Remove AnarchyGrabber Malware (2021 Virus Removal Guide)

AnarchyGrabber — recently updated Discord password-stealing malware

Contents

AnarchyGrabber — recently updated Discord password-stealing malware
- Learn to identify Discord malware
- Malware description
Stay away from suspicious links on Youtube video descriptions and shady websites
AnarchyGrabber malware removal process

AnarchyGrabber Stealer is an infamous password-stealing virus that targets Discord users and has recently been updated (a.k.a AnarchyGrabber3). Both versions of this cyber threat aim to steal various social media and other passwords in order to transfer them to the cybercriminals. Experts note that it is relatively hard to detect the malware as it hides its presence by modifying legitimate Discord JavaScript files on the computer.

According to the researchers’ review, attackers distribute this virus by uploading malicious links on dubious sites, YouTube video descriptions, and sending direct messages to people on the infected account’s friend list. Once infiltrated, it aims to embed a malicious code onto Index.js file located in %AppData%\Discord\[version]\modules\discord_desktop_core\ directory.

AnarchyGrabber is a Discord virus that aims to steal passwords.

The updated version is now capable to steal e-mail and IP addresses, phone numbers, account tokens and search for all passwords saved in plain-text format. Likewise, people who got infected with AnarchyGrabber virus might suffer from personal information and financial losses. Additionally, there is a strong risk that user’s friends might also get infected as the developers send links with malware executables to all online contacts.

Therefore, it is essential to spot and recognize the infection as quickly as possible in order to avoid further spread. You must remove AnarchyGrabber and related components fully so that the malware would not reappear on the system. Later, it is essential to change passwords on all accounts so that the attackers would not get a hold of them and cause even more damage.

Learn to identify Discord malware

Developers designed the Anarchy Grabber malware to hide its presence on the infected computer by modifying legitimate Discord JavaScript files. You can still detect it by navigating to %AppData%\Discord\[version]\modules\discord_desktop_core\ directory and opening Index.js file via the Notepad.

Original Index.js file should contain only one line — module.exports = (‘./asar.js’). If there is any other text below the given line, it means that your computer has been infected with Anarchy Grabber password-stealing malware. Additionally, you can confirm the infection by searching for 4n4rchy folder in the same Discord directory.

Once the malware is in your computer’s system, it will log you out of Discord by force. Under any circumstances, do NOT re-login. If you enter your password, it will immediately collect it and transfer it to the cybercriminals. Additionally, logging in enables other malicious scripts that help steal further information from your computer.

Anarchy Grabber Trojan modifies *index.js* file and embeds a malicious code inside.

In case your antivirus quarantined and eliminated this cyber threat, you are still not safe. There is a strong chance that the malware entered the system together with another malicious program. You should run a full system scan to find the related application and get rid of it as well.

Later, you must uninstall and reinstall Discord application along will all related files. Secondly, change your account’s password as it is likely that the software will regenerate the same stolen token. We highly recommend performing AnarchyGrabber removal with RESTORO as it can also help you fix the damage this virus has caused.

Malware description

Name	AnarchyGrabber Stealer
Type	Discord password-stealing malware
Other names	AnarchyGrabber3
Affected files	Index.js
Distribution methods	Spotted spreading via malicious links on shady websites and Youtube video descriptions as well as incorporated into questionable software
Symptoms	Designed to operate in stealth mode; yet, if you are logged out of your Discord account without any reason, check your system immediately
Targeted data	E-mail and IP addresses, phone numbers, account token, and passwords in plain-text format
Removal	Uninstall this virus with a professional antivirus. You can run a full system scan with RESTORO right away

Stay away from suspicious links on Youtube video descriptions and shady websites

Even though there is still not much information on how this new cyber threat spreads, experts have already identified the currently used distribution method — malicious links that start an automatic installation of AnarchyGrabber malware. Once it is clicked, the computer downloads and installs the virus without further notice.

Usually, people can encounter such links on dubious websites that are not verified and marked Not Secured next to the URL address. We strongly recommend avoiding to visit any questionable pages and avoid clicking on suspicious links at all times. Otherwise, there is a strong risk that you will infect your computer with various types of malicious programs, including ransomware, adware, and others.

Furthermore, our security team warns about a relatively new method to spread password-stealing malware. Cybercriminals started to upload the malicious links on various Youtube video descriptions. Therefore, you must always be aware of the potential threats lurking on the Internet.

Here is a quick reminder of activities to avoid if you want to protect your system:

Stop browsing on unverified sites;
Never press on unidentified links;
Download applications only from secure websites;
Never install software cracks from peer-to-peer (P2P) portals;
Do not click on advertisements that pop up while browsing;
Schedule regular computer system scans with an antivirus.

AnarchyGrabber malware removal process

The most dangerous aspect of this malware is that it is designed to avoid detection by antivirus software. AnarchyGrabber removal process consists of two parts where both, manual and automatic elimination is required. This way you can be sure that you have uninstalled the malware and protected your accounts along with information in them.

Start the first part of the removal process by installing a professional and strong antivirus program. If you already have one, please open it and start an entire system check to detect virus-related elements. The security software should quarantine and remove Anarchy Grabber Stealer for you.

The second part of the process requires you to uninstall Discord application and getting rid of related files. Later, reinstall the software by downloading a new executable file from the official website. You must also change your Discord’s account password to make sure that the attackers cannot access it.

Finally, you should create new passwords for all other accounts that you use since it is impossible to detect which passwords have been stolen. Otherwise, cybercriminals can hijack your social media or online banking and cause significant damage. You can follow the steps below to make sure that you complete malware removal correctly.

OUR GEEKS RECOMMEND

Our team recommends a two-step rescue plan to remove ransomware and other remaining malware from your computer, plus repair caused virus damage to the system:

STEP 1. REMOVE AUTOMATICALLY WITH ROBUST ANTIVIRUS

REMOVE & PROTECT WITH INTEGO

Get INTEGO ANTIVIRUS for Windows to remove ransomware, Trojans, adware and other spyware and malware variants and protect your PC and network drives 24/7.. This VB100-certified security software uses state-of-art technology to provide protection against ransomware, Zero-Day attacks and advanced threats, Intego Web Shield blocks dangerous websites, phishing attacks, malicious downloads and installation of potentially unwanted programs.

Use INTEGO Antivirus to remove detected threats from your computer.

Read full review here.

STEP 2. REPAIR VIRUS DAMAGE TO YOUR COMPUTER

DOWNLOAD RESTORO

RESTORO provides a free scan that helps to identify hardware, security and stability issues and presents a comprehensive report which can help you to locate and fix detected issues manually. It is a great PC repair software to use after you remove malware with professional antivirus. The full version of software will fix detected issues and repair virus damage caused to your Windows OS files automatically.

RESTORO uses AVIRA scanning engine to detect existing spyware and malware. If any are found, the software will eliminate them.

Read full review here.

GeeksAdvice.com editors select recommended products based on their effectiveness. We may earn a commission from affiliate links, at no additional cost to you. Learn more.

AnarchyGrabber Removal Guidelines

Method 1. Enter Safe Mode with Networking

Step 1. Start Windows in Safe Mode with Networking

Before you try to remove the virus, you must start your computer in Safe Mode with Networking. Below, we provide the easiest ways to boot PC in Safe Mode with Networking, but you can find additional ones in this in-depth tutorial on our website – How to Start Windows in Safe Mode. Also, see a video tutorial on how to start Windows in Safe Mode:

Instructions for Windows XP/Vista/7 users

First of all, turn off your PC. Then press the Power button to start it again and instantly start pressing F8 button on your keyboard repeatedly in 1-second intervals. This launches the Advanced Boot Options menu.
Use arrow keys on the keyboard to navigate down to Safe Mode with Networking option and press Enter.

Instructions for Windows 8/8.1/10 users

Open Windows Start menu, then press down the Power button. On your keyboard, press down and hold the Shift key, and then select Restart option.
This will take you to Windows Troubleshoot screen. Choose Troubleshoot > Advanced Options > Startup Settings > Restart. Tip: If you can't find Startup Settings, click See more recovery options.
In Startup Settings, press the right key between F1-F9 to enter Safe Mode with Networking. In this case, it is the F5 key.

Step 2. Remove files associated with the virus

Now, you can search for and remove AnarchyGrabber files. It is very hard to identify files and registry keys that belong to the virus, Besides, malware creators tend to rename and change them repeatedly. Therefore, the easiest way to uninstall such type of a computer virus is to use a reliable malware removal program. We recommend using SYSTEM MECHANIC ULTIMATE DEFENSE , which can also restore deleted files. Additionally. we recommend repairing virus damage using RESTORO.

Special Offer

DOWNLOAD AND SCAN

Compatibility: Microsoft Windows
See Full Review

RESTORO is a unique PC Repair Tool which comes with an in-built Avira scan engine to detect and remove spyware/malware threats and uses a patented technology to repair virus damage. The software can repair damaged, missing or malfunctioning Windows OS files, corrupted DLLs, and more. The free version offers a scan that detects issues. To fix them, license key for the full software version must be purchased.

Method 2. Use System Restore

In order to use System Restore, you must have a system restore point, created either manually or automatically.

Step 1. Boot Windows in Safe Mode with Command Prompt

Instructions for Windows XP/Vista/7 users

Shut down your PC. Start it again by pressing the Power button and instantly start pressing F8 button on your keyboard repeatedly in 1-second intervals. You will see Advanced Boot Options menu.
Using arrow keys on the keyboard, navigate down to Safe Mode with Command Prompt option and press Enter.

Instructions for Windows 8/8.1/10 users

Launch Windows Start menu, then click the Power button. On your keyboard, press down and hold the Shift key, and then choose Restart option with the mouse cursor.
This will take you to Windows Troubleshoot screen. Choose Troubleshoot > Advanced Options > Startup Settings > Restart. Tip: If you can't find Startup Settings, click See more recovery options.
In Startup Settings, press the right key between F1-F9 to enter Safe Mode with Command Prompt. In this case, press F6 key.

Step 2. Start System Restore process

Wait until system loads and command prompt shows up.
Type cd restore and press Enter, then type rstrui.exe and press Enter. Or you can just type %systemroot%system32restorerstrui.exe in command prompt and hit Enter.
This launches System Restore window. Click Next and then choose a System Restore point created in the past. Choose one that was created before the malware infiltration.
Click Yes to begin the system restoration process.

After restoring the system, we recommend scanning the system with antivirus or anti-malware software. In most cases, there won't be any malware remains, but it never hurts to double-check.

Disclaimer. This site includes affiliate links. We may earn a small commission by recommending certain products, at no additional cost for you. We only choose quality software and services to recommend.

Scott Bolton

Scott Bolton is a senior content strategist in our Geek’s Advice team. He is exceptionally passionate about covering the latest information technology themes and inspire other team members to follow new innovations. Despite the fact that Scott is an old-timer among the Geeks, he still enjoys writing comprehensive articles about exciting cybersecurity news or quick tutorials.