Bitcoin Forum

I posted this in the bitcoin subforum but I think it probably should be posted in altcoin subforum.  But I say its probably better to post it in few places so others could give opinion.



I have coins stored in a software wallet on my laptop.  The thing is I do have the seed stored in my password manager.  Yes I know people tell me you should never do this in case your computer gets compromised.



My concern now is I clicked on a redirect link when using my laptop earlier.  The thing is that site that I went to... I clicked on it through google, and then it redirected me to a fake site.  I then just closed it but then noticed this was a phishing site.  I didn't enter anything on that site.



My concern is i read this malware I have could be some browser hijack and keylogger etc.  So that means if i log into my password manager on my compromised laptop, they could track everything I typed?  What if your password manager was open at the time?  I do also have my seed written on paper as well.  My concern is if i log into my password manager now on my computer, that means the hacker could literally see all my passwords and everything i wrote on it?  I know about the phishing links hackers post where you download a fake wallet and enter the seed.  But if you don't enter your seed, I read its safe.   But could clicking on a link to a website without downloading anything also do this?  I did not see any program download.  But I'm pretty sure it was a dangerous site.



The thing that I considered was to not log into my password manager.  But then use another device and enter my seed into it to access the wallet.  Then assuming my coins are still there, create a new wallet and send all of them there and get a new seed.  Is that recommended?



I don't want to wipe my laptop as I have so many things on it for years etc.  I also didn't do a backup of it as well.  The thing is I do have a copy of my password manager on a usb drive.  But is there any virus program I could use or buy where it would find any type of malware, keylogger or browser hijack etc on it?  So that way I could continue to use my laptop without wiping it clean?



I have heard of that browser hijack where when people send coins, their browser would copy/paste another address etc.  But in this situation, what would you do?  I guess this is the same like if your computer is compromised and you use software wallets and sites since anything you type into binance or coinbase etc... well that person could record your keystrokes?

From you story it sounds unlikely that the website could record anything from you. However, there is still a possibility. If you still have your coins, then this is a good sign and I would say you are 99% safe. In most cases the hackers know exactly what they are looking for and your coins are gone within moments.

To be 100% safe, I would generate a new seed, only stored offline in a safe place. Then transfer all your coins to the address of the new seed. It's good practice that whenever you are not 100% sure, to create a new seed and new addresses to keep your peace of mind.

I do not know if I have my coins right now because I don't want to type or copy/paste it into my software wallet because of this reason.


So you suggest using another device, making sure that computer is malware free, type your seed in it and if its still there, move all your coins to another address right?

Oh ok, I see, but don't you have a public address to check your balance? What coins/currency are we talking about here?

But yes, your second sentence is basically what I would suggest  :)
Get a different device (or if you have to use your old device use some linux live-cd to boot into a save operating system) and move your coins

I don't think just visiting to the dangerous site will immediately make your device get compromised. But just to be safe, and if you have concern that your seed phrase may have been compromised in the first place, moving your seed phrase to another device wouldn't make it safe. As above suggested, you better open your wallet on a live CD os, like Tails for example, but after that, it would make sense that if you move your cryptocurrencies into a brand new seed phrase of a wallet.

The internet network is the result of human work. The computer and device are also human creations. Then the wallet in the computer is also human creation, it is not impossible if all that can be hacked by humans.
As a user of the device, we must be aware of the account we saved on the device.

Do the following ---> check your coins using block explorer ---> if it exists then you are safe.

 - Write the seed down in a safe place ---> create a new wallet in a secure computer/phone.
 - Buy a hardware wallet, a new computer, or a phone that has not connected to the Internet and you do not want it to be connected to the Internet.
 - Create a new wallet and transfer coins to that wallet.
 - Do not use this device, leave it in a safe place, do not connect to the Internet from it.

So you don't need to delete anything.

Your question is filled with too many "what ifs". Let me offer you a few suggestions.

- Assuming you still have access to your coins, I suggest creating a new wallet (with a new seed phrase) and moving all coins to new wallet. That would be the safest solution. Be sure to double-check the recipient's address before broadcasting the transaction.
- Although I highly doubt that the compromised website had access to your password manager, I suggest that you change your master password with a new (clean) device to be extra safe.
- If you suspect your computer is infected with malware, the only safe and secure solution is a clean installation of the OS with the latest updates and antivirus protection. Only then can you restore your data from backup.

Just my two cents.

How do i check my coins using block explorer?  Don't I need the address of the address of it though?  If so, its on my password manager that I would need to log in to.


I do have a hardware wallet.  The thing is I did not connect these coins to the hardware wallet though.


But is there a way to see if the website i went to has malware/keylogger etc?  Such that if i post the link, it would show it? 

I don't think visiting a fake site not gonna make your device compromised/

Unless you accidentally download some file or fake apps from the phishing site the worst-case scenario you are running the program. I read in the internet, for virus or malware can't be running until you are running or open the program.

So even you are on fake phishing and download some virus or malware as long you are not running or open the program still be fine just delete the program.

You access the wallet and stored the address.

How you are not storing your own public address, that's important so you are not always open a wallet to just check your fund. Just search your address on explorer, after that bookmark the link explorer of your address.

Assuming on the same thing which is about malware which is the main culprit as always when it comes to hacks of funds on a pc.They wont
really be operational until it wasnt really been executed and we know that malwares could disguised like a folder or file which turns out not
to be suspicious on first look and if you are really that not keen on various things then you would likely to click it out but
if you are somewhat that paranoid person in terms of security then you would definitely have those doubts on clicking it at t he first place.

You have to be really careful in a situation like this and avoid entering anything on that computer as of yet. If it is possible like you have said, I believe that you would have access to another device or smartphone, you can use it to access that wallet and make sure that your wallet is safe and everything in it is safe. Had a friend who had this kind of problem and was hacked of $4000 worth of bitcoin in his wallet.

So, make sure to secure your funds and avoid any problems at all. After that you can then go ahead and look for trusted Anti-virus software that you can install and use it to take off the malware that has been installed on your system. You can make use of Avast? And you have to be very careful with the links you click on these days, don't just download from any link except you're very sure about it.

You are most likely safe. As long as you didn't enter any crucial information or downloaded any files on the computer, the website you entered won't do any harm to your computer except knowing some basic information such as IP address, etc.

You could use a USB enclosure for your SSD or HDD then connect that to other computer clean to check if your storage is compromised.

Yes. The block explorer requires your public address to check your balance. It is not sensitive information that requires special security, so I don't know why you would need a password manager.


Sure, there is a way. You can try using tools such as VirusTotal or Sucuri SiteCheck to scan the website.

https://www.virustotal.com/
https://sitecheck.sucuri.net/

You are safe if you did not download anything or enter anything in the phishing site, it only happens if you download or enter your private key or passphrase on the site, just visiting a site will not get you in trouble as long the phishing site did not download anything in your device, as a crypto investor you need a good anti-virus and malware fighter that can block a phishing site like Kaspersky

How do you know if I didn't had anything downloaded into my computer?  I read its possible just by going to the site without doing anything.  I read examples of this and someone said that happened to them and their coins in their software wallet got taken.


Well can i download kaspersky now and scan everything to remove everything if its possible?  That way i don't need to clean reinstall my computer?

Of course you can. But as mentioned earlier, no antivirus software is 100% effective. If you suspect a malware infection, a clean reinstall of your Operating System is probably the safest solution. Antiviruses are good for prevention, though.

My issue is I didn't back up a ton of files on my laptop.  I also never did a backup of it as in that backup image of windows.  Because if I had that, I know I could just clean reinstall and have it like how it was.


So for example some files I do have saved on a flash drive.


Also I remember there was an option in windows that lets you go back before there were issues.  Like a restore point where it could go back a month or whenever.  Does windows do that for you periodically or you have to do this yourself?  But if you go back to a restore point, this would not work if I was infected... correct?


Well if i use kaspersky and scan and it removes everything, would it be safe to continue using it like normal for a few days to see if i have any issue?

Be careful, the more paranoid you are it could lead you to lose your funds. Relax first, as they said above that using such antivirus could not guarantee your safety, it's still from your end.

As long as you didn't download anything random files from the internet you are safe, starting to remove your seed phrases from your computer or try to store it offline or store it with multiple copies.

Also, even with what operating system you are using, it will still not be guaranteed, but I believe that Windows OS is more prone to this, but I also tried windows before, I got no problem at all about security, I am now using MAC Os.

Start to learn basic precautions on how to avoid scammers or hackers.

I didn't download any files but my virus scanner detected a ton of threats on it.  That is the issue here.


My issue is the other things I do on my computer, I use windows.  Thats why i dont have OS or linux.

Unless you entered anything your seeds are not vulnerable to the phishing links but for the safe side its better to move the funds to newly created wallet with new seeds so you won't be worrying all the time about the security of your wallet. And password managers are kind of safe but its not recommended to store your private keys there and no where in the digital format.

There might be a system update on your device and that includes the antivirus as well, so try to do that first and see how it goes

If you are using Windows 10 then you need to see an update on your windows settings, but if you are using windows 11 then I don't think there will be any problem.

A CA's private key should be stored in hardware-based protection, such as a Hardware Security Module (HSM). This provides tamper-resistant secure storage. A Private key for an end entity could be stored in a Trusted Platform Module (TPM) chip or a USB tamper-resistant security token.

I downloaded kaspersky total and going to scan my computer now.  Someone mentioned this is the best antivirus that could find malware/trojan and keylogger.  So if it finds things and removes it, it still isn't safe?  I read kaspersky can find like 99% of keyloggers.



I have files I want to transfer from this computer to external hard drive.  Now If I made a complete backup of my computer not long ago, obviously this wouldn't be a big issue etc.


Also there is something I forgot to mention but not sure if it is that important.  I mentioned when I clicked on the link, my password manager was opened during that time.  Then I closed it.  I am actually still logged into my emails on my chrome browser during this time.  So if I visit the email site now, well it goes straight to my email.  So if my computer was compromised, wouldn't they be able to send emails and things like that already?  However, if you want to change your email password, they need the current password so unless I type it in again, they don't have it?

Okay so I did the kaspersky scans... all of them... full scan, vulnerability scan and background scan. It found 0 threats. So what are your thoughts on this? From what I read, kaspersky total is one of the best virus programs out there.


So does this mean most likely I do not have any malware/trojan/keylogger then? So windows defender had removed it earlier?


Yea the thing is if I had a recent macrium reflect image backup... I was told a while back this is when you do a backup of my your entire hard drive and copy it to an external hard drive... and basically whenever you want to do a clean reinstall, you do that... then when you copy from this backup image in the external hard drive, it will make your cleaned laptop look exactly the same as how it was when you saved it. But I did not do this. Thus I don't want to clean reinstall because if I do, then I have to download all the programs again etc. But the main issue is lot of my files are not transferred from it yet. And if I transfer it... I risk it being infected right? However, kaspersky did not find anything.

Most likely.

Look, I do not understand why reinstalling Windows is such a big deal to you. I do it at least once every year on my machines. Simply save all your files on an external drive, make a list of all the apps you use, and ensure that you have all the necessary installation files or can download them from the internet. It shouldn't take more than one working day to finish the whole process and you'll have a fresh installation that will be safer and faster.

My issue is this.  All the files that I have on my computer... im talking about word/excel and files... I'm concerned if I right now transfer it to an external hard drive... even after I clean reinstall my laptop... how do i know none of those files I have is infected then?


Yes you are correct I can just write down every single program I downloaded on my computer and then download them later on.  But I have so many things in those programs that I have to start over which I"m not a fan of.  But I get your point here.


The big issue is... is there a way to make sure the files I have on my computer is clean before I transfer these files back to a clean reinstall laptop?

I have a password manager with my seeds there.  I have lot of documents like word/excel there.  The issue though is some of these are encrypted.  So only way to open these would be to enter my encryption password.  Thoughts on that?


I have software wallets in my computer that if you open it.. you need to enter the password.  So I have not done that yet. 


So based on that, what are my options?  My concern is entering my password to the password manager... which if I do that.. then my passwords and seed would be exposed.  The thing though is I did use another windows laptop and entered my seed into another computer and did saw my coins were still there for that coin though.  That would mean my seed was not seed for that coin.  So thoughts on that?

Yes. Some documents may contain viruses known as macro viruses, such as word and excel files and even PDF files. However, those files are unlikely to be infected if you created them, and such viruses are almost always detectable by anti-virus software. Make sure you scan all your personal data and, if there are no viruses, copy them to an external drive.

Storing your seed phrase on your password manager is worrisome. If I might ask, what application do you use for the password manager? Though, even if you are using a secure and recommended password manager, storing a seed on there is not a suitable option. There is a better way to securely store your seed, and by storing it on the password manager, is really put your security risk on a single vector.

I think the most recommended way is to use a hardware wallet, with that, the seed phrase never really goes out into your main device. If you take the worst-case scenario like your PC got infected, the seed phrase will not get compromised.

The word/excel and files I have do not contain virus.  Im concerned if i have malware, then it could be infected.


Kaspersky scanned my computer and it found nothing.  But windows scan is my concern here when it found things.


I use one of the popular password managers out there.  Yes i know storing seeds there is not good idea.  I know that now.  I have a hardware wallet.  My hardware wallet seed is not stored there though.  But my other seeds are. 


So concern is if I use my computer as normal, well I need to log into my password manager and copy/paste any passwords for sites/banking/email etc.  Does that make sense?


That is why I want to know if there is a way to confirm I do not have any type of malware on my laptop... if there is a way to find this out.

It is not just only that, I also feel that the Microsoft Windows Defender is not enough for anyone to rely entirely on it. Anyone who is making use of a windows computer also needs to have another antivirus installed to their system, if not you are likely going to run into a problem that might affect your computer.

Especially when you are always used to downloading things online and receiving files randomly from other people. So, he really needs to have another antivirus installed that is able to protect his computer always. The one he has installed is OK, and if possible he should as well do what you have said here to be sure of his computer being OK and free from any form of malware or virus.

As on OP, if you are just visiting a suspicious site it won't automatically make your device compromised, not unless you are somehow running or executing an application from the site. But that is just one case, I don't know how you used your device, so I can't confirm whether your laptop got infected or not. After all, storing your seed phrase on your day-to-day device isn't recommended especially you have a hardware wallet.

The idea is you should transfer any coins on your non-HW seed phrase into your hardware wallet, ideally, you should do it on another clean and safe device. After that, just to be sure it would be a good idea if you just simply reformat and reinstall your laptop.