Bitcoin Forum
June 17, 2024, 02:39:35 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Quick test if your Windows pc has been hacked.  (Read 3655 times)
akwfleaspirit (OP)
Member
**
Offline Offline

Activity: 163
Merit: 10


View Profile
December 15, 2013, 02:00:48 AM
 #1

This is a quick tip for anyone using a Windows pc. My computer got hacked last week and if I had known it then I'd be richer.

I know this is probably common knowledge among tech types but I did not know it until too late.

1) Log into your Windows pc.

2) Create a second user without admin privileges.

3) restart.

4) Log into your regular account.

5) Look at the start button in the lower left.

6) Go to Switch User and go to your non admin account.

7) Log out of the non admin account.

Cool Log back into the main account.

9) Without moving the mouse or anything else, if you notice something different in the start button you should be worried.

I'm sure this belongs in a different section, so move it. Also sure it is well known, but as I said before I did not know it.

Briefly the hack.

1) Someone emptied the 3 bitcoin I had at Blockchain into the wallet 1GFXKAYNo1Urm3HeaxgoWBPSG9MFUkWFDX

2) Then they emptied a litecoin wallet that I had lost the password for and had stored on my computer.

3) etc etc

In my initial paranoia I though adobe flash was used. Apparently it was not.

My suspicion also focused on Fireball who I have criticized a lot. But although he runs a crooked exchange he honestly does not seem to be the type to steal in this way.

It does seem likely the hacking is related to other altcoins. I've been on the internet since the 90s and was never hacked. Then I downloaded a bunch of weird coin wallets and within weeks got hit.

The hacker used ip address 109.120.153.223

  ●   John McAfee Supports   ●
 ❰❰❰❰❰❰  Advertising Platform  ❱❱❱❱❱❱   
● ▬▬▬▬▬ ● ▬▬▬▬▬ ●●●    ●  YOUC  ●    ●●● ▬▬▬▬▬ ● ▬▬▬▬▬ ●
nate008
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
December 15, 2013, 02:04:40 AM
 #2

This is a quick tip for anyone using a Windows pc. My computer got hacked last week and if I had known it then I'd be richer.

I know this is probably common knowledge among tech types but I did not know it until too late.

1) Log into your Windows pc.

2) Create a second user without admin privileges.

3) restart.

4) Log into your regular account.

5) Look at the start button in the lower left.

6) Go to Switch User and go to your non admin account.

7) Log out of the non admin account.

Cool Log back into the main account.

9) Without moving the mouse or anything else, if you notice something different in the start button you should be worried.

I'm sure this belongs in a different section, so move it. Also sure it is well known, but as I said before I did not know it.

Briefly the hack.

1) Someone emptied the 3 bitcoin I had at Blockchain into the wallet 1GFXKAYNo1Urm3HeaxgoWBPSG9MFUkWFDX

2) Then they emptied a litecoin wallet that I had lost the password for and had stored on my computer.

3) etc etc

In my initial paranoia I though adobe flash was used. Apparently it was not.

My suspicion also focused on Fireball who I have criticized a lot. But although he runs a crooked exchange he honestly does not seem to be the type to steal in this way.

It does seem likely the hacking is related to other altcoins. I've been on the internet since the 90s and was never hacked. Then I downloaded a bunch of weird coin wallets and within weeks got hit.

The hacker used ip address 109.120.153.223

No really , is this a joke?
Like post this message 7 times or you'll get hit by a falling air conditioner?
Soros Shorts
Donator
Legendary
*
Offline Offline

Activity: 1617
Merit: 1012



View Profile
December 15, 2013, 02:16:27 AM
 #3

Why do you even use an admin account as your regular account? This is like running root for everything under Linux. I have trained some non-technical Windows users to always run their regular stuff as a non-admin user and they have never picked up a single virus in the past 10 years or so.
deed02392
Newbie
*
Offline Offline

Activity: 39
Merit: 0


View Profile
December 15, 2013, 02:18:40 AM
 #4

Why do you even use an admin account as your regular account? This is like running root for everything under Linux. I have trained some non-technical Windows users to always run their regular stuff as a non-admin user and they have never picked up a single virus in the past 10 years or so.
Windows Vista+ runs everything as an unprivileged user under UAC by default.
hedge29
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
December 15, 2013, 02:18:57 AM
Last edit: December 15, 2013, 02:42:49 AM by hedge29
 #5

Were you using two-factor authentication on your blockchain account? I was thinking that two-factor authentication makes one immune to getting your account hacked.  Am I wrong?
akwfleaspirit (OP)
Member
**
Offline Offline

Activity: 163
Merit: 10


View Profile
December 15, 2013, 03:22:52 AM
 #6

Were you using two-factor authentication on your blockchain account? I was thinking that two-factor authentication makes one immune to getting your account hacked.  Am I wrong?

You can download backups of your blockchain account.

I thought first he had hacked my blockchain but apparently he just took the backup off my computer along with the rest.

  ●   John McAfee Supports   ●
 ❰❰❰❰❰❰  Advertising Platform  ❱❱❱❱❱❱   
● ▬▬▬▬▬ ● ▬▬▬▬▬ ●●●    ●  YOUC  ●    ●●● ▬▬▬▬▬ ● ▬▬▬▬▬ ●
akwfleaspirit (OP)
Member
**
Offline Offline

Activity: 163
Merit: 10


View Profile
December 15, 2013, 03:26:33 AM
 #7

No really , is this a joke?
Like post this message 7 times or you'll get hit by a falling air conditioner?

If you don't want to read it don't read it.

This post is to point out that if a person notices that change on their computer they have been hacked. So far this is not detected by any antivirus programs so maybe someone else will find it useful. I have pcap files of the traffic and will run them through several antivirus programs once a week or so until it shows up. Til then this is one way to test for it.

  ●   John McAfee Supports   ●
 ❰❰❰❰❰❰  Advertising Platform  ❱❱❱❱❱❱   
● ▬▬▬▬▬ ● ▬▬▬▬▬ ●●●    ●  YOUC  ●    ●●● ▬▬▬▬▬ ● ▬▬▬▬▬ ●
akwfleaspirit (OP)
Member
**
Offline Offline

Activity: 163
Merit: 10


View Profile
December 15, 2013, 03:28:35 AM
 #8

Why do you even use an admin account as your regular account? This is like running root for everything under Linux. I have trained some non-technical Windows users to always run their regular stuff as a non-admin user and they have never picked up a single virus in the past 10 years or so.

I've never picked up a single virus in 15+ years until last week. I did what I did and learned my lesson. If you want to pay for a t shirt that says stupid I'll wear it.

  ●   John McAfee Supports   ●
 ❰❰❰❰❰❰  Advertising Platform  ❱❱❱❱❱❱   
● ▬▬▬▬▬ ● ▬▬▬▬▬ ●●●    ●  YOUC  ●    ●●● ▬▬▬▬▬ ● ▬▬▬▬▬ ●
nate008
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
December 15, 2013, 03:32:32 AM
 #9

No really , is this a joke?
Like post this message 7 times or you'll get hit by a falling air conditioner?

If you don't want to read it don't read it.

This post is to point out that if a person notices that change on their computer they have been hacked. So far this is not detected by any antivirus programs so maybe someone else will find it useful. I have pcap files of the traffic and will run them through several antivirus programs once a week or so until it shows up. Til then this is one way to test for it.

Do you have any references about this?
Some thread in a forum which deals with security , viruses?

Unless you show some proofs I will think somebody on 4chan laughed at you.
akwfleaspirit (OP)
Member
**
Offline Offline

Activity: 163
Merit: 10


View Profile
December 15, 2013, 04:20:00 AM
 #10

Do you have any references about this?
Some thread in a forum which deals with security , viruses?
Unless you show some proofs I will think somebody on 4chan laughed at you.

This is what happened on my computer. I thought it was very strange. I have been using Windows computers for years and never saw it. It coincides exactly with the hack. In other words exactly when the hack occurred this and a few other oddities occurred in Windows and on my browser. So I can saqy near 100% they are related.

I'm not trying to tell anyone to do anything nor am I pretending to know the least bit about security.

My advice though would be if someone has a Windows computer they follow steps above, create a non admin user, log in and out etc and look for the obvious change in the start button. Someone can do it, not do it, I don't care. When I see something like that I try to give a warning, that's all.

As I said earlier I will reconstruct the pcap files of the hack, put them on a storage drive and scan them regularly until one of the free major antivirus programs detects it. Then I will tell you its name.

  ●   John McAfee Supports   ●
 ❰❰❰❰❰❰  Advertising Platform  ❱❱❱❱❱❱   
● ▬▬▬▬▬ ● ▬▬▬▬▬ ●●●    ●  YOUC  ●    ●●● ▬▬▬▬▬ ● ▬▬▬▬▬ ●
Cryptolator
Hero Member
*****
Offline Offline

Activity: 508
Merit: 500



View Profile
December 15, 2013, 05:00:49 AM
 #11

This is a quick tip for anyone using a Windows pc. My computer got hacked last week and if I had known it then I'd be richer.

I know this is probably common knowledge among tech types but I did not know it until too late.

1) Log into your Windows pc.

2) Create a second user without admin privileges.

3) restart.

4) Log into your regular account.

5) Look at the start button in the lower left.

6) Go to Switch User and go to your non admin account.

7) Log out of the non admin account.

Cool Log back into the main account.

9) Without moving the mouse or anything else, if you notice something different in the start button you should be worried.

I'm sure this belongs in a different section, so move it. Also sure it is well known, but as I said before I did not know it.

Briefly the hack.

1) Someone emptied the 3 bitcoin I had at Blockchain into the wallet 1GFXKAYNo1Urm3HeaxgoWBPSG9MFUkWFDX

2) Then they emptied a litecoin wallet that I had lost the password for and had stored on my computer.

3) etc etc

In my initial paranoia I though adobe flash was used. Apparently it was not.

My suspicion also focused on Fireball who I have criticized a lot. But although he runs a crooked exchange he honestly does not seem to be the type to steal in this way.

It does seem likely the hacking is related to other altcoins. I've been on the internet since the 90s and was never hacked. Then I downloaded a bunch of weird coin wallets and within weeks got hit.

The hacker used ip address 109.120.153.223

What the hell are you talking about !?
Sorry, but I've been an IT for more than 15years and this make no sense at all...
nate008
Member
**
Offline Offline

Activity: 70
Merit: 10


View Profile
December 15, 2013, 05:07:30 AM
 #12

bla bla

What the hell are you talking about !?
Sorry, but I've been an IT for more than 15years and this make no sense at all...


That's what I'm saying too , it looks like a prank.
A very time consuming prank.
Cryptolator
Hero Member
*****
Offline Offline

Activity: 508
Merit: 500



View Profile
December 15, 2013, 05:08:33 AM
 #13

bla bla

What the hell are you talking about !?
Sorry, but I've been an IT for more than 15years and this make no sense at all...


That's what I'm saying too , it looks like a prank.
A very time consuming prank.

Exactly ! Smiley
btcton
Legendary
*
Offline Offline

Activity: 1288
Merit: 1007


View Profile
December 15, 2013, 05:09:00 AM
 #14

Ummmm, a change in the start button if you get hacked? How can that make sense?

The signature campaign posters adding useless redundant fluff to their posts to reach their minimum word count are lowering my IQ.
Cryptolator
Hero Member
*****
Offline Offline

Activity: 508
Merit: 500



View Profile
December 15, 2013, 05:11:25 AM
 #15

Ummmm, a change in the start button if you get hacked? How can that make sense?

It can't, I assure you ! Tongue
akwfleaspirit (OP)
Member
**
Offline Offline

Activity: 163
Merit: 10


View Profile
December 15, 2013, 05:26:53 AM
 #16



What the hell are you talking about !?
Sorry, but I've been an IT for more than 15years and this make no sense at all...

and others


I've been an IT zero years.

I've  been hacked once.

There were a few oddities in my computer that I noticed and could not explain but I ignored them. One of them, the easiest to notice, is that if you follow the steps above and your computer has this problem then when you log back into the admin account the start button will be black until you move the mouse over it.

There were several other things but thisc struck me as the most obvious and the one easiest to replicate.

Again, anyone and everyone is free to ignore my posts. If I had read this warning a week ago and spent a few minutes testing it then some coins would not be lost.

As far as anyone saying it sounds like this it sounds like that, all I can say is move on to the next post.

  ●   John McAfee Supports   ●
 ❰❰❰❰❰❰  Advertising Platform  ❱❱❱❱❱❱   
● ▬▬▬▬▬ ● ▬▬▬▬▬ ●●●    ●  YOUC  ●    ●●● ▬▬▬▬▬ ● ▬▬▬▬▬ ●
Cryptolator
Hero Member
*****
Offline Offline

Activity: 508
Merit: 500



View Profile
December 15, 2013, 05:32:29 AM
 #17



What the hell are you talking about !?
Sorry, but I've been an IT for more than 15years and this make no sense at all...

and others


I've been an IT zero years.

I've  been hacked once.

There were a few oddities in my computer that I noticed and could not explain but I ignored them. One of them, the easiest to notice, is that if you follow the steps above and your computer has this problem then when you log back into the admin account the start button will be black until you move the mouse over it.

There were several other things but thisc struck me as the most obvious and the one easiest to replicate.

Again, anyone and everyone is free to ignore my posts. If I had read this warning a week ago and spent a few minutes testing it then some coins would not be lost.

As far as anyone saying it sounds like this it sounds like that, all I can say is move on to the next post.

We would like to see what is your source for this, that's all. Don't feel offended. We just wanna save peoples time in doing a useless verification.
hiltonizer
Member
**
Offline Offline

Activity: 104
Merit: 10



View Profile
December 15, 2013, 05:37:45 AM
 #18

There is some god awful info in this thread.

DarkCoin: XiZutyRTPTEFQm5aH2de2SCmzfgE6B78uK
Bitcoin: 1P4wYgkKTh3WzHUGqLFaef23bAeM4UV2jB
akwfleaspirit (OP)
Member
**
Offline Offline

Activity: 163
Merit: 10


View Profile
December 15, 2013, 06:00:36 AM
 #19


We would like to see what is your source for this, that's all. Don't feel offended. We just wanna save peoples time in doing a useless verification.

What do you mean source? My computer was hacked. There were strange things on my computer in the time of the hack that I ignored. I'm telling anyone who has a Windows computer and is interested that if they do the above test they will know whether they have whatever hit my computer.

There were other oddities that were not predictable and easily tested. On Firefox sometimes in the last week a black bar would cover the lower left where an address should be. I also sometimes use other browsers and don't remember anything on them. Sometimes when I would press a letter or number on the keyboard nothing would happen until I pressed a second time. All this is only in the time of the hack, not ever in the last many many years except in the last 2 weeks plus.

What source do you want?

  ●   John McAfee Supports   ●
 ❰❰❰❰❰❰  Advertising Platform  ❱❱❱❱❱❱   
● ▬▬▬▬▬ ● ▬▬▬▬▬ ●●●    ●  YOUC  ●    ●●● ▬▬▬▬▬ ● ▬▬▬▬▬ ●
akwfleaspirit (OP)
Member
**
Offline Offline

Activity: 163
Merit: 10


View Profile
December 15, 2013, 06:01:45 AM
 #20

There is some god awful info in this thread.

I am well known among the people who know me for being a poor communicator. Do I give a fuck? No.

  ●   John McAfee Supports   ●
 ❰❰❰❰❰❰  Advertising Platform  ❱❱❱❱❱❱   
● ▬▬▬▬▬ ● ▬▬▬▬▬ ●●●    ●  YOUC  ●    ●●● ▬▬▬▬▬ ● ▬▬▬▬▬ ●
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!