Bitcoin Forum

Hello.
Here's some tips on how to keep your account/wallet safe.
----------------------------------------------------------
First, The On Screen Keyboard method.
Everytime you login your account/wallet, Make sure to type the password with On Screen Keyboard, so if you're keylogged, the keylogger would get a blank key entry
Here's how to access On Screen Keyboard.
Start-->All Programs---->Accessories--->Accessibility---> On-Screen Keyboard.
Second, the RDP method, this is a little complicated method.
----------------------------------------------------------
RDP is a shortcut for "Remote Desktop Protocol"
This is where you connect to another PC using your own, after a successful connection, a window will open with the PC desktop, allowing you to fully-control it, that could be a way to access your wallet/account if you have been keylogged.
Please notice that RDP would only prevent GetAsynKeyState and other keyboard-hooking keyloggers
----------------------------------------------------------
What if you have been keylogged already?
Download Keyscrambler,
Keyscrambler is a software that encrypts your KeyStroke in Windows.
So even if you're keylogged and the logs gets sent to the logger, It'd be encrypted and he wouldn't be able to see them.

Second , update your Anti-Virus, if you cannot update  your Anti-Virus or download a new one then simply do this.
Get on another PC, connect a USB flash drive, download a strong Anti-Virus, then put it on your keylogged PC.
Or the other option is to format your Hard Drive if the above options do not work.

Or
You can run your PC on Linux.
Linux are pretty preventable against Keyloggers.

----------------------------------------------------------
What if you've been keylogged and have no other PC and want to access your wallet/account?
Simple, Get a trusted friend of yours to download TeamViewer, TeamViewer is a screen-sharing program that allows you to control another PC.
After he and you download TeamViewer, you intial a connection between you and him, and you could use his PC to login your wallet,
He won't get your password, the keylogger won't get your password and you'll have access to your wallet.
----------------------------------------------------------
How to find out if you have been keylogged?
Simple
First of all, disconnect all Internet using programs, Skype, Yahoo, Hotmail, Browsers, etc.
Go to Start--->Run---> type CMD
When the command window opens
Type netstat -a
A list of connections will appear, letting you know what IP's are connected to your PC
If you recognize an IP that's different from yours and has " ESTABLISHED" behind it, then you have an ongoing connection with that IP and you're probably keylogged.
----------------------------------------------------------
How to protect yourself from being Keylogged.
Do not download any softwares you don't know about.
Do not download a software someone asked you to.
Do not share your PC with someone else.
Do Hardware scans from time to time.
----------------------------------------------------------
If you've got more questions, feel free to ask!

What if you have ESTABLISHED connections but are logged in to a VPN?

It should show the VPN you're connected to server address.
Or you could disconnect the VPN.

Hello Rayen,

These are valuable hints.

When I follow your instructions on how to find out if I am keylogged I get a bunch of different lines with:
a) my IP, e.g. 67.371.21.79: ....      I suspect this is the way it should be.
b) e.g. 127.0.0.1:12067       Is it Tor-related? When I typped ''CMD'' and ''netstat -a'' Tor and other Internet using apps were closed.
c) 0.0.0.0:123      What are these zeros? is it okay?.
d) [::]:123      What are these?

Thank you.

Really helpful, can't help worrying about wallets.

Thank you.
127.0.0.1, 12067 is the port of your router, While 127.0.01 is  your router/local IP no worries about it.
0.0.0.0:123 Is completely okay.
[::]:123 Could be related to your router configuration, you could worry, if there's a complete IP like the one you've got has an ongoing connection with your PC, or an unknown web server that a keylogger could be hosted on.

I do not use a router. I have a cable modem like this one http://www.digitallanding.com/wp-content/uploads/2012/06/Comcast-Cable-Modem1.jpg given to me by my cable TV / Internet provider.

Thanks

Every modem/router has a local IP/Port
That lets you access the router/modem control-page, where you could configure , reset, or restart your router/modem
They're yours and nobody could access them unless they have your modem/router
So it's completely normal.

Very helpfull, thanks!

Should I look for different than mine addresses in Local Address column or in Foreign Address Column?

I just watched some video on YT and used ''netstat -b'' command and there appears to be an active connection using ''jusched.exe'' between my IP (Local Address) and Foreign IP that belongs to Akmai Technologies http://www.checkip.com/ip/23.64.224.60 http://www.akamai.com/html/industry/index.html this company provides services to people with guns calling themselves US Gov.

Should I be concerned?

Some people say jusched.exe is a virus, some say it's Java related process.

EDIT: there is also lms.exe running. People say it is sometimes a legitimate Windows process and sometimes a maleware with the same name http://www.pcpitstop.com/libraries/process/i/LMS.exe.html

Yes, you should look for different addresses than yours in the "Foreign address" column
Jusched.exe is Java auto-updater
To know if it's a virus or not, go to this
C:\Program Files\Common Files\Java\Java Update\
You should find jusched.exe there, If your Windows/Operating platform isn't installed on drive C:
Then, go to the drive the Windows/Operating platform is installed on
Or you could simply search for "Java"
If it exists in the Java folder, then it's just a Java updater.
If it does not, then it's a virus and you should do a hard drive scan
Viruses typically do not target Program Files, it mostly gets in the System32, Application data, and Temp folder.
Akamai Technologies is safe, it's probably where Java checks if there's an update needed.
, LMS.exe is a shortcut for Local Manageability Service
It's manufactured by Intel, if you have an Intel motherboard, Graphics card, proccessor or so, then it's okay.
You could try this to check if lms.exe is a virus or not.
Simply go to the Windows/Operating platform drive.
Search for lms.exe
If It shows up unhidden, then you should know where it's located, and go to www.virustotal.com and  scan it there, it'll give you complete and accurate results if it has a malware or not.
If It shows up hidden, then it's okay, because LMS.exe has the ability to hide itself and most of the times exists in the Program Files folder.

Excellant information. Thank you!

Rayen,

Thank you very much. My knowledge of computers increased by 200%  ;D

Your initial post should be placed in bitcoin wiki.

Thank you, Loozik.
If you've got more questions, at anytime, just ask here.
= )

Frankly there is one issue that relates to 2 factor auth at Mt Gox that I need to resolve soon. I posted on it here https://bitcointalk.org/index.php?topic=192561.0 but nobody replied. I suspect it is either trivial or uninteresting for others.

If perhaps you can find time to have a look and have working knowledge of how 2 factor auth on MtGox works, your help will be appreciated.

Thanks

I have replied to your questions on that thread. =)

If you are that paranoid about getting hacked then you could use a wallet that supports cold storage - your offline wallet is kept on a computer with NO NETWORK and transactions are done via USB sticks to your online wallet. Then your offline wallet can never get hacked, right?

Maybe if you're keylogged, and the keylogger allows data transfers.

Nice contribution.

Thank you, Zany.

Thanks for the info

Thanks for your tips.
I just looked at key scramblers site,do you need a touch screen to use it?

Really helpful, It‘is can't help worrying about wallets

encrypt it, and don't click XXX web :D

Any clue on any security risks that native onscreen touchscreen keyboards pose?  Is it the same risk as physical keystrokes?  More?  Less?

Thank you.

Really helpful, thanks

Great Post!!