What is MrAnon Stealer

MrAnon Stealer is an information-stealing malware that has been actively distributed through phishing campaigns. It is coded in Python and employs cx-Freeze for evasion, making it difficult for traditional antivirus solutions to detect and neutralize it effectively. Once it infiltrates a system, MrAnon Stealer is capable of extracting a variety of sensitive data, including credentials, system details, browser sessions, and cryptocurrency extensions. The malware demonstrates a high level of sophistication in its operation. It can terminate processes related to security applications, capture screenshots, retrieve IP addresses, and gather data from a wide range of applications, including cryptocurrency wallets, browsers, messaging apps, and VPN clients. The stolen data is then compressed, password-protected, and uploaded to a public file-sharing website or directly to the attacker’s Telegram channel. MrAnon Stealer represents a significant threat to individuals and organizations due to its ability to steal a wide range of sensitive information. Its distribution through sophisticated phishing campaigns makes it a challenging threat to counter. However, by employing advanced antivirus and anti-malware solutions, regularly updating software, and practicing cautious online behavior, users can protect themselves from this and similar cybersecurity threats.

MrAnon Stealer

How MrAnon Stealer infected your system

The primary distribution method for MrAnon Stealer is through phishing emails that contain malicious PDF attachments. These emails are cleverly disguised as legitimate communications, often masquerading as hotel booking confirmations or inquiries. The subject lines and email content are crafted to lure victims into opening the attached PDF, which triggers the infection process. Upon opening the malicious PDF, the victim is prompted to download what appears to be an updated version of Adobe Flash Player. This action leads to the execution of .NET executables and PowerShell scripts, culminating in the activation of the MrAnon Stealer malware. The malware employs a multi-stage infection process, utilizing .NET executable files, PowerShell scripts, and deceptive Windows Form presentations to evade detection and successfully establish its presence on the victim’s system.

  1. Download MrAnon Stealer Removal Tool
  2. Use Windows Malicious Software Removal Tool to remove MrAnon Stealer
  3. Use Autoruns to remove MrAnon Stealer
  4. Files, folders and registry keys of MrAnon Stealer
  5. Other aliases of MrAnon Stealer
  6. How to protect from threats, like MrAnon Stealer

Download Removal Tool

Download Removal Tool

To remove MrAnon Stealer completely, we recommend you to use WiperSoft Antispyware. It can help you remove files, folders, and registry keys of MrAnon Stealer and provides active protection from viruses, trojans, backdoors. WiperSoft Antispyware offers free scan and 7-days limited trial.

Download Alternative Removal Tool

Download Malwarebytes

To remove MrAnon Stealer completely, we recommend you to use Malwarebytes Anti-Malware. It detects and removes all files, folders, and registry keys of MrAnon Stealer and several millions of other malware, like viruses, trojans, backdoors.

Remove MrAnon Stealer manually

Manual removal of MrAnon Stealer by inexperienced users may become a difficult task because it does not create entries in Add/Remove Programs under Control Panel, does not install browser extensions, and uses random file names. However, there are pre-installed instruments in the Windows system, that allow you to detect and remove malware without using third-party applications. One of them is Windows Malicious Software Removal Tool. It comes with Windows Update in Windows 11, 10, 8. 8.1. For older operating system you can download it here: 64-bit version | 32-bit version.

Remove MrAnon Stealer using Windows Malicious Software Removal Tool

  1. Type mrt in the search box near Start Menu.
  2. Run mrt clicking on found item.
  3. Click Next button.
  4. Choose one of the scan modes Quick scan, Full scan, Customize scan (Full scan recommended).
  5. Click Next button.
  6. Click on View detailed results of the scan link to view the scan details.
  7. Click Finish button.

Remove MrAnon Stealer using Autoruns

MrAnon Stealer often sets up to run at Windows startup as an Autorun entry or Scheduled task.

  1. Download Autoruns using this link.
  2. Extract the archive and run Autoruns.exe file.
  3. In Options menu make sure there are checkboxes near Hide Empty Locations, Hide Microsoft Entries, and Hide Windows Entries.
  4. Search for suspicious entries with weird names or running from locations like: C:\{username}\AppData\Roaming.
  5. Right-click on suspicious entry and choose Delete. This will prevent the threat to run at startup.
  6. Switch to Scheduled Tasks tab and do the same.
  7. To remove files themselves, click on suspicious entries and choose Jump to Entry…. Remove files or registry keys found.

Remove files, folder and registry keys of MrAnon Stealer

MrAnon Stealer files and folders


{randomname}.exe

MrAnon Stealer registry keys


no information

Aliases of MrAnon Stealer

Win32:Malware-gen, Infostealer.Limitail, Trojan.Win64.Agentb.kxby

How to protect from threats, like MrAnon Stealer, in future

bitdefender internet security

Standard Windows protection or any decent third-party antivirus (Norton, Avast, Kaspersky) should be able to detect and remove MrAnon Stealer. However, if you got infected with MrAnon Stealer with existing and updated security software, you may consider changing it. To feel safe and protect your PC from MrAnon Stealer on all levels (browser, e-mail attachments, Word or Excel scripts, file system) we recommend a leading provider of internet security solutions – BitDefender. Its solutions both for home and business users proved to be one of the most advanced and effective. Choose and get your BitDefender protection via the button below:

Download BitDefender
Previous articleHow to remove OCEANS Ransomware and decrypt encrypted files
Next articleHow to remove TransCrypt Ransomware and decrypt encrypted files
James Kramer
Hello, I'm James. My website Bugsfighter.com, a culmination of a decade's journey in the realms of computer troubleshooting, software testing, and development. My mission here is to offer you comprehensive, yet user-friendly guides across a spectrum of topics in this niche. Should you encounter any challenges with the software or the methodologies I endorse, please know that I am readily accessible for assistance. For any inquiries or further communication, feel free to reach out through the 'Contacts' page. Your journey towards seamless computing starts here