Title: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 04, 2014, 09:14:50 PM Hey all,
I need some help, I opened my wallet to discover it had a 0 balance and no transaction history, no nothing. The wallet is synced but there is no information in the wallet. Even saved addresses are gone. The wallet.dat file is still there. Have I been hacked? Im using the Windows Bitcoin core wallet. Has this happened to anyone before and what can i do about it? Thanks Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: btchris on August 04, 2014, 09:41:33 PM If all the saved addresses are gone, I'd guess that either the wallet.dat file moved or was deleted (by accident? technical glitch? a hacker? hard to say...), or the place where Bitcoin Core is looking for the wallet.dat file changed/got reconfigured.
Usually hackers don't matter deleting the wallet.dat as far as I'm aware (they usually just transfer the Bitcoin out leaving you with a 0 balance but the same keys), so maybe that's a good sign.... Have you installed or upgrading any software on your PC recently? Do you have a backup of the wallet.dat? Did you ever intentionally choose an alternate datadir? How much was in there (don't have to tell me, I just mean ask yourself)? If it was a lot and you have no backups, and if you're a techie yourself or if you're willing to enlist the aid of one (a friend or paid), you should probably assume a technical glitch (it's the best case) and do something drastic, like shut down your PC right now, and boot off of a rescue CD with some data recovery tools. Otherwise, I guess I'd start by searching the whole HD for any wallet.dat file, including the Trash/Recycle Bin, in the hopes it was just an accident/technical glitch. If you do a dumpwallet via the debug console / RPC, it would be interesting to see the creation dates of all of the keys. I'm guessing they were all created just now when you opened your wallet, which means the original wallet.dat file wasn't where it was expected and it got recreated. That's all I can think of for now... Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 04, 2014, 10:04:49 PM Thanks for the reply.
It seems I may have been hacked. I checked the address I have sent bitcoins to from an exchange and the blockchain says my balance is zero and a transaction was made yesterday emptying the wallet. MY Minerals Coin address has also been emptied too :( Will there be a trace of this transaction in the debug file? I have run a virus scan and all seems clean. Does anyone have any ideas how they got in? Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: Anon136 on August 04, 2014, 10:06:37 PM https://www.buytrezor.com/ Then at least nothing like this will ever happen again.
Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: alani123 on August 04, 2014, 10:10:09 PM Did you download anything fishy lately?
Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 04, 2014, 10:13:14 PM Not that I know of, seems the Minerals wallet was emptied on he 2nd of this month and the Bitcoin wallet yesterday. So the malware could have been sitting there for a while.
Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: btchris on August 04, 2014, 10:19:25 PM Thanks for the reply. It seems I may have been hacked. I checked the address I have sent bitcoins to from an exchange and the blockchain says my balance is zero and a transaction was made yesterday emptying the wallet. MY Minerals Coin address has also been emptied too :( Will there be a trace of this transaction in the debug file? I have run a virus scan and all seems clean. Does anyone have any ideas how they got in? That really stinks, I was optimistic it may have just been a technical glitch, so sorry if I got your hopes up. :( Is there any chance the transaction you're looking at was something you initiated, and you're just confusing a full-out transfer with a change address, or was there only one output? Regarding the log file: maybe. Most hacker victims just have their wallets or keys stolen, and then the hacker transfers the Bitcoin out later. If the hacker actually used your PC to transfer the coin out, then it would be in the logs. Also in the logs will be a bunch of "reserve" address creation messages around the time your wallet.dat was recreated. Did you have your wallet encrypted? Did you have RPC enabled? Have you installed or upgrading any software on your PC recently (especially from this or another Bit/Altcoin forum)? Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 04, 2014, 10:34:14 PM I couldnt find a bunch of reserve requests in the log file. Im not much of a techie but how do i use the the dumpwallet in the debug console? I typed dumpwallet into the console but it is asking for a string?
Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: btchris on August 04, 2014, 10:42:50 PM I couldnt find a bunch of reserve requests in the log file. Im not much of a techie but how do i use the the dumpwallet in the debug console? I typed dumpwallet into the console but it is asking for a string? I'm not sure it'll help you much, but here it is anyways (with the quotes, assuming you're on Windows): Code: dumpwallet "c:\walletdump.txt" Then you can double-click it (the file), and it will display the creation time of all of the reserve addresses (I think in the UTC time zone). Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 04, 2014, 10:53:30 PM Yer just as we suspected, the keys were created only a couple of hours ago when i opened the wallet. This sucks. So the hacker just removed the wallet.dat file completely and when i opened the client it created new keys? Is this what happened?
Thanks for the help btw Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: btchris on August 04, 2014, 11:01:07 PM Yer just as we suspected, the keys were created only a couple of hours ago when i opened the wallet. This sucks. So the hacker just removed the wallet.dat file completely and when i opened the client it created new keys? Is this what happened? Thanks for the help btw Probably, Bitcoin will create 100 new addresses if wallet.dat is missing, and given that they got two different wallets, it sure doesn't sound like a technical glitch. I'm sure you don't want to hear this, but to be safest you should probably reinstall everything from scratch at this point. :( If your wallets were encrypted, it's very likely you have a keylogger on your system. This means: (1) don't log into anything, and (2) after your system is reinstalled (or better yet, from a different system), change all your important passwords, especially financial ones, cause it's a good bet someone else could have them now... Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: btchris on August 04, 2014, 11:03:03 PM By the way, are you sure that it doesn't look like a normal change transaction (not normal/a stealing tx would be a whole bunch of inputs and just one output). If you're not sure, please post the transaction id up...
Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: nottm28 on August 04, 2014, 11:05:41 PM did you get an error saying your wallet.dat was corrupt?
if so did you say 'yes' re-download entire blockchain? same thing happened to me - I used process explorer (or task manager if you must) to kill the bitcoind process. Fire it back up and after a while - hey presto... Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 04, 2014, 11:18:38 PM did you get an error saying your wallet.dat was corrupt? if so did you say 'yes' re-download entire blockchain? same thing happened to me - I used process explorer (or task manager if you must) to kill the bitcoind process. Fire it back up and after a while - hey presto... Nope, didnt get any error messages, just opened the client and downloaded the last few hundred blocks and nothing was in there Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 04, 2014, 11:19:52 PM By the way, are you sure that it doesn't look like a normal change transaction (not normal/a stealing tx would be a whole bunch of inputs and just one output). If you're not sure, please post the transaction id up... Im not 100% sure, here is a tx id from transferring a little from a exchange e998ecedfe1dcbaaa33c585ceb75eca3a2ef325743654436e80cc48ae14f5f6b Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: bigasic on August 04, 2014, 11:44:51 PM Every time i hear something like this my stomach cramps.. I get paranoid about the coins that I have. I have stopped downloading anything to my computer that Im not 100 percent sure it safe. I hope it wasn't too much of a loss.
Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 04, 2014, 11:49:15 PM No it wasnt lot thankfully, just over 1 BTC, but im more bummed about the Minerals Wallet, had a lot more in that one. If someone with a but more knowledge on tracking the blockchain can check that tx ID i sent from a exchange to my wallet can check I am looking at this properly?
Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: ForgottenPassword on August 05, 2014, 12:21:24 AM Do you use blockchain.info?
Is this your address? 18bSCvHxrLgUGP8vuWTQeyaNREjEaqkKrJ If so, it looks like the hacker imported your addresses into blockchain.info to spend them as the last TX is reported as being originating from there: http://blockchain.info/tx/3598f3e57f922f157120beae7461a396fb7a8efc44177d90014d59dfc1838f14 That may not be 100% accurate however. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 05, 2014, 12:25:28 AM Yes that is the address. So they would have to have access to the wallet.dat file then send them from my address, is that right?
Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: ForgottenPassword on August 05, 2014, 12:33:33 AM Yes that is the address. So they would have to have access to the wallet.dat file then send them from my address, is that right? It looks like they somehow got your wallet.dat file and dumped the private keys out and imported them to blockchain.info/wallet to spend. Likely because they don't have/want to sync the blockchain. So it sounds like you've actually been hacked and it's not a technical bug. These are all your addresss to? http://blockchain.info/address/1Kniun52uhJjEdKJhW2QFzNNjBmtvJetWU http://blockchain.info/address/1FEgzCSiXmBe966UDZnNUpwrziDv28P5dv http://blockchain.info/address/1HGQ4J7VPDsF88RsjXSZXchJRenfevtHR2 http://blockchain.info/address/1MYvWmES69U2qP2kdHNwm9Gr4orp4K694R It would be a good idea to post a list of every address in that wallet that had funds stolen when you get a chance. I'll take a look and see if we can find out anything about the hack from it if I have free time. I would also NOT use the PC the wallet was on AT ALL. Have a tech-savvy friend make backups of important files, and securely reinstall it before using it for anything important. However if you have another PC to use it may be a good idea not to do that right away as you'll want to figure out how you were hacked first to prevent others from being hacked the same way. Did you keep backups of your wallet anywhere? was your wallet encrypted? if you use the password anywhere else CHANGE IT IMMEDIATELY from a secure PC, and change any passwords of other accounts you logged into recently on that PC. If you have any remaining bitcoin generate a new wallet on a secure PC and move them immediately. What OS were you using? Do you have any remote control software like Teamviewer installed? Did you install anything Bitcoin or cryptocurrency related recently? what version of bitcoin-core were you running? Whats the link to the minerals altcoin thread? Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: ALL IN on August 05, 2014, 12:44:42 AM never save your money in your computer if you think you have not full security to save your money .
just aware your device in infected of hacker. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 05, 2014, 12:56:23 AM Yes those other addresses are mine, well 2 of them from what I could find because I dont have the transactions in the wallet itself. I had to look for withdrawls from exchanges etc so I cant give a full list of what my addresses were.
The wallet wasnt encrypted and I didnt have any backups of it. I know I should have but I dont :( and yes I had Teamviwer installed on that PC. I did a full system scan and couldnt find anything with Avast (may not be 100% though) Using windows 8.1 with Bitcoin v0.9.1 and I have installed the a wallet yersterday from zipcoin https://bitcointalk.org/index.php?topic=721306.new The link to the Minerals coin thread is https://bitcointalk.org/index.php?topic=641057.0 Thanks for the help Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: ForgottenPassword on August 05, 2014, 01:06:36 AM Yes those other addresses are mine, well 2 of them from what I could find because I dont have the transactions in the wallet itself. I had to look for withdrawls from exchanges etc so I cant give a full list of what my addresses were. The wallet wasnt encrypted and I didnt have any backups of it. I know I should have but I dont :( and yes I had Teamviwer installed on that PC. I did a full system scan and couldnt find anything with Avast (may not be 100% though) Using windows 8.1 with Bitcoin v0.9.1 and I have installed the a wallet yersterday from zipcoin https://bitcointalk.org/index.php?topic=721306.new but it seems these transactions were before this wallet was installed. The link to the Minerals coin thread is https://bitcointalk.org/index.php?topic=641057.0 Thanks for the help Anti-virus will only find malware that it knows about. If the malware is only installed on a small amount of PC's then it will not detect it. You should check your Teamviewer account when you get a chance. There must be a way to see if someone recently logged in. Teamviewer is very bad at keeping out hackers, if they have your account password they can login to your PC, Teamviewer do not check for suspicious logins (what I've been told). You say you can't see any transactions. Can you see any "receiving addresses"? maybe the hacker deleted your wallet.dat file after he copied it and replaced it with a blank one. Some of your BTC appear to have gone through a mixer. I'm still looking. Do you use any other altcoins BTW? shady altcoin developers have put viruses in their clients before. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 05, 2014, 01:30:08 AM When I get access to a computer that isnt linked to the teamviewer account ill check it
I cant see anything in the Bitcoin wallet, its completely blank, recent addresses, transactions, BTC. When I first opened the wallet its like it created a new wallet.dat file, the blockchain only needed to sync like 100 blocks. Here is the key dump, you can see the addresses were only created this morning when I opened the wallet Code: # Wallet dump created by Bitcoin v0.9.1.0-g026a939-beta (Tue, 8 Apr 2014 12:04:06 +0200) And the only other Alts I really use regulary are Minerals. A bunch of those were taken too. Here is one of my addresses I sent MInerals too: ME7eBbAepDXziXyGodWx42a2PDTDLciG1b Block explorer for Minerals is here: http://explorer.minerals.pro/ Checking through the other alts wallets I have are Karmacoin, Fitcoin, TheBotCoin and Sync coin Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 05, 2014, 01:52:14 AM Seems teamviewer only allow tracking of logins when you sign up for the business service. Unfortunately I had only the free service
Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: Lucky Cris on August 05, 2014, 02:00:50 AM So more than one coin wallet compromised... sounds more like a hack than tech mishap - I'm sorry about your lost man.
Please keep the community abreast of possible culprit. Don't know much about Fitcoin or the TheBotCoin... not accusing, but we've had some wallet stealing wallets in the past. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 05, 2014, 02:19:52 AM So more than one coin wallet compromised... sounds more like a hack than tech mishap - I'm sorry about your lost man. Please keep the community abreast of possible culprit. Don't know much about Fitcoin or the TheBotCoin... not accusing, but we've had some wallet stealing wallets in the past. Ill be sure to post it if I find out how the hack was done... I find it strange that the transaction history etc is missing though. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: Lucky Cris on August 05, 2014, 02:30:31 AM So more than one coin wallet compromised... sounds more like a hack than tech mishap - I'm sorry about your lost man. Please keep the community abreast of possible culprit. Don't know much about Fitcoin or the TheBotCoin... not accusing, but we've had some wallet stealing wallets in the past. Ill be sure to post it if I find out how the hack was done... I find it strange that the transaction history etc is missing though. That means the wallet.dat file is gone. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: ForgottenPassword on August 05, 2014, 02:57:50 AM So more than one coin wallet compromised... sounds more like a hack than tech mishap - I'm sorry about your lost man. Please keep the community abreast of possible culprit. Don't know much about Fitcoin or the TheBotCoin... not accusing, but we've had some wallet stealing wallets in the past. Ill be sure to post it if I find out how the hack was done... I find it strange that the transaction history etc is missing though. That means the wallet.dat file is gone. Yep. I thought I replied to this earlier. The dump you provided above is a new wallet. Looks like the hacker deleted your wallet afterwards so your history is gone with it. Some of your coins were mixed by the hacker but I haven't finished looking yet. Little tip for you: Always have 1 extra copy of a file than you think you need. If you think you need 2 copies (original and a backup) you need 3. If you think you only need 1, you actually need 2. And if you think you don't need a file, well you need 1 copy of it somewhere anyway, one day you'll be glad you didn't delete it. :) So be sure to have 3 copies of any other wallets you generate. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: omgbossis21 on August 05, 2014, 03:21:27 AM Downloaded a sgminer lately? Theres a site I don't wanna link right now with fake sgminer files that steal wallets (litecoin, dogecoin, bitcoin etc). Probably wiped the wallet after upload and the software created a new empty one. This sgminer site was linked by blackcoin (they removed it after I showed them) and a few other pools. The software did not actually mine, just opened with a brief error message, stole wallets and closed.
Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: forsakenpnut on August 05, 2014, 03:52:56 AM Which wallet was it?
Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 05, 2014, 05:59:59 AM So more than one coin wallet compromised... sounds more like a hack than tech mishap - I'm sorry about your lost man. Please keep the community abreast of possible culprit. Don't know much about Fitcoin or the TheBotCoin... not accusing, but we've had some wallet stealing wallets in the past. Ill be sure to post it if I find out how the hack was done... I find it strange that the transaction history etc is missing though. That means the wallet.dat file is gone. Yep. I thought I replied to this earlier. The dump you provided above is a new wallet. Looks like the hacker deleted your wallet afterwards so your history is gone with it. Some of your coins were mixed by the hacker but I haven't finished looking yet. Little tip for you: Always have 1 extra copy of a file than you think you need. If you think you need 2 copies (original and a backup) you need 3. If you think you only need 1, you actually need 2. And if you think you don't need a file, well you need 1 copy of it somewhere anyway, one day you'll be glad you didn't delete it. :) So be sure to have 3 copies of any other wallets you generate. Thanks for the advice and thanks for the help really appreciate it. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 05, 2014, 06:05:06 AM Downloaded a sgminer lately? Theres a site I don't wanna link right now with fake sgminer files that steal wallets (litecoin, dogecoin, bitcoin etc). Probably wiped the wallet after upload and the software created a new empty one. This sgminer site was linked by blackcoin (they removed it after I showed them) and a few other pools. The software did not actually mine, just opened with a brief error message, stole wallets and closed. This PC didn't have any sgminers on it. All my altcoin rigs do have a few different versions of it though and they are all connected with teamviewer. Most of them were downloaded from crypto-mining-blog Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 05, 2014, 07:17:26 AM Does anyone have any tips for how I can trace the hack and how they did it so it doesn't happen in the future?
Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: Furio on August 05, 2014, 07:23:58 AM Hey all, I need some help, I opened my wallet to discover it had a 0 balance and no transaction history, no nothing. The wallet is synced but there is no information in the wallet. Even saved addresses are gone. The wallet.dat file is still there. Have I been hacked? Im using the Windows Bitcoin core wallet. Has this happened to anyone before and what can i do about it? Thanks There has been spotted new malware who replaces your wallet.dat with an empty wallet.dat. I think that it has happened to you, sorry... Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 05, 2014, 07:50:40 AM Hey all, I need some help, I opened my wallet to discover it had a 0 balance and no transaction history, no nothing. The wallet is synced but there is no information in the wallet. Even saved addresses are gone. The wallet.dat file is still there. Have I been hacked? Im using the Windows Bitcoin core wallet. Has this happened to anyone before and what can i do about it? Thanks There has been spotted new malware who replaces your wallet.dat with an empty wallet.dat. I think that it has happened to you, sorry... Do you have a link to this malware and how they could get access to my system? Thanks Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 05, 2014, 10:30:31 AM So I was looking at the history of Avast virus scans and it seems it did pick up a virus sometime yesterday while I was AFK. It came from the zipcoin.qt wallet.
The virus is called netsh.exe and was found in the directory: C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe\0x94D16BC4A71627A1 Is this a false positive? I dont want to jump on thread spreading accusations before I know a little at least Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: ForgottenPassword on August 05, 2014, 11:18:50 AM So I was looking at the history of Avast virus scans and it seems it did pick up a virus sometime yesterday while I was AFK. It came from the zipcoin.qt wallet. The virus is called netsh.exe and was found in the directory: C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe\0x94D16BC4A71627A1 Is this a false positive? I dont want to jump on thread spreading accusations before I know a little at least Uh oh. netsh.exe is a similar name to a windows system file. There should not be a file named that in the zipcoin directory! Looks this isn't the first virus accusation against this coin: :( https://bitcointalk.org/index.php?topic=721306.msg8190098#msg8190098 Did you install the binary (.exe, .msi) or did you compile it from source? Can you go to the folder C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe and post a list of all the filenames in there? make sure you have "show hidden files and folders" enabled too: http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/ Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: ForgottenPassword on August 05, 2014, 11:28:35 AM Reading that thread there are many people accusing the developer of putting viruses in the coin.
Be WAY more careful in the future. Don't run ANYTHING you aren't 9,001% sure is safe. If you are installing software that has the source code available, learn how to compile it from source. Running the exe puts a lot of trust in the developer as the exe can do ANYTHING. People can check the source code for viruses but they cannot easily check the exe. Hey, Everyone that downloaded the windows wallet early needs to check that AppData\Local\Spoon directory. That is where the backdoor was installed, it doesn't come up on a lot of virus scans, and was packaged with the windows wallet. Seems that the dev has now removed the malicious wallet. You need to delete that directory asap. The program installed after you ran the zipcoin wallet for the first time and ztor.exe remains running even after you close the zipcoin wallet. Obviously the exchanges and people who complied from source weren't affected, as this was zipped with the original windows wallet that was posted in the announcement. Digiguy seems like the attacker shilling to extend time cleaning people out, posting screenshots to direct attention from where the problem is. So if you downloaded that original windows wallet you need to check that C:\USERS\youraccount\APPDATA\LOCAL\SPOON, delete that directory asap, and then look for all your wallet.dat files in the APPDATA roaming folder, if you were infected the "wallet.dat" files were renamed to whatever coin it was such as "Dogecoin.dat" and then sent to the attacker. Gonna repeat, Zipcoin-qt.exe itself is not malicious it was the ztor.exe bullshit that was packaged with the windows wallet, maybe thats why the dev called it zipcoin heh. Again this shit doesnt come up on a lot of antivirus scanners and you need to remove this manually if you were infected, and then there is no telling what else could have been installed so its best to reformat your harddrive. I fear a good amount of people got cleaned out already if they had all their wallets on the infected PC, I guess we'll find out with time. You should not just delete the directory like this guy recommends. You should do a fresh Windows install. This is the only way to be sure you've removed it. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 05, 2014, 11:58:28 AM So I was looking at the history of Avast virus scans and it seems it did pick up a virus sometime yesterday while I was AFK. It came from the zipcoin.qt wallet. The virus is called netsh.exe and was found in the directory: C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe\0x94D16BC4A71627A1 Is this a false positive? I dont want to jump on thread spreading accusations before I know a little at least Uh oh. netsh.exe is a similar name to a windows system file. There should not be a file named that in the zipcoin directory! Looks this isn't the first virus accusation against this coin: :( https://bitcointalk.org/index.php?topic=721306.msg8190098#msg8190098 Did you install the binary (.exe, .msi) or did you compile it from source? Can you go to the folder C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe and post a list of all the filenames in there? make sure you have "show hidden files and folders" enabled too: http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/ Yer I installed the wallet from the exe. I dont even have any of these coins I just wanted to see if the "anon" feature of the coin was a scam. Which it was. Fuck. Files located in that directory are ztor.exe and zipcoin-qt.exe Lesson learnt about this crypto game. Certainly wont happen a second time. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 05, 2014, 12:11:23 PM Installing a fresh copy of windows now. I have also ran scans on all of my mining rigs to make sure they are not infected either and all seems to be ok for now
Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: btcxyzzz on August 05, 2014, 06:10:53 PM Im using the Windows Bitcoin core wallet. Bingo! That's the core problem too. Linux man. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: btchris on August 05, 2014, 07:16:33 PM Yer I installed the wallet from the exe. I dont even have any of these coins I just wanted to see if the "anon" feature of the coin was a scam. Which it was. Fuck. Files located in that directory are ztor.exe and zipcoin-qt.exe Lesson learnt about this crypto game. Certainly wont happen a second time. That stinks. I'm at least glad you found the source... Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 06, 2014, 12:42:27 AM Yer I installed the wallet from the exe. I dont even have any of these coins I just wanted to see if the "anon" feature of the coin was a scam. Which it was. Fuck. Files located in that directory are ztor.exe and zipcoin-qt.exe Lesson learnt about this crypto game. Certainly wont happen a second time. That stinks. I'm at least glad you found the source... Thanks for the help mate 8) Goes to show to have the right security in place for everything. I have now ordered a trezor BTC wallet and encrypted EVERYTHING on my PC's. Lesson learnt. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: TheFridge on August 06, 2014, 03:51:08 AM Do you have any AV?? Check all downloaded files recently Yes, I used Avast and MalwareBytes. Avast picked it up but only after the damage was done. Reading the Zipcoin thread only 1 or 2 out of 50 antivirus programs picked it up Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: Lucky Cris on August 06, 2014, 04:45:58 AM Reading that thread there are many people accusing the developer of putting viruses in the coin. Be WAY more careful in the future. Don't run ANYTHING you aren't 9,001% sure is safe. If you are installing software that has the source code available, learn how to compile it from source. Running the exe puts a lot of trust in the developer as the exe can do ANYTHING. People can check the source code for viruses but they cannot easily check the exe. This is why I opted to go with Linux... felt it was a tidbit safer; perceived safer perhaps? Even though I have a PC and initially had Win8 installed on my server, I've learned what executables can do... so you're def right, there's a level of trust needed. Years ago and just because I learned it was possible, I stripped an exe file down to it's smallest pieces (I think) without installing it. It can be done, but I agree, not easy at all. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: Light on August 06, 2014, 01:04:13 PM This is why I opted to go with Linux... felt it was a tidbit safer; perceived safer perhaps? Even though I have a PC and initially had Win8 installed on my server, I've learned what executables can do... so you're def right, there's a level of trust needed. Years ago and just because I learned it was possible, I stripped an exe file down to it's smallest pieces (I think) without installing it. It can be done, but I agree, not easy at all. Linux is only considered safer because you don't run everything as root while in Windows people have a tendency to log in with their admin account and hence when you run executable files they have access to pretty much everything. Also, it's just more economically feasible for hackers and thieves to go after the operating system which has the most number of users by far - your going to get a lot more people with a windows executable than you are with a tarball that needs to be compiled for Linux. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: ForgottenPassword on August 06, 2014, 03:05:14 PM This is why I opted to go with Linux... felt it was a tidbit safer; perceived safer perhaps? Even though I have a PC and initially had Win8 installed on my server, I've learned what executables can do... so you're def right, there's a level of trust needed. Years ago and just because I learned it was possible, I stripped an exe file down to it's smallest pieces (I think) without installing it. It can be done, but I agree, not easy at all. Linux definitely has more security features built in than Windows, but a badly configured or unpatched Linux system isn't safe. Just because you use Linux doesn't mean you are safe. Additionally I think that it would be easier for malware to hide on a Linux system than on a Windows one. We've seen malware thats hidden at a kernel level, something that is not so easy to do in Windows as you'd probably need the source code for the kernel to do that. On top of that most of the common Linux X servers do not do any kind of GUI isolation at all. Microsoft made an attempt at least, though I don't know how good it really is. Windows gets a lot of flack, but really it's security isn't all that bad. A lot of PC manufcaturers preinstall tons of bloatware to make extra money and additionally lots of people run pirated copies of Windows which don't receive any security updates. When those people then get viruses/hacked they try to blame Microsoft when it is themselves or their PC manufacturer who is at fault. A fully patched and properly configured Windows installation running software built from known good sources is safe. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: ForgottenPassword on August 06, 2014, 03:09:44 PM Linux is only considered safer because you don't run everything as root while in Windows people have a tendency to log in with their admin account and hence when you run executable files they have access to pretty much everything. Also, it's just more economically feasible for hackers and thieves to go after the operating system which has the most number of users by far - your going to get a lot more people with a windows executable than you are with a tarball that needs to be compiled for Linux. Agree with everything you've written. Although one problem with Linux is how easy it is for malware to get root access on a Linux desktop OS (one with a GUI). A keylogger can be written in just a single line of bash script and it is capable of keylogging your root/sudo password because most Linux distros have no kind of GUI isolation at all. It can then use the password to gain root priviledges. Microsoft have actually tried to do SOMETHING about this. I am sure it is probably defeatable though. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: Bitcoin Town on August 06, 2014, 03:58:35 PM Linux is only considered safer because you don't run everything as root while in Windows people have a tendency to log in with their admin account and hence when you run executable files they have access to pretty much everything. Also, it's just more economically feasible for hackers and thieves to go after the operating system which has the most number of users by far - your going to get a lot more people with a windows executable than you are with a tarball that needs to be compiled for Linux. Agree with everything you've written. Although one problem with Linux is how easy it is for malware to get root access on a Linux desktop OS (one with a GUI). A keylogger can be written in just a single line of bash script and it is capable of keylogging your root/sudo password because most Linux distros have no kind of GUI isolation at all. It can then use the password to gain root priviledges. Microsoft have actually tried to do SOMETHING about this. I am sure it is probably defeatable though. yea thats hacker activity to steal and infect device and controll our activity and steal all in keylogger and monitong . thats why before unfamiliar website i never touch anything . Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: Lucky Cris on August 07, 2014, 01:08:45 AM This is why I opted to go with Linux... felt it was a tidbit safer; perceived safer perhaps? Even though I have a PC and initially had Win8 installed on my server, I've learned what executables can do... so you're def right, there's a level of trust needed. Years ago and just because I learned it was possible, I stripped an exe file down to it's smallest pieces (I think) without installing it. It can be done, but I agree, not easy at all. Linux definitely has more security features built in than Windows, but a badly configured or unpatched Linux system isn't safe. Just because you use Linux doesn't mean you are safe. Additionally I think that it would be easier for malware to hide on a Linux system than on a Windows one. We've seen malware thats hidden at a kernel level, something that is not so easy to do in Windows as you'd probably need the source code for the kernel to do that. On top of that most of the common Linux X servers do not do any kind of GUI isolation at all. Microsoft made an attempt at least, though I don't know how good it really is. Windows gets a lot of flack, but really it's security isn't all that bad. A lot of PC manufcaturers preinstall tons of bloatware to make extra money and additionally lots of people run pirated copies of Windows which don't receive any security updates. When those people then get viruses/hacked they try to blame Microsoft when it is themselves or their PC manufacturer who is at fault. A fully patched and properly configured Windows installation running software built from known good sources is safe. Evidently you misunderstood what I wrote - I said SAFER, not that it is SAFE. Any system that connects to the www is no way safe. Just to clarify... there were two reasons I opted for Linux over Win8 (although I love the interface), but primarily because of the wallet files that I'd be forced to download - for windows they are exe... and like I said, I know what can hide in them. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: Lucky Cris on August 07, 2014, 01:10:47 AM Linux is only considered safer because you don't run everything as root while in Windows people have a tendency to log in with their admin account and hence when you run executable files they have access to pretty much everything. Also, it's just more economically feasible for hackers and thieves to go after the operating system which has the most number of users by far - your going to get a lot more people with a windows executable than you are with a tarball that needs to be compiled for Linux. Agree with everything you've written. Although one problem with Linux is how easy it is for malware to get root access on a Linux desktop OS (one with a GUI). A keylogger can be written in just a single line of bash script and it is capable of keylogging your root/sudo password because most Linux distros have no kind of GUI isolation at all. It can then use the password to gain root priviledges. Microsoft have actually tried to do SOMETHING about this. I am sure it is probably defeatable though. Good lawd! I guess that's why it's advisable not to install a GUI on a linux server. I'm guilty... totally guilty. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: Poker Tilt on August 07, 2014, 05:50:44 AM Do you have any AV?? Check all downloaded files recently Yes, I used Avast and MalwareBytes. Avast picked it up but only after the damage was done. Reading the Zipcoin thread only 1 or 2 out of 50 antivirus programs picked it up agree some people easy to move money in backup in other wallet . maybe you get infected in your pc . check it now. Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: tspacepilot on August 07, 2014, 06:02:21 AM In the future, don't run windoze! Or, if you have to run windows for your day-to-day life, at least put your bitcoin wallet into a usb linux that you boot into and keep that clean. 99.9999999999999999999% of the viruses and keyloggers out there are targeting windows, if you just move to GNU/Linux (even if it's only for your bitcoins) you'll avoid the vast, vast majority of attacks.
Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: Omniescient on August 07, 2014, 07:53:01 AM Hey all, becarefull someone hack your device and monitorng your activity and takes money from youI need some help, I opened my wallet to discover it had a 0 balance and no transaction history, no nothing. The wallet is synced but there is no information in the wallet. Even saved addresses are gone. The wallet.dat file is still there. Have I been hacked? Im using the Windows Bitcoin core wallet. Has this happened to anyone before and what can i do about it? Thanks make sure you have backup Title: Re: Bitcoin Wallet Empty, no transactions, no nothing Post by: Ayers on August 07, 2014, 05:28:05 PM does the zipcoin client was installed in a separate machine or in the one with your money? i want to know if the virus moved from one pc to another
|