Synchronization stuck for 2 months

As @Chris22 said, that is the best approach, as we don’t know what that program did (was it just a pure xch lifting code, or rather a trojan that opens doors for any crap to be downloaded at any point).

Saying that, the question is whether it left some residue on your plotted drives. I would hope not, but maybe formatting those drives should also be done. Not sure what AV you are using, but as long as Defender is not recognizing that crap, there is really no way to test those plotted drives for cleanness.

There is no point to plot today OG plots. With NFT plots you can either farm solo or pool. If you want to go all solo, I would still plot one drive for a different NFT and keep it on any pool, just to get some extra stats about your farm.

Saying that, I have an old Dell with 3060 ti, and am able to produce over 500 k32/C7-8 plots per day (using Max’s GPU plotter). Depending how much RAM you have on those boxes, you may be looking at 2-3 days to replot your farm.

So, as far as plotting, the only question is whether you want to go ahead with Max’s plotter today or wait for the official Chia plotter for compressed plots. So far, the chia’s new plotter is just a vaporware announced to potentially hurt Max’s efforts while giving them more time to scramble for a working solution.

By the way, I assume that you have at least 3 computers (one farmer and two plotters that are idle - those threadrippers), and only the farmer got contaminated. If that is the case, before you make any decision what to do, you could disconnect one of your plotter from the network and create a new cold mnemonic on that computer. This way, for time being you could use that new address for farming. As you would only copy the new address to your farmer, even if the box is still infected, it would not be able to lift your new XCH. It is a mickey mouse move, but gives you some time to think what is the best next step for you without making a rush decision.

I guess, we have entered a new era of targeted chia malware (assuming that before, we only had some crude scripts). That implies that any exe downloaded to a farm will get more and more sofisticated with every day, making it much harder to eradicate it. So the cold wallets looks like a must for now for those that didn’t start with them. Also, as before, no browsers and no exe downloads on the farm (use a shared folder and download chia / plotter on another box, and just put it on that shared folder).

Thank you very much for your detailed answer.

I have one farmer and one plotter (the 2nd TR cpu is not active). The .exe was installed in the plotter with my Tr 64 cores.

On the farmer with only 500 plots (50 TB), I installed the DB fille with the .zip (not the exe).

I guess I have to consider everything is contaminated…

My total farm was 250 TB. I have another 100 TB empty I was just about to farm.

That is a good idea to erase the hard drive from both computers, re-install windows 10 and create a new wallet.

How can we secure the wallet better ? Any password to add ? I was about to decide to store my chai on a web or android based wallet : Wallets | ChiaLinks - Chia Cryptocurrency Resources

Just to feel better on myself I will rebuy those 40 chia I lost and store them on that new wallet. Maybe I will use any of the exchange or swap services here : Exchanges | ChiaLinks - Chia Cryptocurrency Resources

My actual pool I was using is Space Pool.

The idea of farming offline is a very good idea.

I believe I will just abandon at the OG plotting idea and go all out in Pool farming for a more continuous profit.

Here is one good video about creating a semi-cold wallet - Is Your Chia Safe? How To Farm Chia To A Cold Storage Wallet! - YouTube. You may want to browse through other videos in that channel, as there is plenty of info there.

Of course, what is described in that video may not be that secure today (seeing chia-crafted malware). However, I assume that your plotter was not affected, as such, I would disconnect it from the network, follow that guide in that video, and once done, format that box. You will need to get 2 things from that box:

1. mnemonic
2. receive address

I would buy a couple of small USB Flsh sticks, copy mnemonics there and keep it aside (not use it for anything anymore)

On the other hand, receive address is safe to publish, so you can copy it to a different USB stick, and move it to your farmer, whether it is infected or not. This will make your farmer to direct all received XCH to that wallet address. You can use something like xchscan.com to check on that wallet. Basically, the only info about that wallet will be on those 2 USB sticks, so as long as you keep it in a drawer it is secure.

And no, chia’s password provides more or less a false sense of security at best. If your farmer is running and you get some crap on that box, it can use either mouse / keyboard macros to navigate your farmer to get your mnemonic or can use RPC and bypass that password all together and get that info in a couple of calls - kind of child’s stuff to write that code.

Looks good from here,

small pic from mine.

mistake, it’s normal.

So I re-installed windows and Chia on both my plotter and farmer.

So far so good, I transfered a small amout to the new wallet (to join NFT pool).

Doing the long Synch now …

I start plotting with Mad MAx already.

I will give an update soon.

Thanks to all for your help.

By the way, your plotter doesn’t need chia at all. If you are using MM GH plotter, that one file is everything that you need on the plotter. You will need to copy the plotting keys, that’s it.

they definitely must have had full remote access to your machine…

if you don’t know how exactly it was done you need to do a full wipe no doubt.

also a change of address and a replot may be in order.

ZERO-DAY vulnerability “follina” comes to mind…

prime example of why to keep your earnings off your farming rig…js

Thanks for looking into this sir.

This is my Main Machine, with no harvester.

In the end I resolved the issue by updating the Ubuntu softwares and restarted the machine. Previously I hadn’t updated the machine for about 6 months since it had been at a data centre, didn’t want to risk losing the remote access after restart. But apparently the Teamviewer access automatically launched after restart.

Thank you Mr. for looking into this.

I resolved the issue by simply reinstalling Chia, updating the machine softwares and restart. It is at a distant data centre, I was a bit reluctant to restart the machine previously, did not want to risk losing the Teamviewer access.

I want to update you guys, I managed to replot every hard drive. My farm is 300 TB now.

I’m looking to add some more 200 TB soon

It was the the right thing to do in that situation; glad to hear your farm is back online. I hope the expansion rollout helps you catch back up in the process here.