ALL IN
Newbie
Offline
Activity: 16
Merit: 0
|
|
August 05, 2014, 12:44:42 AM |
|
never save your money in your computer if you think you have not full security to save your money . just aware your device in infected of hacker.
|
|
|
|
TheFridge (OP)
|
|
August 05, 2014, 12:56:23 AM Last edit: August 06, 2014, 12:25:01 AM by TheFridge |
|
Yes those other addresses are mine, well 2 of them from what I could find because I dont have the transactions in the wallet itself. I had to look for withdrawls from exchanges etc so I cant give a full list of what my addresses were. The wallet wasnt encrypted and I didnt have any backups of it. I know I should have but I dont and yes I had Teamviwer installed on that PC. I did a full system scan and couldnt find anything with Avast (may not be 100% though) Using windows 8.1 with Bitcoin v0.9.1 and I have installed the a wallet yersterday from zipcoin https://bitcointalk.org/index.php?topic=721306.new The link to the Minerals coin thread is https://bitcointalk.org/index.php?topic=641057.0Thanks for the help
|
|
|
|
ForgottenPassword
|
|
August 05, 2014, 01:06:36 AM |
|
Yes those other addresses are mine, well 2 of them from what I could find because I dont have the transactions in the wallet itself. I had to look for withdrawls from exchanges etc so I cant give a full list of what my addresses were. The wallet wasnt encrypted and I didnt have any backups of it. I know I should have but I dont and yes I had Teamviwer installed on that PC. I did a full system scan and couldnt find anything with Avast (may not be 100% though) Using windows 8.1 with Bitcoin v0.9.1 and I have installed the a wallet yersterday from zipcoin https://bitcointalk.org/index.php?topic=721306.new but it seems these transactions were before this wallet was installed. The link to the Minerals coin thread is https://bitcointalk.org/index.php?topic=641057.0Thanks for the help Anti-virus will only find malware that it knows about. If the malware is only installed on a small amount of PC's then it will not detect it. You should check your Teamviewer account when you get a chance. There must be a way to see if someone recently logged in. Teamviewer is very bad at keeping out hackers, if they have your account password they can login to your PC, Teamviewer do not check for suspicious logins (what I've been told). You say you can't see any transactions. Can you see any "receiving addresses"? maybe the hacker deleted your wallet.dat file after he copied it and replaced it with a blank one. Some of your BTC appear to have gone through a mixer. I'm still looking. Do you use any other altcoins BTW? shady altcoin developers have put viruses in their clients before.
|
|
|
|
TheFridge (OP)
|
|
August 05, 2014, 01:30:08 AM |
|
When I get access to a computer that isnt linked to the teamviewer account ill check it I cant see anything in the Bitcoin wallet, its completely blank, recent addresses, transactions, BTC. When I first opened the wallet its like it created a new wallet.dat file, the blockchain only needed to sync like 100 blocks. Here is the key dump, you can see the addresses were only created this morning when I opened the wallet # Wallet dump created by Bitcoin v0.9.1.0-g026a939-beta (Tue, 8 Apr 2014 12:04:06 +0200) # * Created on 2014-08-04T22:38:29Z # * Best block at time of backup was 314000 (000000000000000008ae6cb20997f3c4aacc50ee2f0d08a0c3691907fe7357a3), # mined on 2014-08-04T22:32:26Z
KxaieCjTCoKtdh3dD4jov7ixXAtEsd2SXNgqrHMdbhZZ23DJ8KDc 2014-08-04T20:35:42Z reserve=1 # addr=1F9t79KhoSDbETpGKYkgd9FRBUCJXx7zAm KyVvyZmtM1Jf661VMcrCpHpMnp5kbWYyi6TBg35oJJ1Lz8nmdDFY 2014-08-04T20:35:42Z label= # addr=19S85o6HnMMyjxzw39EGG93ynU3Eh1y4mK L4XDzspZZiQTFnxmRXQZ2z9squezxDcmyFyprXCm3mfnDyYLnMDY 2014-08-04T20:35:42Z reserve=1 # addr=1LUPBFFyjXTKyhJCQZKNBhxjiLSkG4MHiF L3tEij7RiN9f1AkAt2RwrhgSCgi8kEVCQvXutZDD33WE842Q2Kz9 2014-08-04T20:35:42Z reserve=1 # addr=1F81h2iTK74wWUEUyvWKFCPYxGQxDNYV46 KxRMenRahawSsvV4XvLYgqEityfX7zY6R8TwM5eHhhAvZkGgBaKX 2014-08-04T20:35:42Z reserve=1 # addr=1Lgq3WjX8hrVxUJESf4ieVhXevGADRjckx L483N91Pqx2bk9hHYJhkibEufm7qc6XHEszTfu5hfvBGM4d6XHN7 2014-08-04T20:35:42Z reserve=1 # addr=1M5cYUMdmZewHgJGwNcr8G6MGvwWHSzCEF L4sxdso5j3zMxCcPKoCReoH5v36mLhWYEJfUAUCrUEfzYEnKEqi3 2014-08-04T20:35:42Z reserve=1 # addr=1A9GRponqt5HKZnFkaUy5qtFx4gHyrMLuP Kyd6XfysgoRrtTUoTd2ieYDkPt5dvNcosJZVENk7suBMNTdbERdu 2014-08-04T20:35:42Z reserve=1 # addr=18gZpPYpi3PaEjjKBcJp6567nHhnJXJZAE L1Hd9kK9kdXJHMTJwN9yKRXWmL1nyBJQUQKaM4uySVM7KJRLwpVW 2014-08-04T20:35:43Z reserve=1 # addr=1BJgbbUMiffyjCYsY2grKCm5P5Jq5UhW4F L27xbuyozmKKt2XULK4Sm77GQZMaaskSkheHtEMrxMPF2kxBpT45 2014-08-04T20:35:43Z reserve=1 # addr=1HKpoi7GZ2z4aHWmKFhWkpUqVRjqAbV7T3 KwdtaXMqVHBoecMvKkajgJn6LwQ8yoRdAR7sddduuRHVtyzsp5Xt 2014-08-04T20:35:43Z reserve=1 # addr=18R3LNNoZNrp3uvDxPAwXp31PrhVTKRXy1 L4pGDCb2k8wNFSkU2q6nMNAhYGhE3SkTQHwyb1fp3DGsSdB6mvFS 2014-08-04T20:35:43Z reserve=1 # addr=1LScEbmj3SUed9g6wcYnwU6JkPutf9VS7H L5i6V9DSN3oV231MfmULrVxyRToLCLp7M9znLYAqx5ijoKn8YCGh 2014-08-04T20:35:43Z reserve=1 # addr=1PHqgi7VfHz9uxEv8teVtwVvS929iS3ayZ KzCRGk1LyBR4TPw8ZK6MsoUjwLB7qovA9DMDrYNpUdSbr1mBAzTv 2014-08-04T20:35:43Z reserve=1 # addr=1EjviNzrrYpRfr4Ze4MWHntzsheky8sAhC L5N716UGErqykBv9yRJqFpMKXYjZBxmJTnsRPV1Be8Qq68wFg6CG 2014-08-04T20:35:43Z reserve=1 # addr=1PgikMkhNGtk9yT4bN69eUwhY5XnWaqmE9 L3AaViBnPsTjF5EShpNfCPCrDgd9y1Xag49ccDGvGEHrV9qzvGWo 2014-08-04T20:35:43Z reserve=1 # addr=1vNRhKHiShtsPH5txGYHvsFMn6NdLiQvV L57nt41125EHbAV5GgnRcNjs81fSCR1mHgMYyr9JxnqBuhDKGG2f 2014-08-04T20:35:43Z reserve=1 # addr=1G8xwh5e1pnD3NvtRud84DboVyuaWQBohU L1rFa91NzWASDU8256kL2vR92GzBk6EcTLFRoRqGTpaAoGBv3XBx 2014-08-04T20:35:43Z reserve=1 # addr=1LUzMq8ddcz1VGj7xmLXiEngp4BxGgb5wi L3bv3DdnFR3MMkNWR6e87xQmCjFHKHb3T86GiTHcqkZjZnCXw17s 2014-08-04T20:35:43Z reserve=1 # addr=15ZpCNHHPWBW56YyequGg4Lpr279PH7tLa KwXHYfqT1FWZzZNiioroNvcgNk3VGUxohkaskffFtXMGuCd8VyXC 2014-08-04T20:35:43Z reserve=1 # addr=16a4CaDkA8x97ziApvxzAfULP2ixJ8yYK5 L5R4rd69p3x6gueKJvob4a399ngaocC1A5XggHrdQjhptaEJWiin 2014-08-04T20:35:43Z reserve=1 # addr=1MfHBZdTPdbycmJKN5vF7WAKgYAh9nuRDZ KyxRvnb1GKyFk1GjuzdUXZF8BqttREMKPgsRQ9bNeFc1TsEvq7zu 2014-08-04T20:35:43Z reserve=1 # addr=1J1C8wTkFo2zsqNWbmuUwFC12ZjJ8CRjqB Kx4CqkvtHnMA8W6bMyP4R7FGyQccgkpPaSvopevZxyXnCqBVVepL 2014-08-04T20:35:43Z reserve=1 # addr=14R7VbAXNYUwL5xSdqxs327oW7tUWKH6c8 L3NDrE87E1xGyzQJbYrGDGNvaXyGMvpjHgmn5xMUNXs3B7FQQAxA 2014-08-04T20:35:43Z reserve=1 # addr=18tC1kPhV6nCX2vznktrXApKKcXSXZmDf1 L2MqGhbhQkCpXHgwDYWcS1d6qwg8qLZur59TEWVUXcCsQLwSgjJQ 2014-08-04T20:35:43Z reserve=1 # addr=15BP4pBns6KRLwGXem9APZR6dpHG9mQ4Kv L24y5hWSEYUzEpcfXqUGm1vSRr4F6ufg8WCm2PRTTkHYpoQSkfka 2014-08-04T20:35:43Z reserve=1 # addr=15Qh2vzhqeAD3J84ogBTHGnfAdwwRt43fR KzJoERZVNcJKCyFyS8NVUAmUcJ4qLAmkquqVApV92RkhrUyUWzsB 2014-08-04T20:35:43Z reserve=1 # addr=12jo2z789dLBaXVy1QYVCoGgg5E23X9tGu KxzNgH1FwopDipvkegGYB7T3QGLjPkLQacZtXVuXFfH1V5FkR981 2014-08-04T20:35:43Z reserve=1 # addr=1EFMLQQZQRUPDrHdWyMnA91cBLrqqCBHqo L1tvv3XFA9yoLS6jvojwPz96HKX92RJT3TVo6XS2KbJQuPvVQ8gB 2014-08-04T20:35:43Z reserve=1 # addr=1AoTg1UWH7RDtJx5rmzL64boqZeApkJyVm L1UJm89HXUr1XP8wXdBHD8FXnJL8r5RUhWJxguh2sabK2RTSwBTX 2014-08-04T20:35:43Z reserve=1 # addr=1MS2VS7Ljwj2HjAURyF95MGSW8hzQp9iGL KycTbQhLG2vgnHuQF9amb7idJaZx41Q4KB9DNnVATdfjRAsZVkWM 2014-08-04T20:35:43Z reserve=1 # addr=1MLQckDLMbQ4Vrqkuc2PymDfYEedTAGQh8 KzVbst75BdSgLsYQusBDpThRz1wDW9efgtAVV4tZwzRK8M5Z7k7J 2014-08-04T20:35:43Z reserve=1 # addr=1CW2Pubr4wRJzThvQaGvbQLxPBuU63JojR Ky4XHgspUCqoHSRFoemnpGt6yZGJRz8GV3QtnyCytEfpJFezRXDH 2014-08-04T20:35:43Z reserve=1 # addr=1C4XiEheiQPLb7GWrHHPwp33Q1PKC5LWJC L1pKsDpFtNvrFj7LmZguaNrzbyfRm7RoH4BmYNRn1kUY6F6xkvyU 2014-08-04T20:35:43Z reserve=1 # addr=1N6UzxpMGHvuYWK6BzYors8T5YPwv8R8P5 KxyZ71fHWbGHj6WJ3LDpY287hN6thgjbYxVhT1bq9KgsxEkXi8Ht 2014-08-04T20:35:43Z reserve=1 # addr=1L8zq2NWB77pZyuyDJ7epAB7PQBErLop4S L5m4cAkaAbtbomQvqMzCTWFmZ2r43eeh8UNqVJwnbsT3mi6TBvLM 2014-08-04T20:35:43Z reserve=1 # addr=15Ti5pAtAE1fCzM64R7Bz1sgtp27UkkNHA L3WE5FLoGcZyRFcNLtJ5FFP8UWvoyFnDuZ4DWiDPYqTuojeNuMPj 2014-08-04T20:35:43Z reserve=1 # addr=12U3YZeVritzrkyfgLJ6acxkBLMCMsTFJP L4uwaTVVL6r5yWsxiQxnUVjSeXzaqikA2332VGh2RyeXTreACwga 2014-08-04T20:35:43Z reserve=1 # addr=1ELvS2y6c5EiHs25TUGZ4HB8vdds6HGM3o KxsAJYW7GF5dqqdeLaSk1taAkLQvVUHExmQAdHgMcaNnV9kUDxfb 2014-08-04T20:35:43Z reserve=1 # addr=1EwBtbBWv7pqFXohXSMcbUQXmj5bJLpJCT KyKS7VCtqGqPKwPT1FDyB2izXyEQXZC5BpbaDUaECNHoLGkpYiAk 2014-08-04T20:35:43Z reserve=1 # addr=1FTTAigyog6S9bKd9VftYYVCVZMVpg4ySg KxzHi2SyHBRcYU4ZC8jkJ9Tb6J95S6ckACrB1PkTG965KDsDTftN 2014-08-04T20:35:43Z reserve=1 # addr=1EqvCBE53yU2z9Vpzvsw68BXwzkW4zKJ3e L45Hd4DdsFe9PDnPBHQiFZ3YV6uKC8JJDNJaA3aEFnD26H8fTnia 2014-08-04T20:35:43Z reserve=1 # addr=1AzB3mXq6Auwqq3GcBQoSHyroVyPKpZx9G L16o1TBj5wdLm9QCeo7u4F8LwXxo1GEHDEEJR559CKAFqXFje7PV 2014-08-04T20:35:43Z reserve=1 # addr=1CVM3siqPmQetqSgPqz1Tx9Hf4g1Z2pLAT L1KyXQhMhJaGrRTcTvQWmGmQErSL2Xn4a4iPtTGWPJcVrjLmBGdb 2014-08-04T20:35:43Z reserve=1 # addr=18i7j96yFso1njh7jNTu8Vkgwbb4ErjJLq L4LXvVtefd1ajSEpUxwnUKrpfNYhCtQDrkNamMvURThSidpUSCzt 2014-08-04T20:35:43Z reserve=1 # addr=1BTJNMeLWuyzpZDGHH79LEVkMjFcgWdgE5 KxPGZ4EivbL2cXBaxtAm3HFADbJhbkdp5NiZgfWXHXhm2pM96P73 2014-08-04T20:35:43Z reserve=1 # addr=1JR8smGHaZhRKiU138LagXzg1cWPM18Tmr L3z5L81gott89cNqXXNrcRUYQaZP7sfhYZJTKypso9N4mQwRafnQ 2014-08-04T20:35:43Z reserve=1 # addr=1NcAXcM8puXQRQt42LuhjuNxrj2DHTRtqE L4mPcxn6ob9FUByJmH563RbcESGA4R6puBhNfFj4pr38kdVo31a1 2014-08-04T20:35:43Z reserve=1 # addr=1LYENuKSTDmedycQVTXePfUAxnZTrKokAP KwKu9rTUUyXZ8jtc9puK3Rtx84ynFXk3zurQGAauphUEd1AR3UfE 2014-08-04T20:35:43Z reserve=1 # addr=17ragB6tSaa8RvY7gjrbDYo48GwuzJUs2U Kzuw8q9Encp8dSyPfGDchLD2TavwYHjeAEYQ8QM5PgVyehsfCd9B 2014-08-04T20:35:43Z reserve=1 # addr=1QBdjNHK7Yszoqymq8FGVQpyDE97pnWBdo Kyt7Hw8UPCEc1MPSTs6Vn5NGT3SREEvRfYf5izGhRSg1WzKBdc4W 2014-08-04T20:35:43Z reserve=1 # addr=165ihx4d79Vbo3fJ6RmyBcr71gKZM8NUT6 KxaA8jFTM5HobHjuaoKGTDEp9WHPjynRipXkJPS1f6XJqaQ1rrVa 2014-08-04T20:35:43Z reserve=1 # addr=1G12ctkNbrHC6mVkoKkJZE9EhMjiwQtSFY Kwkeqvj4V5nPoF1ZEQZXXjvR6gXZjYck5CcHNDWqr24TTEbaiWyH 2014-08-04T20:35:43Z reserve=1 # addr=1HPgp75n7DpviEF3PpzVXGRLnJdQH5acT8 L2A4KwJ4jzz7ritoiTAZKAFnVoPGvcVMAZrEGq8Gm47wV99nSnSy 2014-08-04T20:35:43Z reserve=1 # addr=1EWjJt5czJ1sJuNMjkfVvvnF3XczAhq4fs L5jBcUJejzLpMNWacopQmb1C8ryVbiVSQws7fcpforjXFCSsnrjw 2014-08-04T20:35:43Z reserve=1 # addr=1HeyagkiZ9H4dJGjRh94dv9EtdziHoMS7 L2j8VjBC6gG3ge1aopdgmKYa1YGfKVZiAJECEkP1PpyFgcSRL1PQ 2014-08-04T20:35:43Z reserve=1 # addr=15N3QKNMJUkfs3tPfTGSBVadERLvqcSHKZ L1bnokninFQpQeoGYC5XL14JVM6tCVQK1zvAXdbh9Wq12BHY7w15 2014-08-04T20:35:43Z reserve=1 # addr=1LbyPhoDGecGh5Akfq8AYa7bheDo1WDdhQ KxvHwjd5bq8R3J8cHiqmrpJJwnYtM7HE1o3JYrzZg5bsvCLYU5Fo 2014-08-04T20:35:43Z reserve=1 # addr=1757YTFxaPoKLwggaabkN9KCngyNCDZy4A Kwv1q3LUPiRpdpayvExLAcx7cs6eicc4gCYmUDSJNqehgAZxLZnh 2014-08-04T20:35:43Z reserve=1 # addr=15hsJNr5GGcHWHegodqzdHm1fqc9eYmQVw L1KDfpDSBQahySPaszR82S8K6AAYtLWk9a6nMSeeXcruEY8PfEKN 2014-08-04T20:35:43Z reserve=1 # addr=18k6sR4rGAqwkHfLmUM98n2w2HgZo7tKJT KzLyi6bcRw1p4NpFV7cnANX1ZsHvYWsNfNRq3yiJj3BUThaEiFmF 2014-08-04T20:35:43Z reserve=1 # addr=1N28c8bWiMoXFvhsvX67SCKKoQfcCKvJVZ Kxnsxu63ePG54Zf5tW64gzrwGXYZB6mFfDwkYsNxyaVY6eH9EMds 2014-08-04T20:35:43Z reserve=1 # addr=1NRfFWqU6Fso2dxirJVwg3ft8JjAPhHPKp KxCarShgNZhj1ExcrPqX8eRBHUZWnnHDiG6TwywyJYu1BeQTQQGk 2014-08-04T20:35:43Z reserve=1 # addr=1Du6oULiTNNgKpN3guPXNvEojhMBGzVtf1 L1oeoWu36p539EsCLVbKVjGFKYMcBwoMojfCGbJgF1daURKHBFBT 2014-08-04T20:35:43Z reserve=1 # addr=1LmpBXKqi4p99H7PY6PzrEEn2QPWm7Gsht L2mTf5aikUSSPRowC9QGPc4C76tn3NJBvBq7gxiVpJKGRfVGVrQZ 2014-08-04T20:35:43Z reserve=1 # addr=1AQQYH5Ku2iVeRsTPU81Qg34PGKdk8s1sz KyYTHfXVQdKpahj3W3AsjDTSzfjVFha3TcnhLAH1onHmX6NyE46U 2014-08-04T20:35:43Z reserve=1 # addr=14Nzm4FwdWbmEi1MsFAaFsc6YRZmJb5EX7 L54V11EhjEKv8gB4Cuqaov78x3G7fLnHVnkH6bf6nvMJ6hUq4Srv 2014-08-04T20:35:43Z reserve=1 # addr=1MXVrBnbyZMiTeSoAexiFkMh2Z8GuM94iF KxuBUHsuPLMfq1psYKdB7L93eKtnuJcUTJCPtTNFGpScRtHHAaqi 2014-08-04T20:35:43Z reserve=1 # addr=16FRbWufEBN7XevoimXW6RZK544jfUduvN L35WbuemT26jxM3PcbnvbyuwPHZeJiHBuNPVek6cnNQSgkMV2dRV 2014-08-04T20:35:43Z reserve=1 # addr=1KgifkksLCp4vzvSqWuJXiUNGJ5rDsfPoW KzJHYjABzn4z35iioAvaQYZYuwgdR6FJsx5MLzVYNUNeppXvykEB 2014-08-04T20:35:43Z reserve=1 # addr=18fyzsBxwEZupbNSEepFPXBFaRdcK62Dnt KxN59E7wZCNpjZ5fMmgo6MVhNvhsPYByMeLL4Zp9LCtDzPiheKUE 2014-08-04T20:35:43Z reserve=1 # addr=1LEET13aMn4JAEDXb7CZvmwgHfMywBZDJN KzSE7DUWuRR8VssR5HeBFLXMtNuwxkd6HizAUi37LRLmAFNnZWyg 2014-08-04T20:35:43Z reserve=1 # addr=1Bzbmiacrk1bwbt74XQ7pDGBnoVuZdCyzR KxizVqDUcwLeKjNNEgxfuvtKT2jrGyWuFdd6jYj4tN7NW5UUAYM1 2014-08-04T20:35:43Z reserve=1 # addr=1ED88REDNH8kuXaZVZRKcCxGipjnmcDVSR KwsN3CB83ay7nYR4S6BE9jzz91x3mkvmivwAX6HZ7KRdgLGedVHJ 2014-08-04T20:35:43Z reserve=1 # addr=1NxAP8JAS6ENcxPdG25yXvCmiQ2LDhB58 KxrqR3zJM8BYTyyApZy7Yzgp2XUNPbioVTG8p5fsYmKckD631YMP 2014-08-04T20:35:43Z reserve=1 # addr=18U5Ea3w31FZpj6TsEQRUVUtFfY47WYbP1 L3t9q2dsLfi9cHSL2Qj2Jvk1AgCbHxU8Fr91vkUzQH9vdW4taZv8 2014-08-04T20:35:43Z reserve=1 # addr=13MqYRtEd9oepAKYpERxgZWGMwt8mHW5Qp KxGkdPFXeQjmyhB9NwMa9SLMFi6cn3ZET5Ek7U3GF3okwj6RfrE8 2014-08-04T20:35:43Z reserve=1 # addr=191EQH4rt4fkX7BV9tnApUg2vdsfmZnQ2u L5DLX7di5bVbNLsKdnx48u7ihRp5kwLaZozaz3uxRg2uP1E2YrSM 2014-08-04T20:35:43Z reserve=1 # addr=19LY4GwmJHt26j2yN8ZnVHfWkns7ZAzrLt KxKKuKbM1ShQCU7NiThJKjVMc9j8HtrvXu2zwtPKjCkV4fAN5Wdw 2014-08-04T20:35:44Z reserve=1 # addr=1L6itAE6oR1Lds1taSFAUgAeUwXAxzxzFT L4gpdQiRbCX1UE1vZ2YeZJWZePmdpVyt8WdaQG3A5ZvQn8W7pGjm 2014-08-04T20:35:44Z reserve=1 # addr=1A6SFpfu8xkjjoqhvpn9TTa2xcCRNSth9J KxgkQW3kt5uSMaqcpB8V2qoydtxPi5uNEVmoQgreW3A1ckyATvVU 2014-08-04T20:35:44Z reserve=1 # addr=15jErFsAHU8ThLegSj5mCgoGmVEsByryA6 L5axEH3NE5dxKbzuzFQz557CVTLsCCgYxwawxpp2HEQv319BHVJq 2014-08-04T20:35:44Z reserve=1 # addr=1Hto5bAstfAwanTkemowKcJLGvXHd4Gyn6 L4nCvfSQcP1b5CgS3XKXSRzPgomdJGVrsvpD9T2aqYGUvSCcyARo 2014-08-04T20:35:44Z reserve=1 # addr=1JhgHYYKkhFxhXjyJTSvR89hezqYBb2Dv L3Ft1jRotZH1BEndYzDsx5khk9Nk6U4mHUMeEXF2VwbwroD2s2vN 2014-08-04T20:35:44Z reserve=1 # addr=1CdwMaFvt5r1kyz9vWmtbBsoTsdPYaU654 KxcxEUqVWGNwDnvdaMjeqEQAXsABQsDYCjtVqx4Yqzw5WyM9k7ox 2014-08-04T20:35:44Z reserve=1 # addr=1C5knyp9ygxvdpEYnzsAHEhnCYrfmmKCNL L2Agepe3CuTH36i7MP9auwhrDmf48BD6pG1PHoj3YeMhHQTSGiXG 2014-08-04T20:35:44Z reserve=1 # addr=16qw6YQLaV6dBUjinUEEpkZGt58n8RRnkW KyGTffGr6muJ5HoK74s6cLaLxcsbc4L9EoZyC5vvo4sAJiAxZ4Zu 2014-08-04T20:35:44Z reserve=1 # addr=148p9HVDBUdxMKWLpodw6giJ3kahVdb3FD L2Y9K4cpwxwFzK1UbJ6iGWavWHCyiAyaNCQ79cKBRkS2bhqRK7SS 2014-08-04T20:35:44Z reserve=1 # addr=13TXkMArxbMbEEtCXwXJfoo7bEC3FcDTZ8 KxQAa7wZaqi2bcmeUpVt1SbAakd4epGHLV1WwDjvD9VWsMk24HA9 2014-08-04T20:35:44Z reserve=1 # addr=15GJ9jKxVnjA47RNiFeaVh6UZiHg7Wt7vo KxLdD9kYJEUNYrebAJ6iwJi8sZ7FWFPMA1TQz6gtpvdA5xTiBXZo 2014-08-04T20:35:44Z reserve=1 # addr=15g7w8315iUe32Vnh6yRYNqFBNmcyXWcqg L5WNVD8UGafSTy4t9MvYMG9bJH5r8ToN75RN6xAsjvbtZpuv8Lkg 2014-08-04T20:35:44Z reserve=1 # addr=12PyQp5ddNm85LKwGL9RRFfuq1NXdRz9Xs KxDF6xQ9GXbW2xDwaiw5W5LXxH2HdwEu3FL3u9e89wVqwGNM8Qvp 2014-08-04T20:35:44Z reserve=1 # addr=1Aq4GjcyZxm98LYCshuH3Bgs25coSYENDx L5YtNedkJ67w3NAhvsAaojwnyA1XupnpKoVbdCm9VgqWz81SEtWR 2014-08-04T20:35:44Z reserve=1 # addr=1LAN1xhopjERBrtqAoVdgkRT3zTLwDzxwV KxVyDyt6CDWJVVB75zmrez5LTRnd7hP1wm1PkhaV6ruB5eDiKqov 2014-08-04T20:35:44Z reserve=1 # addr=1GW48vR2BvaC2JWPc6NwEskk6Ry4fUEoJr Kz2wmvvyBCR5oVYFxutjFjbz7gChcrJgzVMXPAbgo2tV24pfLxT1 2014-08-04T20:35:44Z reserve=1 # addr=1BW6hBjxbTW4QUF3sn1Ww4rPLCq5K54Pwb L3r4h7P7QJ7tr6p2UhU3wpHtNDzLuLLXQw5fdrx4LNESu1gTrJjV 2014-08-04T20:35:44Z reserve=1 # addr=13CVYWNZeofeFHYCjmNS4maAAxC2q39wPq L4Fy8KD8swyGtwh9Tz2UnXFfcCmcn8WqCBVx6vNrhquJhCRQebSy 2014-08-04T20:35:44Z reserve=1 # addr=1NJpqDsKkVcVzif6Sh1WZJs4mmDnJEBbWQ L3VttvWGNAuyzinLwGmLgJ41X3eayx7VaG3CT9zbbCQWes3h6Uum 2014-08-04T20:35:44Z reserve=1 # addr=17i51TPKbkDs69KE667753pBWTVWyXTBeQ L2sJRxP5mBta1qSjo8qHUMVzLNSqXmqpPP7Hr917B42Sh3o11Ns4 2014-08-04T20:35:44Z reserve=1 # addr=1Nt4Byf5PZ14GiKD3qCvtXHj5RijVn6t13 KwoftLoFxN18bR9c94CsMTMqaA2PBM7FR4KYRVMPks4rm8C7x2pZ 2014-08-04T20:35:44Z reserve=1 # addr=1HCvUwXab1thMaPfX1YPingemutn4dbNGK L5nzf9koYwmtR6TUGciUnBRz6enMYezy9zYJGkE694iFMSEwWR4Q 2014-08-04T20:35:44Z reserve=1 # addr=17f2onV41VCjD11nq42Z6mi4toZfMMJnyR
# End of dump
And the only other Alts I really use regulary are Minerals. A bunch of those were taken too. Here is one of my addresses I sent MInerals too: ME7eBbAepDXziXyGodWx42a2PDTDLciG1b Block explorer for Minerals is here: http://explorer.minerals.pro/Checking through the other alts wallets I have are Karmacoin, Fitcoin, TheBotCoin and Sync coin
|
|
|
|
TheFridge (OP)
|
|
August 05, 2014, 01:52:14 AM |
|
Seems teamviewer only allow tracking of logins when you sign up for the business service. Unfortunately I had only the free service
|
|
|
|
Lucky Cris
|
|
August 05, 2014, 02:00:50 AM |
|
So more than one coin wallet compromised... sounds more like a hack than tech mishap - I'm sorry about your lost man.
Please keep the community abreast of possible culprit. Don't know much about Fitcoin or the TheBotCoin... not accusing, but we've had some wallet stealing wallets in the past.
|
|
|
|
TheFridge (OP)
|
|
August 05, 2014, 02:19:52 AM |
|
So more than one coin wallet compromised... sounds more like a hack than tech mishap - I'm sorry about your lost man.
Please keep the community abreast of possible culprit. Don't know much about Fitcoin or the TheBotCoin... not accusing, but we've had some wallet stealing wallets in the past.
Ill be sure to post it if I find out how the hack was done... I find it strange that the transaction history etc is missing though.
|
|
|
|
Lucky Cris
|
|
August 05, 2014, 02:30:31 AM |
|
So more than one coin wallet compromised... sounds more like a hack than tech mishap - I'm sorry about your lost man.
Please keep the community abreast of possible culprit. Don't know much about Fitcoin or the TheBotCoin... not accusing, but we've had some wallet stealing wallets in the past.
Ill be sure to post it if I find out how the hack was done... I find it strange that the transaction history etc is missing though. That means the wallet.dat file is gone.
|
|
|
|
ForgottenPassword
|
|
August 05, 2014, 02:57:50 AM |
|
So more than one coin wallet compromised... sounds more like a hack than tech mishap - I'm sorry about your lost man.
Please keep the community abreast of possible culprit. Don't know much about Fitcoin or the TheBotCoin... not accusing, but we've had some wallet stealing wallets in the past.
Ill be sure to post it if I find out how the hack was done... I find it strange that the transaction history etc is missing though. That means the wallet.dat file is gone. Yep. I thought I replied to this earlier. The dump you provided above is a new wallet. Looks like the hacker deleted your wallet afterwards so your history is gone with it. Some of your coins were mixed by the hacker but I haven't finished looking yet. Little tip for you: Always have 1 extra copy of a file than you think you need. If you think you need 2 copies (original and a backup) you need 3. If you think you only need 1, you actually need 2. And if you think you don't need a file, well you need 1 copy of it somewhere anyway, one day you'll be glad you didn't delete it. So be sure to have 3 copies of any other wallets you generate.
|
|
|
|
omgbossis21
|
|
August 05, 2014, 03:21:27 AM |
|
Downloaded a sgminer lately? Theres a site I don't wanna link right now with fake sgminer files that steal wallets (litecoin, dogecoin, bitcoin etc). Probably wiped the wallet after upload and the software created a new empty one. This sgminer site was linked by blackcoin (they removed it after I showed them) and a few other pools. The software did not actually mine, just opened with a brief error message, stole wallets and closed.
|
|
|
|
forsakenpnut
|
|
August 05, 2014, 03:52:56 AM |
|
Which wallet was it?
|
|
|
|
TheFridge (OP)
|
|
August 05, 2014, 05:59:59 AM |
|
So more than one coin wallet compromised... sounds more like a hack than tech mishap - I'm sorry about your lost man.
Please keep the community abreast of possible culprit. Don't know much about Fitcoin or the TheBotCoin... not accusing, but we've had some wallet stealing wallets in the past.
Ill be sure to post it if I find out how the hack was done... I find it strange that the transaction history etc is missing though. That means the wallet.dat file is gone. Yep. I thought I replied to this earlier. The dump you provided above is a new wallet. Looks like the hacker deleted your wallet afterwards so your history is gone with it. Some of your coins were mixed by the hacker but I haven't finished looking yet. Little tip for you: Always have 1 extra copy of a file than you think you need. If you think you need 2 copies (original and a backup) you need 3. If you think you only need 1, you actually need 2. And if you think you don't need a file, well you need 1 copy of it somewhere anyway, one day you'll be glad you didn't delete it. So be sure to have 3 copies of any other wallets you generate. Thanks for the advice and thanks for the help really appreciate it.
|
|
|
|
TheFridge (OP)
|
|
August 05, 2014, 06:05:06 AM |
|
Downloaded a sgminer lately? Theres a site I don't wanna link right now with fake sgminer files that steal wallets (litecoin, dogecoin, bitcoin etc). Probably wiped the wallet after upload and the software created a new empty one. This sgminer site was linked by blackcoin (they removed it after I showed them) and a few other pools. The software did not actually mine, just opened with a brief error message, stole wallets and closed.
This PC didn't have any sgminers on it. All my altcoin rigs do have a few different versions of it though and they are all connected with teamviewer. Most of them were downloaded from crypto-mining-blog
|
|
|
|
TheFridge (OP)
|
|
August 05, 2014, 07:17:26 AM |
|
Does anyone have any tips for how I can trace the hack and how they did it so it doesn't happen in the future?
|
|
|
|
Furio
Legendary
Offline
Activity: 938
Merit: 1000
BTC | LTC | XLM | VEN | ARDR
|
|
August 05, 2014, 07:23:58 AM |
|
Hey all, I need some help, I opened my wallet to discover it had a 0 balance and no transaction history, no nothing. The wallet is synced but there is no information in the wallet. Even saved addresses are gone. The wallet.dat file is still there. Have I been hacked?
Im using the Windows Bitcoin core wallet. Has this happened to anyone before and what can i do about it? Thanks
There has been spotted new malware who replaces your wallet.dat with an empty wallet.dat. I think that it has happened to you, sorry...
|
|
|
|
TheFridge (OP)
|
|
August 05, 2014, 07:50:40 AM |
|
Hey all, I need some help, I opened my wallet to discover it had a 0 balance and no transaction history, no nothing. The wallet is synced but there is no information in the wallet. Even saved addresses are gone. The wallet.dat file is still there. Have I been hacked?
Im using the Windows Bitcoin core wallet. Has this happened to anyone before and what can i do about it? Thanks
There has been spotted new malware who replaces your wallet.dat with an empty wallet.dat. I think that it has happened to you, sorry... Do you have a link to this malware and how they could get access to my system? Thanks
|
|
|
|
TheFridge (OP)
|
|
August 05, 2014, 10:30:31 AM |
|
So I was looking at the history of Avast virus scans and it seems it did pick up a virus sometime yesterday while I was AFK. It came from the zipcoin.qt wallet. The virus is called netsh.exe and was found in the directory: C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe\0x94D16BC4A71627A1
Is this a false positive? I dont want to jump on thread spreading accusations before I know a little at least
|
|
|
|
ForgottenPassword
|
|
August 05, 2014, 11:18:50 AM |
|
So I was looking at the history of Avast virus scans and it seems it did pick up a virus sometime yesterday while I was AFK. It came from the zipcoin.qt wallet. The virus is called netsh.exe and was found in the directory: C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe\0x94D16BC4A71627A1
Is this a false positive? I dont want to jump on thread spreading accusations before I know a little at least
Uh oh. netsh.exe is a similar name to a windows system file. There should not be a file named that in the zipcoin directory! Looks this isn't the first virus accusation against this coin: https://bitcointalk.org/index.php?topic=721306.msg8190098#msg8190098Did you install the binary (.exe, .msi) or did you compile it from source? Can you go to the folder C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe and post a list of all the filenames in there? make sure you have "show hidden files and folders" enabled too: http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/
|
|
|
|
ForgottenPassword
|
|
August 05, 2014, 11:28:35 AM |
|
Reading that thread there are many people accusing the developer of putting viruses in the coin. Be WAY more careful in the future. Don't run ANYTHING you aren't 9,001% sure is safe. If you are installing software that has the source code available, learn how to compile it from source. Running the exe puts a lot of trust in the developer as the exe can do ANYTHING. People can check the source code for viruses but they cannot easily check the exe. Hey, Everyone that downloaded the windows wallet early needs to check that AppData\Local\Spoon directory. That is where the backdoor was installed, it doesn't come up on a lot of virus scans, and was packaged with the windows wallet. Seems that the dev has now removed the malicious wallet.
You need to delete that directory asap. The program installed after you ran the zipcoin wallet for the first time and ztor.exe remains running even after you close the zipcoin wallet.
Obviously the exchanges and people who complied from source weren't affected, as this was zipped with the original windows wallet that was posted in the announcement.
Digiguy seems like the attacker shilling to extend time cleaning people out, posting screenshots to direct attention from where the problem is.
So if you downloaded that original windows wallet you need to check that C:\USERS\youraccount\APPDATA\LOCAL\SPOON, delete that directory asap, and then look for all your wallet.dat files in the APPDATA roaming folder, if you were infected the "wallet.dat" files were renamed to whatever coin it was such as "Dogecoin.dat" and then sent to the attacker.
Gonna repeat, Zipcoin-qt.exe itself is not malicious it was the ztor.exe bullshit that was packaged with the windows wallet, maybe thats why the dev called it zipcoin heh.
Again this shit doesnt come up on a lot of antivirus scanners and you need to remove this manually if you were infected, and then there is no telling what else could have been installed so its best to reformat your harddrive.
I fear a good amount of people got cleaned out already if they had all their wallets on the infected PC, I guess we'll find out with time.
You should not just delete the directory like this guy recommends. You should do a fresh Windows install. This is the only way to be sure you've removed it.
|
|
|
|
TheFridge (OP)
|
|
August 05, 2014, 11:58:28 AM |
|
So I was looking at the history of Avast virus scans and it seems it did pick up a virus sometime yesterday while I was AFK. It came from the zipcoin.qt wallet. The virus is called netsh.exe and was found in the directory: C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe\0x94D16BC4A71627A1
Is this a false positive? I dont want to jump on thread spreading accusations before I know a little at least
Uh oh. netsh.exe is a similar name to a windows system file. There should not be a file named that in the zipcoin directory! Looks this isn't the first virus accusation against this coin: https://bitcointalk.org/index.php?topic=721306.msg8190098#msg8190098Did you install the binary (.exe, .msi) or did you compile it from source? Can you go to the folder C:\users\MyUsername\Appdata\Local\Spoon\Sandbox\Zipcoin-Qt\2.0.0.0\local\stubexe and post a list of all the filenames in there? make sure you have "show hidden files and folders" enabled too: http://www.bleepingcomputer.com/tutorials/show-hidden-files-in-windows-7/Yer I installed the wallet from the exe. I dont even have any of these coins I just wanted to see if the "anon" feature of the coin was a scam. Which it was. Fuck. Files located in that directory are ztor.exe and zipcoin-qt.exe Lesson learnt about this crypto game. Certainly wont happen a second time.
|
|
|
|
|