Couple of days ago, it was revealed that the popular anime website Crunchyroll was down while getting hijacked by hackers that used it to distribute malware to the visitors under the guise that the virus was a desktop streaming application. A statement was issued on the website for visitors to stay away from it until the issue gets taken care of. At the moment of writing, it seems that things are back to normal and there’s no longer malware getting distributed through Crunchyroll.

Crunchyroll Viewer download prompt

While the attack was still ongoing, visitors to Crunchyroll were getting greeted by a pop-up download suggestion that promoted what seemed like a desktop steaming application named Crunchyroll Viewer for the site. However, it was eventually discovered that the recommended download had malicious code inside of it. It is still unknown what the exact purpose of the malware is. Some researches have stated that it might be a keylogger virus. If we come across more precise information regarding the purpose of the malware, we will make sure to update this article with whatever new we learn. So far, we do not know the number of users that have fallen for the misleading download suggestion.

Crunchyroll was down but it didn’t get hacked

According to a statement made by the people behind Crunchyroll, their site didn’t actually get hacked but rather became a victim of a DMS hijacking. Apparently, the hackers have been able to obtain access to the Crunchyroll’s Cloudflare account allowing them to redirect the site’s traffic to another address – a separate website controlled by the cyber-criminals where the malware-distributing download pop-up was displayed to the visitors.

Removing the malware

The good news is that if any of our readers have mistakenly downloaded the Crunchyroll Viewer malware from the Crunchyroll site while the DMS hijack attack lasted, we might be able to help you remove the malicious code from your PC so that it won’t be able to do any harm to you. Apparently, it isn’t all that difficult to get rid of this malware, just follow the next few steps and your PC should soon be clean.

1. Press Winkey + R keys from your keyboard to open the Run search box.
2. In Run, type regedit and hit Enter.
3. In the Registry Editor that opens, go to this folder HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
4. Click on the Run folder and look at the right panel – there should be a key named Java. Right-click on it and then select Delete to delete it.
5. Now, restart your computer and wait for it to boot back on.
6. Open the Start Menu and copy-paste the next line: %AppData%
7. Open the first search result and in the folder that opens, look for a file named svchost.exe. Delete this file.
8. Next, type in your Start Menu search field and copy-paste this: notepad %windir%/system32/Drivers/etc/hosts.
9. Again, open the first result and scroll down to the button of the notepad file.
10. Look below Localhost, see if there are any IP addresses written there. If there are IP’s below Localhost, tell us in the comments what they are as you might need to remove them if they are coming from the virus.

After going through with the steps that we just gave you, the shady piece of malware should no longer be on your PC. Once you complete the guide, it is also a good idea to run a full system scan with your antivirus program. If you do not have an antivirus, then we advise you to get one right away and also make sure that it is a reliable and strong one.

One additional piece of advice that we have for you is that you change your passwords on all online accounts that you have in case the Crunchyroll Viewer is an actual keylogger virus as it might have been able to find out what your old passwords were during the time it has been on your computer.