AnarchyGrabber Stealer turns Discord client into password stealer (Removal guide)

What is AnarchyGrabber Stealer?

Experienced security experts has determined that AnarchyGrabber Stealer is a trojan (malicious software) aimed at users using the Discord VoIP application. This trojan is distributed on forums, links to videos posted on YouTube, as well as messages are sent via Discord from already infected computers. AnarchyGrabber Stealer is created to steal user accounts, has the ability to change computer settings and prevent detection by changing the settings of the Discord client.

The security researchers found that AnarchyGrabber Stealer changes the settings of the Discord client, namely its some JavaScript files, to prevent detection by antivirus software. It modifies client files by adding malicious code to them. AnarchyGrabber Stealer modifies the index.js file, which is located in the Discord directory, namely in the “%AppData%\Discord\[version]\modules\discord_desktop_core\” directory. Upon starting an infected Discord client, this modified “index.js” file is also loaded by the client. This leads to the fact that when a user connects to the Discord network, the malicious code automatically delivers user data (tokens) to the AnarchyGrabber Stealer authors through a separate channel controlled by cyber criminals. Having a stolen user token, attackers gain the ability to control everything that is sent through the Discord client, which means they can potentially gain access to the user’s personal data and contacts, personal messages, confidential information, and so on. Criminals can also use clients that are hacked by AnarchyGrabber Stealer to spread this trojan, as well as other malware, trojans and spyware, as well as trick users into downloading malware by sending fake direct messages to them.

It is important, do not use your PC system while it’s infected by AnarchyGrabber Stealer, as it can lead to the loss of important personal files or the complete failure of the PC system. The best option is to use the steps posted below to free your computer of malware and thereby restore the computer to the state before infection with the AnarchyGrabber Stealer.

Threat Summary

Name	AnarchyGrabber Stealer
Type	trojan, spyware, Discord accounts stealer
Detection Names	Gen:Variant.MSILPerseus.197198, TrojanPSW:MSIL/Discord.becd3a67, TR/PSW.Agent.bpkyh, Gen:Variant.MSILPerseus.197198, W32/Razy.EM.gen!Eldorado, Trojan.PWS.DiscordNET.2, Trojan-Spy.AnarchyGrabber, HEUR:Trojan-PSW.MSIL.Agent.gen
Symptoms	Malware similar to AnarchyGrabber Stealer is designed in such a way that in most cases there are practically no noticeable signs of infection, nevertheless, the following signs of infection that are characteristic of any malware are possible: unknown and suspicious processes in the task manager, decreased computer performance, complaints from other Discord users that they receive suspicious messages from the user with malicious links inside
Damage	stolen contacts, passwords and personal information
Removal	AnarchyGrabber Stealer removal guide

How to Remove AnarchyGrabber Stealer

Fortunately, we have an effective solution that will help you remove AnarchyGrabber Stealer from your personal computer and bring your computer settings back to normal. Below you will find a removal instructions with all the steps you may need to successfully remove this trojan and its traces. Some of the steps will require you to reboot your PC or close this web page. So, read this guidance carefully, then bookmark this page or open it on your smartphone for later reference.

To remove AnarchyGrabber Stealer, perform the steps below:

1. Uninstall dubious apps using MS Windows Control Panel
2. Remove AnarchyGrabber Stealer with Zemana Anti Malware
3. Scan and clean your computer of virus with Hitman Pro
4. Use MalwareBytes to remove AnarchyGrabber Stealer
5. Reset Internet Explorer
6. Reset Firefox
7. Reset Google Chrome
8. Use AdBlocker to stay safe online
9. To sum up

Uninstall dubious apps using MS Windows Control Panel

First, go to Windows Control Panel and remove dubious apps, all applications you do not remember installing. It’s important to pay the most attention to software you installed just before AnarchyGrabber appeared on your computer. If you do not know what a program does, look for the answer on the Net.

Make sure you have closed all web-browsers and other apps. Press CTRL, ALT, DEL keys together. Click Task Manager. Select the “Processes” tab, look for something suspicious that is a process associated with AnarchyGrabber Stealer then right-click it and select “End Task” or “End Process” option.

Click on the “Processes” tab, look for something questionable that is the AnarchyGrabber Stealer related process then right-click it and select “End Task” or “End Process” option. In many cases, malicious software masks itself to avoid detection by imitating legitimate Windows processes. A process is particularly suspicious: it’s taking up a lot of memory (despite the fact that you closed all of your applications), its name is not familiar to you (if you are in doubt, you can always check the program by doing a search for its name in Google, Yahoo or Bing).

Next, delete any unwanted and suspicious applications from your Control panel.

Windows 10, 8.1, 8

Now, click the Windows button, type “Control panel” in search and press Enter. Choose “Programs and Features”, then “Uninstall a program”.

Look around the entire list of programs installed on your computer. Select the suspicious application or the application that name is not familiar to you and remove it.

Windows Vista, 7

From the “Start” menu in Windows, select “Control Panel”. Under the “Programs” icon, choose “Uninstall a program”.

Choose the suspicious or any unknown applications, then click “Uninstall/Change” button to remove this unwanted application from your computer.

Windows XP

Click the “Start” button, select “Control Panel” option. Click on “Add/Remove Programs”.

Choose an unwanted application, then press “Change/Remove” button. Follow the prompts.

Remove AnarchyGrabber Stealer with Zemana Anti Malware

Zemana AntiMalware (ZAM) highly recommended, because it can find security threats such spyware and trojans that most ‘classic’ antivirus apps fail to pick up on. Moreover, if you have any AnarchyGrabber Stealer removal problems which cannot be fixed by this utility automatically, then Zemana provides 24X7 online assistance from the highly experienced support staff.

Please go to the following link to download the latest version of Zemana AntiMalware for Microsoft Windows. Save it to your Desktop so that you can access the file easily.

Once downloading is finished, close all programs and windows on your PC system. Double-click the setup file named Zemana.AntiMalware.Setup. If the “User Account Control” dialog box pops up as on the image below, click the “Yes” button.

It will open the “Setup wizard” which will help you setup Zemana Free on your PC system. Follow the prompts and don’t make any changes to default settings.

Once install is done successfully, Zemana will automatically start and you can see its main screen like below.

Now click the “Scan” button . Zemana Anti Malware tool will start scanning the whole machine to find out the AnarchyGrabber Stealer, other kinds of potential threats like spyware and trojans. Depending on your personal computer, the scan may take anywhere from a few minutes to close to an hour. During the scan Zemana Anti-Malware will search for threats present on your computer.

After Zemana AntiMalware has finished scanning, you’ll be shown the list of all found items on your computer. Once you’ve selected what you want to remove from your computer click “Next” button. The Zemana AntiMalware (ZAM) will remove AnarchyGrabber Stealer, other kinds of potential threats like malicious software and trojans. When disinfection is finished, you may be prompted to reboot the machine.

Remove AnarchyGrabber Stealer with Hitman Pro

If Zemana AntiMalware (ZAM) cannot delete AnarchyGrabber Stealer, then we recommends to run the HitmanPro. The HitmanPro is a free powerful, professional removal tool for spyware, adware, potentially unwanted programs, trojans as well as malware related files, folders and registry keys. It completely removes all traces and remnants of the AnarchyGrabber Stealer infection.

Visit the following page to download the latest version of Hitman Pro for Windows. Save it to your Desktop.

When downloading is finished, open the file location. You will see an icon like below.

Double click the Hitman Pro desktop icon. After the utility is launched, you will see a screen like below.

Further, click “Next” button to start checking your system for the AnarchyGrabber Stealer related files, folders and registry keys. A scan can take anywhere from 10 to 30 minutes, depending on the count of files on your machine and the speed of your personal computer. When that process is done, Hitman Pro will display you the results like below.

Review the scan results and then click “Next” button. It will open a dialog box, press the “Activate free license” button.

Use MalwareBytes to remove AnarchyGrabber Stealer

Remove AnarchyGrabber Stealer virus manually is difficult and often this malware is not fully removed. Therefore, we suggest you to run the MalwareBytes Free that are fully clean your machine. Moreover, the free program will help you to delete trojans, PUPs, spyware, adware and other malware that your system can be infected too.

Visit the page linked below to download MalwareBytes. Save it directly to your Windows Desktop.

Once the downloading process is finished, close all windows on your system. Further, launch the file called MBSetup. If the “User Account Control” dialog box pops up like below, click the “Yes” button.

It will show the Setup wizard that will help you install MalwareBytes on the machine. Follow the prompts and do not make any changes to default settings.

Once installation is complete successfully, press “Get Started” button. Then MalwareBytes Anti Malware (MBAM) will automatically start and you may see its main window as displayed on the screen below.

Next, click the “Scan” button to perform a system scan for the AnarchyGrabber Stealer and other security threats. This procedure can take quite a while, so please be patient. During the scan MalwareBytes Free will scan for threats exist on your personal computer.

When finished, MalwareBytes Free will display a list of all threats found by the scan. Make sure all items have ‘checkmark’ and click “Quarantine” button.

The MalwareBytes Anti-Malware will begin to remove AnarchyGrabber Stealer, other kinds of potential threats. When that process is finished, you can be prompted to restart your PC. We recommend you look at the following video, which completely explains the process of using the MalwareBytes Free to remove hijacker infections, adware and other malware.

Reset Internet Explorer

By resetting Internet Explorer internet browser you return your browser settings to its default state. This is first when troubleshooting problems that might have been caused by the AnarchyGrabber Stealer.

First, launch the IE. Next, press the button in the form of gear (). It will open the Tools drop-down menu, click the “Internet Options” as shown on the image below.

In the “Internet Options” window click on the Advanced tab, then click the Reset button. The Internet Explorer will open the “Reset Internet Explorer settings” window as shown on the image below. Select the “Delete personal settings” check box, then click “Reset” button.

You will now need to restart your machine for the changes to take effect.

Reset Mozilla Firefox

Resetting Firefox browser will reset all the settings to their default values and will remove changes created by AnarchyGrabber Stealer and disable harmful addons. Your saved bookmarks, form auto-fill information and passwords won’t be cleared or changed.

First, open the Mozilla Firefox. Next, press the button in the form of three horizontal stripes (). It will show the drop-down menu. Next, click the Help button ().

In the Help menu click the “Troubleshooting Information”. In the upper-right corner of the “Troubleshooting Information” page click on “Refresh Firefox” button like below.

Confirm your action, press the “Refresh Firefox”.

Reset Google Chrome

Reset Chrome settings will help you to completely reset your web-browser. The result of activating this function will bring Google Chrome settings back to its original settings. This can delete changes to browser settings created by AnarchyGrabber Stealer and disable malicious addons. Your saved bookmarks, form auto-fill information and passwords won’t be cleared or changed.

1. First start the Chrome and click Menu button (small button in the form of three dots).
2. It will display the Chrome main menu. Select More Tools, then press Extensions.
3. You’ll see the list of installed addons. If the list has the extension labeled with “Installed by enterprise policy” or “Installed by your administrator”, then complete the following instructions: Remove Chrome extensions installed by enterprise policy.
4. Now open the Google Chrome menu once again, click the “Settings” menu.
5. You will see the Google Chrome’s settings page. Scroll down and click “Advanced” link.
6. Scroll down again and click the “Reset” button.
7. The Google Chrome will open the reset profile settings page as on the image above.
8. Next click the “Reset” button.
9. Once this task is finished, your web browser’s start page, search engine by default and newtab will be restored to their original defaults.
10. To learn more, read the post How to reset Chrome settings to default.

Use AdBlocker to stay safe online

To put it simply, you need to use an adblocker tool (AdGuard, for example). It will block and protect you from all unwanted web sites, advertisements and pop ups. To be able to do that, the ad blocker program uses a list of filters. Each filter is a rule that describes a malicious web site, an advertising content, a banner and others. The ad-blocker application automatically uses these filters, depending on the websites you’re visiting.

1. First, visit the following page, then click the ‘Download’ button in order to download the latest version of AdGuard.
   
   

   Adguard download
   26858 downloads
   Version: 6.4
   Author: © Adguard
   Category: Security tools
   Update: November 15, 2018
   
2. After downloading it, start the downloaded file. You will see the “Setup Wizard” program window. Follow the prompts.
3. Once the setup is done, press “Skip” to close the installation program and use the default settings, or click “Get Started” to see an quick tutorial that will allow you get to know AdGuard better.
4. In most cases, the default settings are enough and you don’t need to change anything. Each time, when you run your system, AdGuard will run automatically and stop unwanted advertisements, block malicious and misleading webpages. For an overview of all the features of the application, or to change its settings you can simply double-click on the icon called AdGuard, that is located on your desktop.

To sum up

After completing the few simple steps shown above, your computer should be clean from the AnarchyGrabber Stealer and other malicious software. Your anti-virus will no longer detect any security threats. Unfortunately, if the steps does not help you, then you have caught a new malware, and then the best way – ask for help.

Please create a new question by using the “Ask Question” button in the Questions and Answers. Try to give us some details about your problems, so we can try to help you more accurately. Wait for one of our trained “Security Team” or Site Administrator to provide you with knowledgeable assistance tailored to your problem with the AnarchyGrabber Stealer.