Author

Topic: Ad2Bitcoin.com #1 Crypto Banner Exchange > Post your Ad on +900 sites for Free (Read 542 times)

newbie
Activity: 37
Merit: 0
It's good to hear an announcement of a new project from the old scammer "Adalso".
This site is a pure scam. Its counting is a joke. For every 100 unique ip it counts 1. Stay away from this one.
member
Activity: 309
Merit: 12
Caution scammer !!!

After downloading the surfbar and launching it, an executable file is added to the autoload. After that, this program begins to replace the Bitcoin addresses in your clipboard. You will send money to this scammer without knowing it.
It is good that I noticed it in time and did not manage to send anything to false addresses.
I checked everything several times - the file in autoload appears only after launching their surfbar! Bypass this site and do not download anything from it! Antiviruses do not see the file and do not react in any way.

If someone has already encountered this problem: the name of the file at startup is startup.exe
The process name in the task manager: startup.exe - live translator


i can also confirm that i had the same thing happen when sandboxed, and it also keeps running another program in the background that is added to the program's folder called config.bat. it used to be called synchronize.exe and still has the old name hidden within it. it will keep running when you close the surf bar and send data somewhere with a lot of cpu usage but it is not clear what is being sent or why. more info can also be found on https://www.virustotal.com/#/file/a2177cc734a4c7d15fe696bf57e07cc7b4ca2aef2f37539a4596aab0ca5d7625/details

to fully close the app you will have to close synchronize.exe too through the task manager

okay, so i found it opens and tries to send the following files

Code:
C:\DOCUME~1\~1\LOCALS~1\Temp\~DF6A7E.tmp
C:\conf.dat
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1025\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1025\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1025\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1028\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1028\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1028\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1031\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1031\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1031\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1033\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1033\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1033\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1037\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1037\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1037\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1041\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1041\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1041\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1042\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1042\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1042\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1054\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1054\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\1054\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\2052\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\2052\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\2052\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\3076\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\3076\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\3076\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\3com_dmi\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\3com_dmi\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\3com_dmi\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\CatRoot\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\CatRoot\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\CatRoot\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\CatRoot2\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\CatRoot2\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\CatRoot2\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Com\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Com\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Com\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\config\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\config\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\config\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\dhcp\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\dhcp\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\dhcp\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\DirectX\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\DirectX\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\DirectX\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\drivers\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\drivers\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\drivers\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\DRVSTORE\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\DRVSTORE\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\DRVSTORE\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\en\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\en\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\en\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\en-US\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\en-US\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\en-US\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\export\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\export\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\export\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ias\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ias\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ias\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\icsxml\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\icsxml\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\icsxml\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\IME\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\IME\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\IME\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\inetsrv\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\inetsrv\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\inetsrv\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Macromed\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Macromed\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Macromed\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Microsoft\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Microsoft\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Microsoft\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\MsDtc\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\MsDtc\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\MsDtc\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\mui\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\mui\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\mui\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\npp\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\npp\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\npp\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\oobe\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\oobe\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\oobe\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ras\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ras\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ras\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ReinstallBackups\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ReinstallBackups\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ReinstallBackups\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Restore\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Restore\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Restore\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\scripting\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\scripting\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\scripting\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Setup\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Setup\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\Setup\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ShellExt\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ShellExt\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\ShellExt\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\SoftwareDistribution\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\SoftwareDistribution\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\SoftwareDistribution\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\spool\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\spool\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\spool\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\usmt\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\usmt\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\usmt\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\wbem\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\wbem\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\wbem\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\wins\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\wins\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\wins\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\xircom\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\xircom\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\xircom\key4.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\XPSViewer\logins.json
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\XPSViewer\key3.db
C:\Users\\AppData\Roaming\Mozilla\Firefox\Profiles\C:\WINDOWS\system32\XPSViewer\key4.db
C:\WINDOWS\Registration\R000000000007.clb

i am not sure if the links in it are broken or that is just how it is reported in sandbox mode but logins.json holds encrypted usernames and passwords and key4.db is the decryption key for them so it is trying to access anything in firefox and send it to the hacker. it downloads the payload through terminal and also hooks into user32.dll with this

"Ad2Bitcoin.exe" wrote bytes "71115d007a3b5c00ab8b02007f950200fc8c0200729602006cc805001ecd59007d265900" to virtual address "0x76FF07E4" (part of module "USER32.DLL")
member
Activity: 100
Merit: 10
A little more, the program replaces the characters in your address coming after the first three characters. For example, if your address is 1LthuSQDndCVMNWcfQ5gg4E4sYmiCg9SPf, it will be replaced with 1Ltxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
Therefore, it is very difficult to determine the substitution.
member
Activity: 100
Merit: 10
remove your second topic to keep replies here.
I have already sent message to moderator for removing
member
Activity: 320
Merit: 18
remove your second topic to keep replies here.

i will do restart and post updates here if i get any malware.
member
Activity: 100
Merit: 10
Just downloded your surfbar to another clean pc
At first nothing happened. After rebooting the computer, the same problem - the addresses began to be replaced.
member
Activity: 100
Merit: 10
i just downloaded app, it's clean at my side.
i guess you got malware from somewhere else, not from ad2bitcoin app.

i strongly suggest you clean up your pc, format it if possible, never login into your wallet until you be sure your pc is cleaned up.
to keep always safe, use two laptops, one for crypto funds and other for daily uses or web apps.

please remove new topic you opened and keep discussion here. (edit title to 'delete' and moderator will delete your topic.)
It is not clean, try to restart your pc after first surfbar launch
Then when you will try to copy/paste any btc address it will be replaced
member
Activity: 320
Merit: 18
i just downloaded app, it's clean at my side.
i guess you got malware from somewhere else, not from ad2bitcoin app.

i strongly suggest you clean up your pc, format it if possible, never login into your wallet until you be sure your pc is cleaned up.
to keep always safe, use two laptops, one for crypto funds and other for daily uses or web apps.

please remove new topic you opened and keep discussion here. (edit title to 'delete' and moderator will delete your topic.)
member
Activity: 100
Merit: 10
how virus-ed app can do all this and not give any warning by anti-virus  Roll Eyes

i'm sure this is fake report, app is tested before and it's safe for using.
however, can you please send me copy of your surfbar and i will check it myself on my second laptop.
Because it is not a virus, it is little program that track your clipboard and when it get btc address, replace it.
The copy of surfbar your can download by yourself, it is latest.
member
Activity: 320
Merit: 18
how virus-ed app can do all this and not give any warning by anti-virus  Roll Eyes

i'm sure this is fake report, app is tested before and it's safe for using.
however, can you please send me copy of your surfbar and i will check it myself on my second laptop.
member
Activity: 100
Merit: 10
Caution scammer !!!

After downloading the surfbar and launching it, an executable file is added to the autoload. After that, this program begins to replace the Bitcoin addresses in your clipboard. You will send money to this scammer without knowing it.
It is good that I noticed it in time and did not manage to send anything to false addresses.
I checked everything several times - the file in autoload appears only after launching their surfbar! Bypass this site and do not download anything from it! Antiviruses do not see the file and do not react in any way.

If someone has already encountered this problem: the name of the file at startup is startup.exe
The process name in the task manager: startup.exe - live translator
member
Activity: 320
Merit: 18
any plans of publishing the surfbar for Linux or web ?

regards

sorry there is no plans for Linux.
for web you may use publisher banner codes.
legendary
Activity: 1582
Merit: 1031
any plans of publishing the surfbar for Linux or web ?

regards
member
Activity: 320
Merit: 18
Now there is +500 sites are using Ad2Bitcoin network plus many surfbar users.

List of publishers :
http://ad2bitcoin.com/index.php?view=publishers

You can start advertising your site or referral url, it's %100 free to join and advertise!
member
Activity: 320
Merit: 18
Now advertiser's banners will be displayed into our +300 sites and surfbar users.

You can get free advertising credits by using Faucet or Surfbar
You can earn bitcoin from your site, or using surfbar.
member
Activity: 320
Merit: 18
UPDATE :



Banner surfbar is added.
Now you can earn credits + bitcoin by using Ad2Bitcoin app.
member
Activity: 320
Merit: 18
UPDATE :

Faucet added (no captcha).
now users can claim 1000 banner credits for free advertising everyday!
member
Activity: 320
Merit: 18
New Update :
Auto assign option is added.

This will help to credit your banners automatically from your earned credits.
member
Activity: 320
Merit: 18
We created list for joined publishers into Banner Exchange system.

You can advertise on all these sites for free + you will earn free bitcoins :
http://ad2bitcoin.com/index.php?view=publishers

Earn & Advertise, it's All Free!
legendary
Activity: 1582
Merit: 1031
what is the difference to traffic2bitcoin.com ?
You paying on both networks 1 satoshi.... ?
Looks really similar for me o0 why reason to use this inset of traffic2bitcoin ?


regards
member
Activity: 320
Merit: 18


Jump to:
© 2020, Bitcointalksearch.org