Hey there everyone, I’m terribly sorry to bother but I need some advice and a second opinion:

Avast detected the anarchy grabber software on my system, two instances of it, and was able to remove the files for me. Now, after doing some research I have discovered that there is a very high possibility that this was simply a false positive. unfortunately, I’ve already deleted the files and have no way to check them to confirm this as I have found out I could have done before I deleted them.

Still, to be safe, I’m backing up my files and I’m going to do a clean install of Windows. However, while I was doing a scan, and browsing Reddit, Avast blocked my connection to Reddit specifically, which raises some concerns that anarchy grabber may be able to infect Firefox as well?

I did some research but was unable to turn up any results regarding anarchy grabber and its ability to infect other software.

This was the threat blocked message I got twice in 10 minutes: “we’ve safely aborted connection on www.reddit.com because it was infected with JS:AnarchyGrabber-A [Trj].”

In an abundance of caution, I closed Firefox and have not opened it up since, and also changed my password on Reddit through my phone (I also changed my Discord password through the mobile app).

I guess my question at the end of the day is, is there any chance that this virus, if it is indeed a virus and not a false positive, could have migrated to any of my other hard drives on my system? Or should I be safe to simply reinstall windows and continue on as usual?I’m obviously running more system scans with all the anti-malware software that I have, but I just want some second and third opinions on whether I’m taking all the precautions that I should be taking. Thank you very much for your time.

At least here: https://forums.cnetfrance.fr/desinfection-pc-virus-malwares-et-logiciels-indesirables/6566887-js-anarchygrabber-a

In the cleansing routine the password-stealing malware was taken seriously and also it was cleansed by means of the FRS tool, consisting in uninstalling DISCORD, then using Farbar Recovery Scan tool to cleanse under the guidance of a qualified malware remover.

Was it index.js that was flagged? Wait for an avast team member to give the final word on this being a genuine find or apparently a false positive?

When installed, the malware will add its own malicious JavaScript to the %AppData%\Discord[version]\modules\discord_modules\index.js and %AppData%\Discord[version]\modules\discord_desktop_core\index.js files. was detected to be the so-called "Spidey-bot"malcode according to: https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/

See: -https://campbellcrowley.github.io/SpikeyBot-Discord/src_web_HTTPS-Proxy_node_modules_debug_src_node.js.html
&
-https://campbellcrowley.github.io/SpikeyBot-Discord/src_web_HTTPS-Proxy_node_modules_eventemitter3_index.js.html

and consider: Results from scanning URL: -https://campbellcrowley.github.io/SpikeyBot-Discord/scripts/fulltext-search-ui.js
Number of sources found: 405
Number of sinks found: 19

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Looks like I have the same problem (with browser detections as well).

Also I would like to add this video (not mine) that shows the problem with false positive in Discord app: https://www.youtube.com/watch?v=hFM35AHWFFo
Like the author of that video, I don’t know how it was with the first file, but after n-th installation I checked and got same result (based on file size - 40B - was too afraid to get it back from quarantine).

Hello,
use https://www.avast.com/false-positive-file-form.php, please.
If the file is too big send us URL to download the file.

Thank you,
Milos

I did a clean Windows reinstall, everything seems to be ok now.
Before I installed discord back there was an Avast update, so I can’t tell if it was a problem fixed by avast or clean Windows reinstall.