Smalleyster (OP)
Member
 Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
 |
July 06, 2011, 10:47:36 PM
Last edit: July 07, 2011, 01:30:00 AM by Smalleyster |
|
Well that's what I get for not encrypting or backing up my wallet yet.
This morning no bitcoins because no wallet file exists.
I only lost .3 or so BTC but it does go to show how important security is and how not ready for prime time btc is.
This was on a 9 month old computer Windows7 32 w/ MSSE and AVG running.
AVG claims non removable trojan.
Not sure if I will re-format back to Win 7 or just blow it all up and go to Ubuntu.
And the ultimate insult the damned thing does not seem to allow me to boot to the USB.
Sheesh!
|
|
|
|
|
|
|
|
|
"This isn't the kind of software where we can leave so many unresolved bugs that we need a tracker for them." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
|
sadpandatech
|
|
July 06, 2011, 10:50:38 PM |
|
Well that's what I get for not encrypting or backing up my wallet yet.
This morning no bitcoins because no wallet file exists.
I only lost .3 or so BTC but it does go to show how important security is and how not ready for prime time btc is.
This was on a 9 month old computer Windows7 32 w/ MSSE and AVG running.
AVG claims non removable trojan.
Not sure if I will re-format back to Win 7 or just blow it all up and go to Ubuntu.
And the ultimate insult the damned thing does not seem to allow me to boot to the USB.
Sheesh!
Am I reading correctly that 'something' actually deleted the wallet file? Makes sense I suppose if one were to steal one they would not want to risk you spending your coins before they could move them. Just curious if you have searched through your Harddrives files for it? You may have to adjust some settings in the bios to boot from USB or hit a hotkey when booting to get an option for it. Do you know what motherboard model you have? |
If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA
It is being worked on by smart people. -DamienBlack
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
July 06, 2011, 10:52:18 PM |
|
What Bitcoin related programs have you downloaded and run lately?
Your wallet file went missing? Do you know your addresses so we can see if they have been transfered?
Perhaps bitcoin theft is starting to get integrated into real trojans. Interesting. If that's the case, wallet encryption is needed STAT. Any simplistic trojan can steal a wallet now, it would take a much more complicated one, and more time, if it were encrypted by default.
Glad you didn't lose much.
|
|
|
|
|
|
Jack of Diamonds
|
|
July 06, 2011, 10:56:36 PM |
|
If you create a new encrypted wallet & address, I could send you 0.3btc. I have loads just sitting there.
Remember to reformat completely & preferably keep the wallet file safe in an external location like an encr. USB drive or CD.
|
1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
|
|
|
ElHajjaj
Newbie
Offline
Activity: 24
Merit: 0
|
|
July 06, 2011, 10:59:42 PM |
|
I only lost .3 or so BTC but it does go to show how important security is and how much AVG sucks. Fixed that for you. P.S. See if AVG has your wallet in quarantine. |
|
|
|
|
|
Jaime Frontero
|
|
July 06, 2011, 11:00:33 PM |
|
have you checked the sandbox where anti-virus programs isolate non-cleanable virii? it's possible your wallet could be there. unlikely though. sounds like a wallet-stealer. and yes - i would heartily recommend linux. don't be askeered of it - it's easy as windows, these days. try here: www.linuxmint.com/the mint re-spin main line is based on ubuntu - but they also offer a spin of debian testing, for those who are a bit more secure in their knowledge. in any case, for a first foray into linux, mint is unbeatable for ease of installation and use. setting up a high-security user is pretty easy, too. good luck. |
|
|
|
|
|
Man From The Future
|
|
July 06, 2011, 11:01:19 PM |
|
Checking the right location? %APPDATA%\Roaming\bitcoin\wallet.dat
|
|
|
|
|
GeniuSxBoY
|
|
July 06, 2011, 11:01:57 PM |
|
Don't send him anything.
He needs to learn his lesson first or else your bitcoins will end up the same place his ended up.
|
Be humble!
|
|
|
Houdini
Member
Offline
Activity: 84
Merit: 10
|
|
July 06, 2011, 11:10:36 PM |
|
I could send you 0.3btc. I have loads just sitting there. In that case, would you mind sending 1000 BTC to me ? More is OK too if you really insist... You could call it a donation to the poor and deduct it from your taxes...  |
|
|
|
|
|
w1R903
|
|
July 06, 2011, 11:23:26 PM |
|
have you checked the sandbox where anti-virus programs isolate non-cleanable virii? it's possible your wallet could be there. unlikely though. sounds like a wallet-stealer. and yes - i would heartily recommend linux. don't be askeered of it - it's easy as windows, these days. try here: www.linuxmint.com/the mint re-spin main line is based on ubuntu - but they also offer a spin of debian testing, for those who are a bit more secure in their knowledge. in any case, for a first foray into linux, mint is unbeatable for ease of installation and use. setting up a high-security user is pretty easy, too. good luck. Linux Mint is the bomb. Every flavor of it. They've got even got a superlightweight LXDE spin that positively flies on older computers. Mint looks great, too, unlike many of the Linux distros out there. And if you like Mint LXDE, check out Peppermint OS, which is done by the same developers. Linux's answer to Google Chrome OS. Peppermint OS is cloud-centric, jaw-dropping quick, and beautiful, too. Oh, and it uses Chromium instead of Firefox, which makes it even faster. |
4096R/F5EA0017
|
|
|
|
Trader Steve
|
|
July 06, 2011, 11:27:02 PM |
|
If you create a new encrypted wallet & address, I could send you 0.3btc. I have loads just sitting there.
Remember to reformat completely & preferably keep the wallet file safe in an external location like an encr. USB drive or CD.
+1 Nice to see some good guys on this forum! |
|
|
|
|
|
Anonymous
Guest
|
|
July 06, 2011, 11:32:23 PM |
|
Maybe someone is integrating wallet theft into anti virus programs Up next will be a trojan that holds your wallet.dat to ransom untill you pay more btc. |
|
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
July 06, 2011, 11:41:05 PM |
|
Man, we've been hit my someone else who is like "my bitcoins disappeared", but doesn't provide ANY USEFUL INFORMATION. I'm calling FUD. We need addresses, we need websites visited and programs run, we need AV logs and the .exe to diagnose. Why can't anyone compromised give us those things?
I swear, I'm starting to believe in a conspiracy to keep "I've been hacked threads" on the forum.
|
|
|
|
|
sanjay
Newbie
Offline
Activity: 23
Merit: 0
|
|
July 07, 2011, 12:01:12 AM |
|
I think this might have happened to me as well. I purchased 500 BTC into wallet ID 1Jf48wufcDpPQ2EEgX1jUULuTHVzDhqBSF which I left unencrypted within the generic bitcoin client wallet on my desktop at home. I tried to launch the bitcoin app this weekend but it did not run. I am not a very tech savvy person so I am not sure if it is somewhere on my computer and I just can't find it, or if it was stolen. Any advice appreciated. I tried to provide details to see if anyone has any suggestions. Thanks and sorry for hijacking, but I figure there are more than 2 dummies that ened help  |
|
|
|
|
|
SmokeAndMirrors
|
|
July 07, 2011, 12:04:45 AM |
|
Sanjay, if your bitcoin client is not running, this does not mean your wallet is lost. Sometimes bitcoin client doesn't run for me either and I've got to manually close any previous executions before it will run(sometimes multiple times). If your wallet is missing, bitcoin.exe will still run. Check your "c:/users/(your account)/appdata/roaming/bitcoin/ " your wallet should be in there somewhere if it is still there.
Hope this helps.
|
Help Bitcoins by buying clothes, technology, books, etc. through people/stores that accept BTC. This will increase overall value of BTC as well as mitigate unnecessary bank transaction fees.
My address -
1EM9HGg1SEa5Bux1rVEPxGqGSfNTTc9EkC
|
|
|
Smalleyster (OP)
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
July 07, 2011, 12:05:07 AM |
|
Ha ha ha, you guys are hilarious.
No wal*.* file anywhere.
Avg was suposed to have been uninstalled when I put in MSSE but the message was from AVG (hates avg nowadays).
AVG claimed to have trojan named pack[1] that it would not remove.
win 7 32
only web sites visited recently (for the last two weeks) are bitcoin related, mostly this forum and the bitcoin charts.
All the research and work is done on this 8 yr old computer. the one that has the problem is new and is only used for active work/money making projects.
Not intereste in fUD BS. just learned a lesson on security.
Actually I have a sneaking suspicion that MSSE might be the culprit as yesterday i switched it from quick to full scan, and from once a week to every day.
total PITS to open computer due to location but F11 only allows CD or SATA.
CMOS setup utility is v02.61 1985-2006 AMI
Advanced BIOS, boot sequence 1) CD 2) sATA 3) Other Yes
No "USB" verbage in refrence to boot options
Linux: I have two comps using Ubuntu right now, but being an old DOS hack since 1984 (1st pc had 64kmb and one floppy) am comfortable w/ C: but not too well trained in Unix. I am extremely reluctant to take the computer that i make my living on and required w7 to integrate with VPN and Citrix sites.
|
|
|
|
Smalleyster (OP)
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
July 07, 2011, 12:08:10 AM |
|
Disappeared/stolen wallet.dat was to:
17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m
Doubt if it will be found and who cares. Next one will be treated "properly".
I'm still a total noob and it was a test that I am not surprised at all that it flew the coop.
|
|
|
|
sanjay
Newbie
Offline
Activity: 23
Merit: 0
|
|
July 07, 2011, 12:08:35 AM |
|
Sanjay, if your bitcoin client is not running, this does not mean your wallet is lost. Sometimes bitcoin client doesn't run for me either and I've got to manually close any previous executions before it will run(sometimes multiple times). If your wallet is missing, bitcoin.exe will still run. Check your "c:/users/(your account)/appdata/roaming/bitcoin/ " your wallet should be in there somewhere if it is still there.
Hope this helps.
Thank so you much! |
|
|
|
|
|
SmokeAndMirrors
|
|
July 07, 2011, 12:09:49 AM |
|
I only lost .3 or so BTC but it does go to show how important security is and how not ready for prime time btc is.
*This* specific incident doesn't show anything that we haven't already seen. It's been said thousands of times before that you need to secure yourself at this point in time. I realize that bitcoin should probably come with proper measures, but in the real world, nothing is %100 secure and sometimes you've got to get your hands dirty. This is not directed entirely at the OP, this is intended for anyone who regularly visits these forums and decides to create a new thread when their wallet is stolen. Take the proper measures, or deal with the consequences in silence. Like bitcoins publicity isn't bad enough... |
Help Bitcoins by buying clothes, technology, books, etc. through people/stores that accept BTC. This will increase overall value of BTC as well as mitigate unnecessary bank transaction fees.
My address -
1EM9HGg1SEa5Bux1rVEPxGqGSfNTTc9EkC
|
|
|
|
sadpandatech
|
|
July 07, 2011, 12:23:06 AM |
|
Disappeared/stolen wallet.dat was to:
17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m
Doubt if it will be found and who cares. Next one will be treated "properly".
I'm still a total noob and it was a test that I am not surprised at all that it flew the coop.
Am I now reading correctly that you located your wallet file? If so, where was it? If not, how did you find that address? 17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m Block explorer has not seen it yet so I am not sure how your client could show a transaction to it yet or if its just that it is so new a block has not been created for the trasnaction yet..?? someone with more knowledge will have to try and explain or verify my assumption correct or not..? |
If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA
It is being worked on by smart people. -DamienBlack
|
|
|
Smalleyster (OP)
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
July 07, 2011, 12:30:46 AM |
|
Disappeared/stolen wallet.dat was to:
17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m
Doubt if it will be found and who cares. Next one will be treated "properly".
I'm still a total noob and it was a test that I am not surprised at all that it flew the coop.
Am I now reading correctly that you located your wallet file? If so, where was it? If not, how did you find that address? 17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m Block explorer has not seen it yet so I am not sure how your client could show a transaction to it yet or if its just that it is so new a block has not been created for the trasnaction yet..?? someone with more knowledge will have to try and explain or verify my assumption correct or not..? The number above was in my sig and I cut it from there to paste here in the hopes of keeping track of any funds flowing in from the forum. There was another address 16QVvNfQ5RdvNY65ZWhBJAJ5Vva2KTesdh that I had the miner pool directed to. I'm grateful I was able to find it. Why? I don't know just seem to like to find stuff that I thought was lost. 8^) Have not re-searched for the wallet file yet in AVG or MSSE quarrenting, nor have I tried to undelete it yet. I will probably go thru those exercises just for the fun of it soon. |
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
July 07, 2011, 12:33:03 AM |
|
Thanks for the extra info Smalleyster.
The address you gave, 17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m, has never been used. How did you get that address. Please remember that a wallet contains many addresses at once.
A search might not find wallet.dat if your antivirus put it in quarantine. Open AVG and look for a "quarantined files" option. Although, I really don't see why it would quarantine your wallet.dat, it is just plaintext.
Also, are you sure you checked "%APPDATA%\Roaming\bitcoin\wallet.dat"? Searches might not get that either. Go to start, press run (or vista+, just put it in the text box), and type copy/paste the exact sting inside the quotes (but without the quotes) and tell us what is in that folder.
|
|
|
|
|
|
sadpandatech
|
|
July 07, 2011, 12:34:12 AM |
|
Disappeared/stolen wallet.dat was to:
17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m
Doubt if it will be found and who cares. Next one will be treated "properly".
I'm still a total noob and it was a test that I am not surprised at all that it flew the coop.
Am I now reading correctly that you located your wallet file? If so, where was it? If not, how did you find that address? 17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m Block explorer has not seen it yet so I am not sure how your client could show a transaction to it yet or if its just that it is so new a block has not been created for the trasnaction yet..?? someone with more knowledge will have to try and explain or verify my assumption correct or not..? The number above was in my sig and I cut it from there to paste here in the hopes of keeping track of any funds flowing in from the forum. There was another address 16QVvNfQ5RdvNY65ZWhBJAJ5Vva2KTesdh that I had the miner pool directed to. I'm grateful I was able to find it. Why? I don't know just seem to like to find stuff that I thought was lost. 8^) Have not re-searched for the wallet file yet in AVG or MSSE quarrenting, nor have I tried to undelete it yet. I will probably go thru those exercises just for the fun of it soon. I misread then, I was under the impression the address you posted was where the stolen money went to. |
If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA
It is being worked on by smart people. -DamienBlack
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
July 07, 2011, 12:34:51 AM |
|
That second address, 16QVvNfQ5RdvNY65ZWhBJAJ5Vva2KTesdh, has the money. It hasn't been moved. http://blockexplorer.com/address/16QVvNfQ5RdvNY65ZWhBJAJ5Vva2KTesdhKeep looking in the places I told you for your wallet.dat, the money should still be in your control if you find it. If this were a hacker, I feel he would have moved the money. It looks to me like your wallet just got misplaced. |
|
|
|
|
|
sadpandatech
|
|
July 07, 2011, 12:36:21 AM |
|
Was just about to post that. ;p |
If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA
It is being worked on by smart people. -DamienBlack
|
|
|
|
sadpandatech
|
|
July 07, 2011, 12:39:52 AM |
|
Could also be possible if a virus hijacked it, it would have been sent to an ftp dump or other such place and has just not been retrieved yet.
Would be nice to find if there is anything lurking on your comp and to find out what it is. A google search for Gmer and Tdsskiller would be a good place to start. Gmer will search boot time files as well as MBR... Might want to search out an up to date root kit finder as well.
On the deletion thing, if a virus has deleted it what methods could be used to recover it easily?
|
If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA
It is being worked on by smart people. -DamienBlack
|
|
|
theowalpott
Member
Offline
Activity: 80
Merit: 10
|
|
July 07, 2011, 12:44:24 AM |
|
If anti-virus software has moved it.. check the "virus vault"? - thats the first place to look. Next, there are "undelete" type programs (since all "deleting" a file does is remove the entry from the file system's entries.. it doesnt remove the file itself) - there are lots available - personally I would probably use a linux liveCD. The first thing to do if your wallet has been deleted is to make a backup image of the whole HDD and work with that.. this will stop the possibility of the data being overwritten. Once its been overwritten you're pretty much outta luck! Nice place to start is: https://help.ubuntu.com/community/DataRecoverygood luck - hope your wallet has just been misplaced/deleted, rather than stolen Edit: If you do recover that wallet.dat btw - make sure you send the coins to a fresh wallet created on a system you know is safe!! |
1FwGATm6eU5dSiTp2rpazV5u3qwbx1fuDn
|
|
|
Smalleyster (OP)
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
July 07, 2011, 12:46:20 AM |
|
Disappeared/stolen wallet.dat was to:
17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m
Doubt if it will be found and who cares. Next one will be treated "properly".
I'm still a total noob and it was a test that I am not surprised at all that it flew the coop.
Am I now reading correctly that you located your wallet file? If so, where was it? If not, how did you find that address? 17SUD6KndgsQ6jckkxR3AvJTcyTRAKWH4m Block explorer has not seen it yet so I am not sure how your client could show a transaction to it yet or if its just that it is so new a block has not been created for the trasnaction yet..?? someone with more knowledge will have to try and explain or verify my assumption correct or not..? The number above was in my sig and I cut it from there to paste here in the hopes of keeping track of any funds flowing in from the forum. There was another address 16QVvNfQ5RdvNY65ZWhBJAJ5Vva2KTesdh that I had the miner pool directed to. I'm grateful I was able to find it. Why? I don't know just seem to like to find stuff that I thought was lost. 8^) Have not re-searched for the wallet file yet in AVG or MSSE quarrenting, nor have I tried to undelete it yet. I will probably go thru those exercises just for the fun of it soon. I misread then, I was under the impression the address you posted was where the stolen money went to. LOL that was my bad. I had forgotten that I had used the two different ones untill I want back and reviewed my PAPER notes. (steal those mr trojan! 8^) |
|
|
|
|
sadpandatech
|
|
July 07, 2011, 12:50:31 AM |
|
I realise .3 BTC isn't really worth putting a lot of energy into but it would be beneficial to the community if you do deicide to investigate the source of the missing wallet. Especially if its viral. If we can gather enough info on it, they are much easier to stop or at the very least just provide more to add to the list for places to avoid, etc.
|
If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA
It is being worked on by smart people. -DamienBlack
|
|
|
|
bitcoinminer
|
|
July 07, 2011, 12:51:39 AM |
|
If you dropped $4 worth of singles, would you have posted an ad on Craigslist about it? Just curious.
|
Be fearful when others are greedy, and greedy when others are fearful.
-Warren Buffett
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
July 07, 2011, 12:52:52 AM |
|
If you dropped $4 worth of singles, would you have posted an ad on Craigslist about it? Just curious.
Hey now, it is important to find the source of these issues. Better it something small than something like the allinvain situation (I still think someone he knew took it). |
|
|
|
|
|
sadpandatech
|
|
July 07, 2011, 12:55:21 AM |
|
If you dropped $4 worth of singles, would you have posted an ad on Craigslist about it? Just curious.
I likes cheese! |
If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA
It is being worked on by smart people. -DamienBlack
|
|
|
|
bitcoinminer
|
|
July 07, 2011, 12:55:30 AM |
|
If you dropped $4 worth of singles, would you have posted an ad on Craigslist about it? Just curious.
Hey now, it is important to find the source of these issues. Better it something small than something like the allinvain situation (I still think someone he knew took it). If he were one of the first 5 people to complain about losing BTC, or read any of the dozen or so security posts on how to avoid these issues since, maybe... As far as allinvain, I'm on the fence as to whether or not that really happened... not sure one way or the other. As far as who took it if it did happen, well, to me, it's a sort of leaving your house unlocked with 500,000$ worth of shit and no insurance, coupled with all of your eggs in one basket. You don't get to 25,000 BTC without ACCIDENTALLY learning SOMETHING about how to protect your shit. |
Be fearful when others are greedy, and greedy when others are fearful.
-Warren Buffett
|
|
|
Smalleyster (OP)
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
July 07, 2011, 01:04:58 AM |
|
To the grouchy olde phartes I am an admitted noob who made a mistake. That is why I am trying to slowly reconstruct what happened and why on this TEST system. I am posting this for other noobs not to follow in my foolish footsteps and "encrypt and backup later"
This post is coming from the miner computer. AVG had nothing in the virus vault, which I find strange as the notice was an AVG notice.
MSSE has two removed yesterday:
1) Trojan:JS/Redirector.GQ
2) Rogue:Win32/Winwebsec <------ AHA! This is the one mentioned in the AVG warning
file:C:\Users\DAVe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FB9FPCHH\pack[1].exe
I remember the reference to pack[1]
still no wallet.dat file and I don't feel like restoring these viri in the chance that the wallet file is in their stuff
Now on to finding a free undelete prog.
|
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
July 07, 2011, 01:05:09 AM |
|
If you dropped $4 worth of singles, would you have posted an ad on Craigslist about it? Just curious.
Hey now, it is important to find the source of these issues. Better it something small than something like the allinvain situation (I still think someone he knew took it). If he were one of the first 5 people to complain about losing BTC, or read any of the dozen or so security posts on how to avoid these issues since, maybe... As far as allinvain, I'm on the fence as to whether or not that really happened... not sure one way or the other. As far as who took it if it did happen, well, to me, it's a sort of leaving your house unlocked with 500,000$ worth of shit and no insurance, coupled with all of your eggs in one basket. You don't get to 25,000 BTC without ACCIDENTALLY learning SOMETHING about how to protect your shit. Yeah I know, there have been a lot of these threads. But they've all gone nowhere. I always hope I'll be able to nail down some detail because I am curious how this happens. I know if it were my computer, I would decompile every last executable until I find something that opens my wallet. This would get solved. But it isn't my computer, and it isn't going to be, so I try and solve the mystery for others. This doesn't sound like the other cases. The coins weren't transferred, and the wallet.dat is missing. This hasn't happened before. It doesn't seem like a trojan to me. It could be a newly found bug. We should investigate. |
|
|
|
|
Smalleyster (OP)
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
July 07, 2011, 01:08:51 AM |
|
Now this is really funny. The hdd light is blinking away just like when it was mioning and the pool seems to still be working on my part but guiminer is not listed in Applications or Processes.
bitcoin.exe is in process but will not come up on screen
|
|
|
|
|
bitcoinminer
|
|
July 07, 2011, 01:11:46 AM |
|
Yeah I know, there have been a lot of these threads. But they've all gone nowhere. I always hope I'll be able to nail down some detail because I am curious how this happens. I know if it were my computer, I would decompile every last executable until I find something that opens my wallet. This would get solved. But it isn't my computer, and it isn't going to be, so I try and solve the mystery for others. This doesn't sound like the other cases. The coins weren't transferred, and the wallet.dat is missing. This hasn't happened before. It doesn't seem like a trojan to me. It could be a newly found bug. We should investigate. [/quote] This sounds like a case of Noob Sausage Fingers to me. |
Be fearful when others are greedy, and greedy when others are fearful.
-Warren Buffett
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
July 07, 2011, 01:13:19 AM |
|
To the grouchy olde phartes I am an admitted noob who made a mistake. That is why I am trying to slowly reconstruct what happened and why on this TEST system. I am posting this for other noobs not to follow in my foolish footsteps and "encrypt and backup later"
This post is coming from the miner computer. AVG had nothing in the virus vault, which I find strange as the notice was an AVG notice.
MSSE has two removed yesterday:
1) Trojan:JS/Redirector.GQ
2) Rogue:Win32/Winwebsec <------ AHA! This is the one mentioned in the AVG warning
file:C:\Users\DAVe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FB9FPCHH\pack[1].exe
I remember the reference to pack[1]
still no wallet.dat file and I don't feel like restoring these viri in the chance that the wallet file is in their stuff
Now on to finding a free undelete prog.
We thank you for your efforts. Neither of those should have the power to delete your wallet, although, it could be a new winwebsec variant (but I kind of doubt that, if your antivirus detected it, it shouldn't have had the chance to be run). I thought you said you had one you couldn't remove? Now this is really funny. The hdd light is blinking away just like when it was mioning and the pool seems to still be working on my part but guiminer is not listed in Applications or Processes.
bitcoin.exe is in process but will not come up on screen
This sounds like a bitcoin related trojan, one custom designed that wouldn't show up on the AV program. Is the bitcoin process using a lot of CPU? Kill the bitcoin process and see if it restarts itself. |
|
|
|
|
Smalleyster (OP)
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
July 07, 2011, 01:19:11 AM |
|
OK now the moron is totally confused. Restarted bitcoin and it cam up just fine showing .301 btc.
searching system for wallet.dat said no files found literally dozens of times
Now was given option to reindex the system and there it is:
C:\Users\me\AppData\Roaming\Bitcoin\wallet.dat
Now I'm convinced I am both the stupidest noob in here and am totally confused as to why bitcoin wound not work this morning, nor would it find wal*.* or any combination of searches including "wallet.dat"
I can only guess it had something to do with the virus scan and the fact that I have now rebooted a few times.
Stupid is as stupid does.
Now time to backup and learn something about this encryption crap. Sheesh!
|
|
|
|
Smalleyster (OP)
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
July 07, 2011, 01:22:21 AM |
|
Good idea on killing bitcoin.exe to see if it regenerates. Killed (end process) a few minutes ago to see if it comes back.
|
|
|
|
|
sadpandatech
|
|
July 07, 2011, 01:23:54 AM |
|
OK now the moron is totally confused. Restarted bitcoin and it cam up just fine showing .301 btc.
searching system for wallet.dat said no files found literally dozens of times
Now was given option to reindex the system and there it is:
C:\Users\me\AppData\Roaming\Bitcoin\wallet.dat
Now I'm convinced I am both the stupidest noob in here and am totally confused as to why bitcoin wound not work this morning, nor would it find wal*.* or any combination of searches including "wallet.dat"
I can only guess it had something to do with the virus scan and the fact that I have now rebooted a few times.
Stupid is as stupid does.
Now time to backup and learn something about this encryption crap. Sheesh!
Glad to here all is mostly alright.=) |
If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA
It is being worked on by smart people. -DamienBlack
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
July 07, 2011, 01:27:48 AM |
|
Indeed, glad you found it. I don't think this is totally your fault. Sounds buggy to me. I don't think we have enough info to diagnose the bug, but there it is.
If you are still a little paranoid, make a new wallet (I'm not really sure the easiest way... do you have a second computer?) and move the coins to the new wallet. And this time, back it up.
I'm not really sure if moving it is necessary. You don't sound compromised to me. But do back up the wallet.
What version of the client are you using?
PS - Please change the title of the thread to include [SOLVED] or something.
|
|
|
|
|
Smalleyster (OP)
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
July 07, 2011, 01:37:05 AM |
|
Yes something is strange here. Guiminer must be still doing something but I can't find it in task manager.
This stupid-assed w7 explorer will not let me get to AppDAta to go to the folder that the wallet is in grrr!
now the search finds the backup but not the original
Looks like it's time to give up on this w7 garbage and go set up new wallet in Linux machine and just transfer over as often as possible. Then get off my fat ass and re-learn what little Unix I knew from the DEC Alpha days.
I hate these new OS's who hide files from me! I miss DOS, CP/M and MP/M!
|
|
|
|
Smalleyster (OP)
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
July 07, 2011, 01:41:53 AM |
|
Neither of those should have the power to delete your wallet, although, it could be a new winwebsec variant (but I kind of doubt that, if your antivirus detected it, it shouldn't have had the chance to be run). I thought you said you had one you couldn't remove?
This morning BC (before coffee) as soon as I logged on the AVG screen was showing it's little notice. I then dutifully pickled "Remove" like a good little pawn and it would not respond. Interestingly there was nothing in the AVG history but the two showed in MSSE. When fiddling with the MSSE log I found the file "pack[1]" that the AVG notice had. oooeeeeoooo |
|
|
|
Smalleyster (OP)
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
July 07, 2011, 01:45:14 AM |
|
Indeed, glad you found it. I don't think this is totally your fault. Sounds buggy to me. I don't think we have enough info to diagnose the bug, but there it is.
If you are still a little paranoid, make a new wallet (I'm not really sure the easiest way... do you have a second computer?) and move the coins to the new wallet. And this time, back it up.
I'm not really sure if moving it is necessary. You don't sound compromised to me. But do back up the wallet.
What version of the client are you using?
PS - Please change the title of the thread to include [SOLVED] or something.
Bitcoin version 0.3.23-beta title updated have 4 comps will be playing linux for next wallet shortly Not really paranoid as is only .3btc but *pissed* at the *stupidity* of this w7 OS. |
|
|
|
|
sadpandatech
|
|
July 07, 2011, 01:47:57 AM |
|
Yes something is strange here. Guiminer must be still doing something but I can't find it in task manager.
This stupid-assed w7 explorer will not let me get to AppDAta to go to the folder that the wallet is in grrr!
now the search finds the backup but not the original
Looks like it's time to give up on this w7 garbage and go set up new wallet in Linux machine and just transfer over as often as possible. Then get off my fat ass and re-learn what little Unix I knew from the DEC Alpha days.
I hate these new OS's who hide files from me! I miss DOS, CP/M and MP/M!
Just in case... In w7 you do not go to C:\doc and settings. It is now c:\users\ |
If you're not excited by the idea of being an early adopter 'now', then you should come back in three or four years and either tell us "Told you it'd never work!" or join what should, by then, be a much more stable and easier-to-use system.
- GA
It is being worked on by smart people. -DamienBlack
|
|
|
|
Jack of Diamonds
|
|
July 07, 2011, 01:49:33 AM |
|
You can always reach appdata fast by going to start menu, then writing %appdata% in the field.
It will open the folder automatically.
|
1f3gHNoBodYw1LLs3ndY0UanYB1tC0lnsBec4USeYoU9AREaCH34PBeGgAR67fx
|
|
|
Smalleyster (OP)
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
July 07, 2011, 01:49:46 AM |
|
This sounds like a bitcoin related trojan, one custom designed that wouldn't show up on the AV program. Is the bitcoin process using a lot of CPU? Kill the bitcoin process and see if it restarts itself.
Killed it and no auto restart for some 15 mins, so don't think regenerating trojan. Virtually no CPU being used and none by bitcoin or guiminer, which I just re-started) |
|
|
|
|
Jaime Frontero
|
|
July 07, 2011, 01:50:22 AM |
|
good news!
i'd prolly run some HDD checking stuff - defrag, surface scan, etc. just for giggles...
|
|
|
|
|
DamienBlack
Jr. Member
Offline
Activity: 56
Merit: 1
|
|
July 07, 2011, 01:50:35 AM |
|
Well, all's well that ends well. Good luck in your future bitcoin endeavors. I did warn you that the search might not find stuff in the roaming folder. And yes, it is stupid. I'm used to searches finding what I need, but ever since XP they have slowly been scaling back the power of searches and including various limitations and silliness. Killed it and no auto restart for some 15 mins, so don't think regenerating trojan.
Virtually no CPU being used and none by bitcoin or guiminer, which I just re-started)
Sounds clean enough for me. Go forth and prosper. |
|
|
|
|
Smalleyster (OP)
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
July 07, 2011, 01:55:49 AM |
|
Thanks tons for putting up with this noob and his silliness.
IMHO this probably has something to do with the AVG notice obliterating the GUI from bitcoin.
After my reboots then killing bitcoin then restarting it manually all seems to be well
That added to the silliness of the w7 Find/Search program being virtually worthless now made me think that bitcoin was compromised and the wallet file had been deleted.
|
|
|
|
Smalleyster (OP)
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
July 07, 2011, 01:58:44 AM |
|
And here I PROMISED myself earlier today that I would go to sleep an hour ago because of a needed early start tomorrow.
"Ain't no rest for the wicked!"
|
|
|
|
|
SmokeAndMirrors
|
|
July 07, 2011, 02:07:17 AM |
|
Now you owe me .3 btc for the solution  |
Help Bitcoins by buying clothes, technology, books, etc. through people/stores that accept BTC. This will increase overall value of BTC as well as mitigate unnecessary bank transaction fees.
My address -
1EM9HGg1SEa5Bux1rVEPxGqGSfNTTc9EkC
|
|
|
Smalleyster (OP)
Member
Offline
Activity: 84
Merit: 10
I yam what I yam. - Popeye
|
|
July 07, 2011, 02:42:53 AM |
|
Now you owe me .3 btc for the solution Ah but in response to *my* post you were a bit "snipy" so I did not read your "solution" until just now. Just think you might have some "major" btc gone your way if not for the attitude. 8^) |
|
|
|
SpaceLord
Member
Offline
Activity: 70
Merit: 10
|
|
July 07, 2011, 02:51:48 AM |
|
Wait.
The Windows Search feature on Windows 7 doesn't search the AppData folder. It's hidden. Did you ever change Explorer to Show Hidden Files, and then go into AppData?
|
|
|
|
|
|
RchGrav
|
|
July 07, 2011, 03:07:42 AM
Last edit: July 07, 2011, 03:33:28 PM by RchGrav |
|
Go to the start menu and enter %APPDATA% on the search bar and press enter.
Inside of the window that pops up you will see a Bitcoin folder. This is where the wallet.dat should be located.
Why not rename the folder to something different.. Use the -datadir option to specify the new path to your data.
Target: "C:\Program Files\Bitcoin\bitcoin.exe" -datadir=%appdata%\BTCDat (Or any place on your drive other than the default folder)
Most bitcoin stealers would be specifically looking for %appdata%\Bitcoin\wallet.dat
|
4C 6F 6E 67 4C 69 76 65 42 69 74 63 6F 69 6E
Qba'g lbh unir nalguvat orggre gb qb?
|
|
|
static
Newbie
Offline
Activity: 56
Merit: 0
|
|
July 07, 2011, 12:41:54 PM |
|
i have a noob question: if i have backups of my wallet file, and someone steals my wallet file, are my backups useless if they spend my coins?
|
|
|
|
|
|
sirky
|
|
July 07, 2011, 01:06:35 PM |
|
i have a noob question: if i have backups of my wallet file, and someone steals my wallet file, are my backups useless if they spend my coins?
Yes. If someone else gains access to your wallet, it is a race to see who spends the coins first. |
|
|
|
|
static
Newbie
Offline
Activity: 56
Merit: 0
|
|
July 07, 2011, 01:13:07 PM |
|
ty
|
|
|
|
|
|
