Pages:
Author

Topic: [ NEW VIRUS ] THIS ADDY GETS PASTED : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u (Read 6005 times)

sr. member
Activity: 406
Merit: 250
Never heard of this before. Thanks for notifying the public on this one.
hero member
Activity: 560
Merit: 500
Wow hackers already developed an virus to hit the transfers .This is just a big problem and i believe you wont be the first and neither the last to get this virus or similiar virus,soo how did you find those virus and where you had been till you find those virus,im glad i always check more then once the adress to make the payments,but i believe you arent able to change it even using another computer? I had founded this adress on the transactions made from the adress you post op ,https://blockchain.info/pt/address/1FXqE2ixnnSB1kvwbMtWma5xQ2bVbkSq3f is this the adress of the virus or some casino?
legendary
Activity: 883
Merit: 1005
wow now that's fucking sneaky would be even better if it could detect and change the copy/paste only when you try to copy a Bitcoin address. But still really sneaky.
member
Activity: 84
Merit: 10
This really is disturbing. One issue I keep running into on my cell is it sometimes opens a link I am not wanting to click,such as signatures or links in the thread. For this reason I try to limit my time on my cell and surf here on a desktop instead.

I copy and paste addresses all the time and always check the first little bit of the address but I guess I need to be more diligent in the future.
sr. member
Activity: 308
Merit: 250
The mind is everything. What you think you become.
Backup wallet.dat and the blockchain (depending on what wallet you are using) and reinstall OS.
is that virus really dangerous for us?i mean all people with same wallt with OP. why must be reinstall the OS?is that virus can't cleaned with any good anti virus?
legendary
Activity: 1806
Merit: 1164
legendary
Activity: 2604
Merit: 1036
Ouch I haven't encountered this kind of malware before but it looks like a nasty and sneaky way of losing your coins if you don't pay attention to what address does appear before sending the coins. Do you know what may have caused this malicious thing to happen? I don't think it's a virus it's probably some script running in your background processes.
legendary
Activity: 1904
Merit: 1074
As far as I know there is no risk in publicly telling all of your processes.. so make an screenshot of your processes and show them in here so everyone can help. Also don't use the default task manager from Windows, download Process Explorer because it gives more specific info about the processes. Also I recommend you run HijackThis and copy paste the log here.

The processes running by OP are : http://prnt.sc/9rb6o0 (screenshot)



After searching a bit i found that This address belongs to devil11

Proofs :

https://bitcointalksearch.org/topic/finished-squall-coin-avatar-campaign-fixed-rate-finished-1317199
Thanks for your appreciating. Smiley

Bitcoin Address : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u
Starting Posts : 196
Forum Rank at Time of Entry : Full Member


Applying for this campaign. Smiley

Username : devil11
Current Rank : Full Member
Current Post Count : 203
Bitcoin Address : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u

Thanks in Advance. Smiley

What is the chance of that user being infected with the same virus and he posted that by mistake? It would be very stupid to post a addy that is

being used by a virus on the forum.  Roll Eyes Send the user a PM and see if you can get a answer or a explanation. Good catch, if it turns out to be the

same person.  Grin I have heard about this before and for that reason I double check all my addresses before I submit payment.
hero member
Activity: 1162
Merit: 547
CryptoTalk.Org - Get Paid for every Post!
As far as I know there is no risk in publicly telling all of your processes.. so make an screenshot of your processes and show them in here so everyone can help. Also don't use the default task manager from Windows, download Process Explorer because it gives more specific info about the processes. Also I recommend you run HijackThis and copy paste the log here.

The processes running by OP are : http://prnt.sc/9rb6o0 (screenshot)



After searching a bit i found that This address belongs to devil11

Proofs :

https://bitcointalksearch.org/topic/finished-squall-coin-avatar-campaign-fixed-rate-finished-1317199
Thanks for your appreciating. Smiley

Bitcoin Address : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u
Starting Posts : 196
Forum Rank at Time of Entry : Full Member


Applying for this campaign. Smiley

Username : devil11
Current Rank : Full Member
Current Post Count : 203
Bitcoin Address : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u

Thanks in Advance. Smiley
sr. member
Activity: 294
Merit: 250
I am really horrified now!

when I withdrew money from somewhere i see i copied and pasted addy ,but when i not got for a long time i searched whats the issue and i see funds sent to : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u

and now I see this is a virus address , its a virus where u copy anything but this : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u will be pasted, no matter , what !

I have searched internet more and saw someone else had same issue

please help me !
ah i never know about virus like this,yeas its horrible,i'm start to afraid with my address. but is this happen to all wallet or exchange?
i wish this case can found the solutions.
legendary
Activity: 1610
Merit: 1183
This is because of some file or a script that work in background .It must have come with something . I think it is with some software . I think you have installed a new software which runs the command in cmd to do it.

Can you please give me a view of a task manager- process section & startup section , i think i can crack which file it is working in background. If you want to keep up the softwares and files and dont lose them up . You have to end that process which is working in background everytime you run up your PC or you can remove that up from program startup like this:-


1)Press Win-r . In the "Open:" field, type msconfig and press Enter .
2)Click the Startup tab.
3)Uncheck the items you do not want to launch on startup. Note: ...
4)When you have finished making your selections, click OK.
5)n the box that appears, click Restart to restart your computer.

There is a solution : Reset your PC

Reset is an option which allows you to reinstall OS with the option to KEEP THE FILES OR NOT.

What things affects:-

a) all the software you had installed are gone,but you can keep up with the files.



look at this post
https://bitcointalksearch.org/topic/m.13575511

someone use that address


So does that mean bx2.club behind it ? Huh


Hey, thanks really you seem to help me.

Please can u help me, give me ur skype i will tell u all process running on my pc

As far as I know there is no risk in publicly telling all of your processes.. so make an screenshot of your processes and show them in here so everyone can help. Also don't use the default task manager from Windows, download Process Explorer because it gives more specific info about the processes. Also I recommend you run HijackThis and copy paste the log here.
full member
Activity: 228
Merit: 101
NEM (XEM) Top Coin
yes this is virus.
i transfer 0.08 bitoin to this m...f.... account.
I found what's happen. this was a virus address !!!
19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u
sr. member
Activity: 350
Merit: 250
Prevention: This is because generally we do not read carefully and keep on installing softwares by hitting" NEXT" button. Nowadays additional softwares are coming up with the software.Also some scammers are patching up addtional malware instead of software. Also keygens and cracks also comes up with virus. I am saying this is because i lost my previous email address because of it. And also some infos of my other sites were stealed. It later came to notice when i got an email from google about my id been logged from different ip address

So it is highly recommended to use only trusted and secure download link. And please read carefully while installing software.

For OP i would say to

1) Backup Wallet.dat
2). Reset os (check my previous post in 1 st page)
full member
Activity: 182
Merit: 107
This is why I recommend getting something like an Intel NUC dedicated to bitcoin.

Put Linux on it, and do not run any browser plugins or extensions, and do not use Chrome for Linux (it is closed source) on it.

Such a PC should only be used for your bitcoin activity, not general browsing. Not even browsing this forum. Just use it for bitcoin.

You can run a wallet on your normal PC just like you can keep some fiat cash in your leather wallet, but keep the value low.

btw flash (even in Chrome) is dangerous because flash allows programs loaded from web pages to manipulate the clipboard. Get rid of flash even on computers that you don't use with bitcoin.

That seems to be a bit overkill.

It may seem overkill but the bottom line is that bitcoin has no FDIC insurance and no way to reverse a transaction.

Overkill thus is much safer than finding out you did not do enough.
full member
Activity: 182
Merit: 107
and now I see this is a virus address , its a virus where u copy anything but this : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u will be pasted, no matter , what !

I just waited the moment this type of malware will occur. It's Windows, right? Wink
I can't say for sure if it windows, but the type of malware is ingenious to be honest. Most people would not look at the address twice to make sure its the right thing, so it is inconspicuous enough that it would not be noticed (As in OP's situation) unless someone was actively looking for it.

I am interested in seeing where this goes.

That's one of the reasons I do not like QR codes.
legendary
Activity: 1218
Merit: 1007
and now I see this is a virus address , its a virus where u copy anything but this : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u will be pasted, no matter , what !

I just waited the moment this type of malware will occur. It's Windows, right? Wink
I can't say for sure if it windows, but the type of malware is ingenious to be honest. Most people would not look at the address twice to make sure its the right thing, so it is inconspicuous enough that it would not be noticed (As in OP's situation) unless someone was actively looking for it.

I am interested in seeing where this goes.
legendary
Activity: 888
Merit: 1000
Monero - secure, private and untraceable currency.
and now I see this is a virus address , its a virus where u copy anything but this : 19ZM2pjq6U4jVb283GZkCPNukjeyb2YZ2u will be pasted, no matter , what !

I just waited the moment this type of malware will occur. It's Windows, right? Wink
legendary
Activity: 1512
Merit: 1012
This is why I recommend getting something like an Intel NUC dedicated to bitcoin.

Put Linux on it, and do not run any browser plugins or extensions, and do not use Chrome for Linux (it is closed source) on it.

Such a PC should only be used for your bitcoin activity, not general browsing. Not even browsing this forum. Just use it for bitcoin.

You can run a wallet on your normal PC just like you can keep some fiat cash in your leather wallet, but keep the value low.

btw flash (even in Chrome) is dangerous because flash allows programs loaded from web pages to manipulate the clipboard. Get rid of flash even on computers that you don't use with bitcoin.

That seems to be a bit overkill. Basic security is enough for average quantities of Bitcoin. Even if you don't have any Bitcoin on your computer at all, the issue that the OP is talking about could happen too.

The cheapest Intel NUC seems to be at 99$, as per their website. For that price I'd think in buying a Trezor (which still doesn't avoid the issue OP talked about, but can keep your Bitcoins secure while being able to spend them on an online computer)

You don't necessarily need a new computer for offline cold storage, you can use an old one, your usual computer with a different disk or in live mode. There's also ledger and Raspberry's/Banana Pi/ODROID, etc.
legendary
Activity: 1274
Merit: 1004
Check browser extensions/unknown startup entries and remove them. You can use CCleaner for it.
legendary
Activity: 1806
Merit: 1164
Sorry for your troubles. Time to consider using a hardware wallet with a screen like Trezor.
Pages:
Jump to: