News
Ellation Posts Update on Crunchyroll Redirect Issue, Explains Steps to Get Rid of Malware

posted on 2017-11-05 00:15 EDT by Crystalyn Hodgkins
Ellation: individuals altered Crunchyroll's Cloudflare configuration to redirect traffic to site with malware download file

Crunchyroll's parent company Ellation posted a blog post on Saturday explaining the situation of what happened to Crunchyroll's website earlier in the day.

The company explained that at 6:30 a.m. EDT, individuals gained access and altered Crunchyroll's Cloudflare configuration, redirecting traffic to a non-Crunchyroll-hosted server that would have visitors download a "CrunchyViewer.exe" malware file. Ellation added that the file targeted Windows PC web users.

Crunchyroll took down its site at 9:00 a.m. EDT as a precaution, and restored the correct Cloudflare configuration at 12:00 p.m. EDT, with full service restored by 12:30 p.m. EDT. Ellation confirmed that its servers "were not compromised in any way, and none of ... users' secure information and data was at risk."

Ellation also explained steps to take for Windows users who did download and run the malware. The company said that if users downloaded but didn't run the file, they aren't exposed to the malware's effects. Ellation said these users should delete the file from their system and perform a scan with an antivirus/anti-malware product.

For Windows users who did download the file and run it, these are the steps Ellation says should be taken: (Note: the below steps are copied directly from Ellation's blog post.)

  • Delete "CrunchyViewer.exe” from your file system
  • Remove the malicious “Java” Run key (You can find Information on how to edit the Windows Registry in the Microsoft support database if you are unfamiliar with the steps)
  • Open Regedit, and browse to:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • Delete the Java key
  • Remove the malicious binary, by navigating to: %appdata%\Roaming (for example: C:\Users\Yourusername\AppData\Roaming\)
  • Delete the 'svchost.exe' file
  • Perform a scan with your installed antivirus product

Ellation also recommended that affected users "contact Microsoft or other knowledgeable technical support directly for specific questions related to the Windows operating system."

Background

Crunchyroll's official German Twitter account advised users early on Saturday to avoid accessing the Crunchyroll website, explaining that there was a problem with "malicious software." The company's German Twitter account noted that Crunchyroll's American social media staff members were not awake when the problem first appeared. The German account had been posting warning messages in both German and English.

Crunchyroll's English Twitter account later warned users at 10:09 a.m. EDT not to access its website, and it also assured users that its staff was working on the problem. Crunchyroll's English Twitter account reported at 12:31 p.m. EDT that the website was back online.

Thanks to Dessa for the news tip.


follow-up of Crunchyroll's Website Redirected to Server With Malicious Software (Update 4)
discuss this in the forum (16 posts) |
bookmark/share with:

News homepage / archives