Is your clipboard pasting the string “89N3PDyZzakoH7W6n8ZrjGDDktjh8iWFG6eKRvi3kvpQ” when you copy and paste something on your Windows computer? Does this string replace the wallet address that you copy to the clipboard when you try to make a cryptocurrency transaction? If so, it is likely that your computer has been infected and your clipboard has been hijacked. But how?
In this article, we will explain how clipboard hijacking works, how hijackers invade your computer, and how you can avoid financial loss by removing them. Let us begin.
How does clipboard hijacking work?
Clipboard hijacking involves scammers seizing their targets’ clipboards. Once the clipboard has been compromised, a specific string or address replaces the copied data every time a user copies something to the copy-paste buffer. So when the user pastes it, the result is different from the original copied text.
Most hijackers are programmed to activate only when the victim makes a cryptocurrency transaction, and the strings they receive belong to cryptocurrency wallets. Upon activation, the hijacker replaces the wallet address the user copied with the string the hijacker has in its memory.
Cryptocurrency wallet addresses tend to be random and complex, making it easy for users to miss them when pasting. Therefore, users end up making a transaction in the wrong wallet. This is how scammers make money from clipboard hijacking.
How does the hijacker in question work?
In general, clipboard hijackers are triggered when a user tries to make a cryptocurrency transaction or copies a cryptocurrency wallet address. This particular hijacker is activated even when a person copies random text, not just wallet addresses.
The reason is that this hijacker is not fully developed and has flaws that prevent it from doing what it is supposed to do, i.e. it is only activated during cryptocurrency transactions and makes it easy to steal cryptocurrency funds. But that also makes the hijacker easily detectable when it invades your computer.
The main question is, how does the hijacker enter your computer?
How does a clipboard hijacker invade your computer?
In most cases, hijackers enter the computer when combined with other applications that users download from unsafe websites. So if you are sure that your clipboard has been hijacked, it is likely that the hijacker was installed together with another app that you downloaded from a third-party site.
But what should you do if you find your clipboard pasting this string?
How to remove a clipboard hijacker that is pasting a garbled string
To completely remove “89N3PDyZzakoH7W6n8ZrjGDDktjh8iWFG6eKRvi3kvpQ” clipboard hijacker from your system, follow the steps below in the same sequence:
1. Disable any suspicious processes running in Task Manager
When your clipboard gets hijacked, you will often notice a suspicious background process running in your Windows Task Manager. In this particular case, AutoIt v3 Script (32-bit) is a malware process associated with clipboard hijacker, which pastes this specific string. Therefore, disabling it in Task Manager will most likely prevent the hijacker from continuing its work.
Follow the steps below to properly disable the AutoIt v3 Script (32-bit) process in Task Manager.
- Right click on Windows beginning button and select Task Manager.
- Locate the AutoIt Script v3 (32-bit) process in the Background processes ready.
- After finding it, select it and press Final task.
2. Scan your computer for viruses
Ending the process AutoIt v3 Script (32-bit) stops the hijacker from running. However, if the hijacker is still present on your computer, you can start the process again. Therefore, it is imperative to completely remove the hijacker from your computer. To do that, you need to run a malware scan on your computer.
You can use free or premium antivirus software for a virus scan, but we recommend that you use Microsoft Defender’s built-in offline scan in Windows to remove malicious files. Once the scan is complete and you are sure the computer is virus free, continue to the next step.
3. Remove Unreliable Apps You Recently Installed
The Microsoft Defender offline scan is likely to remove infected files, but you should verify that all apps and software you installed from untrusted sources have been removed.
You can confirm this by following the steps below:
- Right-click on Windows beginning button and select Settings.
- In the left sidebar, select Applications.
- In the right panel, click Applications and features.
- Locate any untrusted apps.
- Click on the three vertical dots next to the app name and tap uninstall.
In addition to uninstalling untrusted apps, you should check for suspicious apps that you don’t remember installing. These malware-infected apps hide from malware scans and go unnoticed. So, make sure no such app resides on your device, or they can hijack your clipboard again.
4. Scan your browser for hijackers
While you may have uninstalled the suspicious apps, disabled the suspicious processes in Task Manager, and scanned your PC for viruses, you’re not done yet; You should also make sure that your browser has not been hijacked. Unless you clean the hijacked browser, an infected browser will hijack your clipboard again.
To clean your hijacked browser, you can refer to our article explaining steps to remove Quick Search Tool hijacker from all browsers for reference as these instructions work for any hijacker you may have.
5. Clear your clipboard history
The last step is to clear the clipboard history to make sure this suspicious string is not left behind. For more details on how to do that, you can check out our guide on how to manage your Windows clipboard like a pro, which explains how to clean up your clipboard history.
How to prevent your clipboard from being hijacked again
While the above steps will help you remove the hijacker from your system, make sure that it does not infiltrate your PC again. Keep your device safe by following these tips:
- Never download files from untrusted websites and always use official sources.
- Don’t download pirated software, even if the website offers a free premium.
- Keep your operating system up to date at all times.
- Use online tools like VirusTotal to scan the download link before downloading files.
- Keep Microsoft Defender turned on at all times.
Keep your computer safe from suspicious hijackers
With our guide, you’ll hopefully understand why your clipboard is pasting this annoying string instead of the copied text. Also, now you know how to get rid of the hijacker and clean your clipboard.
There is no doubt that scammers are getting smarter with each passing day. So spread the word about this kidnapper and make sure no one in his family becomes a victim.