Bitcoin Forum>Bitcoin>Bitcoin Discussion
Pages:
Author

Topic: Bitcoin Malware - page 4. (Read 4046 times)

Mickeyb
hero member
Activity: 798
Merit: 1000
Move On !!!!!!
Re: Bitcoin Malware
August 31, 2015, 04:33:38 PM
#9
Quote from: LiteCoinGuy on August 31, 2015, 11:47:50 AM
Quote from: Hailedllama on August 31, 2015, 10:25:54 AM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  Smiley

it is safer to store your coins on a hardware wallet:

https://bitcointalksearch.org/topic/overview-bitcoin-hardware-wallets-secure-your-coins-899253

Doesn't this malware work even if you use a Trezor for example? I guess that people should be always careful and double check. MyTrezor Web wallet works in the browser as well.

The truth of the matter is that everybody should be double checking are addresses changed. If anybody  can have a copy of this malware for a $1, this means that this malware can become very widespread.
ikydesu
hero member
Activity: 686
Merit: 500
fb.com/Bitky.shop | Bitcoin Merch!Premium Quality!
Re: Bitcoin Malware
August 31, 2015, 03:32:07 PM
#8
Quote from: Hailedllama on August 31, 2015, 10:25:54 AM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  Smiley

There are a lot malware out there come from related bitcoin service. I personally always check and scanned the site first when i want to visit, especially with a site which strange or fishy for me. This some tips for make your PC secure and avoid any virus/malware: https://bitcointalksearch.org/topic/keep-your-system-updated-and-stay-secure-tips-to-avoid-viruses-trojans-203876
nero987
sr. member
Activity: 259
Merit: 250
Re: Bitcoin Malware
August 31, 2015, 12:23:44 PM
#7
This is arround for some time already...
It first came up on Evo market arround 1 month before the exit scam.
I have the source code of v1.3 here.
Before you compile the malware you set some parameters, which include the process name.
In Snorek's "examples" its Chrome32.exe or AcroRd32.exe, but it can be literally everything.

About anti malware:
The program does not make any connection to the internet, for this reason it is almost never picked up by anti-virus/malware software.
When a particular compilation of the malware (with particular process name) is reported to an antivirus database, only that version will be picked up by av's...
There are some av's that notice that part of the code is comparable to know malware, but thats only a minority of the av's....


damn, practice your english nero!

edit: I'm not selling/sharing the source code, neither sharing any detailled information how it actually works!
tadakaluri
hero member
Activity: 616
Merit: 500
Re: Bitcoin Malware
August 31, 2015, 12:17:57 PM
#6
Quote from: Hailedllama on August 31, 2015, 10:42:57 AM
it happened to me about a hour ago but heres a guide on how to get rid of it if it is on your pc
10
Remove the malware
Finally remove it from your computer:
1.
Start Windows Task Manager and terminate the Chrome32.exe or
AcroRd32.exe process!
2.
Go to %appdata% in your file browser.
3.
Delete AppData/Roaming/Adobe (x86) folder.
4.
Delete AppData/Local/Google (x86) folder.
If you don't terminate the malware manually, as it is described
in the first point you can't delete one of the folder.
If you've deleted the Adobe folder it won't start again on your
computer, so you're good, but to completly remove it you have to
do one more thing:

Start the Registry Editor (regedit) and delete our software from
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru
n"
If you don't find it, check HKEY_LOCAL_MACHINE instead of
HKEY_CURRENT_USER


hope it helps this malware is being sold for $1.10 in bitcoin

Thank you very much for the valuable information.  I need to check my PC and gadgets, is they already infected with this Malware or not? Once again thank you very much for this information.
LiteCoinGuy
legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
Re: Bitcoin Malware
August 31, 2015, 11:47:50 AM
#5
Quote from: Hailedllama on August 31, 2015, 10:25:54 AM
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  Smiley

it is safer to store your coins on a hardware wallet:

https://bitcointalksearch.org/topic/overview-bitcoin-hardware-wallets-secure-your-coins-899253
Aggressor66
hero member
Activity: 728
Merit: 501
Re: Bitcoin Malware
August 31, 2015, 11:37:18 AM
#4
Malwarebytes’ Anti-Malware is currently one of the most successful tools at identifying and removing the types of malware that we’re talking about here.
It’s not really a replacement for anti-virus software but in cases of infection, it has a pretty darn good track record.
Download the free version, install and run it, and then see what it turns up.
Snorek
legendary
Activity: 1400
Merit: 1001
Re: Bitcoin Malware
August 31, 2015, 11:25:11 AM
#3
Quote from: Hailedllama on August 31, 2015, 10:42:57 AM
it happened to me about a hour ago but heres a guide on how to get rid of it if it is on your pc
10
Remove the malware
Finally remove it from your computer:
1.
Start Windows Task Manager and terminate the Chrome32.exe or
AcroRd32.exe process!
2.
Go to %appdata% in your file browser.
3.
Delete AppData/Roaming/Adobe (x86) folder.
4.
Delete AppData/Local/Google (x86) folder.
If you don't terminate the malware manually, as it is described
in the first point you can't delete one of the folder.
If you've deleted the Adobe folder it won't start again on your
computer, so you're good, but to completly remove it you have to
do one more thing:

Start the Registry Editor (regedit) and delete our software from
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru
n"
If you don't find it, check HKEY_LOCAL_MACHINE instead of
HKEY_CURRENT_USER


hope it helps this malware is being sold for $1.10 in bitcoin
You mean that you can have your own version of this Malware with your own address for $1. That's sick. I was worried about new kind of malwares and viruses associated with bitcoin and here they are.
So far I know about this Malware changing address and another that encodes data on your disks and then want bitcoin to decypher it. New technologies, new threats.
Hailedllama
newbie
Activity: 18
Merit: 0
Re: Bitcoin Malware
August 31, 2015, 10:42:57 AM
#2
it happened to me about a hour ago but heres a guide on how to get rid of it if it is on your pc
10
Remove the malware
Finally remove it from your computer:
1.
Start Windows Task Manager and terminate the Chrome32.exe or
AcroRd32.exe process!
2.
Go to %appdata% in your file browser.
3.
Delete AppData/Roaming/Adobe (x86) folder.
4.
Delete AppData/Local/Google (x86) folder.
If you don't terminate the malware manually, as it is described
in the first point you can't delete one of the folder.
If you've deleted the Adobe folder it won't start again on your
computer, so you're good, but to completly remove it you have to
do one more thing:

Start the Registry Editor (regedit) and delete our software from
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru
n"
If you don't find it, check HKEY_LOCAL_MACHINE instead of
HKEY_CURRENT_USER


hope it helps this malware is being sold for $1.10 in bitcoin
Hailedllama
newbie
Activity: 18
Merit: 0
Re: Bitcoin Malware
August 31, 2015, 10:25:54 AM
#1
i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  Smiley
Pages:
Bitcoin Forum>Bitcoin>Bitcoin Discussion
Jump to: