Topic: [ NEW VIRUS ] THIS ADDY GETS PASTED : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u (Read 5941 times)
May 04, 2016, 06:54:20 PM
Never heard of this before. Thanks for notifying the public on this one.
May 04, 2016, 06:51:31 PM
Wow hackers already developed an virus to hit the transfers .This is just a big problem and i believe you wont be the first and neither the last to get this virus or similiar virus,soo how did you find those virus and where you had been till you find those virus,im glad i always check more then once the adress to make the payments,but i believe you arent able to change it even using another computer? I had founded this adress on the transactions made from the adress you post op ,https://blockchain.info/pt/address/1FXqE2ixnnSB1kvwbMtWma5xQ2bVbkSq3f is this the adress of the virus or some casino?
May 04, 2016, 05:40:45 PM
wow now that's fucking sneaky would be even better if it could detect and change the copy/paste only when you try to copy a Bitcoin address. But still really sneaky.
May 04, 2016, 05:11:11 PM
This really is disturbing. One issue I keep running into on my cell is it sometimes opens a link I am not wanting to click,such as signatures or links in the thread. For this reason I try to limit my time on my cell and surf here on a desktop instead.
I copy and paste addresses all the time and always check the first little bit of the address but I guess I need to be more diligent in the future.
I copy and paste addresses all the time and always check the first little bit of the address but I guess I need to be more diligent in the future.
April 22, 2016, 09:04:56 PM
Backup wallet.dat and the blockchain (depending on what wallet you are using) and reinstall OS.
is that virus really dangerous for us?i mean all people with same wallt with OP. why must be reinstall the OS?is that virus can't cleaned with any good anti virus? 
April 22, 2016, 04:33:25 PM
Sounds like Trojan.Coinbitclip or a new variant.
April 22, 2016, 12:27:50 PM
Ouch I haven't encountered this kind of malware before but it looks like a nasty and sneaky way of losing your coins if you don't pay attention to what address does appear before sending the coins. Do you know what may have caused this malicious thing to happen? I don't think it's a virus it's probably some script running in your background processes.
April 22, 2016, 12:21:25 PM
As far as I know there is no risk in publicly telling all of your processes.. so make an screenshot of your processes and show them in here so everyone can help. Also don't use the default task manager from Windows, download Process Explorer because it gives more specific info about the processes. Also I recommend you run HijackThis and copy paste the log here.
The processes running by OP are : http://prnt.sc/9rb6o0 (screenshot)
After searching a bit i found that This address belongs to devil11
Proofs :
https://bitcointalksearch.org/topic/finished-squall-coin-avatar-campaign-fixed-rate-finished-1317199
Thanks for your appreciating. 
Bitcoin Address : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u
Starting Posts : 196
Forum Rank at Time of Entry : Full Member
Bitcoin Address : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u
Starting Posts : 196
Forum Rank at Time of Entry : Full Member
Applying for this campaign.
Username : devil11
Current Rank : Full Member
Current Post Count : 203
Bitcoin Address : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u
Thanks in Advance.
Username : devil11
Current Rank : Full Member
Current Post Count : 203
Bitcoin Address : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u
Thanks in Advance.
What is the chance of that user being infected with the same virus and he posted that by mistake? It would be very stupid to post a addy that is
being used by a virus on the forum.
Send the user a PM and see if you can get a answer or a explanation. Good catch, if it turns out to be the same person.
I have heard about this before and for that reason I double check all my addresses before I submit payment. 
April 22, 2016, 10:27:38 AM
As far as I know there is no risk in publicly telling all of your processes.. so make an screenshot of your processes and show them in here so everyone can help. Also don't use the default task manager from Windows, download Process Explorer because it gives more specific info about the processes. Also I recommend you run HijackThis and copy paste the log here.
The processes running by OP are : http://prnt.sc/9rb6o0 (screenshot)
After searching a bit i found that This address belongs to devil11
Proofs :
https://bitcointalksearch.org/topic/finished-squall-coin-avatar-campaign-fixed-rate-finished-1317199
Thanks for your appreciating.
Bitcoin Address : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u
Starting Posts : 196
Forum Rank at Time of Entry : Full Member
Bitcoin Address : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u
Starting Posts : 196
Forum Rank at Time of Entry : Full Member
Applying for this campaign.
Username : devil11
Current Rank : Full Member
Current Post Count : 203
Bitcoin Address : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u
Thanks in Advance.
Username : devil11
Current Rank : Full Member
Current Post Count : 203
Bitcoin Address : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u
Thanks in Advance.
April 22, 2016, 09:56:48 AM
I am really horrified now!
when I withdrew money from somewhere i see i copied and pasted addy ,but when i not got for a long time i searched whats the issue and i see funds sent to : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u
and now I see this is a virus address , its a virus where u copy anything but this : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u will be pasted, no matter , what !
I have searched internet more and saw someone else had same issue
please help me !
ah i never know about virus like this,yeas its horrible,i'm start to afraid with my address. but is this happen to all wallet or exchange?when I withdrew money from somewhere i see i copied and pasted addy ,but when i not got for a long time i searched whats the issue and i see funds sent to : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u
and now I see this is a virus address , its a virus where u copy anything but this : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u will be pasted, no matter , what !
I have searched internet more and saw someone else had same issue
please help me !
i wish this case can found the solutions.
April 22, 2016, 08:05:33 AM
This is because of some file or a script that work in background .It must have come with something . I think it is with some software . I think you have installed a new software which runs the command in cmd to do it.
Can you please give me a view of a task manager- process section & startup section , i think i can crack which file it is working in background. If you want to keep up the softwares and files and dont lose them up . You have to end that process which is working in background everytime you run up your PC or you can remove that up from program startup like this:-
1)Press Win-r . In the "Open:" field, type msconfig and press Enter .
2)Click the Startup tab.
3)Uncheck the items you do not want to launch on startup. Note: ...
4)When you have finished making your selections, click OK.
5)n the box that appears, click Restart to restart your computer.
There is a solution : Reset your PC
Reset is an option which allows you to reinstall OS with the option to KEEP THE FILES OR NOT.
What things affects:-
a) all the software you had installed are gone,but you can keep up with the files.
So does that mean bx2.club behind it ?
Can you please give me a view of a task manager- process section & startup section , i think i can crack which file it is working in background. If you want to keep up the softwares and files and dont lose them up . You have to end that process which is working in background everytime you run up your PC or you can remove that up from program startup like this:-
1)Press Win-r . In the "Open:" field, type msconfig and press Enter .
2)Click the Startup tab.
3)Uncheck the items you do not want to launch on startup. Note: ...
4)When you have finished making your selections, click OK.
5)n the box that appears, click Restart to restart your computer.
There is a solution : Reset your PC
Reset is an option which allows you to reinstall OS with the option to KEEP THE FILES OR NOT.
What things affects:-
a) all the software you had installed are gone,but you can keep up with the files.
So does that mean bx2.club behind it ?
Hey, thanks really you seem to help me.
Please can u help me, give me ur skype i will tell u all process running on my pc
As far as I know there is no risk in publicly telling all of your processes.. so make an screenshot of your processes and show them in here so everyone can help. Also don't use the default task manager from Windows, download Process Explorer because it gives more specific info about the processes. Also I recommend you run HijackThis and copy paste the log here.
April 22, 2016, 06:47:18 AM
yes this is virus.
i transfer 0.08 bitoin to this m...f.... account.
I found what's happen. this was a virus address !!!
19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u
i transfer 0.08 bitoin to this m...f.... account.
I found what's happen. this was a virus address !!!
19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u
January 18, 2016, 01:01:53 AM
Prevention: This is because generally we do not read carefully and keep on installing softwares by hitting" NEXT" button. Nowadays additional softwares are coming up with the software.Also some scammers are patching up addtional malware instead of software. Also keygens and cracks also comes up with virus. I am saying this is because i lost my previous email address because of it. And also some infos of my other sites were stealed. It later came to notice when i got an email from google about my id been logged from different ip address
So it is highly recommended to use only trusted and secure download link. And please read carefully while installing software.
For OP i would say to
1) Backup Wallet.dat
2). Reset os (check my previous post in 1 st page)
So it is highly recommended to use only trusted and secure download link. And please read carefully while installing software.
For OP i would say to
1) Backup Wallet.dat
2). Reset os (check my previous post in 1 st page)
January 17, 2016, 04:27:06 PM
This is why I recommend getting something like an Intel NUC dedicated to bitcoin.
Put Linux on it, and do not run any browser plugins or extensions, and do not use Chrome for Linux (it is closed source) on it.
Such a PC should only be used for your bitcoin activity, not general browsing. Not even browsing this forum. Just use it for bitcoin.
You can run a wallet on your normal PC just like you can keep some fiat cash in your leather wallet, but keep the value low.
btw flash (even in Chrome) is dangerous because flash allows programs loaded from web pages to manipulate the clipboard. Get rid of flash even on computers that you don't use with bitcoin.
Put Linux on it, and do not run any browser plugins or extensions, and do not use Chrome for Linux (it is closed source) on it.
Such a PC should only be used for your bitcoin activity, not general browsing. Not even browsing this forum. Just use it for bitcoin.
You can run a wallet on your normal PC just like you can keep some fiat cash in your leather wallet, but keep the value low.
btw flash (even in Chrome) is dangerous because flash allows programs loaded from web pages to manipulate the clipboard. Get rid of flash even on computers that you don't use with bitcoin.
That seems to be a bit overkill.
It may seem overkill but the bottom line is that bitcoin has no FDIC insurance and no way to reverse a transaction.
Overkill thus is much safer than finding out you did not do enough.
January 17, 2016, 04:18:46 PM
and now I see this is a virus address , its a virus where u copy anything but this : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u will be pasted, no matter , what !
I just waited the moment this type of malware will occur. It's Windows, right?
I am interested in seeing where this goes.
That's one of the reasons I do not like QR codes.
January 17, 2016, 03:40:36 PM
and now I see this is a virus address , its a virus where u copy anything but this : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u will be pasted, no matter , what !
I just waited the moment this type of malware will occur. It's Windows, right?
I am interested in seeing where this goes.
January 17, 2016, 03:34:42 PM
and now I see this is a virus address , its a virus where u copy anything but this : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u will be pasted, no matter , what !
I just waited the moment this type of malware will occur. It's Windows, right?
January 17, 2016, 03:12:50 PM
This is why I recommend getting something like an Intel NUC dedicated to bitcoin.
Put Linux on it, and do not run any browser plugins or extensions, and do not use Chrome for Linux (it is closed source) on it.
Such a PC should only be used for your bitcoin activity, not general browsing. Not even browsing this forum. Just use it for bitcoin.
You can run a wallet on your normal PC just like you can keep some fiat cash in your leather wallet, but keep the value low.
btw flash (even in Chrome) is dangerous because flash allows programs loaded from web pages to manipulate the clipboard. Get rid of flash even on computers that you don't use with bitcoin.
Put Linux on it, and do not run any browser plugins or extensions, and do not use Chrome for Linux (it is closed source) on it.
Such a PC should only be used for your bitcoin activity, not general browsing. Not even browsing this forum. Just use it for bitcoin.
You can run a wallet on your normal PC just like you can keep some fiat cash in your leather wallet, but keep the value low.
btw flash (even in Chrome) is dangerous because flash allows programs loaded from web pages to manipulate the clipboard. Get rid of flash even on computers that you don't use with bitcoin.
That seems to be a bit overkill. Basic security is enough for average quantities of Bitcoin. Even if you don't have any Bitcoin on your computer at all, the issue that the OP is talking about could happen too.
The cheapest Intel NUC seems to be at 99$, as per their website. For that price I'd think in buying a Trezor (which still doesn't avoid the issue OP talked about, but can keep your Bitcoins secure while being able to spend them on an online computer)
You don't necessarily need a new computer for offline cold storage, you can use an old one, your usual computer with a different disk or in live mode. There's also ledger and Raspberry's/Banana Pi/ODROID, etc.
January 17, 2016, 02:45:10 PM
Check browser extensions/unknown startup entries and remove them. You can use CCleaner for it.
January 17, 2016, 02:37:46 PM
Sorry for your troubles. Time to consider using a hardware wallet with a screen like Trezor.
Jump to: