10000 PIVX STOLEN

[Mickeyspit]

Hello, yesterday 10000 pivx were stolen from my encrypted wallet. My computer knowledge is good I have removed malware and viruses from hundreds of computers as I did it for a job for few years. Is it possible that I have been hacked is for someone to send me a key logger and then transfer my PIVX wallet.dat to their computer and then transfer funds out?
At the time of the transaction I was setting up the masternode and asked for help on slack. Maybe someone from pivx slack saw my post hacked me?
I have traced the transaction... it ended up here

http://www.presstab.pw/phpexplorer/PIVX/address.php?address=DC2zB4fnzEaYyjc4SbzVgJSxAXUtK4Vk6Y

I will give a reward to anyone who can help with the discovery of my stolen coins

[1715694639]

1715694639

[1715694639]

1715694639

[1715694639]

1715694639

[1715694639]

1715694639

[1715694639]

1715694639

[1715694639]

1715694639

[altcoinrich]

Hello, yesterday 10000 pivx were stolen from my encrypted wallet. My computer knowledge is good I have removed malware and viruses from hundreds of computers as I did it for a job for few years. Is it possible that I have been hacked is for someone to send me a key logger and then transfer my PIVX wallet.dat to their computer and then transfer funds out?
At the time of the transaction I was setting up the masternode and asked for help on slack. Maybe someone from pivx slack saw my post hacked me?
I have traced the transaction... it ended up here

http://www.presstab.pw/phpexplorer/PIVX/address.php?address=DC2zB4fnzEaYyjc4SbzVgJSxAXUtK4Vk6Y

I will give a reward to anyone who can help with the discovery of my stolen coins

Did you click some unknown emails? I received some email like that, luckily I never clicked them.

[Mickeyspit]

No unknown emails or downloads. I'm very aware of malware and can spot a dodgy download easily. Also using up to date eset smart security and malwarebyes.

[Immakillya]

Maybe your pc is injected with keylogger. Its impossible you lose that amount without doing anything on your pc. If you didn't click any suspicious links on your email. Check if you downloaded browser extensions. Sometimes antivirus can't scan virus or malware. Just use linux os for better security.

[imtav]

Use (offline) random string generator for passwords, then store passwords into a password manager program, back up password manager file in zero-knowledge cloud storage.  This way you never type in your passwords even once.

EDIT: I know this doesn't help you get your funds back, and you most likely won't be able to.  Unfortunately, you may just have to treat this as an expensive lesson that your crypto security practices were insufficient.

[Zer0Sum]

At the time of the transaction I was setting up the masternode and asked for help on pivx slack.

Police investigations focus on things that are unlikely to be a coincidence. Here's one.

[shinratensei_]

Hello, yesterday 10000 pivx were stolen from my encrypted wallet. My computer knowledge is good I have removed malware and viruses from hundreds of computers as I did it for a job for few years. Is it possible that I have been hacked is for someone to send me a key logger and then transfer my PIVX wallet.dat to their computer and then transfer funds out?

I think so, With your PIVX wallet.dat someone being able to open your wallet.
But in my opinion, if your desktop gets infected by the keylogger or another malware.

At the time of the transaction I was setting up the masternode and asked for help on slack. Maybe someone from pivx slack saw my post hacked me?

My thought if that's a correct assumption.

I will give a reward to anyone who can help with the discovery of my stolen coins

I'm sorry, but no one can help you in this case. Your amount successfully funded to the hacker's account.

Looks he was successful to infiltrate another desktop.
Regarding his transaction history.

[adhitthana]

Hello, yesterday 10000 pivx were stolen from my encrypted wallet. My computer knowledge is good I have removed malware and viruses from hundreds of computers as I did it for a job for few years. Is it possible that I have been hacked is for someone to send me a key logger and then transfer my PIVX wallet.dat to their computer and then transfer funds out?

I think so, With your PIVX wallet.dat someone being able to open your wallet.
But in my opinion, if your desktop gets infected by the keylogger or another malware.

At the time of the transaction I was setting up the masternode and asked for help on slack. Maybe someone from pivx slack saw my post hacked me?

My thought if that's a correct assumption.

I will give a reward to anyone who can help with the discovery of my stolen coins

I'm sorry, but no one can help you in this case. Your amount successfully funded to the hacker's account.

Looks he was successful to infiltrate another desktop.
Regarding his transaction history.

How could someone hack your computer just because you were on clack getting help?

[adhitthana]

Use (offline) random string generator for passwords, then store passwords into a password manager program, back up password manager file in zero-knowledge cloud storage.  This way you never type in your passwords even once.

EDIT: I know this doesn't help you get your funds back, and you most likely won't be able to.  Unfortunately, you may just have to treat this as an expensive lesson that your crypto security practices were insufficient.

Can you recommend a good password manager program?

And how does one back up passwords in zero-knowledge cloud storage?

Thanks

[shamzblueworld]

Hello, yesterday 10000 pivx were stolen from my encrypted wallet. My computer knowledge is good I have removed malware and viruses from hundreds of computers as I did it for a job for few years. Is it possible that I have been hacked is for someone to send me a key logger and then transfer my PIVX wallet.dat to their computer and then transfer funds out?
At the time of the transaction I was setting up the masternode and asked for help on slack. Maybe someone from pivx slack saw my post hacked me?
I have traced the transaction... it ended up here

http://www.presstab.pw/phpexplorer/PIVX/address.php?address=DC2zB4fnzEaYyjc4SbzVgJSxAXUtK4Vk6Y

I will give a reward to anyone who can help with the discovery of my stolen coins

Sorry to hear that buddy but I don't think they will be recovered now. Only possible solution would be to hire a better hacker maybe who would do the same that has been done with you.

[Mickeyspit]

Hello.
Thanks for your reply. Can you recommend a hacker to help. I don't expect the coins back. I just want proof I was hacked and how it was done

Regards michael


Posted From bitcointalk.org Android App

[johnny5johnny5]

Ouch.

I was reading on the pivx slack that there was a fake wallet client available for download somewhere online. Mods were saying to be careful and to make sure you update your client to the new version due to a protocol update. New version is 2.2 I believe. Only download from the official website.

Also if you did not update to v2.2 you would be on a forked chain. You need to update to v2.2, manually resync the blockchain, import your wallet and then you may have to do a repair via the client (option is in one of the menus). I thought I had lost about 9k pivx until I completed that wallet repair.

Have you asked the guys on the pivx support slack for help?

Feel bad for you man. So many people are having difficulty getting their masternodes set up, and now it seems people are even being scammed. The devs need to make that process way easier.

Also, was your wallet encrypted?

[Mickeyspit]

Yes I have updated to 2.2 and spoken to the lead developer. Infact I was chatting to the devs at the time of the hack.
I just need some proof that the hack occurred. Anyone know of a white hat hacker that can confirm I was hacked?

A key logger is possible. But transferring a wallet.dat file from my c: drive ain't easy to do but maybe possible?

There must be some evidence on my pc that the hack occurred. Happy to pay to find out how this happened.
Im really in mourning over my stolen masternode

[jujugoboom]

Sorry to hear that, sounds impossible mission for the hackers because you didn't download or click some suspicious links, weird, but you have to face it. Buy coins in exchanges, not keep them in your pc.

[Mickeyspit]

I have ran malware bytes root kit and kl detector and found nothing. My win 7 is password protected and i dont allow rdc. I'm 95% sure I was not hacked. I don't see how my wallet.dat could have been transferd from my hard drive to a hacker?

[arbitrage]

When you talking about this mysterious disappearing of your coins my thoughts are focused on the different side, to become suspicious about this code, and i hope whole this topic is not about creating confusin and fear..This wont reflect good on oure investments.

[Mickeyspit]

Why would I want to create fear in the PIVX community?
I have enjoyed chatting to the members on slack it's a great community and very helpful.

I just don't believe I was hacked there's no evidence that supports the hack has taken place.

Can anyone inform me of what type of hack exploit this could be as I did not open or receive any malicious files?

Running win 7 with Malware bytes and eset smart security

[Shiroslullaby]

What details were posted on Slack?
Were you recommended to make any changes to your configuration or download any files?
Hopefully someone with knowledge about setting up a Pivx masternode can look at the info you were given and determine if anything would have lead to a compromise.

[Zadicar]

Hello, yesterday 10000 pivx were stolen from my encrypted wallet. My computer knowledge is good I have removed malware and viruses from hundreds of computers as I did it for a job for few years. Is it possible that I have been hacked is for someone to send me a key logger and then transfer my PIVX wallet.dat to their computer and then transfer funds out?
At the time of the transaction I was setting up the masternode and asked for help on slack. Maybe someone from pivx slack saw my post hacked me?
I have traced the transaction... it ended up here

http://www.presstab.pw/phpexplorer/PIVX/address.php?address=DC2zB4fnzEaYyjc4SbzVgJSxAXUtK4Vk6Y

I will give a reward to anyone who can help with the discovery of my stolen coins

Very rare case on which you have been getting hacked while doing nothing since you are a computer techy guy and you know already the possible things for being hacked then you do know the things to be avoided but you didnt skip or passed on this one.Possible suspect would really be on that slack channel,im not programming expert but the hacker is definitely there. 10000 PIVX is too much equivalent on 15 btc,sorry for the lose i think no one would really make those coins be recovered.

[Mickeyspit]

these are the screenshots i sent

http://imgur.com/xwNfmkV
http://imgur.com/60EAgPG
http://imgur.com/vRk6Mxr
 [10:58 PM]
do i have to pay for a VPN to host the node?

[10:59]
VPS*

mbalance
[11:02 PM]
yes, you can check my guide in the forums! "vultr.com ununtu"

[11:02]
is only 5$ a month

[11:02]
for a VPS

[11:03]
sorry typos..on my phone

mickeyspit [11:04 PM]
ok thanks ill check it out


mbalance
[11:10 PM]
np:+1::skin-tone-4:

mickeyspit [11:29 PM]
just created an account on vultr

[11:29]
latest unbuntu?

[11:30]
oh is in the guide :grinning:

mbalance
[11:30 PM]
16 64bit

[11:31]



----- May 3rd -----
mickeyspit [12:34 PM]
hello can u help me with MN setup?

mbalance
[4:14 PM]
Hi, yes what step are u at?

mickeyspit [4:20 PM]
i had it almost setup but i was on wrong linux version.  spoke to jackyman now back at aquare one

[4:20]
lol

mbalance
[4:22 PM]
ok

mickeyspit [4:22 PM]
just added user

[4:22]
usermod -aG sudo sammy

[4:22]
https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-16-04
DigitalOcean
Initial Server Setup with Ubuntu 16.04 | DigitalOcean
When you start a new server, there are a few steps that you should take every time to add some basic security and give you a solid foundation. In this guide, we'll walk you through the basic steps necessary to hit the ground running with Ubuntu 16.04. (52kB)

[4:22]
do i need to do step 4?

mbalance
[4:23 PM]
what os is your pc?

mickeyspit [4:23 PM]
win 7

mbalance
[4:24 PM]
what's step 4?

mickeyspit [4:24 PM]
setting up shh keys

[4:24]
extra security?

[4:24]
step 4 in above guide (edited)

mbalance
[4:25 PM]
ok i think you maybe skip that for now on win7

mickeyspit [4:25 PM]
Step Four — Add Public Key Authentication (Recommended)

mbalance
[4:26 PM]
just choose long passwords

mickeyspit [4:26 PM]
yer cool

mbalance
[4:26 PM]
then you can continue on the main guide

[4:27]
now

mickeyspit [4:27 PM]
roger

mickeyspit [4:33 PM]
tar -i

[4:34]
whats extract tar command again?

[4:34]
rat

mickeyspit [5:23 PM]
i cant work out how to place files and folders correctly in linux (edited)

mbalance
[7:35 PM]
cd folder/

mickeyspit [7:36 PM]
got most of it done but not working still. im chatting to alistar now

mbalance
[7:36 PM]
ok

mickeyspit [7:37 PM]
uploaded this image: Untitled.jpg
Add Comment

mickeyspit [7:37 PM]
this where im at.  ill let allister help first

[7:38]
linux is hectic

[7:38]
but i had fun. learnt heaps of commands

mbalance
[7:38 PM]
good stuff :+1::skin-tone-4:

mickeyspit [7:50 PM]
fuck fuyck fuck

[7:50]
need halp urgent

mbalance
[7:51 PM]
supp?

mickeyspit [7:51 PM]
uploaded this image: Untitled.jpg
Add Comment

mickeyspit [7:51 PM]
i did not send this money

[7:51]
it happend just popped up

mbalance
[7:53 PM]
what do you mean, did any one have access to your system?

mickeyspit [7:53 PM]
no

[7:54]
i live alone

[7:54]
possible bug?

mbalance
[7:54 PM]
send me the address

mickeyspit [7:54 PM]
alistar
[7:53 PM]
you did not do it?

new messages
[7:53]
have you restart your wallet?

[7:54]
maybe blockchain is corrupted

[7:54]
and it's a bug

[7:54]
DPFnK2qjV3R3Dnf5HfjXgQ5UkPAB

mbalance
[7:56 PM]
check it on presstab.pw

[7:57]
im on phone

mickeyspit [7:57 PM]
how i use presstab?

[7:58]
its not listed on the lasted block in block explorer

[7:58]
15 confirmations

mbalance
[8:13 PM]
so you still see your balance in the explorer?

mickeyspit [8:14 PM]
no

mbalance
[8:15 PM]
you might have been hacked, wait ill be on my pc in an hour

mickeyspit [8:15 PM]
fuck

mbalance
[8:21 PM]
what did you install or download in the last 24hrs

mickeyspit [8:22 PM]
nothing

[8:22]
i am vey expericend pc user

[8:23]
i had computer business and fixed hundreds of pc's virus/malware removal

[8:23]
the node cost me 15000 AUD i cant afford to loose it

[8:24]
i have been trying to setup node all day posting pictures of server settings. if i been hacked it would be someone from slack

[8:24]
how can they hack me? thy need wallet.dat yes?

[8:25]
this needs to be fixed

mbalance
[8:26 PM]
yes only with wallet dat or access to your computer anyone can steal yoit coins

mickeyspit [8:27 PM]
i live alone

mbalance
[8:27 PM]
remote access

mickeyspit [8:27 PM]
nobody had acess to it

[8:27]
how?>

mbalance
[8:27 PM]
im talking about

[8:27]
many ways

mickeyspit [8:28 PM]
so thats it i lost 20000 AUD?

mbalance
[8:28 PM]
that's why you need to recall everything you did

mickeyspit [8:28 PM]
FUCK THIS SHIT PIVX IS A SCAM

[8:28]
i cant belive it

[8:28]
please help me

mbalance
[8:29 PM]
im home in 1 hour

mickeyspit [8:29 PM]
should never had tried to setup node myself BAD IDEA

[8:29]
okj

mbalance
[8:29 PM]
on phone now

mickeyspit [8:29 PM]
sorry i freaking out

mbalance
[8:29 PM]
np we will see if it's fixable

[8:30]
for now chill and think/recall everything you did and make notes

[8:31]
and copy the chat logs so i can read them

mickeyspit [8:35 PM]
they would need my wallet password also?

[8:36]
how the fuck?

mickeyspit [9:11 PM]
uploaded this image: Stolen.jpg
Add Comment

mbalance
[9:19 PM]
So your wallet is showing no balance?

mickeyspit [9:20 PM]
lol nar i got 6.19

[9:20]
so hpoefully a glitch

[9:20]
u would think if stolen they would take all of it

mbalance
[9:21 PM]
Is any one helping you?

mickeyspit [9:21 PM]
not at the moment

mbalance
[9:21 PM]
Have you gone through the wallet FAQ?

mickeyspit [9:21 PM]
umm no

[9:21]
just been drinking beer.

[9:21]
lol

[9:22]
FYI im still sober

mbalance
[9:23 PM]
please write getblockhash 626291

mickeyspit [9:23 PM]
trying not to freak out

mbalance
[9:23 PM]
into debug console

[9:23]
send me the output

mickeyspit [9:23 PM]
ff44a5abbe2d7a8f396092f63a82872b2830ae7f83135bc8eb82719ff4347056

mbalance
[9:24 PM]
Ok your on the right chain (edited)

[9:24]
What is your balance now?

mickeyspit [9:25 PM]
uploaded this image: led1.jpg
Add Comment

mbalance
[9:27 PM]
I would recommend you do a fresh install of your operating system

mickeyspit [9:27 PM]
that aint gunna my cash back?

mbalance
[9:27 PM]
and about the lost PIVX, if they are not in some other wallet that you have they are pretty sure gone

mickeyspit [9:28 PM]
this is bullshit

mbalance
[9:29 PM]
It is not recommended for non technical members to setup their masternodes and never ever invest more then you can afford to lose in anything

[9:29]
I understand your situation but see it as a lesson learnt (edited)

mickeyspit [9:33 PM]
so thats it huh?>

[9:33]
i lost 20000 AUD??

mbalance
[9:36 PM]
If you don't have the PIVX in some other wallet probably. Please go through the wallet FAQ just to be sure https://forum.pivx.org/t/faq-for-wallet-issues/
PIVX - Community Forum
FAQ for Wallet Issues
This is an unofficial FAQ made by me to keep all the things in 1 place for easy reference. I will add more over time and ensure that it is up to date whenever possible. Last updated 4/29/2017 Latest current wallet is v2.2.0. Info & download link below: https://forum.pivx.org/t/pivx-wallet-2-2-0-release-mandatory/ Q1. Wallet crashes or has crashed and now won’t launch. Fails every time. What do I do? An abnormal exit of the wallet results in a blockchain inconsistency from that point onwa...
Reading time
----------------
2 mins :clock2:

Likes
----------------
6 :heart:

 

mickeyspit [9:39 PM]
mate i need the top developer. i will pay to get his help? s3venhacks?

mbalance
[9:40 PM]
you can get a hold of him @s3v3nh4cks in #development but he can't change the blockchain just so you know

mickeyspit [9:46 PM]
ok ill let him know what happend.

[9:46]
thanks for you help anyway mate

mbalance
[9:48 PM]
Your welcome and good luck!


----- Yesterday May 4th, 2017 -----
mickeyspit [8:49 PM]
Hello

[8:50]
Have a read please
https://bitcointalk.org/index.php?topic=1900406.new#new
bitcointalk.org
10000 PIVX STOLEN
10000 PIVX STOLEN

mbalance
[8:53 PM]
Sorry judging from what I read you should go no where near this technology, if you do don't invest more then you can afford to lose

mickeyspit [8:54 PM]
Are you serious? That's a terrible response from a developer

[8:54]
I did nothing wrong

mbalance
[8:54 PM]
You are using windows, any kid can hack windows 7 without you taking notice

[8:55]
Just to name one issue

[8:55]
And I'm not a dev!

mickeyspit [8:55 PM]
Well I was unaware hacking win 7 is so easy

[8:56]
If it's so easy can u please explain how it was done?

mbalance
[8:56 PM]
You where unaware of many other things as well, you can not just put 20k on your HD and think its safe without doing your homework

mickeyspit [8:57 PM]
I did my homework. I know what I'm doing.

mbalance
[8:57 PM]
You can use google for all of your questions, I do not have the time for this

[8:57]
Bye

mickeyspit [8:58 PM]
How rude thanks





alistar
[7:28 PM]
Hi i see you have some problems setting up a MN.

[7:28]
Can i help you somehow?

mickeyspit [7:28 PM]
yes please

[7:28]
im almost done i i think lol

mickeyspit [7:29 PM]
uploaded this image: Untitled.jpg
Add Comment

alistar
[7:31 PM]
Let's see if this will work

[7:32]
Can you try command: listaddressgroupings in your controller wallet?

mickeyspit [7:32 PM]
[
        [
            "DJBZ2PwC5U9fPnPMgEHfBZYDxWQp2dGfoB",
            0.00000000
        ],
        [
            "DSAfvek75seE4Y1XGKPjkvRKybPfaqU8so",
            10004.68000000,
            "MN001"
        ],
        [
            "DHhNkB29jtYDXzBdf2adimAd8iUnGB9jfN",
            0.81617886
        ],
        [
            "DCjUgNZPSsJ2gPJkZuCtU9hWHKgLEp8qBV",
            0.00000000
        ],
        [
            "DRPFx5dAWmcJed7RzvKZDv22bdkeU8fnhM",
            0.00000000
        ],
        [
            "D5uZtjd57bB5Bpq769CKpCL77B5XXUZX2T",
            0.00990000,
            "Staking"
        ]
    ],
    [
        [
            "DS7NNENkjf4pfboieakCPBNUUC5XkJZspt",
            0.00116722,
            "CPU Miner"
        ]
    ],
    [
        [
            "D6uhKM4zGa2UJvLypPXrfZ6QjrfQaoYGfG",
            0.69159746,
            "CC Miner"

alistar
[7:33 PM]
Oops I guess something is wrong

[7:34]
When did you setup this?

mickeyspit [7:35 PM]
today. but i switched from coin server he shut his end down this morning

alistar
[7:37 PM]
Oke lets fix it

mickeyspit [7:37 PM]
awesome

[7:39]
19:39:36

Error: Please enter the wallet passphrase with walletpassphrase first. (code -13)

[7:40]
19:40:19

alistar
[7:40 PM]
Good now try masternode list-conf

mickeyspit [7:40 PM]

{
    "masternode" : {
        "alias" : "masternode1",
        "address" : "45.76.116.209:51472",
        "privateKey" : "88D4bbFt9NgZ1WLHkJPdMicVfDpy9cVbudo8Q8yboLmYgyahaKp",
        "txHash" : "480a03bc5594f33ffa1d5c9e65eebcfbc116b53ca342510ef3b612e2d87cf652",
        "outputIndex" : "1",
        "status" : "ENABLED"
    }
}

alistar
[7:41 PM]
Does the time increase on your wallet?

mickeyspit [7:41 PM]
under active? no

alistar
[7:41 PM]
You run windows and linux yes?

mickeyspit [7:42 PM]
im on win 7 and server is cloud linux

alistar
[7:42 PM]
Can you show me the pivx.conf from your server? (edited)

mickeyspit [7:44 PM]
what the fuck just happnd?

alistar
[7:45 PM]
what?

mickeyspit [7:45 PM]
100000 pivx were just sent to somewhere with out me doing it

[7:46]
how do i cancle?

alistar
[7:46 PM]
how do you mean

mickeyspit [7:46 PM]
uploaded this image: Untitled.jpg
Add Comment

mickeyspit [7:47 PM]
Status: 2/unconfirmed
Date: 3/05/2017 19:44
To: DPFnK2qjV3R3Dnf5HfjXgQ5UkPABiCScYS
Debit: -10 000.00000000 PIV
Net amount: -10 000.00000000 PIV
Transaction ID: 263adc21c646eea3e9f2b6a48fd32e238df53d5ad64bc74cbe588d9917aad971
Output index: 0

[7:47]
i did not do this

[7:47]
did u steal my money?

[7:47]
what the fuck

[7:47]
can i cancle it?>

alistar
[7:48 PM]
how did i steal your money wtf?

[7:48]
i not even on your computer

[7:48]
are you the only user of this wallet?

mickeyspit [7:48 PM]
fuck

[7:49]
yes

alistar
[7:49 PM]
sure?

mickeyspit [7:49 PM]
and coin server hosted it

[7:49]
POSITIVE

alistar
[7:49 PM]
?

mickeyspit [7:49 PM]
i live alone

alistar
[7:49 PM]
damn i really dont know how this happend

[7:50]
are you sure you did not do it yourself accidenally?

mickeyspit [7:50 PM]
NOT HAPPY

[7:50]
POSITIVE

alistar
[7:50 PM]
what?

mickeyspit [7:50 PM]
i didnt send any money anywhere

alistar
[7:51 PM]
I dont know if there is a way to cancel

[7:51]
I hope there is

[7:51]
please try to restart your wallet

[7:51]
maybe its a bug

mickeyspit [7:52 PM]
uploaded this image: Untitled.jpg
Add Comment

mickeyspit [7:52 PM]
shit i hop so

alistar
[7:53 PM]
wtf

mickeyspit [7:53 PM]
how can i find out what address it went to?

alistar
[7:53 PM]
you did not do it?

[7:53]
have you restart your wallet?

[7:54]
maybe blockchain is corrupted

[7:54]
and it's a bug

[7:54]
idk if you can you should go on blockchain explorer and see

mickeyspit [7:56 PM]
not on lastest block

alistar
[7:56 PM]
Try restart pc maybe really something corrupted

mickeyspit [7:59 PM]
im talking to mbalance aswell. dont wanna restart until im sure whats has happend

alistar
[7:59 PM]
Have you restart your pivx client already?

mickeyspit [7:59 PM]
no

[8:00]
im scared to

alistar
[8:00 PM]
have you backup your wallet.dat?

mickeyspit [8:00 PM]
that address is not in my address book in or out

alistar
[8:00 PM]
if yes nothing can happen

mickeyspit [8:00 PM]
yes i did that few days ago

alistar
[8:00 PM]
then you can restart without problem

mickeyspit [8:00 PM]
ok ill try

[8:02]
same

[8:02]
still syncing

alistar
[8:02 PM]
wait the sync pls

mickeyspit [8:02 PM]
should i restore wallet.dat?

alistar
[8:02 PM]
wait the sync first

mickeyspit [8:04 PM]
done

[8:04]
money is gone

alistar
[8:04 PM]
are you sure???

mickeyspit [8:04 PM]
fuck im very sure

[8:04]
omg

alistar
[8:05 PM]
do you have AV system on your computer?

mickeyspit [8:05 PM]
yes

alistar
[8:05 PM]
think good

[8:05]
did you download some stuff last days?

mickeyspit [8:05 PM]
eset up to date

alistar
[8:05 PM]
that might have harmed your pc

mickeyspit [8:05 PM]
no

[8:06]
i am well expreiceed user i had my own computer business fixing them for years

[8:06]
i am ewll trained at virus/maleware removal;

alistar
[8:06 PM]
this only can be a virus

[8:06]
because it seems that someone have acces to your wallet.dat

mickeyspit [8:07 PM]
impossible

[8:08]
is that the only way to take money?

alistar
[8:08 PM]
yes

[8:08]
if they know your password

[8:08]
and have the wallet.dat

[8:08]
that's the one and only way

mickeyspit [8:09 PM]
i have never posted my passowrod anywhere

[8:09]
ill rund malware bytes now

[8:10]
this needs to be fixed

[8:10]
i cant afford to loose 15000 AUD

[8:11]
thats what i payed for it

alistar
[8:11 PM]
please run malware bytes and see if something is on your computer

[8:11]
malware is very complicated these days and it might even bypass scanners like eset and malware bytes

[8:11]
damn i feel sorry for you

mickeyspit [8:12 PM]
bullshit>

alistar
[8:12 PM]
what is bullshit?

mickeyspit [8:13 PM]
its gott be someone from slack

mickeyspit [8:13 PM]
uploaded this image: Untitled1.jpg
Add Comment

mickeyspit [8:13 PM]
i have been trying to setup node all day

[8:13]
posting server settings and ip adresss

alistar
[8:14 PM]
first malware coming up

[8:14]
im almost sure it was a virus

[8:14]
if you did not share your wallet.dat with someone

mickeyspit [8:14 PM]
nar thats scan complete

alistar
[8:14 PM]
then someone took in from your computer somehow

[8:15]
from where did you get that cpu miner?

mickeyspit [8:15 PM]
i have not left the house all day

mickeyspit [8:20 PM]
i was sitting here when it happend

alistar
[8:21 PM]
what did you see

[8:21]
explain me

[8:21]
did you see any mouse movement?

mickeyspit [8:21 PM]
so if i was hacked. they must have used my wallet.dat and opened it on another pc and sent to address?

[8:21]
no

alistar
[8:21 PM]
yes you are right

mickeyspit [8:21 PM]
i am a very aware pc user

alistar
[8:21 PM]
they need your wallet.dat

[8:22]
if they have it your coins are gone if they have your password

mickeyspit [8:44 PM]
how would they get my password?

[8:44]
i must be a glitch?

[8:44]
im waiting Mbalance  to help

[8:49]
if my wallet is unloacked do they still need password to send?

alistar
[9:13 PM]
They need your password

[9:13]
always

[9:13]
even when it's unlocked

[9:13]
but not if they are on your pc and you unlock it

mickeyspit [9:14 PM]
yer well i unlock it amny times to run commands setting up node

mickeyspit [9:16 PM]
uploaded this image: Stolen.jpg
Add Comment

alistar
[9:18 PM]
outputs unknown

mickeyspit [9:19 PM]
gotta love privacy

[9:19]
fuck

alistar
[9:22 PM]
damn

mickeyspit [9:46 PM]
thanks for your help anyway mate

alistar
[9:48 PM]
you welcome

[9:48]
let me know when i can help you..

[DomainMagnate]

When you talking about this mysterious disappearing of your coins my thoughts are focused on the different side, to become suspicious about this code, and i hope whole this topic is not about creating confusin and fear..This wont reflect good on oure investments.

Hmmm I saw someone also complaining about stolen PIVX from exchange.Is it possible that the coins actually are virus??just think about possibility.A virus disguised as a crypto and disappeared after a set period of time or send itself to some pre defined address?That would be really scary

[johnny5johnny5]

I remember that in the instructions to setup a masternode, you have to send 10,000 PIVX to another PIVX wallet (the masternode wallet). Are you sure you didn't send the 10,000 PIVX yourself to the masternode wallet? Is that maybe when it happened?

[Xalib]

Do I see it right, you posted your private key in a public channel?

And you ask why your coins are gone?

Take the loss as a man and learn from it that this kind of technology is out of your league.

[allthebitandbobs]

sorry about the lost but i guessing this will teach all of us a lesson .Never keep all your eggs in one basket

[jawatulen]

you should becarefull wit your own wallet,
i think you click something that can give information about your wallet, maybe on email, or in another place

[Mickeyspit]

no, not the masternode private key, but someone could have voted for you. All that is, is used to verify the collateral in your controller wallet

[Xalib]

The time of the transaction taking your coins is surely not a coincidence. You gave somebody enough information to initiate this transaction.

Also, upgrade your OS! Better don't use windows after all.

[Mickeyspit]

I have spoken to s3v3nh4acks  the lead developer of PIVX

He says

How it happened?? You ha e a trojan on your system... no other way to do what u say happened, unless u dis it yourself or someone else had physical access to your system.
It isn't a bug, but if u think so, then you find it, show me provable and repeatable evidence and i will replace your funds... but you are wasting your time.

Which I replied with if I find evidence of a hack I'll buy another masternode!

Upon conclusion
Very big coincidence that this Happend while setting up masternode and was told to unlock my wallet.
When it comes to money u can only trust very few.
I will continue to try find evidence of the hack

The hacker did leave me with 6.8 pivx nice cunt huh.

[Mickeyspit]

Highly likely there is a hacker on slack targeting masternodes



Pivx should really enable 2FA ASAP.

[BTCwriter]

Hello, yesterday 10000 pivx were stolen from my encrypted wallet. My computer knowledge is good I have removed malware and viruses from hundreds of computers as I did it for a job for few years. Is it possible that I have been hacked is for someone to send me a key logger and then transfer my PIVX wallet.dat to their computer and then transfer funds out?
At the time of the transaction I was setting up the masternode and asked for help on slack. Maybe someone from pivx slack saw my post hacked me?
I have traced the transaction... it ended up here

http://www.presstab.pw/phpexplorer/PIVX/address.php?address=DC2zB4fnzEaYyjc4SbzVgJSxAXUtK4Vk6Y

I will give a reward to anyone who can help with the discovery of my stolen coins

It's unlikely. I usually don't believed in this altcoins hack a bit. Probably some kind of glitch on your computer part.
If you hire someone to install masternode or something like that then, yes.

[Mickeyspit]

It appears the hacker theif is stealing more money each day....

http://www.presstab.pw/phpexplorer/PIVX/address.php?address=DC2zB4fnzEaYyjc4SbzVgJSxAXUtK4Vk6Y

[Ayers]

Hello, yesterday 10000 pivx were stolen from my encrypted wallet. My computer knowledge is good I have removed malware and viruses from hundreds of computers as I did it for a job for few years. Is it possible that I have been hacked is for someone to send me a key logger and then transfer my PIVX wallet.dat to their computer and then transfer funds out?
At the time of the transaction I was setting up the masternode and asked for help on slack. Maybe someone from pivx slack saw my post hacked me?
I have traced the transaction... it ended up here

http://www.presstab.pw/phpexplorer/PIVX/address.php?address=DC2zB4fnzEaYyjc4SbzVgJSxAXUtK4Vk6Y

I will give a reward to anyone who can help with the discovery of my stolen coins

if you did not install anything lately, it's impossible for the hacker to hack your computer, he can't simply target your computer, i think you installed something malicious and now forgot about it, don't install anything from the web without running it in sandbox first or in virtual machine, or put all your treasure in another mahcine

[Mickeyspit]

ComboFix 17-05-04.01 - Mick 05/05/2017  20:23:50.1.12 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.61.1033.18.24488.21976 [GMT 10:00]
Running from: c:\users\Mick\Desktop\ComboFix.exe
AV: ESET Smart Security 9.0.408.0 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: ESET Personal firewall *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 9.0.408.0 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\Mick\AppData\Local\assembly\tmp
c:\windows\Install
c:\windows\Install\AsusSetup.exe
c:\windows\Install\AsusSetup.exe.manifest
c:\windows\Install\AsusSetup.ini
c:\windows\Install\Driver\AsusSetup.exe
c:\windows\Install\Driver\AsusSetup.exe.manifest
c:\windows\Install\Driver\AsusSetup.ini
c:\windows\Install\Driver\AsusSetup32.ini
c:\windows\Install\Driver\AsusSetup64.ini
c:\windows\Install\Driver\English.ini
c:\windows\Install\Driver\French.ini
c:\windows\Install\Driver\German.ini
c:\windows\Install\Driver\Japanese.ini
c:\windows\Install\Driver\Korean.ini
c:\windows\Install\Driver\mup.xml
c:\windows\Install\Driver\Russian.ini
c:\windows\Install\Driver\SChinese.ini
c:\windows\Install\Driver\SetupRST.exe
c:\windows\Install\Driver\Spanish.ini
c:\windows\Install\Driver\TChinese.ini
c:\windows\Install\netfx\AsusSetup.exe
c:\windows\Install\netfx\AsusSetup.exe.manifest
c:\windows\Install\netfx\AsusSetup.ini
c:\windows\Install\netfx\dotnetfx45\AsusSetup.exe
c:\windows\Install\netfx\dotnetfx45\AsusSetup.exe.manifest
c:\windows\Install\netfx\dotnetfx45\AsusSetup.ini
c:\windows\Install\netfx\dotnetfx45\Installer.bat
c:\windows\Install\netfx\dotnetfx45\NDP451-KB2858728-x86-x64-AllOS-ENU.exe
.
.
(((((((((((((((((((((((((   Files Created from 2017-04-05 to 2017-05-05  )))))))))))))))))))))))))))))))
.
.
2017-05-05 10:36 . 2017-05-05 10:36   --------   d-----w-   c:\users\Default\AppData\Local\temp
2017-05-05 10:30 . 2017-05-05 10:30   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{013C6715-CDCB-437B-9DF0-843DFC90128F}\offreg.3896.dll
2017-05-05 10:20 . 2017-05-05 10:20   --------   d-----w-   c:\users\Mick\AppData\Local\GlassWire
2017-05-05 10:20 . 2015-05-29 04:15   33248   ----a-w-   c:\windows\system32\drivers\gwdrv.sys
2017-05-05 10:20 . 2017-05-05 10:20   --------   d-----w-   c:\programdata\GlassWire
2017-05-05 10:20 . 2017-05-05 10:20   --------   d-----w-   c:\program files (x86)\GlassWire
2017-05-04 10:05 . 2017-05-04 10:16   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2017-05-04 09:50 . 2017-05-04 09:50   75888   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{013C6715-CDCB-437B-9DF0-843DFC90128F}\offreg.3672.dll
2017-05-03 10:33 . 2017-05-05 10:31   --------   d-----w-   c:\users\Mick\AppData\Local\assembly
2017-05-03 10:12 . 2017-05-05 10:20   186304   ----a-w-   c:\windows\system32\drivers\MBAMChameleon.sys
2017-05-03 10:11 . 2017-05-05 10:20   111544   ----a-w-   c:\windows\system32\drivers\farflt.sys
2017-05-03 10:11 . 2017-05-05 10:20   43968   ----a-w-   c:\windows\system32\drivers\mbam.sys
2017-05-03 10:11 . 2017-05-05 10:20   82720   ----a-w-   c:\windows\system32\drivers\mwac.sys
2017-05-03 10:11 . 2017-03-22 01:02   77440   ----a-w-   c:\windows\system32\drivers\mbae64.sys
2017-05-03 10:11 . 2017-05-03 10:11   --------   d-----w-   c:\program files\Malwarebytes
2017-05-03 03:44 . 2017-05-03 03:52   --------   d-----w-   c:\users\Mick\AppData\Local\WinZip
2017-05-03 03:41 . 2017-05-03 03:41   --------   d-----w-   c:\program files\WinZip Smart Monitor
2017-05-03 03:41 . 2017-05-03 03:41   --------   d-----w-   c:\programdata\WinZip
2017-05-03 03:41 . 2017-05-03 03:41   --------   d-----w-   c:\program files\WinZip
2017-05-03 03:40 . 2017-05-03 03:40   --------   d-----w-   c:\programdata\UniqueId
2017-05-02 10:58 . 2017-05-02 10:58   --------   d--h--w-   c:\programdata\CanonIJScan
2017-05-02 09:19 . 2017-04-06 23:10   12993592   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{013C6715-CDCB-437B-9DF0-843DFC90128F}\mpengine.dll
2017-05-01 13:52 . 2017-05-01 13:52   --------   d-----w-   c:\program files\PuTTY
2017-04-11 23:04 . 2017-02-23 08:17   136064   ----a-w-   c:\windows\SysWow64\nvStreaming.exe
2017-04-11 23:04 . 2017-04-11 23:04   --------   d-----w-   c:\program files (x86)\VulkanRT
2017-04-11 23:04 . 2017-01-26 00:13   103936   ----a-w-   c:\windows\SysWow64\vulkaninfo.exe
2017-04-11 23:04 . 2017-01-26 00:12   326656   ----a-w-   c:\windows\SysWow64\vulkan-1.dll
2017-04-11 23:04 . 2017-01-26 00:09   118272   ----a-w-   c:\windows\system32\vulkaninfo.exe
2017-04-11 23:04 . 2017-01-26 00:09   322560   ----a-w-   c:\windows\system32\vulkan-1.dll
2017-04-10 22:55 . 2017-05-05 10:21   --------   d-----w-   c:\users\Mick\AppData\Roaming\PIVX
2017-04-10 22:54 . 2017-04-11 15:13   --------   d-----w-   c:\program files\Pivx
2017-04-10 22:35 . 2017-04-13 23:53   --------   d-----w-   c:\users\Mick\AppData\Local\CrashDumps
2017-04-09 05:41 . 2017-04-09 05:41   --------   d-----w-   C:\Tor Browser
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-05-05 10:20 . 2016-08-18 04:52   251832   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-04-11 23:05 . 2016-07-07 23:33   148601744   -c--a-w-   c:\windows\system32\MRT.exe
2017-03-23 06:06 . 2016-08-18 05:54   521656   ----a-w-   c:\windows\system32\OpenCL.dll
2017-03-23 06:05 . 2016-08-18 05:54   429112   ----a-w-   c:\windows\SysWow64\OpenCL.dll
2017-03-23 06:04 . 2017-03-23 06:04   34959288   ----a-w-   c:\windows\system32\nvoglv64.dll
2017-03-23 06:04 . 2017-03-23 06:04   28232248   ----a-w-   c:\windows\SysWow64\nvoglv32.dll
2017-03-23 06:04 . 2017-03-23 06:04   14437944   ----a-w-   c:\windows\system32\drivers\nvlddmkm.sys
2017-03-23 06:03 . 2017-03-23 06:03   620088   ----a-w-   c:\windows\system32\NvIFROpenGL.dll
2017-03-23 06:03 . 2017-03-23 06:03   968120   ----a-w-   c:\windows\system32\NvIFR64.dll
2017-03-23 06:03 . 2017-03-23 06:03   509496   ----a-w-   c:\windows\SysWow64\NvIFROpenGL.dll
2017-03-23 06:03 . 2017-03-23 06:03   921144   ----a-w-   c:\windows\SysWow64\NvIFR.dll
2017-03-23 06:03 . 2017-03-23 06:03   56368   ----a-w-   c:\windows\system32\nvhdap64.dll
2017-03-23 06:03 . 2017-03-23 06:03   1608760   ----a-w-   c:\windows\system32\nvhdagenco6420103.dll
2017-03-23 06:03 . 2017-03-23 06:03   226232   ----a-w-   c:\windows\system32\drivers\nvhda64v.sys
2017-03-23 06:02 . 2017-03-23 06:02   997816   ----a-w-   c:\windows\SysWow64\NvFBC.dll
2017-03-23 06:02 . 2017-03-23 06:02   1060280   ----a-w-   c:\windows\system32\NvFBC64.dll
2017-03-23 06:02 . 2017-03-23 06:02   1598392   ----a-w-   c:\windows\system32\nvdispgenco6437878.dll
2017-03-23 06:02 . 2017-03-23 06:02   1993784   ----a-w-   c:\windows\system32\nvdispco6437878.dll
2017-03-23 06:02 . 2017-03-23 06:02   3634104   ----a-w-   c:\windows\system32\nvcuvid.dll
2017-03-23 06:02 . 2017-03-23 06:02   3194296   ----a-w-   c:\windows\SysWow64\nvcuvid.dll
2017-03-23 06:02 . 2017-03-23 06:02   40200760   ----a-w-   c:\windows\system32\nvcompiler.dll
2017-03-23 06:02 . 2017-03-23 06:02   35281464   ----a-w-   c:\windows\SysWow64\nvcompiler.dll
2017-03-23 05:47 . 2016-08-18 05:53   20065848   ----a-w-   c:\windows\system32\nvwgf2umx.dll
2017-03-23 05:47 . 2017-03-23 05:47   17441120   ----a-w-   c:\windows\SysWow64\nvwgf2um.dll
2017-03-23 05:47 . 2016-08-18 05:53   505960   ----a-w-   c:\windows\system32\nvumdshimx.dll
2017-03-23 05:47 . 2017-03-23 05:47   420736   ----a-w-   c:\windows\SysWow64\nvumdshim.dll
2017-03-23 05:47 . 2017-03-23 05:47   11125136   ----a-w-   c:\windows\system32\nvptxJitCompiler.dll
2017-03-23 05:47 . 2017-03-23 05:47   9077760   ----a-w-   c:\windows\SysWow64\nvptxJitCompiler.dll
2017-03-23 05:47 . 2017-03-23 05:47   19182360   ----a-w-   c:\windows\system32\nvopencl.dll
2017-03-23 05:47 . 2017-03-23 05:47   14811968   ----a-w-   c:\windows\SysWow64\nvopencl.dll
2017-03-23 05:47 . 2017-03-23 05:47   163448   ----a-w-   c:\windows\system32\nvoglshim64.dll
2017-03-23 05:47 . 2017-03-23 05:47   141768   ----a-w-   c:\windows\SysWow64\nvoglshim32.dll
2017-03-23 05:47 . 2017-03-23 05:47   180768   ----a-w-   c:\windows\system32\nvinitx.dll
2017-03-23 05:47 . 2017-03-23 05:47   702320   ----a-w-   c:\windows\system32\nvfatbinaryLoader.dll
2017-03-23 05:47 . 2017-03-23 05:47   158208   ----a-w-   c:\windows\SysWow64\nvinit.dll
2017-03-23 05:46 . 2017-03-23 05:46   589976   ----a-w-   c:\windows\SysWow64\nvfatbinaryLoader.dll
2017-03-23 05:46 . 2017-03-23 05:46   517280   ----a-w-   c:\windows\system32\nvEncodeAPI64.dll
2017-03-23 05:46 . 2017-03-23 05:46   437928   ----a-w-   c:\windows\SysWow64\nvEncodeAPI.dll
2017-03-23 05:46 . 2017-03-23 05:46   16551672   ----a-w-   c:\windows\system32\nvd3dumx.dll
2017-03-23 05:46 . 2017-03-23 05:46   13502952   ----a-w-   c:\windows\SysWow64\nvd3dum.dll
2017-03-23 05:46 . 2017-03-23 05:46   11229096   ----a-w-   c:\windows\system32\nvcuda.dll
2017-03-23 05:46 . 2017-03-23 05:46   9396624   ----a-w-   c:\windows\SysWow64\nvcuda.dll
2017-03-23 05:46 . 2016-08-18 05:53   4108520   ----a-w-   c:\windows\system32\nvapi64.dll
2017-03-23 05:46 . 2017-03-23 05:46   3623928   ----a-w-   c:\windows\SysWow64\nvapi.dll
2017-03-19 14:48 . 2017-03-19 14:48   28352   ----a-w-   c:\windows\SysWow64\aspnet_counters.dll
2017-03-19 14:48 . 2017-03-19 14:48   19112   ----a-w-   c:\windows\SysWow64\msvcr110_clr0400.dll
2017-03-19 14:48 . 2017-03-19 14:48   19112   ----a-w-   c:\windows\SysWow64\msvcr100_clr0400.dll
2017-03-19 14:48 . 2017-03-19 14:48   19112   ----a-w-   c:\windows\SysWow64\msvcp110_clr0400.dll
2017-03-19 14:41 . 2017-03-19 14:41   30400   ----a-w-   c:\windows\system32\aspnet_counters.dll
2017-03-19 14:41 . 2017-03-19 14:41   19112   ----a-w-   c:\windows\system32\msvcr110_clr0400.dll
2017-03-19 14:41 . 2017-03-19 14:41   19112   ----a-w-   c:\windows\system32\msvcr100_clr0400.dll
2017-03-19 14:41 . 2017-03-19 14:41   19112   ----a-w-   c:\windows\system32\msvcp110_clr0400.dll
2017-03-08 04:21 . 2017-04-11 17:42   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2017-02-23 08:43 . 2017-02-24 10:26   1951   ----a-w-   c:\windows\NvContainerRecovery.bat
2017-02-23 08:28 . 2016-08-18 05:54   6401984   ----a-w-   c:\windows\system32\nvcpl.dll
2017-02-23 08:28 . 2016-08-18 05:54   2479160   ----a-w-   c:\windows\system32\nvsvc64.dll
2017-02-23 08:28 . 2016-08-18 05:54   83512   ----a-w-   c:\windows\system32\nv3dappshextr.dll
2017-02-23 08:28 . 2016-08-18 05:54   69568   ----a-w-   c:\windows\system32\nvshext.dll
2017-02-23 08:28 . 2016-08-18 05:54   548288   ----a-w-   c:\windows\system32\nv3dappshext.dll
2017-02-23 08:28 . 2016-08-18 05:54   392128   ----a-w-   c:\windows\system32\nvmctray.dll
2017-02-23 08:28 . 2016-08-18 05:54   1764408   ----a-w-   c:\windows\system32\nvsvcr.dll
2017-02-23 06:38 . 2016-08-18 05:54   7807027   ----a-w-   c:\windows\system32\nvcoproc.bin
2017-02-22 23:42 . 2017-03-15 10:00   84712   ----a-w-   c:\windows\system32\CompatTelRunner.exe
2017-02-22 23:37 . 2017-03-15 10:00   1285632   ----a-w-   c:\windows\system32\aeinv.dll
2017-02-18 14:05 . 2017-03-15 10:00   646656   ----a-w-   c:\windows\system32\generaltel.dll
2017-02-18 14:05 . 2017-03-15 10:00   1609216   ----a-w-   c:\windows\system32\appraiser.dll
2017-02-11 15:58 . 2017-03-15 10:52   462848   ----a-w-   c:\windows\system32\drivers\srv.sys
2017-02-11 15:58 . 2017-03-15 10:52   405504   ----a-w-   c:\windows\system32\drivers\srv2.sys
2017-02-11 15:58 . 2017-03-15 10:52   168960   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2017-02-10 16:32 . 2017-03-15 10:52   803328   ----a-w-   c:\windows\system32\usp10.dll
2017-02-10 16:17 . 2017-03-15 10:52   628736   ----a-w-   c:\windows\SysWow64\usp10.dll
2017-02-10 14:33 . 2017-03-15 10:52   1251328   ----a-w-   c:\windows\SysWow64\DWrite.dll
2017-02-09 16:32 . 2017-03-15 10:52   40960   ----a-w-   c:\windows\system32\WcsPlugInService.dll
2017-02-09 16:31 . 2017-03-15 10:52   625664   ----a-w-   c:\windows\system32\mscms.dll
2017-02-09 16:31 . 2017-03-15 10:52   250880   ----a-w-   c:\windows\system32\icm32.dll
2017-02-09 16:14 . 2017-03-15 10:52   481792   ----a-w-   c:\windows\SysWow64\mscms.dll
2017-02-09 16:14 . 2017-03-15 10:52   215040   ----a-w-   c:\windows\SysWow64\icm32.dll
2017-02-09 15:51 . 2017-03-15 10:52   32768   ----a-w-   c:\windows\SysWow64\WcsPlugInService.dll
2017-02-09 14:06 . 2017-03-15 10:52   1648128   ----a-w-   c:\windows\system32\DWrite.dll
2017-02-09 14:06 . 2017-03-15 10:52   1180160   ----a-w-   c:\windows\system32\FntCache.dll
2017-02-06 16:14 . 2017-03-15 10:52   733696   ----a-w-   c:\windows\HelpPane.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2016-07-07 399224]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2016-07-05 3948600]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"CCleaner"="c:\program files\CCleaner\CCleaner64.exe" [2016-06-10 8810200]
"BackgroundSwitcher"="c:\program files (x86)\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe" [2016-10-30 121688]
"GlassWire"="c:\program files (x86)\GlassWire\glasswire.exe" [2017-03-21 5791696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-08-25 293872]
.
c:\users\Mick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
PIVX.lnk - c:\program files\Pivx\pivx-qt.exe -min [2017-4-19 29835280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ      scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe

R3 CLink4Service;Corsair Link 4;c:\program files (x86)\CorsairLink4\CorsairLink4.Service.exe;c:\program files (x86)\CorsairLink4\CorsairLink4.Service.exe

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe

R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe

R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys

R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys

R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys

R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys

S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys

S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys

S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys

S0 nvme;nvme;c:\windows\system32\DRIVERS\nvme.sys;c:\windows\SYSNATIVE\DRIVERS\nvme.sys

S0 nvmeF;nvmeF;c:\windows\system32\DRIVERS\nvmeF.sys;c:\windows\SYSNATIVE\DRIVERS\nvmeF.sys

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys

S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys

S1 gwdrv;GlassWire Driver;c:\windows\system32\DRIVERS\gwdrv.sys;c:\windows\SYSNATIVE\DRIVERS\gwdrv.sys

S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe

S2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe

S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe

S2 GlassWire;GlassWire Control Service;c:\program files (x86)\GlassWire\GWCtlSrv.exe;c:\program files (x86)\GlassWire\GWCtlSrv.exe

S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys

S2 Intel(R) ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

S2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe;c:\program files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe;c:\program files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe

S2 WinZip Smart Monitor Service;WinZip Smart Monitor Service;c:\program files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe;c:\program files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe

S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys

S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys

S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys

S3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys

S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys

S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys

S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys

S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ESPROTECTIONDRIVER
*NewlyCreated* - GWDRV
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2017-04-05 00:38   323664   ----a-w-   c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\   IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 13:52   25624   ----a-w-   c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2016-11-08 9068040]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2016-11-08 1476104]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-01-19 2780112]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: eset.com\help
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-SIUSBXP&1B1C&1C00 - c:\program files (x86)\Silabs\MCU\USBXpress\DriverUninstaller.exe USBXpress\SIUSBXP&1B1C&1C00
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3605924061-2812923310-3988586812-1000_Classes\Wow6432Node\CLSID\{1c267702-557a-4890-b0dd-4a9edef2a76a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000106
"Therad"=dword:0000000f
.
[HKEY_USERS\S-1-5-21-3605924061-2812923310-3988586812-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):48,dc,27,65,ce,29,00,3e,62,e1,c6,0c,a3,8d,b0,36,97,f1,60,9f,e8,
   da,15,39,bc,61,33,1d,31,72,b2,97,68,0f,77,7a,f2,0a,7d,08,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-05-05  20:54:43
ComboFix-quarantined-files.txt  2017-05-05 10:54
.
Pre-Run: 176,136,314,880 bytes free
Post-Run: 175,593,807,872 bytes free
.
- - End Of File - - D614F7A0C7EC6FF5116106D2B68FC1F4










KL-Detector has found some suspicious files:
C:\Users\Mick\AppData\Roaming\johnsadventures.com\Background Switcher\Status.xml
C:\ProgramData\Malwarebytes\MBAMService\config\ScanConfig.json
C:\ProgramData\Malwarebytes\MBAMService\S-1-5-19-05042017194731123-ntuser.dat
C:\ProgramData\Malwarebytes\MBAMService\S-1-5-21-3605924061-2812923310-3988586812-1000-05042017194719720-ntuser.dat
C:\ProgramData\WinZip\WinZip.addon
C:\ProgramData\Malwarebytes\MBAMService\config\LicenseConfig.json
C:\Windows\inf\setupapi.app.log
C:\ProgramData\NVIDIA Corporation\nvstapisvr\nvstapisvr.log
C:\Users\Mick\Desktop\mbar\system-log.txt
C:\Users\Mick\Desktop\mbar\Data\Configuration\local.conf
C:\ProgramData\ESET\ESET Smart Security\HipsRules.bin
C:\ProgramData\ESET\ESET Smart Security\local.db
C:\Users\Mick\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\db53b23fd1edbd46.automaticDestinations-ms

Please check; someone might have installed a keylogger on your computer!


You MAY want to take a look at:
C:\ProgramData\Malwarebytes\MBAMService\
C:\ProgramData\Malwarebytes\
C:\ProgramData\Malwarebytes\MBAMService\config\
C:\ProgramData\WinZip\
C:\Users\Mick\AppData\Roaming\Microsoft\Windows\Recent\
C:\Users\Mick\AppData\Roaming\PIVX\
C:\Windows\System32\config\
C:\Windows\Temp\
C:\Windows\
C:\Users\Mick\
C:\Users\Mick\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\
C:\Users\Mick\AppData\Local\Temp\
C:\ProgramData\NVIDIA Corporation\nvstapisvr\
C:\Users\Mick\AppData\Local\Microsoft\Windows\
C:\System Volume Information\
C:\Users\Mick\Desktop\mbar\
C:\Users\Mick\AppData\Local\
C:\Users\Mick\Desktop\
C:\ProgramData\Malwarebytes' Anti-Malware (portable)\
C:\ProgramData\ESET\ESET Smart Security\
C:\Users\Mick\AppData\Local\Temp\wz9c7d\NanoWallet\vendors\
C:\Users\Mick\AppData\Local\Google\Chrome\User Data\
C:\Users\Mick\AppData\Local\Google\Chrome\User Data\Default\
C:\Users\Mick\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\

[MisO69]

Hey bub, you fucked up large.

Here is where..

mickeyspit [7:40 PM]

{
    "masternode" : {
        "alias" : "masternode1",
        "address" : "45.76.116.209:51472",
        "privateKey" : "88D4bbFt9NgZ1WLHkJPdMicVfDpy9cVbudo8Q8yboLmYgyahaKp",
        "txHash" : "480a03bc5594f33ffa1d5c9e65eebcfbc116b53ca342510ef3b612e2d87cf652",
        "outputIndex" : "1",
        "status" : "ENABLED"
    }
}



Why would you post your private key anywhere? I thought you said you know what your doing.

If I seen this I would have told you to transfer your funds to a new address immediately. Instead you were on a slack with a bunch of scammers. They should have pointed this out for you. But instead they all likely tried to steal your funds, first one got it..

This is how:

Open PivX wallet with synced blockchain then type importprivkey 88D4bbFt9NgZ1WLHkJPdMicVfDpy9cVbudo8Q8yboLmYgyahaKp and I have access to all of your funds. Transfer to a new account.. That's how this was done.

Sorry its gone, you'll never get it back or know who did this.

[Rahar02]

Hey bub, you fucked up large.

Here is where..

mickeyspit [7:40 PM]

{
    "masternode" : {
        "alias" : "masternode1",
        "address" : "45.76.116.209:51472",
        "privateKey" : "88D4bbFt9NgZ1WLHkJPdMicVfDpy9cVbudo8Q8yboLmYgyahaKp",
        "txHash" : "480a03bc5594f33ffa1d5c9e65eebcfbc116b53ca342510ef3b612e2d87cf652",
        "outputIndex" : "1",
        "status" : "ENABLED"
    }
}



Why would you post your private key anywhere? I thought you said you know what your doing.

If I seen this I would have told you to transfer your funds to a new address immediately. Instead you were on a slack with a bunch of scammers. They should have pointed this out for you. But instead they all likely tried to steal your funds, first one got it..

This is how:

Open PivX wallet with synced blockchain then type importprivkey 88D4bbFt9NgZ1WLHkJPdMicVfDpy9cVbudo8Q8yboLmYgyahaKp and I have access to all of your funds. Transfer to a new account.. That's how this was done.

Sorry its gone, you'll never get it back or know who did this.

Looks like the thief got enough money from those hack things, he is better than Op.
But, if that's true that Op has posted his crucial part of wallet, than it's even worse than just get hacked.
PivX coin price should be drop a bit due to this 'serial killer' (hacker) activities.

[smokim87]

Hey bub, you fucked up large.

Here is where..

mickeyspit [7:40 PM]

{
    "masternode" : {
        "alias" : "masternode1",
        "address" : "45.76.116.209:51472",
        "privateKey" : "88D4bbFt9NgZ1WLHkJPdMicVfDpy9cVbudo8Q8yboLmYgyahaKp",
        "txHash" : "480a03bc5594f33ffa1d5c9e65eebcfbc116b53ca342510ef3b612e2d87cf652",
        "outputIndex" : "1",
        "status" : "ENABLED"
    }
}



Why would you post your private key anywhere? I thought you said you know what your doing.

If I seen this I would have told you to transfer your funds to a new address immediately. Instead you were on a slack with a bunch of scammers. They should have pointed this out for you. But instead they all likely tried to steal your funds, first one got it..

This is how:

Open PivX wallet with synced blockchain then type importprivkey 88D4bbFt9NgZ1WLHkJPdMicVfDpy9cVbudo8Q8yboLmYgyahaKp and I have access to all of your funds. Transfer to a new account.. That's how this was done.

Sorry its gone, you'll never get it back or know who did this.

Looks like the thief got enough money from those hack things, he is better than Op.
But, if that's true that Op has posted his crucial part of wallet, than it's even worse than just get hacked.
PivX coin price should be drop a bit due to this 'serial killer' (hacker) activities.

Your actually are called the person who stole the coins a hacker lol? Any retard that knows how private keys work could of took the coins.

Well OP, there's a 13k lesson to remember. You might want to familiarize yourself more with crypto before holding such amounts of cash.

[Mickeyspit]

That is the masternode private key. All that is, is used to verify the collateral in your controller wallet
It cannot be used to restore a wallet

[Mickeyspit]

i have sent virus/malware scan tool logs to bleepingcomputer forum to try find evidence that i was hacked

if i was hacked there must be some evidence of it right? as im not a hacker i dont know. Can they erase all traces of contact?

https://www.bleepingcomputer.com/forums/t/645998/10000-pivx-stolen-20000aud-trojan-horse/

[Xalib]

if i was hacked there must be some evidence of it right? as im not a hacker i dont know. Can they erase all traces of contact?

You obviously have no idea of this field.
There does not have to be any traces of a hack (although often there are) but even if there would you would not understand them.


Can anybody confirm the private key he posted is not a key enabling anybody to take the coins?
If it was you can end your search.

[Mickeyspit]

if i was hacked there must be some evidence of it right? as im not a hacker i dont know. Can they erase all traces of contact?

You obviously have no idea of this field.
There does not have to be any traces of a hack (although often there are) but even if there would you would not understand them.


Can anybody confirm the private key he posted is not a key enabling anybody to take the coins?
If it was you can end your search.

s3v3nh4acks the lead devoper of PIVX told me the key I posted  (in private chat) cannot be used take my coins.

Bullshit I would not understand them? Give me an example.? 

I bought first alt coin one month ago and learning fast. U expect crypto noobs to know everything?

U have no fucking idea dickhead

[Piston Honda]

sorry to hear OP, man it sucks.  i've been fucked before too.

but...had this been the new wbb about to launch, they could rollback your single individual transactions and recoupe all your funds, without affecting 'the chain' cause well, there would be no 'chain' to affect!    cheers.

[Weatherby]

Sorry to hear about your loss ,but i would like to know one things,since this is the first time i am looking at PIVX other than seeing the price in exchanges i never purchased it,but it looks like they have a address claim feature,so is it possible for the developers to send the coins from the wallet if you can prove that it is your address.

[Mickeyspit]

thanks to all who provided me with help in this theft.

I AM A FUCKIN DUMB NOOB who did infact did send my private key to alistar.
who i thought was a dev as he was in the #support channel and had a pivx logo next to his name.
He was very kind to offer help in a private chat he told me to type in to the debug console "dumpprivkey"
He then deleted the massage on slack.

i did not get hacked!!!!!
i gave my money away. 
(IDIOT NOOB)
sorry for wasting your time
I shall make it back by investing more in crypto!!!

[arielbit]

i haven't used slack. there is the btctalk ann page and alt discussion, you can get info and official wallet links etc etc here in btctalk and i think it is sufficient enough..

what is slack? slack makes other people's mouth a little bit faster. lol.

[testerx]

thanks to all who provided me with help in this theft.

I AM A FUCKIN DUMB NOOB who did infact did send my private key to alistar.
who i thought was a dev as he was in the #support channel and had a pivx logo next to his name.
He was very kind to offer help in a private chat he told me to type in to the debug console "dumpprivkey"
He then deleted the massage on slack.

i did not get hacked!!!!!
i gave my money away.  
(IDIOT NOOB)
sorry for wasting your time
I shall make it back by investing more in crypto!!!

In all seriousness, I would honestly consider rethink investing in newer cryptos if you had trouble setting up things like a node yourself, and especially if you were willing to send your private key to other people, even if they were a real dev it'd be insane.

[2dogs]

thanks to all who provided me with help in this theft.

I AM A FUCKIN DUMB NOOB who did infact did send my private key to alistar.
who i thought was a dev as he was in the #support channel and had a pivx logo next to his name.
He was very kind to offer help in a private chat he told me to type in to the debug console "dumpprivkey"
He then deleted the massage on slack.

i did not get hacked!!!!!
i gave my money away. 
(IDIOT NOOB)
sorry for wasting your time
I shall make it back by investing more in crypto!!!

Hey, we all make mistakes - think of it as tuition.
Reminds me of the 300 DASH we sent to DZ to set up a masternode a few years back.
Then he scammed us and took the DASH. 
Killed my appetite for masternodes ever since.

[ratatatat]

Never ever give your privatekey to anyone. Never. ever. Not even the dev, not even your wife.

Instead print it out as a backup and make sure you never loose it.

Privatekey = your coins

Better luck next time.

[Ayers]

thanks to all who provided me with help in this theft.

I AM A FUCKIN DUMB NOOB who did infact did send my private key to alistar.
who i thought was a dev as he was in the #support channel and had a pivx logo next to his name.
He was very kind to offer help in a private chat he told me to type in to the debug console "dumpprivkey"
He then deleted the massage on slack.

i did not get hacked!!!!!
i gave my money away. 
(IDIOT NOOB)
sorry for wasting your time
I shall make it back by investing more in crypto!!!

don't worry there is plenty of profit to do here in crypto, even if you lost a big amount witht he right choice you can re-do it quickly, it just a matter of luck and search for the right altcoin that can give you a big amount of bitcoin, try to seek for those coins that are cheap or those that have a good traction and are bound to be pumped eventually in the near future

[Mickeyspit]

thanks to all who provided me with help in this theft.

I AM A FUCKIN DUMB NOOB who did infact did send my private key to alistar.
who i thought was a dev as he was in the #support channel and had a pivx logo next to his name.
He was very kind to offer help in a private chat he told me to type in to the debug console "dumpprivkey"
He then deleted the massage on slack.

i did not get hacked!!!!!
i gave my money away. 
(IDIOT NOOB)
sorry for wasting your time
I shall make it back by investing more in crypto!!!

don't worry there is plenty of profit to do here in crypto, even if you lost a big amount witht he right choice you can re-do it quickly, it just a matter of luck and search for the right altcoin that can give you a big amount of bitcoin, try to seek for those coins that are cheap or those that have a good traction and are bound to be pumped eventually in the near future

yes im sure i will make it back

currently holding

TRST
WAVES
XRP
XEM
STEEM
MAID
ARK
GNT
REP

any good tips for upcoming ICO?

[Cryptoadvisors]

I did today same thing because support didn't answered three days and someone helpped me. I did not sent my privatekey but i installed a file he sent me filezilla. After installing block and chain dir on VPS the moneu automatically flew from my account.

[endchat]

after having read this, I tried to go dump my private key, and it didnt work...because my wallet is ENCRYPTED.

Make sure to encrypt your wallets my friends.

[2fresh]

after having read this, I tried to go dump my private key, and it didnt work...because my wallet is ENCRYPTED.

Make sure to encrypt your wallets my friends.

I'd say that most people who have encrypted their wallet, know what dumpprivkey does anyway

[TheFriends]

Trying to figure out a robbery in anonymous transactions is going to be hard work. 

[Lanatsa]

Trying to figure out a robbery in anonymous transactions is going to be hard work. 

It would really be a hardwork specially we wont ever know on whos the one who holds that wallet. It really sucks when you are doing the best security steps for you to secure your holdings and suddenly it was being hacked by someone. In the case of op, i dont have any idea on how the hacker get those pivx he had since he mentioned that his knowledgeable already on the possible ways of hacking.

[nightpainter]

At the time of the transaction I was setting up the masternode and asked for help on slack. Maybe someone from pivx slack saw my post hacked me?
I have traced the transaction... it ended up here

Did you have assistance setting up a masternode from this user on PivX slack?

[HashFace]

Trying to figure out a robbery in anonymous transactions is going to be hard work. 

It would really be a hardwork specially we wont ever know on whos the one who holds that wallet. It really sucks when you are doing the best security steps for you to secure your holdings and suddenly it was being hacked by someone. In the case of op, i dont have any idea on how the hacker get those pivx he had since he mentioned that his knowledgeable already on the possible ways of hacking.

He explained it in post #43 ... A slack poster posing as a developer tricked him into dumping his private key.  Sucks, but I appreciate him sharing this story because let's the rest of use noobs know what to look out for.

[pey]

I think you should check your computer with 2-3 expert people, you probably can't recover your funds but you can enlighten how could it be done. I think keystore files are very unsecure as a malicious program can easily detect and transfer them.

[Cryptoadvisors]

Hi Mike,
I did some research and found that the guy who hacked you also hacked my masternode. Is this your address D6T7kVpkhtwj2iY1AvnF36roFEWBGTPdHH ? All the money are here now http://www.presstab.pw/phpexplorer/PIVX/address.php?address=DC2zB4fnzEaYyjc4SbzVgJSxAXUtK4Vk6Y . I was the last hacked. The guy didn't spent a dime. This is strange.

[Dfinest]

Sorry to hear that, i hope you will recover. As i see, you lost a fairly big amount of money.

[Pitsos]

Hi Mike,
I did some research and found that the guy who hacked you also hacked my masternode. Is this your address D6T7kVpkhtwj2iY1AvnF36roFEWBGTPdHH ? All the money are here now http://www.presstab.pw/phpexplorer/PIVX/address.php?address=DC2zB4fnzEaYyjc4SbzVgJSxAXUtK4Vk6Y . I was the last hacked. The guy didn't spent a dime. This is strange.

sorry to hear that mate.
probably the guy is investing on his free time

[Karto]

wow, i am sorry..
i always suspect slack being unsafe application

i never store wallet on the computer that i am using...
i am doing it only on hardware/offline wallet

[aztecminer]

I think u need tell us how much kind of altcoin client you running on pc.
Probably one of the altcoin clients run as a virus. when you run & sync blockchain, it search all *.dat & sync to its server.

[Warren Buffert]

If you actually had read the thread, you would have seen he got "tricked" by someone offering to help him set up his masternode, and he has sent his private key to this person.

[aeternus]

No unknown emails or downloads. I'm very aware of malware and can spot a dodgy download easily. Also using up to date eset smart security and malwarebyes.

You seem to be knowledgeable but it is seem you are using windows, that OS is very insecure, you should use Linux in any of its different flavors, I know that at first it can be a pain to get used to but at the end you are going to like it even more thanks to the security it brings to you, because 10000 PIVX is a lot of money.

[btct22]

Windows isn't that bad now, but yes Linux is better I agree (if only because there's less malware written for it).  You also have to be careful with your private keys, not even Linux can save you from that

[zeroarmy]

WTF? You fucked up really bad. That really hurts and i feel for you 
I guess this was an expensive lesson to be learned. Be more careful next time!

[rainman2630]

wow thats horrid

[Cryptoadvisors]

Guys, i only said that my pivx are with mike's pivx and other 97.000 Pivx. I didn't sent any private key or other key to my slack interlocutor but he helped me config a masternode and finally sent me a filezilla named chaines and bloks to sync my masternode and after opening and downloaded it and installed it, instantly the pivx left my wallet. Simple.
This was in June. Until now the thief didn't withdraw any but is staking.

[HarryHirsch]

Sorry to hear that...
But really NEVER give away your private Keys.
Keep your head up!

[Yazanarki]

It saddens me when I hear about theft in Crypto. You are not dumb, you seem like an honest and honorable person who unfortunately gave someone you thought was a developer your private keys. Karma is a bitch and I hope the person who took your funds would have the decency to return them. A man who cons will one day meet a con far smarter and better and his loss will be far more painful. If one thinks about the banking sector, where theft is a daily activity, and rewards are never granted on merit, where failure by the elite is paid for by the people, and the very people bailed out prey on the poor (with insane credit score bs, outrageous interest, and "fees" galore), crypto was supposed to be more than just "money", it was supposed to level the playing field, take out the leaches and middlemen and put control back in the hands of the people. Unfortunately, it seems the bankers are jumping right into it and peer to peer has become "ICO get rich". The truth is changing the status quo can only come from those with the means and resources to make it happen, do it out of duty, not profit. If we cannot defend those weaker than us and strive for true change, our children may one day pay the price for our blindness and apathy.

[Cryptoadvisors]

Hi, a little update on the story. SO the address where everybody can check is this http://www.presstab.pw/phpexplorer/PIVX/address.php?address=DC2zB4fnzEaYyjc4SbzVgJSxAXUtK4Vk6Y there are all lost pivx. I have talked with Pivx Devs and they refused to give me the address of the person registered on their team even if it doesn't count so much. It is the gesture. They did't helped, they said we who lost money where stupid and if i need email address or anything else to come with a court order. Not cool.

[nightpainter]

Hi, a little update on the story. SO the address where everybody can check is this http://www.presstab.pw/phpexplorer/PIVX/address.php?address=DC2zB4fnzEaYyjc4SbzVgJSxAXUtK4Vk6Y there are all lost pivx. I have talked with Pivx Devs and they refused to give me the address of the person registered on their team even if it doesn't count so much. It is the gesture. They did't helped, they said we who lost money where stupid and if i need email address or anything else to come with a court order. Not cool.

Would you care to copy the response here, so we can see how they treated you? I'm just curious.

[Johnnywelsh]

The fact that you asked if you were sent a keylogger leads me to believe your IT skills are not as good as you claim. Either you know you've been sent executable content recently that was suspicious or you haven't. It couldn't have magically traveled over the Internet.

The only alternative if you've been posting your IP addresses and discussing setting up a masternode was you had a missing Windows patch that allowed remote code execution on your machine.

[moore100]

thanks to all who provided me with help in this theft.

I AM A FUCKIN DUMB NOOB who did infact did send my private key to alistar.
who i thought was a dev as he was in the #support channel and had a pivx logo next to his name.
He was very kind to offer help in a private chat he told me to type in to the debug console "dumpprivkey"
He then deleted the massage on slack.

i did not get hacked!!!!!
i gave my money away.  
(IDIOT NOOB)
sorry for wasting your time
I shall make it back by investing more in crypto!!!

In all seriousness, I would honestly consider rethink investing in newer cryptos if you had trouble setting up things like a node yourself, and especially if you were willing to send your private key to other people, even if they were a real dev it'd be insane.

I really fell bad for your lose
But really there is only two things that you Never Never give to anyone "Private Keys" and "Password". Even if it's a Dev why would he need a private key from you? If you was drunk or high at the time i can understand but otherwise you should be more careful in the future if you decided to invest more

[anasso]

i suggest you to trace the destination adress of your coin and email exhanges to block amounts of the thief send them to exchange!

you can't know who stole your coins until he sell them in exchanges!

[Cryptoadvisors]

Let me be clear. I am not the guy who started this post. I didn't give up my private key or either key. I am the victim of same thief who also stole from the guy who post. I downloaded a file and installed block and chain folders and the pivx left immediately my wallet. Ten thousand pivx. I could put my conversation with pivx support team, they didn't want to provide me the email of the thief or no information whatsoever. I do not want to make FUD on pivx but this is the reality. The pivx is all collected in one account and the thief is staking. They told me to come with a court order to give me the thief address. They also asked if i am not the thief myself. 

[HashFace]

Let me be clear. I am not the guy who started this post. I didn't give up my private key or either key. I am the victim of same thief who also stole from the guy who post. I downloaded a file and installed block and chain folders and the pivx left immediately my wallet. Ten thousand pivx. I could put my conversation with pivx support team, they didn't want to provide me the email of the thief or no information whatsoever. I do not want to make FUD on pivx but this is the reality. The pivx is all collected in one account and the thief is staking. They told me to come with a court order to give me the thief address. They also asked if i am not the thief myself.  

Were you getting advice from a user on Slack at the time it happened?  Seems like the OP traced his loss back to a Slack user who pretended to be a developer and then stole his coins.

[nightpainter]

Let me be clear. I am not the guy who started this post. I didn't give up my private key or either key. I am the victim of same thief who also stole from the guy who post. I downloaded a file and installed block and chain folders and the pivx left immediately my wallet. Ten thousand pivx. I could put my conversation with pivx support team, they didn't want to provide me the email of the thief or no information whatsoever. I do not want to make FUD on pivx but this is the reality. The pivx is all collected in one account and the thief is staking. They told me to come with a court order to give me the thief address. They also asked if i am not the thief myself.  

Were you getting advice from a user on Slack at the time it happened?  Seems like the OP traced his loss back to a Slack user who pretended to be a developer and then stole his coins.

Here is one methodology I know is being used: The thief directs you to download a file for installation; it's the wallet installation package, but this one is infected with a trojan virus. You start up the wallet, transfer your coins to the new address, then the thief takes them. That's all I know. One could guess that the trojan broadcasts a signal that allows the thief to access your remote server, grab your dat, or whatever. I'm only guessing....I don't know how the actual crime is pulled off. But I can tell you there's a infected installer, I can assure you. Easy to duplicate this for many coins, and pull off the heist across all these slack boards.

[Haitham]

That's really sad.. don't think u can do much about it

[gotit]

Sorry hear that man. That really sucks.

[Phalo]

This is really heartbreaking. I am really sorry. I am glad you were able to find out exactly how your coins got stolen. Don't blame yourself, learn from the experience. Isht like this happens. As for the thief, may he burn in hell.

[easytipz]

So, you gave your private key to a scammer.
God bless you.

[vanarebane]

It is very weird, theoretically it is impossible to be hacked if you have this way to protect your computer, maybe your computer has keylogger. That could be the answer.

[DigitalLemming]

 Wow read almost all of this. Moral of the story make sure to encrypt your wallet. Never share your private key with anyone for any reason. Do not trust people the first time you meet them on slack with your money. Know tricks that people can use to have you give them your private key. Last do more research and get more experience before attempting to set up a master node.

[Cryptoadvisors]

Hi guys, yes the guy posed in PIVX support with pivx logo. I was asking for support for several days on slack and i real admin i think just said to me to watch tutorials on youtube or on their channel. I was really glad when someone help me with good codes. I didn't give up any private key or something else, and the wallet was encrypted. After i wrongly downloaded the filezilla with block and chains files to get up to date on my wallet, instantly after finishing downloading the pivx flew away from my wallet. Normally the real devs called me also stupid for downloading the file, which i was. And they banned the user and then they refused to give up his account email to send him an email begging for my coins back. All the pivx, Mike's and mine and others are in the same wallet where i can see them. Strange is that the thief didn't use any...

[nightpainter]

I was hacked by a Slack user for a different altcoin.

He lead me through the steps to setup a UNIX server. One of the commands he fed me was a get command to fetch a trojan virus.

When generating the wallet, I suspect the trojan sent him my .dat file. Before I had a chance to encrypt it.

[joae1975]

Forgive me for the retro post but he gave him his masternode priv key.  It’s not the same as a real priv key, right?

[Cryptoadvisors]

I myself didn't gave anything. i just downloaded an infected file and my money left the wallet after download. 10.000 pivx.

[cryptotycoon33]

Hello, yesterday 10000 pivx were stolen from my encrypted wallet. My computer knowledge is good I have removed malware and viruses from hundreds of computers as I did it for a job for few years. Is it possible that I have been hacked is for someone to send me a key logger and then transfer my PIVX wallet.dat to their computer and then transfer funds out?
At the time of the transaction I was setting up the masternode and asked for help on slack. Maybe someone from pivx slack saw my post hacked me?
I have traced the transaction... it ended up here

http://www.presstab.pw/phpexplorer/PIVX/address.php?address=DC2zB4fnzEaYyjc4SbzVgJSxAXUtK4Vk6Y

I will give a reward to anyone who can help with the discovery of my stolen coins

I am very sorry about the whole hacking incidence. Please try to careful next time. I have had this same bitter experience with my ETH wallet and I know how painful is it. I know somebody will come out to help you. Too bad!

[angohanta]

As long as oyu kept your keys safe, this is impossible to happen. So it's most likely someone has either access to your pc or you go infected with malware that can steal data i.e. keylogger. Also double check evertyhing you click online, chances are there might be phishing attempts that you might not be aware of. Hopefully you can figure it out and prevent such future attacks.

[MiningSensei]

Shut the fuck off, dont you see that this thread is from MAY 2017? are you blind? Or you are simple just not reading the entire thread before posting? came on, do not be so lazy, what a shit poster.

As long as oyu kept your keys safe, this is impossible to happen. So it's most likely someone has either access to your pc or you go infected with malware that can steal data i.e. keylogger.

And you do not need to be an expert to know that you can not share your private key, and that you need to keep it safe, are you a newbie or what? I am tired of this kind of people who are always trying to justify everything without not even knowing how to use an offline wallet.

[angohanta]

Shut the fuck off, dont you see that this thread is from MAY 2017? are you blind? Or you are simple just not reading the entire thread before posting? came on, do not be so lazy, what a shit poster.

As long as oyu kept your keys safe, this is impossible to happen. So it's most likely someone has either access to your pc or you go infected with malware that can steal data i.e. keylogger.

And you do not need to be an expert to know that you can not share your private key, and that you need to keep it safe, are you a newbie or what? I am tired of this kind of people who are always trying to justify everything without not even knowing how to use an offline wallet.

Here comes someone raging all of a sudden, are you on a period or somethin'? lol