Please Help

[link4344]

There is a company who has been scamming bitcoins through a fake tumbling service for some time.  I noticed they hacked my computer, and have my recieve address and plan to basically pin it on me.

I need to delete my wallets or I think the address is 1xkWFsbR6WNEUqCePzbJMmBgM7kGLCoXN that they plan.

they uploaded a package yesterday on my computer and reading some of there text files i was basically able to see there plan.  But I need the address gone  I don't have python if anyone can help.

[achow101]

What is the company and the tumbling service? How do you know that they hacked your computer? Did you download a virus or something from them? How will they be able to "pin" the scam on you? If you still have the private keys then you can be the good guy and take the coins and send them back to the victims.

If they have installed programs on your computer then you have a virus. Get an antivirus software and remove it. Also, when you aren't using the computer, shut it down so that they can't do anything. If you need to computer on but not online, disconnect it from the internet.

[link4344]

What is the company and the tumbling service? How do you know that they hacked your computer? Did you download a virus or something from them? How will they be able to "pin" the scam on you? If you still have the private keys then you can be the good guy and take the coins and send them back to the victims.

If they have installed programs on your computer then you have a virus. Get an antivirus software and remove it. Also, when you aren't using the computer, shut it down so that they can't do anything. If you need to computer on but not online, disconnect it from the internet.

it's a common scam on darknetmarkets.org they refer you to a fake version of helix with a fake helix id and keep it all.  I've seen helix confirm in forums that helix id is a scam.  And they are the ONLY ones who would do this, I sent them a few worded emails to get my money back.

It is disconnected, the virus is a one time package that was installed and continues to run, i unplugged modem and removed memory card and files were still being added

[achow101]

It is disconnected, the virus is a one time package that was installed and continues to run, i unplugged modem and removed memory card and files were still being added

If you have another computer, get an offline installer of an antivirus software and save that to a flash drive. Then install it on the infected computer and remove the virus.

[link4344]

I can't even run a antivirus they have full control of the computer

Pywallet will do this, i'm at the library i can't do it here

https://bitcointalk.org/index.php?topic=34028.0

thats the adress for it

heres the instructions

Installation:

    Linux/OSX: See README file
    Windows:
        Download https[Suspicious link removed] (SHA256: 645a4d092733ad6685de730a38b210c6594e44a15690a87a231859477deca316)
        Run it
        Click about a thousand times on Yes/Next/I Agree/OK
        Go to the directory where you extracted it and run pywallet.bat
        http://localhost:8989


How to run it:
 Download it there: https://github.com/jackjack-jj/pywallet
 Run './pywallet.py --web' then open 'http://localhost:8989' in your brower


if someone would help me i'd relaly apprciate it

[siameze]

Let me guess ... use run Windows and got in this mess from visiting darknet markets. Am I close?

[link4344]

yes, i tried to tumbl through them

[achow101]

I can't even run a antivirus they have full control of the computer

Then just format the hard drive and reinstall your OS. Since you are trying to delete your private keys anyways, that will take care of that for you.

Pywallet will do this, i'm at the library i can't do it here

https://bitcointalk.org/index.php?topic=34028.0

thats the adress for it

heres the instructions

Installation:

    Linux/OSX: See README file
    Windows:
        Download https[Suspicious link removed] (SHA256: 645a4d092733ad6685de730a38b210c6594e44a15690a87a231859477deca316)
        Run it
        Click about a thousand times on Yes/Next/I Agree/OK
        Go to the directory where you extracted it and run pywallet.bat
        http://localhost:8989


How to run it:
 Download it there: https://github.com/jackjack-jj/pywallet
 Run './pywallet.py --web' then open 'http://localhost:8989' in your brower


if someone would help me i'd relaly apprciate it

You can't run pywallet without python, which you said you don't have:

I don't have python if anyone can help.

Why are you even trying to delete your private keys? How will that help you at all?

[cr1776]

...
Then just format the hard drive and reinstall your OS. Since you are trying to delete your private keys anyways, that will take care of that for you.
...

If you already have a backup, keep it.  

If you can make one, do so.  It doesn't hurt to have it so that if they send coins to that address you (or someone) can sweep them and not let the scammers keep them.

If you wish to make their life more difficult in terms of using that key, post both the private and public key here.  Then someone will no doubt monitor it and try to beat the scammers before they make bitcoins from it.

[siameze]

If you intend on continuing any type of darknet market activities I highly reccomend learning to use tails or something similar. You are just begging for a repeat of this situation if you continue to use Windows for these types of things.

[link4344]

...
Then just format the hard drive and reinstall your OS. Since you are trying to delete your private keys anyways, that will take care of that for you.
...

If you already have a backup, keep it.  

If you can make one, do so.  It doesn't hurt to have it so that if they send coins to that address you (or someone) can sweep them and not let the scammers keep them.

If you wish to make their life more difficult in terms of using that key, post both the private and public key here.  Then someone will no doubt monitor it and try to beat the scammers before they make bitcoins from it.

[cr1776]

If you intend on continuing any type of darknet market activities I highly reccomend learning to use tails or something similar. You are just begging for a repeat of this situation if you continue to use Windows for these types of things.

Definitely good advice.  Or if you are handling a substantial number of bitcoins, buy a PC to use only in off-line mode.  And don't use Windows with it.

[notaek]

First of all, perform hard reset on your PC right now if you don't have coins inside your existing wallet and you don't bother to import the compromised wallet.dat. Then reinstall your OS and download a new wallet from here. Also, be careful to investigate the file you are about to download, especially from Darknet/Nulled websites and prevent yourself from regretting again.


Windows users can run any linux OS on a virtual machine and download the Bitcoin wallet there. But you need to fully trust the virtual machine right?

That's why I recommend them to use a savings wallet; like downloading Bitcoin core wallet or MultiBit HD (if disk space is low) on an USB stick or on a Raspberry Pi.