Hailedllama (OP)
Newbie
 Offline
Activity: 18
Merit: 0
|
 |
August 31, 2015, 02:25:54 PM |
|
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  |
|
|
|
|
|
|
|
|
|
"If you don't want people to know you're a scumbag then don't be a scumbag." -- margaritahuyan
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
Hailedllama (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
August 31, 2015, 02:42:57 PM |
|
it happened to me about a hour ago but heres a guide on how to get rid of it if it is on your pc
10
Remove the malware
Finally remove it from your computer:
1.
Start Windows Task Manager and terminate the Chrome32.exe or
AcroRd32.exe process!
2.
Go to %appdata% in your file browser.
3.
Delete AppData/Roaming/Adobe (x86) folder.
4.
Delete AppData/Local/Google (x86) folder.
If you don't terminate the malware manually, as it is described
in the first point you can't delete one of the folder.
If you've deleted the Adobe folder it won't start again on your
computer, so you're good, but to completly remove it you have to
do one more thing:
•
Start the Registry Editor (regedit) and delete our software from
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru
n"
If you don't find it, check HKEY_LOCAL_MACHINE instead of
HKEY_CURRENT_USER
hope it helps this malware is being sold for $1.10 in bitcoin
|
|
|
|
|
Snorek
Legendary
Offline
Activity: 1400
Merit: 1001
|
|
August 31, 2015, 03:25:11 PM |
|
it happened to me about a hour ago but heres a guide on how to get rid of it if it is on your pc
10
Remove the malware
Finally remove it from your computer:
1.
Start Windows Task Manager and terminate the Chrome32.exe or
AcroRd32.exe process!
2.
Go to %appdata% in your file browser.
3.
Delete AppData/Roaming/Adobe (x86) folder.
4.
Delete AppData/Local/Google (x86) folder.
If you don't terminate the malware manually, as it is described
in the first point you can't delete one of the folder.
If you've deleted the Adobe folder it won't start again on your
computer, so you're good, but to completly remove it you have to
do one more thing:
•
Start the Registry Editor (regedit) and delete our software from
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru
n"
If you don't find it, check HKEY_LOCAL_MACHINE instead of
HKEY_CURRENT_USER
hope it helps this malware is being sold for $1.10 in bitcoin
You mean that you can have your own version of this Malware with your own address for $1. That's sick. I was worried about new kind of malwares and viruses associated with bitcoin and here they are. So far I know about this Malware changing address and another that encodes data on your disks and then want bitcoin to decypher it. New technologies, new threats. |
|
|
|
|
|
Aggressor66
|
|
August 31, 2015, 03:37:18 PM |
|
Malwarebytes’ Anti-Malware is currently one of the most successful tools at identifying and removing the types of malware that we’re talking about here.
It’s not really a replacement for anti-virus software but in cases of infection, it has a pretty darn good track record.
Download the free version, install and run it, and then see what it turns up.
|
|
|
|
|
LiteCoinGuy
Legendary
Offline
Activity: 1148
Merit: 1010
In Satoshi I Trust
|
|
August 31, 2015, 03:47:50 PM |
|
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it it is safer to store your coins on a hardware wallet: https://bitcointalk.org/index.php?topic=899253.0 |
|
|
|
|
tadakaluri
|
|
August 31, 2015, 04:17:57 PM |
|
it happened to me about a hour ago but heres a guide on how to get rid of it if it is on your pc
10
Remove the malware
Finally remove it from your computer:
1.
Start Windows Task Manager and terminate the Chrome32.exe or
AcroRd32.exe process!
2.
Go to %appdata% in your file browser.
3.
Delete AppData/Roaming/Adobe (x86) folder.
4.
Delete AppData/Local/Google (x86) folder.
If you don't terminate the malware manually, as it is described
in the first point you can't delete one of the folder.
If you've deleted the Adobe folder it won't start again on your
computer, so you're good, but to completly remove it you have to
do one more thing:
•
Start the Registry Editor (regedit) and delete our software from
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru
n"
If you don't find it, check HKEY_LOCAL_MACHINE instead of
HKEY_CURRENT_USER
hope it helps this malware is being sold for $1.10 in bitcoin
Thank you very much for the valuable information. I need to check my PC and gadgets, is they already infected with this Malware or not? Once again thank you very much for this information. |
|
|
|
|
|
nero987
|
|
August 31, 2015, 04:23:44 PM |
|
This is arround for some time already...
It first came up on Evo market arround 1 month before the exit scam.
I have the source code of v1.3 here.
Before you compile the malware you set some parameters, which include the process name.
In Snorek's "examples" its Chrome32.exe or AcroRd32.exe, but it can be literally everything.
About anti malware:
The program does not make any connection to the internet, for this reason it is almost never picked up by anti-virus/malware software.
When a particular compilation of the malware (with particular process name) is reported to an antivirus database, only that version will be picked up by av's...
There are some av's that notice that part of the code is comparable to know malware, but thats only a minority of the av's....
damn, practice your english nero!
edit: I'm not selling/sharing the source code, neither sharing any detailled information how it actually works!
|
|
|
|
|
|
ikydesu
|
|
August 31, 2015, 07:32:07 PM |
|
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it There are a lot malware out there come from related bitcoin service. I personally always check and scanned the site first when i want to visit, especially with a site which strange or fishy for me. This some tips for make your PC secure and avoid any virus/malware: https://bitcointalk.org/index.php?topic=203876.0 |
|
|
|
|
|
Mickeyb
|
|
August 31, 2015, 08:33:38 PM |
|
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it it is safer to store your coins on a hardware wallet: https://bitcointalk.org/index.php?topic=899253.0Doesn't this malware work even if you use a Trezor for example? I guess that people should be always careful and double check. MyTrezor Web wallet works in the browser as well. The truth of the matter is that everybody should be double checking are addresses changed. If anybody can have a copy of this malware for a $1, this means that this malware can become very widespread. |
|
|
|
|
Meuh6879
Legendary
Offline
Activity: 1512
Merit: 1011
|
|
August 31, 2015, 08:38:48 PM |
|
Chrome is the malware. it seems logical ...  |
|
|
|
|
Gyfts
Legendary
Offline
Activity: 2758
Merit: 1512
|
|
August 31, 2015, 08:45:38 PM |
|
Important to note that there are countless types of malware that can infect your PC and steal your wallet. A virus that copies and pastes the wrong address seems like something that would be easy to catch, at least for me as I double check addresses before sending. Keyloggers are probably the most notable or taking people's bitcoin, or RATs. Both are very easy to steal Bitcoin while the owner of the wallet is away from their computer and unaware of their PC being infected.
|
|
|
|
|
Hailedllama (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
August 31, 2015, 09:49:24 PM |
|
im glad i could help everyone but just because your internet security says its ok still be cautious because there are ways around internet security. There is alot of software like this being sold for like $2-$5 some even give it out for free so be careful
|
|
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3071
|
|
August 31, 2015, 09:58:17 PM |
|
Linux.
No anti-this and anti-that software. Ditch Windows and use Linux, you'll avoid most of these types of attacks.
|
Vires in numeris
|
|
|
Hailedllama (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
August 31, 2015, 10:01:33 PM |
|
i would love to use linux but my wifi stick doesnt have the drivers for linux
|
|
|
|
|
Hailedllama (OP)
Newbie
Offline
Activity: 18
Merit: 0
|
|
August 31, 2015, 10:08:03 PM |
|
Damn that looks good i would buy it but i just lost my money to this stupid malware  |
|
|
|
|
Carlton Banks
Legendary
Offline
Activity: 3430
Merit: 3071
|
|
August 31, 2015, 10:19:37 PM |
|
Linux.
No anti-this and anti-that software. Ditch Windows and use Linux, you'll avoid most of these types of attacks.
If you are looking for a linux version that has a windows feel I suggest Linux Mint, you can use wine for most windows programs but games have a lot of compatibility issues. Don't forget linux is free :http://www.linuxmint.com/ Yes, Mint is excellent for new Linux users, it's really easy to install and is very forgiving when it comes to using peripherals with it. At least compared to other Linux distros anyway. Be careful everybody with Linux if you have a brand new, latest Intel chip computer. Sometimes the newest hardware isn't supported properly yet, so either wait till the hardware is 6 months or so old, or wait that long till you try Linux on it. Or you could be brave  It is a brave move, though. |
Vires in numeris
|
|
|
Jeremycoin
Legendary
Offline
Activity: 1022
Merit: 1003
𝓗𝓞𝓓𝓛
|
|
August 31, 2015, 10:41:32 PM |
|
Wow that could be a serious problem, but I always checked twice when I want to send a Bitcoin.
|
faucet used to be profitable |
|
|
zero01
Member
Offline
Activity: 98
Merit: 10
|
|
August 31, 2015, 10:49:13 PM |
|
thank you for the information you provided
I would be more careful
|
|
|
|
|
|
rinhunter
|
|
August 31, 2015, 10:53:06 PM |
|
Wow that could be a serious problem, but I always checked twice when I want to send a Bitcoin.
Great, so we as users have to remain cautious. very serious, for those who frequently send BTC in large amount. |
|
|
|
|
|
Coinshot
|
|
August 31, 2015, 11:42:25 PM |
|
Just wanted to add this; Sometimes mallwares makes additional registry entry to both CurrentVersion\Run" and CurrentVersion\RunOnce"
So it's best to check both, because one can copy the instance back to every registry entry, forcing you back to square one.
|
|
|
|
|
