Bitcoin Forum
October 15, 2019, 08:02:28 AM *
News: If you like a topic and you see an orange "bump" link, click it. More info.
 
   Home   Help Search Login Register More  
Pages: « 1 [2]  All
  Print  
Author Topic: Something not right.  (Read 268 times)
evgenia_volkova
Jr. Member
*
Offline Offline

Activity: 39
Merit: 13


View Profile
October 07, 2019, 02:27:47 PM
 #21

Don't reinstall your OS - switch to Linux. Mint is fairly close to Windows if you are not familiar with Linux.
Windows 10 includes Cortana, which cannot be removed. This is a keyboard logger ( amongst other things ), and stores all of your info and communications in the Microsoft cloud.

When I was a victim it was advised to me to change the hard-disk and when asked they said changing OS is not the permanent fix. Can you explain which one is the right.

★▬▬▬▬★ 🅲🅾🅸🅽🆂🆆🅸🆃🅲🅷 🅴🆇🅲🅷🅰🅽🅶🅴 ★▬▬▬▬★
Trade 300+ Coins || No Signups, No KYC || Refer and Earn US $5
▬▬▬▬☀️☀️☀️☀️☀️▬▬▬▬
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1571126548
Hero Member
*
Offline Offline

Posts: 1571126548

View Profile Personal Message (Offline)

Ignore
1571126548
Reply with quote  #2

1571126548
Report to moderator
1571126548
Hero Member
*
Offline Offline

Posts: 1571126548

View Profile Personal Message (Offline)

Ignore
1571126548
Reply with quote  #2

1571126548
Report to moderator
nc50lc
Hero Member
*****
Offline Offline

Activity: 742
Merit: 632


Self-proclaimed Genius ㊙️


View Profile WWW
October 07, 2019, 02:44:57 PM
 #22

When I was a victim it was advised to me to change the hard-disk and when asked they said changing OS is not the permanent fix. Can you explain which one is the right.
Probably because of those "low-level viruses" that can infect at binary level.
High-level format, aka: "format disk" or "delete partition" doesn't actually delete most of the files' traces, that's why it's possible to recover them using deleted file recovering tools.

Low-level format (zero-fill) should work in those cases, but that involves professional software tools.

Bitstarzisascam
Jr. Member
*
Offline Offline

Activity: 42
Merit: 3


View Profile
October 07, 2019, 02:51:17 PM
Last edit: October 07, 2019, 03:10:24 PM by Bitstarzisascam
Merited by Abdussamad (2)
 #23

The easiest way to check if you have been infected with a clipboard virus is to just copy any address, paste it somewhere and check if it is the same address that you copied.
Here, 34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo, I think this one belongs to Binance. Copy it and paste it in an empty document. Is the pasted address the same as the one I posted?

If it changes - you are infected with a clipboard virus.
If it stays the same - you are not infected with a clipboard virus and either your friend gave you the wrong address, you copied the wrong address or there was a bug with blockchain as suggested by some users.  


NOPE



It gaves me this 34xpbico3XJkx1eEn5D1toHgVQnPjzqS3P (when my RDP was on)

I tried it again now with my RDP turned off and it gaves me the same address, I found the issue guys, I think my Business remote control desktop is hacked, because when I'm connected to it, I copied paste that address you gave me and it gives me the hackers address above, now when I turned it off I copied pasted it again and its the same one  "34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo" So I think it's the RDP that caused this Somehow I never seen such thing before.
prix
Hero Member
*****
Offline Offline

Activity: 753
Merit: 506


View Profile
October 08, 2019, 03:31:27 AM
 #24

When I was a victim it was advised to me to change the hard-disk and when asked they said changing OS is not the permanent fix. Can you explain which one is the right.
Probably because of those "low-level viruses" that can infect at binary level.
High-level format, aka: "format disk" or "delete partition" doesn't actually delete most of the files' traces, that's why it's possible to recover them using deleted file recovering tools.

Low-level format (zero-fill) should work in those cases, but that involves professional software tools.

There are malware which edits the firmware of the disk and then even full formatting will not remove the malware.
Therefore, advice for paranoid people is to replace the disk (perhaps flashing it will solve the problem, but who knows).
For even larger paranoiacs - replace (reflash) the motherboard. But in any case there is no guarantee that everything is taken into account.
One can only hope that such utilities will not be used for the mass user. Or use hardware/cold wallets.

One example:
https://www.wired.com/2015/02/nsa-firmware-hacking/

Quote
When a machine is infected with EquationDrug or GrayFish, the firmware flasher module gets deposited onto the system and reaches out to a command server to obtain payload code that it then flashes to the firmware, replacing the existing firmware with a malicious one.
~
The only solution for victims is to trash their hard drive and start over with a new one.
Pmalek
Legendary
*
Offline Offline

Activity: 1092
Merit: 1158



View Profile
October 08, 2019, 06:54:19 AM
 #25

I have never heard of such issues with RDP before.
In the future you need to make sure to double check which address you are about to send to. Check the first 3-4 characters, the last 3-4 characters and some from the middle of the address. That is the least you should do if you don't want to check the entire address.

████████████████████████████
████████▀▀ █▀ █▀ ▀██████████
█████████▄ ▄▄▄▄▄▄███████████
██████████▀     ▀  ▀████████
███████▀ ▀  ▄█▀▀▀█▀▀████████
██████▄      █▄  ▀▀  ▀██████
██████         ▄▄█▄ ▄ ▀█████
█████ ▄         ▀▀ ▄ ▀ █████
██████▌          █▀█▀ ▐█████
███████  ▄▌         ▄ ██████
████████▄█         ▄████████
█████████▀     ▄▄ ▄█████████
████████████████████████████
.JACKMATE'S...........
.
MAJESTIC..
████████████████████████
███████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
████████████████████████
.
..WIN 1 BITCOIN ON EVERY PREMIER LEAGUE MATCHDAY..
████████████████████████████████
████████████▀█▀ ▀█▀█▀███████████
███████████▄ ▄▄▄▄▄▄▄████████████
███████████▀▀▄▄▄▄▄▄▄▄███████████
█████████▀▄ ██▀▄▄▄ ▀ ▄▀█████████
███████▀ ▀█████▄▄▄█▄▄▄██████████
███████▀▄████████▀  ▀█ █▐███████
███████ ▀█████████▄█▀▀██ ███████
████████ ███▀██████ ▄ ██ ███████
████████▌▐▀▄ ██████████ ▄███████
█████████▄██▌▐█████▀██ █████████
████████████▄▀▀▀▀▀▄ ▀▄██████████
████████████████████████████████
.
.JOIN US - IT'S FREE! .
HCP
Legendary
*
Offline Offline

Activity: 1120
Merit: 1837

<insert witty quote here>


View Profile
October 09, 2019, 10:07:06 PM
 #26

NOPE

It gaves me this 34xpbico3XJkx1eEn5D1toHgVQnPjzqS3P (when my RDP was on)

I tried it again now with my RDP turned off and it gaves me the same address, I found the issue guys, I think my Business remote control desktop is hacked, because when I'm connected to it, I copied paste that address you gave me and it gives me the hackers address above, now when I turned it off I copied pasted it again and its the same one  "34xp4vRoCGJym3xR7yCVPFHoCNxv4Twseo" So I think it's the RDP that caused this Somehow I never seen such thing before.
Sounds like one of your machines is infected with the clipboard jacker... and when using RDP, the "shared clipboard" feature means that the clipboard jacker is able to detect and change the bitcoin address. Undecided

This particular malware seems more advanced than most, in that it appears to have a database of "similar" addresses that it uses to try and avoid detection.

In any case, you should go and run some full scans on all your machines (as a bare minimum)... either that, or backup your important data and then re-format and re-install all your OSes

mintme.com
Copper Member
Newbie
*
Offline Offline

Activity: 14
Merit: 0


View Profile
October 14, 2019, 04:10:57 PM
 #27

I really don't think it's a malware hijacking your clipboard, do you trust this friend? I think it's more like him edited the message after being sent, was the message sent on a service that allows message editing?
Pages: « 1 [2]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!