Bitcoin Forum
April 24, 2014, 11:01:26 AM *
News: Due to the OpenSSL heartbleed bug, changing your forum password is recommended.
 
   Home   Help Search Donate Login Register  
Pages: [1] 2  All
  Print  
Author Topic: I just got Hacked!  (Read 1997 times)
adamstgBit
Hero Member
*****
Offline Offline

Activity: 1064


Trusted Bitcoiner


View Profile WWW

Ignore
November 07, 2011, 02:22:42 AM
 #1

i come back home today, and find my computer in sore shape.

its tell me some files where accesed remotely and asks me to block this attact

it would seem i have a w32.Blaster worm. and was unable to start any programs.

after running the virus scan everything seems back to normal... ish

it would seem the attacker did NOT steal my bitcoin wallet!



 

BTC.sx - Leveraged Bitcoin Trading. Simply use Bitcoin to take advantage of a rising or falling Bitcoin price.
BTC.sx - Leveraged Bitcoin Trading. Profit from a rising or falling Bitcoin price.
1398337286
Hero Member
*
Offline Offline

Posts: 1398337286

View Profile Personal Message (Offline)

Ignore
1398337286
Reply with quote  #2

1398337286
Report to moderator
Unbeatable Service & Product Support
Grab Your Miners at GAWMiners.com
Order Before April 25th to receive
Double your Hashing Power for 1 week!

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1398337286
Hero Member
*
Offline Offline

Posts: 1398337286

View Profile Personal Message (Offline)

Ignore
1398337286
Reply with quote  #2

1398337286
Report to moderator
1398337286
Hero Member
*
Offline Offline

Posts: 1398337286

View Profile Personal Message (Offline)

Ignore
1398337286
Reply with quote  #2

1398337286
Report to moderator
1398337286
Hero Member
*
Offline Offline

Posts: 1398337286

View Profile Personal Message (Offline)

Ignore
1398337286
Reply with quote  #2

1398337286
Report to moderator
worldinacoin
Hero Member
*****
Offline Offline

Activity: 490



View Profile WWW

Ignore
November 07, 2011, 02:24:16 AM
 #2

better get a secure computer, setup bitcoin and transfer your coins away.

bitplane
Sr. Member
****
Offline Offline

Activity: 321

Firstbits: 1gyzhw


View Profile WWW

Ignore
November 07, 2011, 02:47:25 AM
 #3

Blaster is an old memory resident worm from 2006 and doesn't spread anymore, you've probably got a scareware infection.
adamstgBit
Hero Member
*****
Offline Offline

Activity: 1064


Trusted Bitcoiner


View Profile WWW

Ignore
November 07, 2011, 03:05:08 AM
 #4

Blaster is an old memory resident worm from 2006 and doesn't spread anymore, you've probably got a scareware infection.

i think your right the thing running the scan right now is porbly the bug.

"Privcay Protection"

yup
http://www.2-viruses.com/remove-privacy-protection

Quote
What is Privacy Protection?
Privacy Protection is fake anti-malware program that simulates activity of legitimate programs capable to solve your computer’s protection issues. ....

BTC.sx - Leveraged Bitcoin Trading. Simply use Bitcoin to take advantage of a rising or falling Bitcoin price.
BTC.sx - Leveraged Bitcoin Trading. Profit from a rising or falling Bitcoin price.
deslok
Sr. Member
****
Offline Offline

Activity: 434


It's all about the game, and how you play it


View Profile

Ignore
November 07, 2011, 03:12:57 AM
 #5

I would advise trying to load a legitimate antivirus such as avast as well as an antispyware software such as spybot, if you can't get to their sites to even install these you've definitly got something going on

"If we don't hang together, by Heavens we shall hang separately." - Benjamin Franklin

If you found that funny or something i said useful i always appreciate spare change
1PczDQHfEj3dJgp6wN3CXPft1bGB23TzTM
Yankee (BitInstant)
Hero Member
*****
Offline Offline

Activity: 868


Charlie Van Bitcoin


View Profile

Ignore
November 07, 2011, 03:22:39 AM
 #6

phew, I got scared there for a second  Cry

Glad your bitcoins are safe  Cheesy

Go for Kaspersky or AVN anti-virus, both amazing.
(Maybe change the title of this thread, its a tad scary)

Cheers

"In a free society, private payments should be covered by merchant-customer privilege just as attorney-client privilege covers confidential legal communication." - Jon Matonis, Director, Bitcoin Foundation
Snapman
SCAMMER
Sr. Member
*****
Offline Offline

Activity: 291


BTCRadio Owner


View Profile WWW

Ignore
November 07, 2011, 03:26:23 AM
 #7

Might want to also run "malwarebytes" through there once, might help in picking up whatever files or entries are left.

BTCRadio: 17cafKShokyQCbaNuzaDo5HLoSnffMNPAs
Raoul Duke
aka psy
Global Moderator
Hero Member
*
Offline Offline

Activity: 1078


XBT.pt - BTC/DOGE


View Profile WWW

Ignore
November 07, 2011, 03:40:53 AM
 #8

Run Hitman Pro 3.5. It will kill the bastard.

naypalm
Hero Member
*****
Offline Offline

Activity: 714



View Profile WWW

Ignore
November 07, 2011, 04:51:57 AM
 #9

If you run a legit version of Windows, give MSE a try. Before I was running a combo of Symantec and Spybot S&D. Now I do not.

in b4 M$uck, Linux! and "It's unpossible for my iMac to get virus."

adamstgBit
Hero Member
*****
Offline Offline

Activity: 1064


Trusted Bitcoiner


View Profile WWW

Ignore
November 07, 2011, 05:06:28 AM
 #10

Might want to also run "malwarebytes" through there once, might help in picking up whatever files or entries are left.

ya i'm running it right now in "windows safe mode"

f-in shit is taking 1 hour to scann everthing, i hope everything is back to normal after

BTC.sx - Leveraged Bitcoin Trading. Simply use Bitcoin to take advantage of a rising or falling Bitcoin price.
BTC.sx - Leveraged Bitcoin Trading. Profit from a rising or falling Bitcoin price.
BadBear
Global Moderator
Hero Member
*
Online Online

Activity: 952



View Profile

Ignore
November 07, 2011, 01:58:24 PM
 #11

Seconding MSE, it's most totally excellent.  No loud noises, no annoying popups, no loud voices saying VIRUS DATABASE HAS BEEN UPDATED.  It just works and works quietly. 

1P1GwVpbTY6gcg8dX4nKzE5D6W8SCAzyZB
Tuxavant
Hero Member
*****
Offline Offline

Activity: 728


Bitcoin Mayor of Las Vegas


View Profile WWW

Ignore
November 07, 2011, 02:34:52 PM
 #12

If there's any indication your machine has been compromised or unauthorized/malicious software has been able to run on your system, your only recourse to be absolutely sure is to reflash your bios, wipe your drive, and reinstall.

Anything less than that, and you can't really be sure you're in a trustable, safe state.

Generation Bitcoin | G+ | FB | Bitcoins In Vegas | CoinBus.com | TOR Exit Operator 1MVTPATVCKBMfALRHJsXpHfKJu7GyL7nAc
RodeoX
Hero Member
*****
Offline Offline

Activity: 1148


The revolution will be monetized!


View Profile

Ignore
November 07, 2011, 02:40:49 PM
 #13

I would not assume your wallet has not been copied. Especially if you are using an encrypted wallet. Your thief could be trying to brute force the password as we speak. It might be worth it to put that wallet on another computer and do some kind of transaction. Then the wallet he/she has will no longer be valid.

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Tuxavant
Hero Member
*****
Offline Offline

Activity: 728


Bitcoin Mayor of Las Vegas


View Profile WWW

Ignore
November 07, 2011, 03:00:23 PM
 #14

What rodeoX said...

If you have a significant sum of Bitcoins, you should take a large portion offline immediately into multiple addresses (so you dont have to bring your entire offline sum online if you need to spend a small amount). Move the rest to a new wallet to spend as needed like allowance or discretionary spending.

Generation Bitcoin | G+ | FB | Bitcoins In Vegas | CoinBus.com | TOR Exit Operator 1MVTPATVCKBMfALRHJsXpHfKJu7GyL7nAc
DeathAndTaxes
Donator
Hero Member
*
Offline Offline

Activity: 966



View Profile WWW

Ignore
November 07, 2011, 03:06:44 PM
 #15

If there's any indication your machine has been compromised or unauthorized/malicious software has been able to run on your system, your only recourse to be absolutely sure is to reflash your bios, wipe your drive, and reinstall.

Anything less than that, and you can't really be sure you're in a trustable, safe state.

This.  It doesn't take that long.  Looking for signs of an attack is often futile.  Many malware are very good at hiding even from anti-malware software.  Since XP has no admin restrictins you could already been rootkitted and any detection software is simply seeing what the malicous software wants it to see.

I would not assume your wallet has not been copied. Especially if you are using an encrypted wallet. Your thief could be trying to brute force the password as we speak. It might be worth it to put that wallet on another computer and do some kind of transaction. Then the wallet he/she has will no longer be valid.

This to.  To easy to simply take the precaution of creating new wallet and transferring all balances from old wallet to the new one.  While your encryption may not be breakable today if the attacker got it you are taking the chance it will never be breakable ever in the future. 

Gerald Davis  CEO, Tangible Cryptography Inc.
BitSimple. A simpler way to buy and sell bitcoins
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile

Ignore
November 07, 2011, 03:10:34 PM
 #16

If there's any indication your machine has been compromised or unauthorized/malicious software has been able to run on your system, your only recourse to be absolutely sure is to reflash your bios, wipe your drive, and reinstall.

Anything less than that, and you can't really be sure you're in a trustable, safe state.
Of course you're right, but I'd say flashing the bios is a bit unnecessary in most cases as viruses aren't really allowed to access the bios so easily in modern operating systems, especially considering flashing your BIOS is a gamble (most people don't have extra CMOS chips laying around).

DeathAndTaxes
Donator
Hero Member
*
Offline Offline

Activity: 966



View Profile WWW

Ignore
November 07, 2011, 03:14:20 PM
 #17

If there's any indication your machine has been compromised or unauthorized/malicious software has been able to run on your system, your only recourse to be absolutely sure is to reflash your bios, wipe your drive, and reinstall.

Anything less than that, and you can't really be sure you're in a trustable, safe state.
Of course you're right, but I'd say flashing the bios is a bit unnecessary in most cases as viruses aren't really allowed to access the bios so easily in modern operating systems, especially considering flashing your BIOS is a gamble (most people don't have extra CMOS chips laying around).

It is very easy to flash a modern bios with a virus.  Most motherboards have a windows based tool to flash bios without rebooting.  While this is convenient it also makes it easy to infect the bios.  If it can be done for a "good bios" it can be done for a malicious one.  

http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html


Still it all depends on how paranoid you are.  An alternative, some (but not all) motherboards offer an option to make a backup of the bios.  Some do this from same windows utility to flash a bios, some from a option in the bios to write to a thumb drive.  If you can get a copy of the bios currently loaded you can take a hash of it and compare it to the official bios.  If they match then no need to flash.  If they don't match then I would definitely flash.

Gerald Davis  CEO, Tangible Cryptography Inc.
BitSimple. A simpler way to buy and sell bitcoins
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile

Ignore
November 07, 2011, 04:34:26 PM
 #18

If there's any indication your machine has been compromised or unauthorized/malicious software has been able to run on your system, your only recourse to be absolutely sure is to reflash your bios, wipe your drive, and reinstall.

Anything less than that, and you can't really be sure you're in a trustable, safe state.
Of course you're right, but I'd say flashing the bios is a bit unnecessary in most cases as viruses aren't really allowed to access the bios so easily in modern operating systems, especially considering flashing your BIOS is a gamble (most people don't have extra CMOS chips laying around).

It is very easy to flash a modern bios with a virus.  Most motherboards have a windows based tool to flash bios without rebooting.  While this is convenient it also makes it easy to infect the bios.  If it can be done for a "good bios" it can be done for a malicious one.  

http://www.tomshardware.com/news/bios-virus-rootkit-security-backdoor,7400.html


Still it all depends on how paranoid you are.  An alternative, some (but not all) motherboards offer an option to make a backup of the bios.  Some do this from same windows utility to flash a bios, some from a option in the bios to write to a thumb drive.  If you can get a copy of the bios currently loaded you can take a hash of it and compare it to the official bios.  If they match then no need to flash.  If they don't match then I would definitely flash.

Quote
The reason that Microsoft Windows has more viruses that any other operating system isn't so much about its vulnerabilities as it is about it's success. People will argue which is more of a contributing factor, but there's no denying that the fact that Windows runs on a gazillion machines is a huge factor.

"Now, while Windows is relatively standard across PCs, BIOS's are not."
By writing a single virus that targets Microsoft Windows, a virus writer can potentially infect more computers on the planet than by writing it to target any other system. It's no secret that virus and malware writers regularly target the greatest potential audience so as to get the greatest number of infections for their malicious intent.

Now, while Windows is relatively standard across PCs, BIOS's are not.

The BIOS used in a PC built by one manufacturer may be radically different than that from another company. A virus that attempts to target a BIOS vulnerability or to somehow "hide" within a BIOS has to, essentially, be rewritten for or at least be customized and aware of every different BIOS that it might want target.

It's easier to simply rely on user apathy and target unpatched vulnerabilities in Windows. One virus per vulnerability, and all unpatched machines become malware's playground.

That's potentially a lot. A gazillion, even.

So just like Mac or Linux malware, there may be a few BIOS targeting viruses out there, but they're not even close to being as common as the more standard Windows-based malware.

Now, that's not to say that there's zero risk.

As you point out, a virus that manages to embed itself into the BIOS or BIOS's flash memory has one extremely unique characteristic: it'll survive even if you completely reformat and erase everything on your hard disk.

However, even that is easily remedied, either by resetting your BIOS to it's factory image - which most modern motherboards support - or often simply by updating or re-flashing your BIOS.

My take: it's not something I'd worry about at all just yet. In a rare case where malware appears to have survived a reformatting ... well, I'd first look at all the other ways that a machine can get immediately reinfected as you rebuild it from scratch (lack of firewall, infected external hard drives and the like). Only after eliminating those might I think about checking or resetting the BIOS.

It's just not that common a problem right now.

dooglus
Hero Member
*****
Offline Offline

Activity: 1036


firstbits: 1doog7


View Profile WWW

Ignore
November 08, 2011, 12:47:28 AM
 #19

It might be worth it to put that wallet on another computer and do some kind of transaction. Then the wallet he/she has will no longer be valid.

Are you sure?

If you send the entire balance to a new address, the thief's copy of the wallet will be empty, but still valid.

If you send less than the entire balance, you stand a chance of leaving some coins untouched and still available to the thief, and any change from the coins you do send will be sent to an address from the keypool, which the thief will also have access to.

I don't think there's any "kind of transaction" you can make that will invalidate the thief's copy of your wallet.

Tuxavant
Hero Member
*****
Offline Offline

Activity: 728


Bitcoin Mayor of Las Vegas


View Profile WWW

Ignore
November 08, 2011, 12:57:59 AM
 #20


I don't think there's any "kind of transaction" you can make that will invalidate the thief's copy of your wallet.

He just means that you're "invalidating" it by taking the money out of it and not using it anymore. The thief would still have access to the private keys to send money, but there would be none there. And you may have to watch for future transactions sent to that wallet and "spend" them before the thief did.

Generation Bitcoin | G+ | FB | Bitcoins In Vegas | CoinBus.com | TOR Exit Operator 1MVTPATVCKBMfALRHJsXpHfKJu7GyL7nAc
Pages: [1] 2  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!