Is your clipboard pasting the string "89N3PDyZzakoH7W6n8ZrjGDDktjh8iWFG6eKRvi3kvpQ" when you copy-paste anything on your Windows computer? Does this string replace the wallet address you copy to the clipboard when you try to make a cryptocurrency transaction? If so, your computer has likely become infected, and your clipboard has been hijacked. But how?

In this article, we'll explain how clipboard hijacking works, how hijackers invade your computer, and how you can prevent financial loss by removing them. Let's get started.

How Does Clipboard Hijacking Work?

Image of clipboard with paper with the title Contact list beside a laptop and pen

Clipboard hijacking involves scammers confiscating their targets' clipboards. Once the clipboard has been compromised, a specific string or address replaces the copied data whenever a user copies anything into the copy-paste buffer. So, when the user pastes it, the output is different from the original copied text.

Most hijackers are programmed to activate only when the victim makes a cryptocurrency transaction, and the strings they are fed belong to cryptocurrency wallets. Upon activation, the hijacker replaces the wallet address the user copied with the string the hijacker has in its memory.

Cryptocurrency wallet addresses tend to be random and complex, making it easy for users to overlook them when pasting. Therefore, users end up making a transaction in the wrong wallet. That's how scammers make money from clipboard hijacking.

How Does the Hijacker in Question Operate?

In general, clipboard hijackers are activated when a user attempts to make a cryptocurrency transaction or copies a cryptocurrency wallet address. This particular hijacker activates even when a person copies a random text, not just wallet addresses.

The reason is that this hijacker isn't fully developed and has flaws that prevent it from doing what it's supposed to, i.e., only get activated during cryptocurrency transactions and facilitate the theft of cryptocurrency funds. But that also makes the hijacker easily detectable when it invades your computer.

The main question is, how does the hijacker enter your computer?

How Does a Clipboard Hijacker Invade Your Computer?

In most cases, hijackers enter the computer when they are bundled with other applications that users download from unsafe websites. So, if you are certain your clipboard has been hijacked, the hijacker was likely installed along with another application you downloaded from a third-party site.

But what should you do if you encounter your clipboard pasting this string?

How to Remove a Clipboard Hijacker That's Pasting a Garbled String

To completely remove the "89N3PDyZzakoH7W6n8ZrjGDDktjh8iWFG6eKRvi3kvpQ" clipboard hijacker from your system, follow the steps below in the same sequence:

1. Disable Any Suspicious Processes Running in the Task Manager

When your clipboard is hijacked, you'll often notice a fishy background process running in your Windows Task Manager. In this particular case, the AutoIt v3 Script (32-bit) is a malware process associated with the clipboard hijacker, which pastes this specific string. Thus, disabling it in the Task Manager will likely stop the hijacker from continuing its work.

Follow the steps below to disable the AutoIt v3 Script (32-bit) process correctly in Task Manager.

  1. Right-click on the Windows Start button and select Task Manager.
  2. Locate the AutoIt v3 Script (32-bit) process in the Background processes list.
  3. After finding it, select it and hit End task.

2. Scan Your Computer for Viruses

Ending the AutoIt v3 Script (32-bit) process stops the hijacker from running. However, if the hijacker is still present on your computer, it may initiate the process again. Hence, it's imperative to remove the hijacker from your computer completely. To do that, you should run a malware scan on your computer.

You can use free or premium antivirus software for a virus scan, but we recommend you use the built-in Microsoft Defender offline scan on Windows to remove malicious files. Once the scan is complete, and you're sure the computer is now virus-free, move on to the next step.

3. Delete Untrusted Apps You Installed Recently

Microsoft Defender's offline scan will likely remove the infected files, but you should double-check that any apps and software you've installed from untrusted sources have been removed.

You can confirm this by following the steps below:

  1. Right-click the Windows Start button and select Settings.
  2. From the left sidebar, select Apps.
  3. In the right-hand pane, click Apps & features.
  4. Locate any untrusted apps.
  5. Click the three vertical dots next to the app's name, and hit Uninstall.
    Uninstalling an App in Windows Settings

Besides uninstalling untrusted apps, you should check for any suspicious apps you don't recall installing. Such malware-infected apps hide from malware scans and go undetected. Therefore, ensure no such app resides on your device, or they may hijack your clipboard again.

4. Scan Your Browser for Hijackers

While you might have uninstalled the shady applications, disabled fishy processes in Task Manager, and scanned your PC for viruses, you aren't done yet; you must also ensure that your browser hasn't been hijacked. Unless you clean the hijacked browser, an infected browser will again hijack your clipboard.

For cleaning your hijacked browser, you can refer to our article explaining the steps to remove the Quick Search Tool hijacker from all browsers as a reference since these instructions work for any hijacker you may have.

5. Clear Your Clipboard's History

The last step is to clear the clipboard history to ensure this suspicious string isn't left behind. For more details on how to do that, you can look at our guide on managing your Windows clipboard like a pro, which explains how to clean your clipboard history.

How to Avoid Getting Your Clipboard Hijacked Again

While the above steps will help you remove the hijacker from your system, ensure it doesn't infiltrate your PC again. Keep your device safe by following these tips:

  1. Never download files from untrusted websites, and always use official sources.
  2. Don't download cracked software, even if the website offers a free premium.
  3. Keep your operating system up-to-date at all times.
  4. Use online tools such as VirusTotal to scan the download link before downloading files.
  5. Keep Microsoft Defender turned on at all times.

Keep Your Computer Safe From Suspicious Hijackers

With our guide, you will hopefully understand why your clipboard is pasting this annoying string instead of the copied text. In addition, you now know how to get rid of the hijacker and clean your clipboard.

There is no doubt that scammers are getting smarter with every passing day. Therefore, spread the word about this hijacker and ensure no one in your family becomes a victim.