ComboJack Cryptojacking

Posted by Sarah Stewart on June 20, 2018

What is ComboJack Cryptojacking?

No doubt cyber criminals have not stopped developing Trojan infections hijacking clipboards because ComboJack Cryptojacking has been detected recently by researchers. This malicious application is very similar to CryptoShuffler – it monitors clipboards on affected computers so that it could replace the copied wallet address with the one belonging to cyber criminals behind it. Since ComboJack Cryptojacking is a Trojan infection, it tends to slither onto users’ computers unnoticed. Once it is inside the system, it starts working immediately, but it does not mean that you will see a program’s window opened on your screen. Most probably, it will take some time for you to find out about the successful entrance of this malicious application because it tries hard to stay unnoticed and performs activities completely in the background. This explains why it manages to steal users’ money in a short time. Even though this threat tries to stay unnoticed, it does not mean that there are no symptoms indicating its presence. You should find a new suspicious process in Task Manager if ComboJack Cryptojacking is active on your computer, and, on top of that, it should be possible to locate the executable file under the name NVDisplay.Container.exe in %TEMP%. If it has turned out that you have encountered ComboJack Cryptojacking, you must remove it from your system as soon as possible. Do not be naïve – it will not disable itself in the near future.

What does ComboJack Cryptojacking do?

ComboJack Cryptojacking is another Trojan infection that hijacks clipboards, as has been mentioned in the previous paragraph. Crooks know well that users usually copy and paste the intended wallet address into the box next to the Recipient line located on the payment page, so they have decided to create a threat that replaces the copied wallet address with the one that belongs to them. As a consequence, the attacker receives the money sent instead of the intended recipient. Unfortunately, there is not much users can do to get their money back. Actually, it usually takes time for them to realize that they have sent money to cyber criminals. Since users can copy anything to their clipboards, ComboJack Cryptojacking has been set to recognize wallet addresses only. Specifically speaking, it inspects the length of all copied texts and checks letters/numbers they start with. As researchers have managed to notice, ComboJack Cryptojacking is a malicious application that targets cryptocurrency wallets mainly; however, according to them, it might cause problems to Yandex and WebMoney users too.

Where does ComboJack Cryptojacking come from?

It seems that ComboJack Cryptojacking does not differ much from other malicious applications – it is also mainly distributed via spam emails. Some users claim that the email received contained the PDF file asking them to identify the owner of the lost password. Without a doubt, another convincing email might be sent to users expecting that they will open it and thus end up with ComboJack Cryptojacking. Needless to say, users do not know anything about the entrance of this malicious application. As mentioned, ComboJack Cryptojacking works completely in the background too, so it usually manages to steal some money before it gets caught. You can scan your system with a diagnostic antimalware scanner to find out whether you have this infection active on your computer, or you can check directories it tends to drop its files to yourself. Research conducted by our malware analysts has shown that this infection drops the NVDisplay.Container.exe file to %TEMP%. Also, the same file can be found in %ALLUSERSPROFILE%\NVIDIA and %ALLUSERSPROFILE%\Application Data. Can you locate it? If so, ComboJack Cryptojacking must be installed on your system and working in the background. Do not leave it like this – remove it ASAP.

How to delete ComboJack Cryptojacking

ComboJack Cryptojacking is considered a harmful malicious application, but its removal should not be very complicated since you will disable it by removing its main executable file (NVDisplay.Container.exe). Our manual removal guide (see below) will help you to erase this infection in the blink of an eye, but you can adopt an alternative removal method – delete the Trojan infection automatically. We leave the final decision to you.

ComboJack Cryptojacking removal guide

  1. Open Windows Explorer by pressing Win+E on your keyboard simultaneously.
  2. Type %TEMP% in the URL bar and press Enter to open it.
  3. Delete NVDisplay.Container.exe.
  4. Check %ALLUSERPROFILE%\NVIDIA and %ALLUSERSPROFILE%\Application Data.
  5. If you can locate NVDisplay.Container.exe, delete it from these directories.
  6. Empty Trash. 100% FREE spyware scan and
    tested removal of ComboJack Cryptojacking*
Disclaimer
Disclaimer
Trojans

Leave a Comment

Enter the numbers in the box to the right *