When installed, the malware will add its own malicious JavaScript to the %AppData%\Discord\\modules\discord_modules\index.js and %AppData%\Discord\\modules\discord_desktop_core\index.js files. Was it index.js that was flagged? Wait for an avast team member to give the final word on this being a genuine find or apparently a false positive? In the cleansing routine the password-stealing malware was taken seriously and also it was cleansed by means of the FRS tool, consisting in uninstalling DISCORD, then using Farbar Recovery Scan tool to cleanse under the guidance of a qualified malware remover. I guess my question at the end of the day is, is there any chance that this virus, if it is indeed a virus and not a false positive, could have migrated to any of my other hard drives on my system? Or should I be safe to simply reinstall windows and continue on as usual?I'm obviously running more system scans with all the anti-malware software that I have, but I just want some second and third opinions on whether I'm taking all the precautions that I should be taking. In an abundance of caution, I closed Firefox and have not opened it up since, and also changed my password on Reddit through my phone (I also changed my Discord password through the mobile app). This was the threat blocked message I got twice in 10 minutes: "we've safely aborted connection on because it was infected with JS:AnarchyGrabber-A. I did some research but was unable to turn up any results regarding anarchy grabber and its ability to infect other software. However, while I was doing a scan, and browsing Reddit, Avast blocked my connection to Reddit specifically, which raises some concerns that anarchy grabber may be able to infect Firefox as well? Still, to be safe, I'm backing up my files and I'm going to do a clean install of Windows. unfortunately, I've already deleted the files and have no way to check them to confirm this as I have found out I could have done before I deleted them. Now, after doing some research I have discovered that there is a very high possibility that this was simply a false positive. You may close any remaining open windows now.Hey there everyone, I'm terribly sorry to bother but I need some advice and a second opinion:Īvast detected the anarchy grabber software on my system, two instances of it, and was able to remove the files for me.Close Notepad and attach the file 'SearchReg.txt' to your next reply. When the scan is complete, a message will display that ' SearchReg.txt' is saved in the same folder FRST was started from.Copy and paste KB4284826 into the Search box and click the Search Registry button.Right-click on the file FRST64.exe and choose Run as administrator.If so, disable the real-time protection when downloading and running FRST. Note: Your antivirus program may report FRST incorrectly as an infection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |