How to solve Bitcoin address copy paste problem

Posted on September 25th, 2022
Share this post:

How to solve Bitcoin address copy paste problem

Source


https://forums.malwarebytes.com/topic/253023-how-to-solve-bitcoin-address-copy-paste-problem/


Hi,

My name is Maurice. I will be helping and guiding you, going forward on this case.

Please follow my directions as we go along. Please do not do any changes on your own without first checking with me.

If you will be away for more than 3 consecutive days, do try to let me know ahead of time, as much as possible.

Please only just attach all report files, etc that I ask for as we go along.

Your pr runs Windows 10 build 1903. Here's the way to clear the Windows Clipboard history (and what is in memory for "paste" operations in Windows..

Tap the Windows-key on keyboard so that you see the Windows 10 search box.

In the search box, type in

clipboard settings

then tap Enter-key.

Click on Clipboard settings.

It will take you to clipboard settings.
Under “Clear clipboard data,” click the Clear button. Clear clipboard history

,

I noticed a number of logged events by the Windows 10 Windows Defender antivirus. Such as this one

Date: 2019-10-25 17:43:34.343
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PWS:Win32/Stimilina.E!bit&threatid=2147728120&enterprise=0
Name: PWS:Win32/Stimilina.E!bit
ID: 2147728120
Severity: Severe
Category: Password Stealer
Path: file:_C:UsersUSERAppDataLocalTemprebfrsxh.zfw.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:UsersUSERDesktopBitcoin Generator Skynova.exe
Security intelligence Version: AV: 1.305.576.0, AS: 1.305.576.0, NIS: 1.305.576.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

Question: What do you know about this file C:UsersUSERDesktopBitcoin Generator Skynova.exe

PWS:Win32/Stimilina.E!bit is a Microsoft classification. MS says This threat can steal your personal information, such as your user names and passwords. It sends the stolen information to a malicious hacker.

I would suggest to delete that file.

Since this machine has AVAST antivirus, & thus has disabled Windows Defender, I would suggest to you to download and save the Windows Defener OFFLINE to a USB ( or else, if you have a optical drive writer, to a CD or DVD ).

The goal is to download & save & then run the Windows Defender Offline. This is a antivirus / anti-malware from Microsoft & is a quite powerful one.

I am going to cite the references for it at Microsoft.

The download links are listed at the bottom of the article. The last part of the article addresses how to execute

https://support.microsoft.com/en-us/help/17466


What was the bottom line result of the Windows Defender scan ? Did it flag something ?

Beyond that, I also need precise specifics from you. You mention using Copy & paste. I have to know, what program are you on when you do the Copy step?

Is that in a text or word processor? or on a web browser ? if the latter, which one ?

and is it when on Crypto Tab browser ?

and, if on a web page, which web-page is that ?

In other words, I need all the details of what is being copied from & what application is the container of the information when you do the copy.

Please provide all that.

ALSO, I need for you to do this special scan.

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page. Click Scan Now
It will start a download of "esetonlinescanner_enu.exe"
Save the file to your system, such as the Downloads folder, or else to the Desktop.

Go to the saved file, and double click it to get it started.
When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

When prompted for scan type, Click on Full scan
Click on the radio selection "Enable ESET to detect and quarantine potentially unwanted applications" and click on Start scan button.

Have patience. The entire process may take an hour or more. There is an initial update download.
There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program. ( e.g. their standard program). You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items. If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files” ( in blue, at bottom).

Press Continue when all done. You should click to off the offer for “periodic scanning”.


.

NOTE: In this sub-forum, we can help you to check out your system for malware & remove malware that is found.

That we will do by doing a series of scans & other steps, as needed.

Over and above that, if no malware is around, I will need to refer you elsewhere for this "copy > paste" situation.


Please be sure that you have seen and done what I listed in my preceding reply. That includes answering my questions there and doing the ESET scan.

This is additional things to do.

lets do a special search.

We need to search for a few things with SystemLook:

Please download SystemLook (64-bit) by jpshortstuff and save it to your desktop

Right-click SystemLook_x64.exe and select Run as Administrator to start the tool.

If prompted by Windows UAC, please allow it to run.
If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.

COPY & paste the entire text into the main text box of SystemLook: all 5 lines in their entirety

:regfind

rundll32 C:UsersUSER

:filefind

d3dx11_31.dll

d3dx*.dll

Click the Look button to start the scan

When finished, a notepad window will open with the results of the scan.

A file will be created (on the same folder where you saved Systemlook_x64) with the results of the scan, named SystemLook.txt


I regret to read that there was a hitch with the ESET Online scan tool.

.

I would like for you to run a different tool ( Silentrunners ) to do a report about startup programs. It is just a report. IF you see or get any prompts questioning this tool, take the choice to allow it to Run.

Download silentrunners.vbs to your Desktop.
A zipped version can be found here.

  • If you used the zipped version, unzip (extract) the file to its own folder: C:Silent Runners.
  • Double-click the SilentRunners.vbs inside the folder or on your desktop to start.
  • A message box will appear asking if you want to skip the supplemental searches.
  • Press "No" to include them.
  • Another message box will appear saying: "Silent Runners has started. A message box like this will appear when its done." The tool will scan your system and create a log by default, in the same directory as the script or one your desktop. The log is named "Startup Programs (ComputerName) date/timestamp.txt".
  • When finished, the next message to appear will say: "All Done! the results are in the file..." (it will provide the full path location of the log.
  • Copy & paste the log in your next reply.

Note: If you have a script blocking program you may get a warning asking if you want to allow the script to run. Some will say "malicious script warning" or something to that effect. There is nothing malicious about this script, you can click to allow it to execute.

PS: My current thinking is that something ( perhaps a DLL file) is what is used that causes the chicanery on the COPY > Paste of BTC addresses.

Something that is stashed somewhere.


Thanks for that. Please locate & then send this next file as a attachment with your reply

C:UsersUSERAppDataLocalTempzip.vbs

Please start the Windows File Explorer and go to the folder C:WindowsLogsCBS

You will find the log-file CBS.log

with your mouse, click it one time so it has focus on the file. Then do a right-click with the mouse on CBS.log and select "Send to Compressed Files folder".

It will show a message to the effect that the zip file will be created on the DESKTOP.

Proceed with the selection. When done, CBS.zip will be on Desktop.

Please attach the CBS.zip file with your reply.


Thank you for the CBS log.

Let’s also please try to get and run a special tool from Microsoft. This is a different report tool.

It does not make changes. It will be just a report.

  • Please download Sysinternals Autoruns from here and save it to your desktop.
  • Note: you also need to do the following:
  • Right-click on Autoruns.exe and select Properties
  • Click on the Compatibility tab
  • Under Privilege Level check the box next to Run this program as an administrator
  • Click on Apply then click OK


Double-click Autoruns.exe to run it.
Once it starts, please press the Esc key on your keyboard.
Now that scanning is stopped, click on the Options button at the top of the program and select Filter Options...

In the Autoruns Filter Options dialogue, verify that the following are unchecked, if they are checked, uncheck them:

  • Include empty locations
  • Hide Microsoft entries
  • Hide Windows entries


Verify that the following is checked, if it is unchecked, check it:

  • Verify code signatures


Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.


Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
Attach the Autoruns.zip folder you just created to your next reply


After giving you the Autoruns.zip file i tried to copy and paste my BTC address and this time it didn't change into another address. it actually pasted my address. Thank you for your help. Can tell how can i protect my PC in the future, so this doesn't happen again.

Thank you for the Autoruns report. I am glad that the copy >paste issue has cleared. That was a unexpected but pleasant news.

You asked how to keep the PC protected.

The main thing for the immediate future is to keep a watch for Microsoft Windows Updates & for the upcoming November ( Fall) 2019 Windows Build 1909.

It should be coming out over the next few weeks.

And be sure you have Malwarebytes for Windows Premium & keep it current. And also follow safety best practices.

Best practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).


Free games & free programs are like "candy". We do not accept them from "strangers".


Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.


Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq




Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

Backup if your best friend. Be sure you do periodic backups of your system on offline media.

[ B ] Be real sure that Windows System Restore service is ON.

The earlier reports showed it to be off. Lets be sure to turn ON the Windows SYSTEM RESTORE Service. ( ENABLE it )

See this how-to https://www.tenforums.com/tutorials/99782-enable-disable-system-restore-windows.html

[ C ]

See this article on our Malwarebytes Blog
https://blog.malwarebytes.com/security-world/technology/2019/01/browser-push-notifications-feature-asking-abused/

You want to disable the ability of each web browser on this machine from being able to allow "push ads". That means Chrome, Firefox, or Edge browser (on Windows 10), or on Opera.

Scroll down to the tips section "How do I disable them".

IF this pc has CHROME:

I suggest you install the Malwarebytes Browser guard on to Chrome browser.

To get & install the Malwarebytes Browser Guard extension for Chrome,

Open this link in your Chrome browser:

https://chrome.google.com/webstore/detail/malwarebytes/ihcjicgdanjaechkgeegckofjjedodee

Then proceed with the setup.

IF this pc has FIREFOX:

To get & install the Malwarebytes Browser Guard Firefox extension.

Open this link in your Firefox browser:

https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/

Then proceed with the setup.



Source https://forums.malwarebytes.com/topic/253023-how-to-solve-bitcoin-address-copy-paste-problem/











Category:
IT , Technical Hacks etc

Posted on:
September 25th, 2022