OP 06 March, 2024 - 03:55 AM
Hello guys, i been facing this problem sometimes and i thinked and seeing that the guide posted on the forum is now obsolete since anonfiles no longer works i decided to write this guide
i solved it personally by checking these directories, and reading up on the source codes of vary clipper, those are the general directories where they hide, I hope it can help you
![[Image: PepeBlush.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fstatic.cracked.io%2Fimages%2Fsmilies%2FPepeBlush.png)
What is a Bitcoin Clipper/Crypto Clipper?:
i solved it personally by checking these directories, and reading up on the source codes of vary clipper, those are the general directories where they hide, I hope it can help you
What is a Bitcoin Clipper/Crypto Clipper?:
it is a virus that targets your clipboard, changing the crypto address if you copy one with the spreader's address.
How can I know if I have and remove it?:
There are various methods, to understand if you are infected by it just copy any crypto address, if it changes when you paste it somewhere else then you are infected
if you have it first, go check these paths. and check for any suspicious files, .py or .exe files with unknown names:
C:/Users/User/AppData/
C:/Users/User/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/
after having verified that there are no suspicious files, or you have deleted the suspicious files, go and check these registry keys to see if there are any unknown registry keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
may also use other Registry keys like:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
How can I know if I have and remove it?:
There are various methods, to understand if you are infected by it just copy any crypto address, if it changes when you paste it somewhere else then you are infected
if you have it first, go check these paths. and check for any suspicious files, .py or .exe files with unknown names:
C:/Users/User/AppData/
C:/Users/User/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/
after having verified that there are no suspicious files, or you have deleted the suspicious files, go and check these registry keys to see if there are any unknown registry keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
may also use other Registry keys like:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\User Shell Folders
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
bored
![[Image: pepeokay.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fstatic.cracked.io%2Fimages%2Fsmilies%2Fpepeokay.png)