Topic: Beware of Clipboard Virus! (Read 595 times)

Thank you for the heads up. Though I have had computer knowledge for many years, I never knew something like this even existed. I mean wow. I'll give it a try and see how it works.

@DYING_S0UL, I remembered one "trick" that might help you speed up your computer, because even though you have 8 GB of RAM and you say that it still works slowly, you can try to stop a W10 feature called (SysMain (Superfetch)) which actually preloads those apps that you use it most often, so it can take up a lot of RAM.

All you need is to follow the instructions on the link and first stop that process, and then disable it from starting automatically with the OS. In case you need this feature again, you can simply turn it on.

The best anti virus still is our self awareness. Sorry for your loss OP. This is the reason that even we've got self awareness with our browsing activities, it's always best to check receiver's address carefully before doing a transaction.

It's opposite for me, it's still best to check transactions through a PC or laptop setup. Or, when you have spare devices, you can be meticulous and just use it specifically for transactions and you won't do any browsing there or any downloads aside from the wallets that you have there.

By reinstalling he may have only meant installing windows freshly. But yes your are correct. Reformatting the hard disk the only best thing that can ensure you that the virus isn't there anymore. Because you can't detect it when using windows normally. BTW I wouldn't tell this virus is a virus. A virus replaces malicious codes into the original codes, basically making the system unstable or unusable. But in this case, it doesn't do anything or damage anything, it just replaces the address. What a genius piece of virus/malware man, really genius!!! . The person who made this could have made something good but instead he have chosen evil.

It seems that this is not the problematic windows defender, not all software is dangerous or viruses by windows defender. If I look at the case, it looks like this wallet is still connected to the scam site. because if the virus will disappear if you change the OS to linux.

There are some stuff that can easily bypass through a phone's security and even on the app store that are supposedly safe for you to download on stuff, you can see some apps that can bypass through that are Trojan. You also can never be sure of official sites because there are scammers that imitates the official website and pays top dollar to get on top of the search engine results which buries the official site on 3rd or 4th place in the results. The best thing to do is to double or triple check so you are sure that something isn't fishy.
Nope, reformat is the best thing to do if there's a potential that you've downloaded a virus together with an app, that's the only way to remove the virus and be sure that reuse of the computer is clean slate. Virus don't go away just because you've deleted the file that it came with because some of them install themselves somewhere that's different from the destination of the file that they've been with.

if it applies to mobile phones it will be very easy when newly installed applications will of course require approval for some access on the smartphone.
applications downloaded from official sites may have very little risk. but on a PC or other device, we often download and install applications provided by other developers.

If a virus has been detected, reinstalling your device is the most appropriate choice to clean everything. As OP experienced, it's possible that the antivirus really didn't detect the virus until we realized when it was connected to a crypto wallet. and the situation is just waiting for us to be careless.

Have you checked on any of your recent programs that you've downloaded? There's a possibility that the reason why the Windows Defender didn't detect this is probably because it's a Trojan and an advance one at that as Windows Defender is already a good antivirus program so you can probably check on the previous downloads that you've done. Is this virus only a thing for computers? Or is it on mobile too? It's a scary thing for me because I'm not really checking too much on which address I would send my bitcoin so I'm a likely victim to this, good thing I don't do a lot of transactions.

Basically, it changes crypto address, suppose you are transferring funds to your other account having address 'abc..' and you copied this address into your clipboard then this virus would change it to hacker's address, 'adc' — if you are not careful enough you will confirm it under the illusion that it's the address you are sending to (I hope you recognized 'c' in hacker's address  ).

Hmm, interesting also thanks Op for mentioning this, currently I'm using the third-party clipboard to save time while working with data, I'll make sure to uninstall it because I've some of the active hot wallets working on my same PC. Seems like there's something OP hasn't tracked out because even after reading the full post i cant figure out how OP's system got infected. Here in my case, there's no incident yet but as I'm using third-party clipboard software there are some vulnerabilities.

These days I've encountered 2 stories back to back covering the hacking using the rubber ducky, so what I want to mention is dont be careless and make sure of a healthy environment while working with finance-related data and applications. Prefer a hardware wallet more suitable if you can afford it.

I don't really have an ides in what clipboard virus actually means and how one can contract it. I think I just have to be very careful on how I download files online and send it to my system. It might be very difficult for one to know how this virus actually get into system but time will te for us to have idea on what this actually means. There is no way this virus can be eradicated then it might be that even formatting the system does not actually take away the virus entirely from the system.

He may be referring to address poisoning. Where the last part may be similar to the original address. I can't remember where but I may have came across such a topic.

Found it: https://support.metamask.io/hc/en-us/articles/11967455819035-Address-poisoning-scams

I knew about token burning but never knew address burning was possible. New days, new things to learn. You have any thread regarding address burning? Would appreciate very much.

The only way to do that, is by creating a burn address. There's no profit for a scammer who burns the money he steals.

Try it. Address 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF holds 79,957.26462896BTC. I'll make it easy on you: instead of 3 missing characters, try to create an address with 15 missing characters. You'll realize that what you suggested is not possible.

It is very much important that one needs to cross check their details before any possible actions of initiating a transfer because the virus is very tricky. I have had such experience before where I almost approved a transaction but I was curious to check again for myself when I noticed a change in the wallet address I had to cross check with my previous transaction to see for myself and that was when I realised my gadget got infiltrated by the clipboard virus. I had to format my gadget. Then start afresh reinstallation.

It is advisable to do well confirm and reconfirm your details before you approve of any transaction when it comes to huge funds involved. This measures would save you the stress of losing funds to scammers and to also take note of any changes in your gadgets when it comes to initiate transaction.

They can actually clone almost a full address with just maybe a two or three characters missing from it. This is possible with vanity address generators. Since with this type of address you can choose your own few characters rather than all of them been randomly generated. That is why the attack is on specific address maybe those that look similar. The best thing is to use an offline wallet and if you get infected with this malware just reformat the HD

As for addresses memorization it is bad because it means you will only use those few addresses which are not good for privacy. Also you shouldn’t rely on memory as you could make a mistake and send to a wrong address still even if it is not that of the scammer

Yes, this has been going for many years now, clipboard virus has evolved so much. And there are a lot of warnings from the community regarding this kind of attack. So I guess with the price going up again, there could be a lot of scammers and malwares and other ways to get infected by this kind of clipboard virus. And on our part, we should check everything before we send our bitcoin to someone. It might not be their addresses, and if we found out that way, then our machine are infected. So the best course of action is to reinstall everything from scratch and then install the latest AV and test if the virus is still in your computer.

yes, if it's a routine transaction like sending to our exchange address, it might be possible to do it. but if you have just made a transaction with someone else or have just had several transactions, we can copy and paste the address or scan the QR code.
Copy and paste activities are often done. and if it gets a virus, of course, it becomes a serious problem. Always double-check the destination address carefully before approving a transaction. Sometimes we are too hasty and too sure of what we usually do. and that is the loophole for scammers in this way.

This is not a new thing definitely, if you said that this is not your first time then maybe re-installing into a fresh operating system could prevent this from happened again, and also complete scan your whole disk with the latest update of anti-virus database. Now to prevent you from accidentally sending to a virus address, you could use app that has contact book feature so you don't need to copy and paste everytime you send your fund to your usual address.

Exactly, because some clipboard malwares have gone a little further than simple address replacement - they already try to replace the original address by searching in their database for the one that most closely resembles the owner's address. I know I once read about it here on the forum, and I think hackers will become even more inventive, especially now that they are using AI.

When it comes to checking addresses, those who know the risks leave nothing to chance, right?

Ledger omitting one character from a Doge address

The only solution is the check the entire address. Address reuse is bad for privacy anyway, so memorizing the address doesn't make sense.

No bro, you should use one, window defender is good, but its virus definition sometimes is limited, its defending windows from crashing or being affected with virus and in my own experience, its protecting against boot sector virus only. Other types of virus might pass unnoticed by it as far as it doesn't affect the OS.
There are other types of virus, to mention but a few namely:

• web  scripting virus
• polymorphic virus
• Resident Virus
• multipartite virus

and a  host of others. As far as you're going online, you need antivirus to combat the viruses flying all over the net which might be more powerful than just your windows defender. There's such things as specialization, and in the area of protecting the computer properly against most virus, paid plan Antivirus is the best.

Now I'll still ask you a question. Do you update your computer after formatting?, or do you just format and start using it without proper updates?. This has an important role to play in the overall security of your computer. There's a program called malicious files and virus removal tool in the windows OS. if you don't update your computer properly(not just using drivers pack), it will not be energized to help you defend the computer from certain viruses. Leaving your computer vulnerable and your windows defender powerless.

Good realization mate. BTW, I don't think this malware has come to that point to clone an entire/slightly different or half of an address. It hasn't become that capable yet. One thing I'm unsure of is what triggers this virus. Certainly copy pasting casual text won't make it active, while I was infected I only realized after copying a btc address. Another thing is this virus only targets specific address? This is my concern. If it only targeted BTC then other altcoin address won't active it. And sending altcoins to an bitcoin address doesn't make sense, it it? My guess it only targets the big ones such as bitcoin or etheream etc. So if a user is infected and only uses altcoins, there is a big chance he won't detect that he is infected.

Only solution is to always memorize your address (the last part).

---

Sorry for your loss. Isn't airdrop a thing of a past now? Currently most of them seemed fake to me.

Correct answer.

I did but later I reverted back to windows. I have been using windows my entire life. Felt uncomfortable, not user friendly. Anyway, what distro you use? Any suggestion?

This why I always advice to use mobile for transaction and stay away from doing any single transaction in the PC where this scam attacks are in the high numbers. Actually I have so much experience in this matter because I lost more than 1k$. Unfortunately some of my old address become victim permanent which I used for farming airdrop.

The reason of this could be installing windows from Third party/Installation of free apps(crack).

You should have to install the new window/Linux as soon as you can because your phrase or any other information could be compromised. Never use free version software which often lead to keyboard hack. I will recommend Mobile for transaction purpose which is much safer than PC but if you like to do in PC then just follow above safety step

Since I come to realize that there is thing called clipboard virus which can change the address halfway I have started checking address in middle as well.

My revolution:

copy-paste address blindly >> check first letters >> check first and last letters >> current stage: check first-middle-end letters

I hope it doesn't come to stage where you have check whole address letter by letter  

This was an old virus and the person behind it is a genius because they know that most people are not paying attention when it comes to sending their BTC and double check the addresses especially if the amount is just low but this could be very dangerous for some person who is sending a huge amount of BTC because he couldn't see where he went wrong until the transactions have been successful and he double check the address by that time and finally understand it all why he haven't received his BTC. That's why exchanges have some warning options to let you know that you should be double-checking the BTC address in order to prevent yourself from sending it to scammers such as this one.

For the reason that I don't feel the need for more than that, everything works flawlessly and in fact I always have a surplus of free memory. In addition, I didn't even check how much max RAM I can add, but I assume that it is more than 8 GB because the laptop is not older than 5 years.

---

Maybe it's a low-quality device or your relatives didn't take good care of it, because I have a laptop that's almost 15 years old and it's still almost as functional as when I bought it (but I paid quite a lot for it) with the note that I installed an SSD and generally cleaned it, but I couldn't find the right RAM, so it stayed at 4 GB.

What I want to say is that there is still a significant difference (or at least there used to be) between premium devices and those of lower quality. Fortunately, I can afford to buy such devices, which, combined with careful handling, can last a very long time.

Nope, he was using it before giving it to me. I haven't looked inside but I'm pretty sure what you assumed is correct. Dust is the main problem, as far as I understood. First the HDD, then the sound system and now the fans. So yes, it's a kind of falling machine. So I don't wanna experiment with it any further. Let it be. Not worth the hassle.  

To ask the obvious: did you clean it from dust? Dust in the fan can make it get very loud when under load.
My laptop is older than that, and currently on it's third fan.

It's a 5 year old laptop which originally belonged to one of my relatives. But yes it's quite old. And trying to fix this might make it worse. So I rather use it how it is, until, I can effort to buy a new laptop or pc. I don't store anything important on this device, so there is nothing to worry about.

I think it's totally acceptable. Since you mentioned me and resized my text, I already knew what I wrote previously. It's not that you are quoting a very old post of mine. So if it's a recent post, then yes, why not?

One place where it should be avoided, (in my opinion), is on hot topics. Because ohers might want to read all the comments there. So, making texts small might make their eyes sore. But if it is a topic like mine, where fewer comments are being made, then resizing is understable.

Another place is where a user is giving technical help or a suggestion. Apart from that, if it's a casual comment, I might resize it to my preference.

Unfortunately, not all can effort to buy brand new devices.

---

---

Where I live, crypto is banned. That's why buying a hardware wallet and shipping it (clearing customs) to my place, can be quite risky. I could face legal issues. Not worth the risk.

It is. It totally wasted half of my days,  downloading 6GB windows ISO (Slow Internet speed), making a bootable pendrive, reformatting, reinstalling, updating drivers and so on. Such a headache.

It is called a clipboard malware not virus maybe that’s why windows defenders cannot protect keyboard malware attack because it has also affected me in the past.

I have to format my system and change my windows completely, and I was advices here to have two user interface so that I will have private sections for my online transactions and general user interface for my works.
Moreover, I was also advices to use Linux OS instead of windows that it’s better than windows.

My experience taught me warranty isn't everything. Laptop with broken case because of hinges that are too tight: blame the user. New phone that stops working: blame water damage. Don't get me wrong, I buy new stuff too, but the price quality ratio is much better for older ones. If it breaks (which doesn't happen often), I'll get another one. Disposable laptops

But why? RAM is cheap! If only my laptop could handle more, I'd add more

It's best to triple-check when you are transacting because you can never know what you are infected with or something. It's still better to have a hardware wallet so you can check the address being sent to on the physical hardware.

Having to reformat so many times is really tiresome and still unassured that you have actually deleted that virus. Be careful.

Then it's something else, the power supply or the motherboard (I assume it's a desktop computer) and maybe a professional should do diagnostics and determine what the problem is. I also have only 8 GB of RAM, but even when I open two browsers with a dozen tabs and everything else running in the background, I have no problems with slow work or freezing.


That was my intention, and you are the first to notice it in a positive sense. It seems to me that some others think that it is not right to minimize their words, but everyone has their own opinion.

---

I'm one of those who don't want used things, no matter how well-maintained and in good condition they are. I like to buy new devices that have a guarantee and service provided in case there is a need for the same. I assume that there are such laptops in my environment as well, but I have never paid attention to such things.

This kind of virus is very dangerous. I know the kind of stress the OP went through  because of this. These clipboard hijackers are there and if you are not keen on confirming your cryptocurrency and addresses, you will end up sending money to the wrong guys and you know very well the wrong guys don't give your money back. You don't want to be in this position. I recommend that you download Clipboard Fusion software to detect and prevent manipulation of the Windows clipboard.

Reinstallation of software shouldn't bother you more than your safety and the first mistake you made is not formatting the entire hard drive since the OS was bought from someone. In the crypto space, the only person you can trust is yourself.

Most detect viruses but do not always detect Clipboard malware. After having anti-virus and anti-malware on your computer you shouldn't rely on them to detect every attack because they only work the way they are programmed.

Thank you for sharing your story and this important warning for beginners. Indeed, clipboard hijacking is very common, and scammers have managed to steal a lot from people unaware of its malicious activities. The clipboard virus if not stealing sensitive and important data and personal information; can focus on replacing the copied address of a wallet/exchange in the clipboard with the scammer's wallet address. Many people may fall victim to this type of scam. Even most antivirus programs on Windows may not detect and remove it, and it can be challenging to determine if the device is infected or not. As everyone mentioned, the solution is to create a Linux operating system or use a non-main device if you prefer a Windows operating system that is not intended for conducting financial transactions and does not contain wallets or anything related to cryptocurrencies. It is best to avoid cracked programs, torrent files, or any programs downloaded from unknown sources.

Then set a different one

That's (at best) like running an OS inside a VM. If your host OS is compromised, the client gets compromised too. And, unlike Tails OS, it doesn't run all connections through Tor.

How do I explain it!!!   You know, like the opposite of smooth. Like edgy, or sharp.

No worries. This time, I didn't used any single crack. Lesson learned.

Two actually. Mostly I mess with my Android device. Like flashing custom OS or Magisk (Root access) etc.

Found it. Not quite sure if it's the same as TailsOS. But it does offers similar features as TailsOS. Such as, an isolated one time windows environment. And when the session is closed, everything is erased.

https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview

Where I live it's a different story.

-DYING_S0UL

Its really scary and I can't imagine what I will do if I lose funds to these MFs (sorry for the lingu) but why they don't use there skills for something good. I know this world is full of good and bad, if there is not bad then what will differentiate good ones (it indicates the importance of bad) but they need bridle. I hope they would met the consequences of scamming people soon.

And I am happy that you detected this issue and did not become a victim. Depending on you post and reputation, I will not say this story is imaginative even if you have a address of the hacker's wallet. And I think this might be due to the windows you are using like most of the people use unlocked windows downloaded from pirated sites, are you using a pirated activated window?, If yes then delete it and install a free version of windows from there official website.

And I think funds are more safer on phones rather than on windows.

Tails OS isn't really convenient to use as a daily wallet, especially if OP needs to reboot to use it.

FTFY
The great thing about Linux is the many options you get: if you don't like one interface, try another. I'm not sure what you mean with "breaking font" though.

Some are, some aren't. I've had USB sticks die after a few writes, and I've had sticks that last forever. To run your OS though, you'll need a fast and reliable one. Rule of thumb: don't go for the cheap sticks.

Nope. Once you're used to it, there's no reason to go back. But it takes a while to get used to, just like it took you a while to get used to what you're currently used to.

I think I share my love for old laptops with philipma1957 by now. And with "old", I mean at least 8 GB RAM and SSD. Wipe the laptop and install your own software.
I guess it depends on where you live though: here, corporate laptops are replaced every few years, which makes them cheap and abundant on the second hand market. You can find a decent laptop for less money than a new hardware wallet.

You should consider to separate your daily computer usage from your crypto stuff. Proper usage of a hardware wallet and always checking transaction details thoroughly before you sign a transaction also helps a lot against potentially infected computers.

I'm pretty sure a Linux box solely for crypto is worth a little hassle and you get used to it. It's very likely a safer environment than your daily Windows driver with all the software shit you use (no real judgement herewith).

Pay attention to browser extensions and only use the bare minimum if any on your crypto stuff box. Not everything that's comfortable is good for safety.


If this is the third time you run into such malware, you clearly have a safety problem and you definitely should reconsider what OS and what kind of software from what sources you use. It's not nice to acknowledge but the problem sits in front of your screen.

I do have these but still it's not enough. You can say it's a decent device and it works without any problems. The only problem is it cannot handle excessive load/multi tasking. I believe if an electric device starts to show symptoms of problems, no matter how much we try to fix it, one problem after another would come. I already had to replace the HDD to SSD. After that, the colling fan started to make noises and now having problems with the sound system. It is still running but might shut down any second.

Yes, I really need to buy a new computer/laptop now.

BTW I really liked what you did with the quotes. The resizing thingy. Looks very cool. Saves up a lot of space and highlights the reply. 

---

---

Yes, it came from an injected software. Most of the cracks comes in ZIP format. As long as it's inside the ZIP it cannot run. And I remember correctly I didn't extracted any Zip files. So yes your assumption maybe correct.

What AV you use? I don't like AV, VPN, System Healthcare etc third party software because most of them comes with bundle apps.

Probably the malware is injected to the apps that you download online or from the website that usually have tons of popping ads that force you to download something once accidentally clicked. Porn sites is the number site that being use to spread this kind of malware since some user doesn’t pay much attention on the popping ads when they are watching videos in there.

WD sometimes doesn’t filter all the viruses that’s why I always have 3rd party AV for malware protection.

Then you have a problem that is clearly detected and the solution of which you have to work on, and that is buying a new computer - by that I mean a really new one from the store, not a used one. Be sure to take into account that the computer has at least 8 GB of working memory, which is a minimum for pleasant work, and also that it has a solid processor and graphics card.

Until then, follow the advice from my previous post and don't use pirated software - and if you need a cheap license for a program, you can try to find it in Digital goods. Of course, be careful who you trade with.

I know that Windows defender sucks. At times, I would even use scripts to disable windows defender and auto update. But with time, I realized that, we need at least windows defender, even if it sucks at it's job. You know? Like a basic defense. It's better then having nothing. Someone might say, why not just use other third party antivirus? My device is old, I try to install as minimal as possible to keep the load minimal. For me, it felt, heavy when using an antivirus. Background running services makes it more worse. That's why.

I tried to shift to Linux (Mint METE latest). But eventually reverted back to Windows as I found some difficulties. There will always some things that you'll miss when using Linux. Most of us are used to Windows. Anyway, I'll try to install Linux again. to make myself more comfortable.

Thank you for the suggestion. I'll check if it's still running or discontinued and then decide.

If you are facing that problem on Windows operating system then your only possible and safe choice is to go with an open-source operating system that's managed by developers from all around the world and it's source is freely shared with the ones who use it.

I would say the easiest out of those open source operating systems is going to be a Linux based distro that would have a good user interface and themes which will help windows users to easily get used to it. Linux distro like Linix Mint is going to be my choice if someone wants to have a safe operating system that looks similar to Windows.

Another free and open-source operating system that I used in past which's very similar to Windows XP is ReactOS. I don't know if that one will work or not as I have used it when it was in its early versions but I can say that the programs worked fine on that operating system. You can give that one a try as well.

Windows operating system is used by most people and is managed by Microsoft team of developers only whom Microsoft can trust but the Linux and other open-source operating systems are managed by the community of developers who want to help others by providing them free software. You can safely trust the open-source operating systems and surely you won't face such clipboard virus or any other issues with those operating systems.

I made my first transaction about 10 years ago and I never had any problems with any viruses/malware, and the whole philosophy is to stop using pirated software and visiting websites that are known for distributing viruses/malware. In addition, do not accidentally click on links from unknown senders that you receive in your e-mail or via social networks.


WD is something you get with Windows OS and should not be considered premium protection, so even though some will tell you that all AVs are equal (useless), that is simply not true. I don't want to advertise any such product, so I leave it to anyone who wants to know more and knows how to use search engines.

If you want to change something about the problem you are constantly running into, you have to change the way you use your computer and the internet, otherwise no antivirus or operating system will protect you.

I agree that its better to use Linux distros like Ubuntu and other flavors, It is also better if you are using a Windows PC to invest in antivirus, what is a few dollars if you are holding a large amount of money, scan your backups, sometimes you are doing backup without knowing that the malware is hidden there, some people I encounter they have fresh reinstall of windows but the virus still there, when they found out the virus is on their backup.
Always update your antivirus, and operating system, and scan all drives.

Please report that address of scammers to this https://www.bitcoinwhoswho.com

I checked the address and there is not scam report, scam tag against the address so we can contribute to flag it.
https://www.bitcoinwhoswho.com/address/36VMz3kzFSnFHkfgTXr7Wdx9bx5HCF8tSs

These scammers started to use that address since April 2022
https://bitinfocharts.com/bitcoin/address/36VMz3kzFSnFHkfgTXr7Wdx9bx5HCF8tSs

From that address transaction history, I found that scammers did not use automatic tool to broadcast transactions immediately after received coins from victims. Usually, after receiving, it takes like 15 minutes or 1 hour for scammers to manually broadcast transactions with very high transaction fee rate.
https://www.blockchain.com/explorer/addresses/btc/36VMz3kzFSnFHkfgTXr7Wdx9bx5HCF8tSs

If viruses are in your files, reinstalling the operating system will not activate them unless you click on them. Therefore, if you do not open any file and notice that these viruses are present, then the problem is in the operating system. Either it is from an unknown source, or the crack runs before the operating system and leads to viruses running then even antivirus won't be able to notice it.

You can burn Ubuntu to Flash USB and boot from it. Here you can easily download Electrum and use Firefox to access exchanges without fear that there are viruses, and return to using Windows for other tasks.

Even if you are so careful with running windows OS you can still make some mistakes that will affect your PC with malware or trojans, the best thing you can do is get a hardware wallet, the risk with PC is too high, even a smartphone with Electrum wallet is safer than running a crypto wallet on PC.

The idea of running a Linux OS is also better than windows OS if you know how to, but I am better off using a hardware wallet or a bitcoin wallet on my smartphone, there are many things I can handle pretty well but a windows OS isn't one of them.

Before I gave up on PC for storing crypto assets I always end up with a malware one way or the other, even with antivirus installed on the PC, the only thing that makes sense if you have no option that to use a windows OS is to never use the PC to surf the net or download anything online, just use the PC for crypto wallet only, nothing else.

It's frustrating and alarming to deal with such a virus, where you're not sure if you've completely eradicated it after taking the necessary steps to get rid of it. It's possible that the virus employed sophisticated methods to avoid detection, or it could be a new strain, which is why the Windows Defender antivirus program may not have caught up with it yet.

I am well aware of the risks. Thank you for the suggestion. For this reason, I don't store anything related to crypto on my device. I noticed this virus when I was trying to use an exchange. I copied the deposit address and that's when it happened. There was no funds, seedphrase, secret keys or important documents laying around on my desktop.

I made this post, so that other people may see it. Especially the newbies. Since many of us don't know there is a virus called clipboard virus that hijacks clipboards. The topic was created purely as a reminder (again). 

---

---

Check the above response I gave to lovesmayfamilis...,

I know about TailsOS. Thank you. Also used this before. But the problem is it's na one time OS. I don't know about security it gives but it was created as a privacy enhancement OS. Also, I don't know if USB sticks are capable enough to run this OS for a longer period of time. Not saying it's bad, it's just not reliable. I wouldn't just prefer this. Another thing, AFAIK, Windoes does have a similar feature as TailsOS. I can't just remember how to enable/use it at this moment. I guess, many of you didn't knew this (I guess again).

Reinstalling Windows with a crack You don't have to continue any further. Any crack will contain something bad. Or do you think that all hacked Windows products are created by good people who save you money?
Besides, if hacked games are so important to you, you shouldn’t have created this topic at all and asked questions about what’s wrong with you. I think the answer is obvious to everyone.
I know many gamers who turn a blind eye to viruses because there is nothing they think is important on their devices. But if the computer has more power, the same viruses (RAT) can easily be turned into a server, which provides the ability to control it from the outside. And very often, hacked games contain it. And what will be done by another person from your IP will already depend on him, but you will be responsible.


You did everything right.

I did installed Linux Mint METE. But didn't found it comfortable at first. So I had revert back to Windows. Especially the UI, how it looked, appeared. The interface, font looked like breaking, not smooth, pixels.

Yes as you said. It is true for most of the new users. I was thinking about duel booting but unfortunately I don't have enough space to run both OS. Only 240GB SSD.

Yes, most probably I got infected using a crack version Driver updater. Since I had to fresh install everything.

It's not that bad either. Most of the time it would detect malwares. Maybe not best at defending but at least it gave a notification some malicious software is in your system somewhere. So hurry up and remove it since I (defender) can't.

I have a bad habit of changing distros. Not just Windows or Linux, also Android. Since I am a custom ROM user. I frequently change my OS, to test out new features and bugs etc.

No worries, LoyceV. I had nothing of crypto on my system. No keys, no doc files, no nothing. Also all the funds have been moved already. Lesson learned.

---

---

I do game sometimes. But can't buy all the games as I don't have enough money. And you know better that Linux isn't gaming friendly. Although they have Steam but that doesn't support crack games. So I had no other choise.

---

---

I first time I got infected, I had no idea of a clipboard virus. I thought my copy paste function was broken. So I tried everything to fix it. Like editing, cleaning registry editor, using different health software or updating system etc. But couldn't fix. As a last resort, I had to format the SSD and reinstall Windows.


(I made a lot of quotes to multiple users. Is it ok though to quote this much? Just a curious question  )

Prevention is better than cure and you must know all AntiVirus Softwares can not protect your from all online threats. If you completely rely on those AVs, and think you will be safely with their shields, you are wrong and your risk will become bigger.

I see another wrong practice here. Immediately after you got a new device, you installed, imported your wallet on it. I can not know why you do it and what is status of your previous device. Assume you have your wallet on both previous and new devices, you are too hurry to take risk with your new device that I believe not is completely new when you got it.

You can use Linux and TailOS

• https://tails.net/install/linux/index.en.html
• How to Install Tails OS on USB flash drive for Wallet Purpose

That would be better, but:

Where did you get this software? Official sources and official paid licenses, or some warez site or "friends"?
That's another reason to use Linux: no need to install hacked software.

You know what they say: "Insanity is doing the same thing over and over again and expecting different results." (the source of this quote seems to be unknown). If you did the same thing again, you'll get the same malware for the fourth time.

My guess: the malware is included in some of the software you install. Or you just download it again after a few days. Either way, stop doing that. If you have confirmed malware on your system, you can't be sure it hasn't collected more data. So change all your passwords and if you use a hot wallet, create a new seed phrase on a clean system and move your funds.

Thats why everyone must be reminded about copying and paste. We dont know if we are infected with such virus and a little bit of changes from the address means it got compromised. You dont click the send button right away and must have triple check or more first the address if its correct. I think it got happened to my friend on ronin wallet add. He didnt received the tokens inspite checking it was correct, however he noticed that theres a different letter and figure on last four lines. So it is a virus indeed.

Third party antiviruses help identify malwares, but sometimes people fall into such traps through irresponsible browsing and downloading files, those traps or malwares can bypass the protection system of this type of antivirus. Therefore, I think that to avoid phishing attack, the user cannot be made to do your responsible browsing, especially on the device that does his official work. However, I would also not disencourage the use of third party antivirus.

What if you use norton or kaspersky total?

You are in vain hoping for Windows Defender, or rather, you are in vain hoping for Windows. To keep Windows crystal clean, you need to disconnect it from the network. If you start wondering how many holes users regularly open due to using this system, you will be very disappointed. Start learning Linux systems, and divide your Internet surfing into entertainment, Photoshop hobbies, and finances.
As for the addresses to which they wanted to redirect you, I see a slightly different amount in this wallet. But yes, there are complaints that the clipper was redirected to this address.

https://checkbitcoinaddress.com/bitcoin/36VMz3kzFSnFHkfgTXr7Wdx9bx5HCF8tSs

That could be the answer since, I recently got this device. So a lot of software had to be reinstalled. But that's not what I'm worrying about. I worry about windows defender not detecting it. And it's not that I got infected and the very moment I noticed it. I think I was infected for more then 10 days. There was no way of knowing, until I tried to make a transaction and made this discovery. That's what I don't like about it. This sly virus, not showing up anywhere until someone tried something related to crypto.

The reinstallation of the OS is not enough, you need to total the format the entire hard drive this will delete everything and then you install a new OS this time around use Linux distro as it is better than the windows OS or antivirus on it.

Then the exiting wallet on that device should be assumed to been already compromised you will need to create a new wallet and send your coins to the new one.

Check this link by LoyceV on which explains problems associated with CTRL-C and CTRL-V

As discussed before, it is always better to triple check when you are going to send any crypto if there's any changes to the address or not. If I say something then I would say that it is better to be safe than sorry. Well, it doesn't feel good when you lost something that you have work hard to get it or earn it and just vanish just like that. It's good that you share this to remind others who have already know this and to let others know about it that doesn't know about this yet. My opinion about how you get this is I think you may have downloaded a software that isn't downloaded from the original website and may be infected with that malware.

And this is the third time I have gotten infected with the clipboard virus. I don't know why I always end up with the particular virus. Though I don't know how to properly define this thing as a virus or malware. I don't use any third-party antivirus, but my Windows Defender is always on. So I have no idea how I got infected. Windows defender seems to not be working regarding this virus. I guess, other antivirus programs won't work either. There is no way to fix this. So unfortunately, I had to reinstall Windows twice the same day to fully get rid of this virus. Such a hassle. Lucky for me, I didn't send out any funds since I remembered my original address. The moment I saw a change of address, I knew something was wrong. Here is the phishing address. The total received amount is almost $28k I wonder how many innocent people fell a victim to it.