Bitcoin Forum

**Edit. It looks like I'm probably wrong about the pop up since it is in 2 Windows systems folders and not in any wallets. The only facts at this point are that someone at 109.120.153.223 took a lot of litecoin and bitcoin from my computer and logged into numerous of my online financial accounts.**

My computer was thoroughly taken over recently and coin wallets hacked. In recent days I have been trying to reduce the damage done, etc.
One concern I mentioned earlier in another thread involves flash from adobe. There is a simple experiment that might prove or disprove my concern but I am not able to do it at the moment, if someone else is able it might save a lot of people some problems.

Briefly.
1) Computer hacked utterly, keyboard, screen, etc completely manipulated.
2) Numerous coins stolen.
3) Purchased additional computers and set about protecting what was left.
4) Completely restored to factory condition the affected computer.
5) Downloaded various wallets on another computer and transferred them to the factory restored operating system computer.
6) Removed all unnecessary programs from the computer that was restored. It was not connected to the internet at any point after being restored.
7) Installed wallets
anoncoin  0.7.5.0
armory
bitcoin 086 win32
craftcoin 1.1.4
feathercoin
multibit 0.5.15
phoenix 0.6.50
ppcoin 0.3.0 win32
primecoin 0.1.2
quarkcoin 083r6win
terracoin0.8.0.2

8) After a few hours idle the computer began prompting me to download flash. The prompt appears  to be a bogus pop up. Apparently it is prompted by something within one or more of the above wallets. There are at least two slightly different versions of the pop up so apparently at least two wallets have this.

Here is the experiment I hope someone will carry out.

1) Download the zipped file www.bitcoinistan.com/test/New%20folder%20%283%29.7z
The zipped folder contains the wallets downloaded from the respective sites. A person might try downloading the wallets from the sites as well.

2) It is 7zipped with the password 1 It is about 173 mb. Obviously don't open the file except in a sandbox or test environment etc.

3) Put the zipped folder on an offline computer.

4) Strip all adobe products from the computer, as well as any other unnecessary programs.

5) Ideally the computer should be just restored to original os.

6) Install the wallets.

7) Wait several hours to see if popups start.

If no one else does this experiment I will do it eventually again.  There is more I will probably add to this in a few days.

Get a new computer. You can never trust a computer that has once been "taken over". Its playing with fire.