Guys, sorry for your losses.
Some advice.
1. Don't use same passwords, generate new one every time when you need. Use a password manager with autolocking.
For example: KeePass Password Safe. It has some nice features: "The master key dialog can be shown on a secure desktop, on which almost no keylogger works. Auto-Type can be protected against keyloggers, too."
2. Enable TFA (Two Factor Authentication) on an exchanges and on a mail providers. It's not difficult. For example, you should download Google Authenticator to your Android phone and scan QR-code from an exchange (backup the key to your password manager). But it's not a panacea. Somebody using trojan can intercept TFA code entry to the site and use it. But better with than without TFA.
3. Encrypt your wallets (some wallets has error: checkbox "for mint only" do full unlocking not for mint only but for send coins too).
Don't use server in the conf file if you not need it.
4. Don't work under Administrator. Almost all users works as administrator. This is the biggest vulnerability. Work as a normal user with restricted rights and 95-99% of the vulnerabilities will pass you.
5. Antivirus+firewall.
6. Use a sandbox for untrusted software (for example, the Sandboxie or some antiviruses has it).
7. Use the Windows Update.
8. Create backups of your wallets and password regulary (it's not for secure, it's for your calm).
More safe:
Use virtual machine or standalone computer for trusted wallets and exchanges with 1-8 items (don't copy secret info from host machine to the virtual, use the internal password manager).
And the most difficult - go to Linux for coins and exchanges only with 1-8 except Windows specific.
Sorry to the guys for their loss, that sucks :/.
Cheers to this poster for this. Very good. I'm going to check out that password manager, also sanbox is a great idea, I totally forgot about them. Any recomended sandbx software?
