Jump to content

BTC Clipper - Malwarebytes undetected


Go to solution Solved by Maurice Naggar,

Recommended Posts

Thanks for the great anti-virus and support. I am struggling with BTC clipper virus on relatively fresh Windwos instace. 

Both Malwarebytes and Microsoft Safety Scanner scanned zero threats, but the issue and vrus is persistent.  Ill include Farbar log and addition file in the attachment as well I could not spot anyting unusual.

 

Hopefully someone could shed some light for me here. 
Thanks in advance.

Addition.txt FRST.txt

Link to post
Share on other sites

  • Solution

Hello    :welcome:

Let me suggest these actions as starters for the issue you have described.

In the Windows 10 search box, type in

remote desktop

on the result list, look for Remote Desktop application app
and click on Run as Administrator

Click on Yes when prompted
on the folloring window, look at bottom right-side & click on "Show Options"
 

Next click on the tab "Local Resources"
and un- tick  the check box for Clipboard

Also:

Disabling Remote Desktop Services features
https://docs.microsoft.com/en-us/windows/win32/termserv/disabling-terminal-services-features

For enhanced security, you might choose to disable Remote Desktop Services features such as clipboard redirection and printer redirection for clients that connect to Remote Desktop Session Host (RD Session Host) servers using the Remote Desktop ActiveX Control.
 

 

  • Thanks 2
Link to post
Share on other sites

16 minutes ago, Maurice Naggar said:

Hello    :welcome:

Let me suggest these actions as starters for the issue you have described.

In the Windows 10 search box, type in


remote desktop

on the result list, look for Remote Desktop application app
and click on Run as Administrator

Click on Yes when prompted
on the folloring window, look at bottom right-side & click on "Show Options"
 

Next click on the tab "Local Resources"
and un- tick  the check box for Clipboard

Also:

Disabling Remote Desktop Services features
https://docs.microsoft.com/en-us/windows/win32/termserv/disabling-terminal-services-features

For enhanced security, you might choose to disable Remote Desktop Services features such as clipboard redirection and printer redirection for clients that connect to Remote Desktop Session Host (RD Session Host) servers using the Remote Desktop ActiveX Control.
 

 

WOW! That worked out of box seems the Workstation has been infected. I still can't believe this. I could have been spending days on this issue and would never think of this. Your knowledge is beyond amazing! Thank you.

Link to post
Share on other sites

Good to know !    Let me suggest one simple, easy scan with the Malwarebytes Adwcleaner to check for adwares, just in case.

Be sure you close all web browsers before you click on the "Scan" button on this next procedure.

I  would suggest to download, Save, and then run Malwarebytes ADWCLEANER.

Please close Chrome and all other open web browsers after you have saved the Adwcleaner and before you start Adwcleaner scan.

Adwcleaner  detects factory Preinstalled applications too!

 

Please download  Malwarebytes AdwCleaner  https://downloads.malwarebytes.com/file/adwcleaner
 

Be sure to Save the file first, to your system.  Saving to the Downloads folder should be the default on your system.

 

Go to the folder where you saved Adwcleaner. Double click Adwcleaner  to start it.

At the prompt for license agreement, review and then click on I agree.

 

You will then see a main screen for Adwcleaner. ( if you do not see it right away, minimized the other open windows, so you can see Adwcleaner).

Then click on Dashboard button.

Click the blue button "Scan Now".

 

allow it a few minutes to finish the Scan.   Let it remove what it finds.

NOTE:  When it comes to the section "

Pre-installed applications

 

You can skip that.

Please find and send the Adwcleaner "C" clean report.

In Adwcleaner, click the "Reports" button.  Look at the list of reports for the latest date & type "Clean".

Double Click that line & it will open in Notepad.   Save the file to your system and then Attach that with your reply.

 

That C clean report will be the one with the most recent Date and time at folder  C:\AdwCleaner\Logs

Thanks.  Keep me advised.

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.