exactly what I done when I was afraid my old wallet may have been compromised.


In that case I would contact the pool operators and see if they can change the payout addresses, I'm sure they will be able to help you out.

Slightly off-topic, but I would recommend using P2Pool (or a P2Pool node) as your pool, no fees & it helps prevent any one pool from getting 51% of the network hashpower.

As for exporting the private keys:
http://bitcoin.stackexchange.com/questions/4469/extract-private-keys-from-bitcoin-wallet

You can then type them into the MtGox import private key on the deposit page. This is definitely the best thing to do if you are worried that the wallet may have been compromised.

if your on Winblows and your Paranoid, the firs thing would be to leave Windows, every security on Win is a pure placebo ;)

Thank you so much man. I will donate to your address in your signature as soon as I finish the procedure.
Thanks guys, very nice of you all helping me out.

Anyway, I was wondering, since mtgox has been hacked in the past, maybe should I use blockchain.info instead? Would love to hear your opinion on this.

Just looked that up... It looks pretty neat! may have to give it a go.

Wow, the armory site friggin rocks!