Anchor Removal Guide

Do you know what Anchor is?

Anchor is a malicious Trojan infection that seldom appears at individual computers. It is mostly used to attack high-profile systems, where it can steal sensitive information and then sell it on the darknet. It is not a new infection, as it was first discovered in August 2018, but we can be sure that it is constantly being renewed, to include new functions and features, allowing the cybercriminals that use it steal more information and enter more systems stealthily.

Albeit it is possible to remove Anchor manually, it is not recommended if you are not good at computers. It would be far more efficient to invest in a licensed antispyware application that would terminate Anchor automatically. It would also scan your system for other potential threats, and if more dangerous infections are found, you could remove them all, too.

As far as we know, Anchor mostly targets Point of Sale systems, and there are other malicious actors associated with this Trojan. It is clear that TrickBot is closely related to Anchor, and it wouldn’t be surprising if the Trojan had any ties with other dangerous threats. That’s why we say that scanning your system with a licensed security application is vital: malware programs often come in packs.

Anchor usually spreads through spam email, as it is common with Trojans. It is believed that this Trojan can be downloaded as a secondary payload by TrickBot. Potential victims receive an email message that comes with a link. The link seemingly opens a file on Google Docs, so it all looks legal. However, the moment user tries to download or open the file, they trigger a malware downloader. The targeted user also gets a notification that asks whether they want to view the file. However, instead of “viewing” the document, they actually launch the malicious installer that injects malware into the svhost.exe process. Once the malware has some control over the system, it connects to a remote server and downloads the secondary payload that is Anchor.

Like with most Trojans, Anchor can perform a lot of functions on the infected system, and in reality, it all depends on what the owner wants this Trojan to do. There are several versions of this Trojan out there, and all have an array of features. Some of the versions are even known to delete themselves to avoid detection. Some other versions of Anchor can function as a backdoor on the affected system, allowing other malicious infections to enter it and take control of the compromised computer. As mentioned above, the development of the threat is still ongoing, and we can expect Anchor to appear in new ways and new forms.

The most annoying thing about Anchor is that you can’t really know you have a Trojan on your system unless you run a system scan. That’s why regular system scans with reliable antispyware tools are important. Otherwise, you wouldn’t even know that you have a malicious program on-board that receives commands via a remote server. And while you’re oblivious to it, Anchor could download even more malware onto your system.

Since Anchor mostly attacks PoS systems, it is more or less clear that the criminals behind it aim mostly for financial profit. Hence, any corporation that uses PoS systems should be aware of the potential security threats if they want to avoid severe financial losses. To avoid this infection, it is vital to learn more about cybersecurity and Trojan distribution methods. It is also important to educate your employees so that they wouldn’t fall for various spam tricks.

It doesn’t take much to get infected with Anchor. Just one single stray click could lead to a cyber disaster. And so, the sooner you emphasize the dangers that lie behind spam emails, the better.

As mentioned, you can try removing Anchor on your own by following our removal guide, but to ensure that your system is absolutely safe, you should consider acquiring a powerful security tool. After all, malware tends to travel in packs, and the best way to locate all the malicious and other potential threats is by scanning your system with a licensed antispyware application. For all you know, Anchor might be just one of the many infections on-board.

How to Remove Anchor

  1. Press Win+R and enter %TEMP%. Press OK.
  2. Remove the latest files from the directory.
  3. Press Win+R and enter %UserProfile%. Click OK.
  4. Delete suspicious files from the directory.
  5. Press Win+R and enter %AppData%. Press OK.
  6. Remove the folder with a random name.
  7. Press Win+R and enter regedit. Click OK.
  8. Open HKEY_LOCAL_MACHINE\CurrentControlSet\Services\netTcpSvc\Parameters\ServiceDll.
  9. On the right, right-click and delete the value data that executes files from %SYSTEMROOT% and %SYSTEMROOT%\System32.

In non-techie terms:

Trojan infections like Anchor are hard to spot until it is too late to do anything about it. Therefore, you have to make sure that you scan your systems regularly with powerful security tools, and that you educate your employees about the dangers behind interacting with spam email messages. While it is not that complicated to remove Anchor, you have to make sure that you prevent similar intruders from entering your systems again, as they pose severe threat to your financial stability.