Bitcoin hacking warning

[akwfleaspirit]

**Edit. It looks like I'm probably wrong about the pop up since it is in 2 Windows systems folders and not in any wallets. The only facts at this point are that someone at 109.120.153.223 took a lot of litecoin and bitcoin from my computer and logged into numerous of my online financial accounts.**

[dspiel]

never trust a popup

[crazy_rabbit]

never trust a popup

Solid advice for life.

[akwfleaspirit]

never trust a popup

Right.

My point though is that a hacker apparently used the real version of the latest flash to take over my computer and nothing was detected by Comodo full version, malwarebytes, spybot, Norton, etc. The pop up is not the problem. Flash is the problem.

As of about 2 minutes ago the pop up has improved a bit more and now doesn't show the promo link but simply directs you to flash.

I have no adobe products whatsoever on this computer right now.

If I had been on the internet on a page with flash and got a pop up to update the flash, and was then directed to the real adobe site, I would get bitten.

[powdabam]

never trust a popup

Right.

My point though is that a hacker apparently used the real version of the latest flash to take over my computer and nothing was detected by Comodo full version, malwarebytes, spybot, Norton, etc. The pop up is not the problem. Flash is the problem.

As of about 2 minutes ago the pop up has improved a bit more and now doesn't show the promo link but simply directs you to flash.

I have no adobe products whatsoever on this computer right now.

If I had been on the internet on a page with flash and got a pop up to update the flash, and was then directed to the real adobe site, I would get bitten.

If you really are running comodo/malwarebytes/spybot and Norton...there is a very good chance you have zero protection.  AVs fight eachother and prevent eachother from doing many basic tasks.  Uninstall Norton and spybot.  Malwarebytes isn't technically an AV, so you are fine there, but make sure that Comodo plays nice with it.

-16 year system admin

[akwfleaspirit]

First computer as it got hacked had Comodo, spybot and malwarebytes. Comodo was the main security program, the others don't conflict.

Norton is on this computer, the same one but with a restored os.

I also have two other computers next to me now as I am trying to recover coins.

So far none of the programs have detected anything.

The hack did innvolve monkeying with core parts of windows so that processes were not displayed accurately in the task manager.

At one point my computer was running nothing actively but seemed sluggish. I opened the task manager and saw two netminers I had open were both above 45% of cpu which I have never seen before. Obviously something was uploading files from my computer but there was no evidence to be found. Read that twice.

edit
I won't post anymore on this until my computers are a little more straightened out, but my  personal advice to anyone at this point would be to take adobe products off of computers that have alt coin wallets with blockchains. Connecting to begin downloading the blockchain of some coins + certain adobe product(s) seems to compromise your computer.

End of topic.

[fghj]

If they have root access and know you have some bitcoins they will be able to manually lobotomize all antivirus software. Have you tried GMER? If still nothing you should boot from Hiren's BootCD (download and burn it from other machine of course) or nuke your system.

[fleabag]

quit surfing porn   

[jones31]

The thread title is incorrect. It should read: Personal computer hacking warning.

Exactly , how is this thread related to Bitcoin?

[Ecurb123]

This doesn't sound to me like anyone has taken control of the computer, it seems more like malware doing it's thing.

[akwfleaspirit]

The thread title is incorrect. It should read: Personal computer hacking warning.

Exactly , how is this thread related to Bitcoin?

1) First sign of the hack was a bitcoin wallet taken.

2) Second sign right after was a litecoin wallet.

3) It seems likely that the hacker, at 109.120.153.223 used a coinwallet download to get on my computer.

I've been on the internet since the 90s and have never been hacked before. I don't know a lot about computers but I do think there is a problem that might concern other coin users.

I am looking now at the computer next to me. Restored to factory condition then all extra programs removed and several wallets installed. It has not touched the internet. It now has a popup telling me to "Please Download Latest Version of Flash".
On the task manager
Image name eMachines.scr *32
User Me
CPU 00
Memory 1,668k
Description Screen Saver

Unless Emachines has factory installed semi literate pop ups that probably came from one of the wallets.

Thyere are other oddities too, such as the wallet asking me to make sure my system clock was correct. Maybe meaningful maybe not.

[Foxpup]

Actually, that is a factory installed program. It's the default screen saver for Acer eMachines computers (which is why it keeps popping up every so often if you don't do anything), it requires Flash, and the www.adobe.com link is genuine. What I don't understand is why Acer decided it would be a good idea to preinstall a program that requires Flash, but not preinstall Flash itself. Anyway, if you don't want to install Flash, just disable your screen saver (or select a different one).

Thyere are other oddities too, such as the wallet asking me to make sure my system clock was correct. Maybe meaningful maybe not.

Your system clock may be incorrect if the factory restore changed the time zone. Make sure the time zone is correctly set then adjust the clock if necessary.

[akwfleaspirit]

Actually, that is a factory installed program. It's the default screen saver for Acer eMachines computers (which is why it keeps popping up every so often if you don't do anything), it requires Flash, and the www.adobe.com link is genuine. What I don't understand is why Acer decided it would be a good idea to preinstall a program that requires Flash, but not preinstall Flash itself. Anyway, if you don't want to install Flash, just disable your screen saver (or select a different one).

Thyere are other oddities too, such as the wallet asking me to make sure my system clock was correct. Maybe meaningful maybe not.

Your system clock may be incorrect if the factory restore changed the time zone. Make sure the time zone is correctly set then adjust the clock if necessary.

I am officially retarded.

\Still though, the picture is like when you take a tiny picture and blow it up to 20 times the size. A monkey could make better graphics with gimp. And it doesn't seem like a native English speaker would write  "please download latest version". I don't know anything about emachines except that they had a computer on sale somewhere at some time in the past.

[TheFootMan]

A windows machine is rooted by default (MS backdoor + all other automatic updates). Use Linux. Or if storing coins for a longer time and safety is important, use a cold wallet.

[Ecurb123]

And it doesn't seem like a native English speaker would write  "please download latest version". I don't know anything about emachines except that they had a computer on sale somewhere at some time in the past.

Guess what, nothing about emachines or most computers for that matter involves any "native English Speakers".

eMachines were the cheapest of the cheap.

You can expect things like that.

Step your game up a little bit.

Download and install Ubuntu 12.04.


~BCX~

Quick question here, why suggest 12.04 and not the newest? I often see it suggested but never know why.

[holzer]

If you have any other alt coins on your machine I would transfer them immediately to another wallet on another machine.