Coins stolen from my wallet?!?

[shorena]

I doubled check my antivir now and I really have installed AVG Antivir AND Microsoft Essentials, but both were not enough to prevent the thief. However, a wallet without password protection was really dumb, life learns you the hard way, even if in that case it was not very hard at least.

Yes a password is a must, with keepass you are also protected against keyloggers. Anti Virus is not a critical issue anymore. It is something you keep to make you feel safe and to hold of the old shit from last year, but the viruses and trojans that are currently active are seldomly known to anti viruses devs. I am a bit behind with my Ct reading, but I trust their judgement.

The OS is a legit copy, but after a complete scan of the system the antivir found three threats:
#1 "Virus found: Win32/Zperm, C:\Windows\Temp\49f48af4-b402-4745-9e9c-26cfb8983c1f\tmp0000116d\tmp00006408";"Saved"
#2 "Trojan: PSW.OnlineGames4.ZUJ, D:\buddha.dll";"Saved"
#3 "Trojan: CoinMiner.ASJ, C:\Users\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLLU0VPX\wmpnetwk[1].dll";"Saved"

From #3 and #1 I think you got infected while using IE, so a drive by infection most likely. Those few minutes while you are out there to get a safe browser... Oh well. Whats buddha.dll though? A quick research suggests sleeping dogs or Call of Duty Black Ops 2. I didnt dig to deep, but I suspect a pirated version/cheat/etc. I wouldnt know why an official release would require a download via 2shared. So #1 and #3 might have followed after you got the dll somewhere insecure. Again, I dont judge, I dont require an answer, just think about where you might have gotten the file.

Aaanyway seems like you are taking a safer route for now. While I usually argue that your own machine is safer than some server on the internet, this depends on what you are doing with your machine.

Bleib wachsam

[Fiora]

so this all happened due to a trojan?

[DrRobotto]

so this all happened due to a trojan?

I think, yes.

I doubled check my antivir now and I really have installed AVG Antivir AND Microsoft Essentials, but both were not enough to prevent the thief. However, a wallet without password protection was really dumb, life learns you the hard way, even if in that case it was not very hard at least.

From #3 and #1 I think you got infected while using IE, so a drive by infection most likely. Those few minutes while you are out there to get a safe browser... Oh well. Whats buddha.dll though? A quick research suggests sleeping dogs or Call of Duty Black Ops 2. I didnt dig to deep, but I suspect a pirated version/cheat/etc. I wouldnt know why an official release would require a download via 2shared. So #1 and #3 might have followed after you got the dll somewhere insecure. Again, I dont judge, I dont require an answer, just think about where you might have gotten the file.

Aaanyway seems like you are taking a safer route for now. While I usually argue that your own machine is safer than some server on the internet, this depends on what you are doing with your machine.

Bleib wachsam

Hm, I never played neither sleeping dogs nor COD2 on my computer. The thing is that I have received this copy of the OS from the university via MSDNAA and received a copy on my D:\ drive via an usb disk from one of my colleagues since he already downloaded it. So I just needed a new key from the university partner program with MS. Can it be that buddha.dll replicated it to my disk without somebody (antivir, etc.) knowing it? I remember that sometimes my colleagues played COD2 at the university in there spare time. I usually play LOL which is free to play.

I cannot explain it in a different way, because otherwise buddha.dll should be in a folder named "D:\CallOfDuty\buddha.dll" or something?!? Just as a guess.

Nevertheless, I learned my lesson and how "easy" BTC can be stolen from your wallet even if it was reckless to have a wallet without a password, since bitcoin-qt does not enforce it (!!) as for instance multibit does.

[shorena]

-snip-
Hm, I never played neither sleeping dogs nor COD2 on my computer. The thing is that I have received this copy of the OS from the university via MSDNAA and received a copy on my D:\ drive via an usb disk from one of my colleagues since he already downloaded it. So I just needed a new key from the university partner program with MS. Can it be that buddha.dll replicated it to my disk without somebody (antivir, etc.) knowing it? I remember that sometimes my colleagues played COD2 at the university in there spare time. I usually play LOL which is free to play.

I think we know how you got infected now. Your colleague should probably get a clean OS as well now.

I cannot explain it in a different way, because otherwise buddha.dll should be in a folder named "D:\CallOfDuty\buddha.dll" or something?!? Just as a guess.

Yes its a strange path for the dll to be, but probably thats just the path you copied it to.

[feryjhie]

anyone can explain how to anticipate for stolen a bitcoin from wallet?

[Baitty]

anyone can explain how to anticipate for stolen a bitcoin from wallet?

What do you mean? how to prepare your wallet so its harder for it to get stolen?

[regedit]

For maximum security, use maximum paranoia. Assume that any script or wallet he gives you is invasive malware that's intent on stealing your bitcoins.

Create a brand new wallet (on a different machine, that's never had his stuff installed) using the standard client and configuration (not anything that he set up for you), and send any remaining bitcoins from your old wallet to your new one.

Then delete both the bitcoind wallet and game script, and if in doubt, wipe the computer(s) that had them installed and only reinstall trusted things.

For a lower, but still reasonable, level of security/paranoia, create a new wallet with a new password and transfer the old wallet's bitcoins to it. It's important to not reuse a possibly-compromised wallet, even with a new password and new addresses, because of the key pool. This pool basically means that he's (possibly) already downloaded your private keys, not just for your past addresses, but for your next 100, too.

And if possible, inspect the game script for anything suspicious, or simply stop using it. Or use it only on a computer that cannot access the bitcoins, and in which you never type your wallet password.

In any case, do not use any passwords (RPC, wallet, etc.) or wallets that he gave you, since they could be compromised.

[ranochigo]

For maximum security, use maximum paranoia. Assume that any script or wallet he gives you is invasive malware that's intent on stealing your bitcoins.

Create a brand new wallet (on a different machine, that's never had his stuff installed) using the standard client and configuration (not anything that he set up for you), and send any remaining bitcoins from your old wallet to your new one.

Then delete both the bitcoind wallet and game script, and if in doubt, wipe the computer(s) that had them installed and only reinstall trusted things.

For a lower, but still reasonable, level of security/paranoia, create a new wallet with a new password and transfer the old wallet's bitcoins to it. It's important to not reuse a possibly-compromised wallet, even with a new password and new addresses, because of the key pool. This pool basically means that he's (possibly) already downloaded your private keys, not just for your past addresses, but for your next 100, too.

And if possible, inspect the game script for anything suspicious, or simply stop using it. Or use it only on a computer that cannot access the bitcoins, and in which you never type your wallet password.

In any case, do not use any passwords (RPC, wallet, etc.) or wallets that he gave you, since they could be compromised.

You would be likely infected if you download the wallet, even if you copied it from elsewhere, your other computer could have been infected and you loaded the drive to the other computer, resulting in another infected computer. To be honest, I'm thinking some viruses can immediately dump your private key once you have generated a wallet, it is the best to use it on a offline computer.

[Baitty]

For maximum security, use maximum paranoia. Assume that any script or wallet he gives you is invasive malware that's intent on stealing your bitcoins.

Create a brand new wallet (on a different machine, that's never had his stuff installed) using the standard client and configuration (not anything that he set up for you), and send any remaining bitcoins from your old wallet to your new one.

Then delete both the bitcoind wallet and game script, and if in doubt, wipe the computer(s) that had them installed and only reinstall trusted things.

For a lower, but still reasonable, level of security/paranoia, create a new wallet with a new password and transfer the old wallet's bitcoins to it. It's important to not reuse a possibly-compromised wallet, even with a new password and new addresses, because of the key pool. This pool basically means that he's (possibly) already downloaded your private keys, not just for your past addresses, but for your next 100, too.

And if possible, inspect the game script for anything suspicious, or simply stop using it. Or use it only on a computer that cannot access the bitcoins, and in which you never type your wallet password.

In any case, do not use any passwords (RPC, wallet, etc.) or wallets that he gave you, since they could be compromised.

Just follow the steps of creating a paper wallet downloading the wallet is a huge risk and being connected to the internet is also a huge risk.

[NiceSoft12]

If my pc is secure, do I have to worry about other people on the same network, their PC being not secure (ie filled with virus/malware)?

[ranochigo]

If my pc is secure, do I have to worry about other people on the same network, their PC being not secure (ie filled with virus/malware)?

You have to worry about them somehow, there are viruses that can be spread across the same network and you have a chance of being infected too. Especially if you are using a Windows OS.

[Testing123]

For maximum security, use maximum paranoia. Assume that any script or wallet he gives you is invasive malware that's intent on stealing your bitcoins.

Create a brand new wallet (on a different machine, that's never had his stuff installed) using the standard client and configuration (not anything that he set up for you), and send any remaining bitcoins from your old wallet to your new one.

Then delete both the bitcoind wallet and game script, and if in doubt, wipe the computer(s) that had them installed and only reinstall trusted things.

For a lower, but still reasonable, level of security/paranoia, create a new wallet with a new password and transfer the old wallet's bitcoins to it. It's important to not reuse a possibly-compromised wallet, even with a new password and new addresses, because of the key pool. This pool basically means that he's (possibly) already downloaded your private keys, not just for your past addresses, but for your next 100, too.

And if possible, inspect the game script for anything suspicious, or simply stop using it. Or use it only on a computer that cannot access the bitcoins, and in which you never type your wallet password.

In any case, do not use any passwords (RPC, wallet, etc.) or wallets that he gave you, since they could be compromised.

For maximum security, you could simply just format the disk, get a clean install of Linux and create a new offline wallet or paper wallet.

[DrRobotto]

My stolen BTC ended up in this accout:
https://blockchain.info/address/1Crspt3Fbx1jdWMmm2uFwzfQfvsmZvnwHg

and he/she continues in my opinion to steal from other wallets, too!

This guy had received about 0.88990851 BTC and the final balance is now about 0.0001 BTC and nobody can't stop these machinations.

[whiteflight31]

My stolen BTC ended up in this accout:
https://blockchain.info/address/1Crspt3Fbx1jdWMmm2uFwzfQfvsmZvnwHg

and he/she continues in my opinion to steal from other wallets, too!

This guy had received about 0.88990851 BTC and the final balance is now about 0.0001 BTC and nobody can't stop these machinations.

There are many stickies about security, you should read it before doing anything with BTC.
If you have money, try to make bounty thread.

[akali]

Just learn from your mistake, theres nothing you can do to recover any coin.

[ranochigo]

My stolen BTC ended up in this accout:
https://blockchain.info/address/1Crspt3Fbx1jdWMmm2uFwzfQfvsmZvnwHg

and he/she continues in my opinion to steal from other wallets, too!

This guy had received about 0.88990851 BTC and the final balance is now about 0.0001 BTC and nobody can't stop these machinations.

That may or may not be his actual address, he might have used a mixer and mixed his coins. It can also be a shared wallet which everyone's balance is sent to one address.

[DrG]

Unless you make $120 an hour, if you spend 5 hours in this subforum reading you will learn how to secure a wallet and also be able to pick a wallet that suits your needs.  1 Bitcoin is about $620, so 5 hours is about $120 saved per hour if you have even 1 coin in your wallet.

https://bitcointalk.org/index.php?board=37.0

[RedDiamond]

downoad linux on your laptop and be worry free

no need for anything else, perhaps maybe only setting a password on the file..

Must also remember install updates (if not configured automatic). Otherwise malware like Mayhem (http://www.net-security.org/malware_news.php?id=2813) can hit.

[Stery]

You can move the wallet to linux

Install bitcoin-qt in linux ( ubuntu ) and move the existing wallet.dat to that

This makes the wallet more secure than windows

[ranochigo]

You can move the wallet to linux

Install bitcoin-qt in linux ( ubuntu ) and move the existing wallet.dat to that

This makes the wallet more secure than windows

If he used it on Windows before, it would be pretty much useless. Your wallet.dat might be exposed to all kinds of malware on Windows. Therefore, if you move it to Linux, the attacker would have your key and can steal your BTC.