akwfleaspirit (OP)
Member
Offline
Activity: 163
Merit: 10
|
|
December 12, 2013, 05:09:20 PM Last edit: December 13, 2013, 07:24:47 AM by akwfleaspirit |
|
**Edit. It looks like I'm probably wrong about the pop up since it is in 2 Windows systems folders and not in any wallets. The only facts at this point are that someone at 109.120.153.223 took a lot of litecoin and bitcoin from my computer and logged into numerous of my online financial accounts.**
|
|
|
|
dspiel
Newbie
Offline
Activity: 29
Merit: 0
|
|
December 12, 2013, 05:35:05 PM |
|
never trust a popup
|
|
|
|
crazy_rabbit
Legendary
Offline
Activity: 1204
Merit: 1002
RUM AND CARROTS: A PIRATE LIFE FOR ME
|
|
December 12, 2013, 05:38:21 PM |
|
never trust a popup
Solid advice for life.
|
more or less retired.
|
|
|
akwfleaspirit (OP)
Member
Offline
Activity: 163
Merit: 10
|
|
December 12, 2013, 05:54:00 PM |
|
never trust a popup
Right. My point though is that a hacker apparently used the real version of the latest flash to take over my computer and nothing was detected by Comodo full version, malwarebytes, spybot, Norton, etc. The pop up is not the problem. Flash is the problem. As of about 2 minutes ago the pop up has improved a bit more and now doesn't show the promo link but simply directs you to flash. I have no adobe products whatsoever on this computer right now. If I had been on the internet on a page with flash and got a pop up to update the flash, and was then directed to the real adobe site, I would get bitten.
|
|
|
|
powdabam
Newbie
Offline
Activity: 52
Merit: 0
|
|
December 12, 2013, 06:01:42 PM |
|
never trust a popup
Right. My point though is that a hacker apparently used the real version of the latest flash to take over my computer and nothing was detected by Comodo full version, malwarebytes, spybot, Norton, etc. The pop up is not the problem. Flash is the problem. As of about 2 minutes ago the pop up has improved a bit more and now doesn't show the promo link but simply directs you to flash. I have no adobe products whatsoever on this computer right now. If I had been on the internet on a page with flash and got a pop up to update the flash, and was then directed to the real adobe site, I would get bitten. If you really are running comodo/malwarebytes/spybot and Norton...there is a very good chance you have zero protection. AVs fight eachother and prevent eachother from doing many basic tasks. Uninstall Norton and spybot. Malwarebytes isn't technically an AV, so you are fine there, but make sure that Comodo plays nice with it. -16 year system admin
|
|
|
|
akwfleaspirit (OP)
Member
Offline
Activity: 163
Merit: 10
|
|
December 12, 2013, 06:10:49 PM Last edit: December 12, 2013, 06:43:15 PM by akwfleaspirit |
|
First computer as it got hacked had Comodo, spybot and malwarebytes. Comodo was the main security program, the others don't conflict.
Norton is on this computer, the same one but with a restored os.
I also have two other computers next to me now as I am trying to recover coins.
So far none of the programs have detected anything.
The hack did innvolve monkeying with core parts of windows so that processes were not displayed accurately in the task manager.
At one point my computer was running nothing actively but seemed sluggish. I opened the task manager and saw two netminers I had open were both above 45% of cpu which I have never seen before. Obviously something was uploading files from my computer but there was no evidence to be found. Read that twice.
edit I won't post anymore on this until my computers are a little more straightened out, but my personal advice to anyone at this point would be to take adobe products off of computers that have alt coin wallets with blockchains. Connecting to begin downloading the blockchain of some coins + certain adobe product(s) seems to compromise your computer.
End of topic.
|
|
|
|
fghj
Member
Offline
Activity: 65
Merit: 10
|
|
December 12, 2013, 09:52:02 PM |
|
If they have root access and know you have some bitcoins they will be able to manually lobotomize all antivirus software. Have you tried GMER? If still nothing you should boot from Hiren's BootCD (download and burn it from other machine of course) or nuke your system.
|
|
|
|
fleabag
Member
Offline
Activity: 98
Merit: 10
|
|
December 12, 2013, 09:54:46 PM |
|
quit surfing porn
|
|
|
|
jones31
Newbie
Offline
Activity: 28
Merit: 0
|
|
December 12, 2013, 10:31:09 PM |
|
The thread title is incorrect. It should read: Personal computer hacking warning.
Exactly , how is this thread related to Bitcoin?
|
|
|
|
Ecurb123
|
|
December 12, 2013, 10:36:41 PM |
|
This doesn't sound to me like anyone has taken control of the computer, it seems more like malware doing it's thing.
|
|
|
|
akwfleaspirit (OP)
Member
Offline
Activity: 163
Merit: 10
|
|
December 13, 2013, 05:50:09 AM |
|
The thread title is incorrect. It should read: Personal computer hacking warning.
Exactly , how is this thread related to Bitcoin? 1) First sign of the hack was a bitcoin wallet taken. 2) Second sign right after was a litecoin wallet. 3) It seems likely that the hacker, at 109.120.153.223 used a coinwallet download to get on my computer. I've been on the internet since the 90s and have never been hacked before. I don't know a lot about computers but I do think there is a problem that might concern other coin users. I am looking now at the computer next to me. Restored to factory condition then all extra programs removed and several wallets installed. It has not touched the internet. It now has a popup telling me to "Please Download Latest Version of Flash". On the task manager Image name eMachines.scr *32 User Me CPU 00 Memory 1,668k Description Screen Saver Unless Emachines has factory installed semi literate pop ups that probably came from one of the wallets. Thyere are other oddities too, such as the wallet asking me to make sure my system clock was correct. Maybe meaningful maybe not.
|
|
|
|
Foxpup
Legendary
Offline
Activity: 4533
Merit: 3184
Vile Vixen and Miss Bitcointalk 2021-2023
|
|
December 13, 2013, 07:51:03 AM |
|
Actually, that is a factory installed program. It's the default screen saver for Acer eMachines computers (which is why it keeps popping up every so often if you don't do anything), it requires Flash, and the www.adobe.com link is genuine. What I don't understand is why Acer decided it would be a good idea to preinstall a program that requires Flash, but not preinstall Flash itself. Anyway, if you don't want to install Flash, just disable your screen saver (or select a different one). Thyere are other oddities too, such as the wallet asking me to make sure my system clock was correct. Maybe meaningful maybe not.
Your system clock may be incorrect if the factory restore changed the time zone. Make sure the time zone is correctly set then adjust the clock if necessary.
|
Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
|
|
|
akwfleaspirit (OP)
Member
Offline
Activity: 163
Merit: 10
|
|
December 13, 2013, 09:46:19 AM |
|
Actually, that is a factory installed program. It's the default screen saver for Acer eMachines computers (which is why it keeps popping up every so often if you don't do anything), it requires Flash, and the www.adobe.com link is genuine. What I don't understand is why Acer decided it would be a good idea to preinstall a program that requires Flash, but not preinstall Flash itself. Anyway, if you don't want to install Flash, just disable your screen saver (or select a different one). Thyere are other oddities too, such as the wallet asking me to make sure my system clock was correct. Maybe meaningful maybe not.
Your system clock may be incorrect if the factory restore changed the time zone. Make sure the time zone is correctly set then adjust the clock if necessary. I am officially retarded. \Still though, the picture is like when you take a tiny picture and blow it up to 20 times the size. A monkey could make better graphics with gimp. And it doesn't seem like a native English speaker would write "please download latest version". I don't know anything about emachines except that they had a computer on sale somewhere at some time in the past.
|
|
|
|
TheFootMan
|
|
December 13, 2013, 11:17:00 AM |
|
A windows machine is rooted by default (MS backdoor + all other automatic updates). Use Linux. Or if storing coins for a longer time and safety is important, use a cold wallet.
|
|
|
|
Ecurb123
|
|
December 13, 2013, 06:55:15 PM |
|
And it doesn't seem like a native English speaker would write "please download latest version". I don't know anything about emachines except that they had a computer on sale somewhere at some time in the past.
Guess what, nothing about emachines or most computers for that matter involves any "native English Speakers". eMachines were the cheapest of the cheap. You can expect things like that. Step your game up a little bit. Download and install Ubuntu 12.04. ~BCX~ Quick question here, why suggest 12.04 and not the newest? I often see it suggested but never know why.
|
|
|
|
holzer
|
|
December 14, 2013, 05:52:14 AM |
|
If you have any other alt coins on your machine I would transfer them immediately to another wallet on another machine.
|
|
|
|
|