Crunchyroll.com is malware or hijacked?
The popular anime site Crunchyroll.com has been hijacked to distribute malware. The Crunchyroll.com anime site was taken offline this morning due to a hack prompting visitors to download a desktop version of their software. This software, however, was not as it seemed because it was installing malware at the same time. The situation led users to stay away from the site to avoid problems.
When the Crunchyroll staff in Germany woke up on a 4-Nov-2017 morning, they realized something was not quite right on the site. For this reason, they started issuing alerts telling visitors to stay away from the site.
While the hard attack on visitors was offered to download an executable application which the site does not offer originally. That was just the strategy used by the attackers to infect the users of the site.
This is what the attack looked like:
The official announcement of the company stated that they were not hacked and that everything was a DNS hijack. According to the official communications of the company the site is safe again and is available to use it again.
What has been installed on a machine, if user installs the CrunchyViewer.exe?
If you downloaded the CrunchyViewer.exe player and executed it, it proceeded to extract a base64 file in% AppData% \ svchost.exe and run it, which looks like this:
When the malicious executable starts it creates a self-starting JAVA routine for% AppData % \ svchost.exe when the user logs into the computer.
According to the investigations of You are not allowed to view links. Register or Login the malware is a keylogger.
How do I remove CrunchyViewer.exe the infection from my pc?
Unfortunately, this virus is still not detected by most antivirus signatures and you must extract it by hand yourself, but do not worry the process is simple.
1. Open the registry editor, typing “regedit” without the quotes in the start menu, when you see the result regedit.exe or Registry Editor in the results run it.
2. When you load, navigate to the path:
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run
All you will see a key value, called “Java”
Java Registry Value
3. Now with right click on the Java value, select the option Delete.
4. If the system asks you to confirm the elimination of the value, tell it yes.
5. Now restart the PC and the virus should no longer be running on your system.
6. Now navigate to the% AppData% path (sustained windows key + r and execute the “% AppData%” command without the quotes), almost always the path is C: \ users \ [user_name] \ appdata \ roaming in that route you will observe a program called svchost.exe.
Svchost.exe in AppData Folder
7. Right click on that file and delete it.
8. It would be good if you also did a normal scan with your antivirus software if you do not have one this would be a good opportunity to ask you why not install one now.
9. If indeed the virus was a keylogger you should consider changing all your keys urgently, at least the ones you have used since installing the fake player.
Now your PC is safe from the virus fruit of the hack to Crunchyroll.com.
Note: There is strong possibility that the hacker may change his strategy to attack Crunchyroll.com. So, to secure your machine in advance from further malware attacks you can opt for an antivirus tool.