CrossRider, Potentially Unwanted Software.

Crossrider corresponds to a family of Potentially Unwanted Optional software with adware features, Browser Pirate and polluteware.

He added other programs without the knowledge of the user. It pollutes the storage units and / or the Registry for.

He moved with random program names as “Savings Wave“, “Video-high“, “BrowsersAppProPlus” or “MedPlayV3“. It collects your habits navigation and communicates to a server (Tracking).

The Potentially Unwanted Software (PUP/LPI) can launch services, start scheduled tasks and create shortcuts on your desktop. All these operations are done with or without your consent under the terms of his contract of use. Installed, an LPI can change some settings on your browsers such as search pages, the start page or your error page. It can collect your browsing habits and report to a server by tracking method. While browsing it can display ads (coupons) and banner ads (popups). The objective of this program is often to make money by generating web traffic to sponsored websites.

Potentially Unwanted Software (LPI)

Potentially unwanted software (LPI) ou Potentialy Unwanted Programs (PUP) are causing many infections. The most frequently encountered example is adware InstallCore, CrossRider, Graftor or Boxore that pollute the Registry for data and storage units. They are usually installed without your knowledge by downloading freeware. Indeed some sites use Repackaging method, an operation that is to redo the installation package of the software by adding download options. These options allow you to add other software such as browser toolbars, des adwares, potentially unwanted software, intrusive advertisements software, even hijackers.

Spyware (spywares) and adware (Adwares) undesirable, as malware, can use the write legitimate software vulnerabilities or those operating systems. It is therefore essential to have official software and they have an automatic update. Also your Windows operating system must be programmed in automatic update mode and activated, so you can have the latest critical security flaws updates.

Crossrider corresponds to a family of Potentially Unwanted Optional software with adware features, Browser Pirate and polluteware. He added other programs without the knowledge of the user. It pollutes the storage units and the Registry for.

TECHNICAL COMPONENTS

Characteristics

See details of lines

– It installs as a process launched at system startup (RP),
– It installs d & rsquo program extension for the Google Chrome browser (G2)
– It installs extension programs for the Mozilla Firefox browser (M2):
– It installs as a BHO (Browser Helper Object) Internet Browser (O2),
– He settled in the Registry for to be launched at every system start (O4)
– It starts a planned automatic task (O39),
– It s & rsquo; installs as program (O42),
– It creates multiple registry keys “Software”,
– It modifies the Internet search provider (O69),
– It pollutes the basic registers with many keys and values (O88 ),

[collapse]

 

Associate Editors

See details of lines

BetterDeals,
CinamHDPure
Corporate Inc,
Freeven,
Innovative Apps,
LKB boby soft

[collapse]

Overview in reports

See details of lines

identified the 19/05/2013
Serial number : 15BE65185D88F5DE7A3448CCA2ADF5A7
Serial number : 3CA29099B9BFC9588C192E76F20EAF86
Serial number : 35A869FCC12511DF6082FA913302AD11
[MD5.4239A0205C7C210A2787E2E8197C4AC8] – (.shift – Friven_s_Pro_16 exe.) — C:\Program Files (x86)\Friven_s_Pro_16Friven_s_Pro_16-nova.exe [593768] [PID.2684]
[MD5.0543F3B68F45FA6C641CBB528A3AEA54] – (.shift – Frieven_s_Prox_1.8 exe.) — C:\program files (x86)\frieven_s_prox_1.8frieven_s_prox_1.8-bg.exe [577384] [PID.8456]
[MD5.B723D7C2793B20EFB42AA9B8E8889D80] [SPRF][24/07/2014] (.Dwnloader – Dwnloader Setup.) — D:\BureauSetup.exe [414200]
[MD5.7E20B594C938AB70D9DC4E5E6B365F38] – (…) — C:\UsersCoolmanAppDataLocalfabulous_07261115fabulous_07261115.exe [2293760] [PID.1424]
[MD5.75EF5C0ABD3306D094B23C03BBECBDEC] – (.Corporate Inc – winservice86 exe.) — C:\Program Files (x86)\winservice86721bec50-90c3-42e5-9ee9-a7a3f064a495.exe [370544] [PID.1924]
[MD5.13B8012D03A1BBA6AD4CA241A4D19E69] – (.No owner – Torpedo.) — C:\Program Filesvideos+ MediaPlayer+1cc062c8-4b55-4e61-9226-b044dded3960.exe [32152] [PID.2984]
G2 – GCE: Preference [User DataDefault] [lglkfgcmohcdajpldlnhjjiojjgkbmhm] Savings Wave v.1.23.65 (disabled )
G2 – GCE: Preference [User DataDefault] [pgjflcoiggljdahilbdhjodelfpgaebm] Color FB v.1.23.97, (disabled )
G2 – GCE: Preference [User DataDefault] [fglhnbihmeinbfgalpnaiembmdhfijli] Feven v.1.23.23, (activated )
G2 – GCE: Preference [User DataDefault] [hjghiofiijcepdnocbgefbdlbckjfheg] Feven Pro 1.1 v.1.26.18, (activated)
G2 – GCE: Preference [User DataDefault] [kigpmgkoelepakabiliblldhdpnidcod] Shop-Up v.1.24.6 (activated )
G2 – GCE: Preference [User DataDefault] [deghekbbihbapplmbffglehkdhkeibbm] HQVid1.9v3 v.1.26.35, (activated)
G2 – GCE: Preference [User DataDefault] [lgonpmchaeokedifbjenbcnjcdefdceg] FLV Player Addon v.1.26.35, (activated)
G2 – GCE: Preference [User DataDefault] [dmgpbjjcdccinnndjdgmegndbmhbgglb] Fpro1.2 v.1.26.29, (activated) //Attention PDFpro1 LEGITIMATE
G2 – GCE: Preference [User DataDefault] [majjphhgppkndjjkmhhnbgafooenebhd] MPlayerplus v.1.26.31, (activated)
G2 – GCE: Preference [User DataDefault] [ceenmgoldhkkegcnlieacjjhndklllkp] frequency ratio Pro 12 v.1.26.15, (activated)
G2 – GCE: Preference [User DataDefault] [fbjkggpkjbbmknmckfdelgiebjfhlklj] AllSaver v.1.4 (activated)
G2 – GCE: Preference [User DataDefault] [lndipknmjijnalnkamonmljeaojdbpna] Week Index v.0.1 (activated)
G2 – GCE: Preference [User DataDefault] [ceenmgoldhkkegcnlieacjjhndklllkp] Frieven_s_Prox_1.8 v.1.26.18, (activated)
G2 – GCE: Preference [User DataDefault] [mfhkgfigejkhikbkfkkglinnkfojkdek] Clock View v.0.1 (activated)
G2 – GCE: Preference [User DataDefault] [ldikpdnngdmeceeameoaannjilbjppnm] Custom Print v.0.1, (activated)
G2 – GCE: Preference [User DataDefault] [ookcommfdhjlndngjeppjcolccnkjgho] Favicon Grabber v.0.1 (activated)
G2 – GCE: Preference [User DataDefault] [dnaojefanpmakfgcaliphepgoiiafmpf] video MediaPlay-Air v.1.26.35, (activated)
G2 – GCE: Preference [User DataDefault] [mpfeggemggokijeahnacacopejaabljl] Plus-HD-2.6 v.1.23.7, (activated )
G2 – GCE: Preference [User DataDefault] [ffhfoagmjcnkolneahbpagjcjjaeofbg] Browsers App v.1.26.10, (activated)
G2 – GCE: Preference [User DataDefault] [hcbpgfdicpejhfdgnpnggefimkncelki] Auto Clip v.0.1 (activated)
G2 – GCE: Preference [User DataDefault] [kpiglpdbbmcnncekagalndhicllimchm] Reddit this! v.0.1 (activated)
G2 – GCE: Preference [User DataDefault] [onlnnachibjmjahfpoemhledlpakoicg] Remove Bloat! v.0.1 (activated)
G2 – GCE: Preference [User DataDefault] [eeibjhjmddgcdbniedjoghdgbofbecad] Wiki Like v.0.1, (activated)
G2 – GCE: Preference [User DataDefault] [dndpbhehbclolnjdfholblgioegcadih] BobyLyrics-15 v.1.25.15, (activated)
G2 – GCE: Preference [User DataDefault] [jfmejhpappjkfglmlfgahliibnfgjibh] HQualityPro-1.6V03.10 v.1.26.33, (disabled)
G2 – GCE: Preference [User DataDefault] [hoidflomjnnnbiemmkjdjkkialmhbago] Browsers+_App+s+ v.1.26.9, (activated)
G2 – GCE: Preference [User DataDefault] [cgbeihidkikgdcoogkeoeconphggdhop] Total-1.8 v.1.26.53, (activated)
G2 – GCE: Preference [User DataDefault] [ofaemmlijemfcopjandkcndefpnacabg] HQual2y-v2.5V01.11 v.1.26.76, (disabled)
G2 – EXT: C:\UsersCoolmanAppDataLocalGoogleChromeUser DataDefaultExtensionsdndpbhehbclolnjdfholblgioegcadih [BobyLyrics-15]
G2 – EXT: C:\UsersCoolmanAppDataLocalGoogleChromeUser DataDefaultExtensionsmfhkgfigejkhikbkfkkglinnkfojkdek [Clock View]
G2 – EXT: C:\UsersCoolmanAppDataLocalGoogleChromeUser DataDefaultExtensionsceenmgoldhkkegcnlieacjjhndklllkp [Frieven_s_Prox_1.8]
G2 – EXT: C:\UsersCoolmanAppDataLocalGoogleChromeUser DataDefaultExtensionsmajjphhgppkndjjkmhhnbgafooenebhd [Text Highlighter]
G2 – EXT: C:\UsersRyadAppDataLocalGoogleChromeUser DataDefaultExtensionsonlnnachibjmjahfpoemhledlpakoicg [Remove Bloat!]
G2 – EXT: C:\UsersJohnAppDataLocalGoogleChromeUser DataDefaultExtensionseeibjhjmddgcdbniedjoghdgbofbecad [Wiki Like]
G2 – EXT: C:\UserscarolephiphiAppDataLocalGoogleChromeUser DataDefaultExtensionsofaemmlijemfcopjandkcndefpnacabg [HQual2y-v2.5V01.11]
M2 – off: prefs.js [Coolman – plj96prl.defaultcrossriderapp12765@crossrider.com] [] Savings Wave v2.0 (..)
M2 – off: prefs.js [Coolman – plj96prl.defaultcrossriderapp2258@crossrider.com] [] I Want This v5.0.7.0 (..)
M2 – off: prefs.js [Coolman – plj96prl.default6be3335b-ef79-4b0b-a0ba-b87afbc6f4ad@6bbb4d2e-e33e-4fa5-9b37-934f4fb50182.com] [] Feven v (..)
O2 – BHO: CrossriderApp0012765 [64Bits] – {11111111-1111-1111-1111-110111271165} . (.Innovative Apps – Savings Wave BHO.) — C:\Program Files (x86)\Savings WaveSavings Wave-bho.dll
O2 – BHO: CrossriderApp0027096 [64Bits] – {11111111-1111-1111-1111-110211701196} . (.Corporate Inc – Services OF x86.) — C:\Program Files (x86)\Services x86Services x86-bho.dll
O2 – BHO: CrossriderApp0031554 [64Bits] – {11111111-1111-1111-1111-110311151154} . (.Feven – Feven BHO.) — C:\Program Files (x86)\FevenFeven-bho.dll
O2 – BHO: HDvid-Codec V9.0 – {11111111-1111-1111-1111-110511131156} . (…) — c:\program fileshdvid-codec v9.0HDvid-Codec V9.0-bho.dll
O2 – BHO: CrossriderApp0059599 [64Bits] – {11111111-1111-1111-1111-110511951199} . (.enter – video MediaPlay-Air BHO.) — C:\Program Files (x86)\video MediaPlay-Airvideo MediaPlay-Air-bho.dll
O2 – BHO: Vaudix [64Bits] – {33352849-DE7E-1FEA-41E2-A93D67F34C33} . (…) — C:\Program Files (x86)\Vaudix 1Swh5Aa.dll
O2 – BHO: CrossriderApp0043914 [64Bits] – {11111111-1111-1111-1111-110411391114} . (.LKB boby soft – BobyLyrics-OF 15.) — C:\Program Files (x86)\BobyLyrics-15BobyLyrics-15-bho.dll
O2 – BHO: edccb4a004ec01329fbb0fbe6070a3f60063285 – {11111111-1111-1111-1111-110611321185} . (.HDPlus-01TotalV21.09 – TotalPlus01-3.1V21.09 OF.) — C:\Program Files TotalPlus01-3.1V21.09 TotalPlus01-3.1V21.09-bho.dll
O2 – BHO: e105fff0f3e80131b6584734478597d40061911 [64Bits] – {11111111-1111-1111-1111-110611191111} . (.iWebar – However, OF Force.) — C:\Program Files (x86)\Force, however, however, Force-bho.dll
O4 – HKCU..Run: [fabulous_07261115] . (…) — c:\usersCoolmanappdatalocalfabulous_07261115fabulous_07261115.exe
O4 – HKUSS-1-5-21-1137401237-2199336907-3109346764-1000..Run: [fabulous_07261115] . (…) — c:\usersCoolmanappdatalocalfabulous_07261115fabulous_07261115.exe
[MD5.6B927A0E10DD90F2189F66C3DB9DFAF3] [APT] [Updater12765.exe] (.Innovative Apps.) — C:\UsersCoolmanAppDataLocalUpdater12765Updater12765.exe [210312]
O39 – APT:Automatic Planified Task – C:\WindowsTasksFeven-chromeinstaller.job [1872]
O39 – APT:Automatic Planified Task – C:\WindowsTasksFeven-codedownloader.job [1176]
O39 – APT:Automatic Planified Task – C:\WindowsTasksFeven-enabler.job [1076]
O39 – APT:Automatic Planified Task – C:\WindowsTasksFeven-firefoxinstaller.job [1796]
O39 – APT:Automatic Planified Task – C:\WindowsTasksFeven-updater.job [1172]
O39 – APT: – (..) — C:\WindowsTasksBetterDeals-11-chromeinstaller.job [1976]
O39 – APT: – (..) — C:\WindowsTasksBetterDeals-11-codedownloader.job [1262]
O39 – APT: – (..) — C:\WindowsTasksBetterDeals-11-enabler.job [1162]
O39 – APT: – (..) — C:\WindowsTasksBetterDeals-11-firefoxinstaller.job [1900]
O39 – APT: – (..) — C:\WindowsTasksBetterDeals-11-updater.job [1356]
[MD5.3358CCA51C64ACF4968F0B78B1151B9D] [APT] [Feven-chromeinstaller] (.Feven.) — C:\Program Files (x86)\FevenFeven-chromeinstaller.exe [464232]
[MD5.0F603FE8B10DB23F94A5891B477F6D91] [APT] [Feven-codedownloader] (.Feven.) — C:\Program Files (x86)\FevenFeven-codedownloader.exe [478568]
[MD5.2DD33F1BBE254BE24A5B12D648817BC0] [APT] [Feven-enabler] (.Feven.) — C:\Program Files (x86)\FevenFeven-enabler.exe [345960]
[MD5.DDED161DE2CB30DB7F32701C862693BB] [APT] [Feven-firefoxinstaller] (.Feven.) — C:\Program Files (x86)\FevenFeven-firefoxinstaller.exe [725352]
[MD5.987F5D34F03D3C6D200C2A9955DC2FA1] [APT] [Feven-updater] (.Feven.) — C:\Program Files (x86)\FevenFeven-updater.exe [364392]
O39 – APT:Automatic Planified Task – C:\WindowsTasksTubeSaver-chromeinstaller.job [1296]
O39 – APT:Automatic Planified Task – C:\WindowsTasksTubeSaver-codedownloader.job [1908]
O39 – APT:Automatic Planified Task – C:\WindowsTasksTubeSaver-enabler.job [1832]
O39 – APT:Automatic Planified Task – C:\WindowsTasksTubeSaver-firefoxinstaller.job [1200]
O39 – APT:Automatic Planified Task – C:\WindowsTasksTubeSaver-updater.job [1100]
O39 – APT:Automatic Planified Task – C:\WINDOWSTasksvideo-high-codedownloader.job [1446]
O39 – APT:Automatic Planified Task – C:\WINDOWSTasksvideo-high-enabler.job [1346]
O39 – APT:Automatic Planified Task – C:\WINDOWSTasksvideo-high-firefoxinstaller.job [2506]
O39 – APT:Automatic Planified Task – C:\WINDOWSTasksvideo-high-updater.job [1492]
[MD5.1F1C07E7DE9A70D97E11E7C083FA2331] [APT] [OnlineHD V6.0-chromeinstaller] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0OnlineHD V6.0-chromeinstaller.exe [817664]
[MD5.178DAF15539807530486B929242CEDA2] [APT] [OnlineHD V6.0-codedownloader] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0OnlineHD V6.0-codedownloader.exe [523776]
[MD5.8D06AD8D0935BD879E62F2927A7470E0] [APT] [OnlineHD V6.0 firefox-inst all] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0 OnlineHD V6.0 firefoxinstaller.exe [886272]
[MD5.D05AE10289E2629973013F193F03B70B] [APT] [OnlineHD V6.0-updater] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0OnlineHD V6.0-updater.exe [353792]
O39 – APT: OnlineHD V6.0-chromeinstaller – (.installdaddy.) — C:\WindowsTasksOnlineHD V6.0-chromeinstaller.job [2002]
O39 – APT: OnlineHD V6.0-chromeinstaller – (.installdaddy.) — C:\WindowsSystem32TasksOnlineHD V6.0-chromeinstaller [2002]
O39 – APT: OnlineHD V6.0-codedownloader – (.installdaddy.) — C:\WindowsTasksOnlineHD V6.0-codedownloader.job [1244]
O39 – APT: OnlineHD V6.0-codedownloader – (.installdaddy.) — C:\WindowsSystem32TasksOnlineHD V6.0-codedownloader [1244]
O39 – APT: OnlineHD V6.0-enabler – (…) — C:\WindowsTasksOnlineHD V6.0-enabler.job [1154]
O39 – APT: OnlineHD V6.0-enabler – (…) — C:\WindowsSystem32TasksOnlineHD V6.0-enabler [1154]
O39 – APT: OnlineHD V6.0 firefox-inst all – (.installdaddy.) — C:\WindowsTasksOnlineHD V6.0-firefoxinstaller.job [2236]
O39 – APT: OnlineHD V6.0 firefox-inst all – (.installdaddy.) — C:\WindowsSystem32TasksOnlineHD V6.0-firefoxinstaller [2236]
O39 – APT: OnlineHD V6.0-updater – (.installdaddy.) — C:\WindowsTasksOnlineHD V6.0-updater.job [1352]
O39 – APT: OnlineHD V6.0-updater – (.installdaddy.) — C:\WindowsSystem32TasksOnlineHD V6.0-updater [1352]
[MD5.FD4B699623E3BFCD0F23B1DCC290A208] [APT] [BobyLyrics-15-chromeinstaller] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15BobyLyrics-15-chromeinstaller.exe [471040]
[MD5.147579A8789B144AAAC67258297963A1] [APT] [BobyLyrics-15-codedownloader] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15BobyLyrics-15-codedownloader.exe [494592]
[MD5.3829BEB6C6E5E6EE689DAEF19419236A] [APT] [BobyLyrics-15-enabler] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15BobyLyrics-15-enabler.exe [355840]
[MD5.91CEF1E7BC7CC35BFB4BE523CB509567] [APT] [BobyLyrics-15-firefoxinstaller] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15BobyLyrics-15-firefoxinstaller.exe [732160]
61F330E3F24D8FBDD3A7A02F7F52FEBF] [APT] [55d88d94-6b9b-4c81-bb2c-9653d27581f8-1] (.HDPlus-01TotalV21.09.) — C:\Program FilesTotalPlus01-3.1V21.09TotalPlus01-3.1V21.09-codedownloader.exe [1110936]
[MD5.66EFD4D54C14927D74DD590E6CD29A5B] [APT] [55d88d94-6b9b-4c81-bb2c-9653d27581f8-11] (.HDPlus-01TotalV21.09.) — C:\Program FilesTotalPlus01-3.1V21.0955d88d94-6b9b-4c81-bb2c-9653d27581f8-11.exe [1965464]
O39 – APT: ca4b525e-2a52-4c7a-a4ec-2d6f975fd891-11 – (.smarts.) — C:\WindowsSystem32Tasksca4b525e-2a52-4c7a-a4ec-2d6f975fd891-11 [4490]
O39 – APT: ca4b525e-2a52-4c7a-a4ec-2d6f975fd891-5_user – (.smarts.) — C:\WindowsTasksca4b525e-2a52-4c7a-a4ec-2d6f975fd891-5_user.job [1696]
[MD5.CE6C8D1B2BE9E1C93E150C0BA518E03F] [APT] [d1d2c144-47e8-4a2a-8b2a-51a0abf46219-4] (.HighD7.) — C:\Program Files (x86)\HighD-V11d1d2c144-47e8-4a2a-8b2a-51a0abf46219-4.exe [1435512]
[MD5.94664AD21A2B6383BA1BE658B2C7F6C0] [APT] [dc28f4f3-f705-4d8e-a99d-369241422a99] (…) — C:\Program Files (x86)\HighD-V11dc28f4f3-f705-4d8e-a99d-369241422a99.exe [32120]
O42 – Software: Savings Wave – (.Innovative Apps.) [HKLM][64Bits] — Savings Wave
O42 – Software: Services x86 – (.Corporate Inc.) [HKLM][64Bits] — Services x86
O42 – Software: video-high – (.videohq.) [HKLM] — video-high
O42 – Software: BetterDeals-11 – (.BetterDeals.) [HKLM][64Bits] — BetterDeals-11
O42 – Software: Fpro1.2 – (.Freeven.) [HKLM] — Fpro1.2
O42 – Software: MPlayerplus – (.Freeven.) [HKLM] — MPlayerplus
O42 – Software: video MediaPlay-Air – (.enter.) [HKLM][64Bits] — video MediaPlay-Air
O42 – Software: HQPureV1.8 – (.HQPure.) [HKLM][64Bits] — HQPureV1.8
O42 – Software: Fabulous discounts – (…) [HKCU] — fabulous_07261115
O42 – Software: Browsers App – (.browser.) [HKLM][64Bits] — Browsers App
O42 – Software: CinamHDPureV9.5 – (.CinamHDPure.) [HKLM][64Bits] — CinamHDPureV9.5
O42 – Software: BobyLyrics-15 – (.LKB boby soft.) [HKLM][64Bits] — BobyLyrics-15
O42 – Software: TotalPlus01-3.1V21.09 – (.HDPlus-01TotalV21.09.) [HKLM] — TotalPlus01-3.1V21.09
O42 – Software: BrowsersAppProPlus-v2.3 – (.browser.) [HKLM][64Bits] — BrowsersAppProPlus-v2.3
O42 – Software: BrowserPlusBApps_version10.1 – (.App.) [HKLM][64Bits] — BrowserPlusBApps_version10.1
O42 – Software: BROsrAppsEd3 – (.BrowserServiApp23.) [HKLM] — BROsrAppsEd3
O42 – Software: MPPlayvideoEd2.0 – (.Media Prop Layer +.) [HKLM] — MPPlayvideoEd2.0
O42 – Software: MedPlayV3.1 – (.PlayersMComp.) [HKLM] — MedPlayV3.1
[HKLMSoftwareWow6432NodeServices x86]
[HKCUSoftwareAppDataLowSoftwareServices x86]
[HKCUSoftwareAppDataLowSoftwareCrossrider]
[HKCUSoftwareAppDataLowSoftwareSavings Wave]
[HKCUSoftwareCr_Installer]
[HKLMSoftwareShop-Up]
[HKCUSoftwarevideo-high]
[HKCUSoftwareAppDataLowSoftwareFrieven_s_Prox_1.8]
[HKCUSoftwareAppDataLowSoftwarevideo MediaPlay-Air]
[HKCUSoftwarefabulous]
[HKCUSoftwareAppDataLowSoftwareBrowsers App]
[HKLMSoftwareWow6432NodeCinamHDPureV9.5-nv]
[HKCUSoftwareAppDataLowSoftwareBobyLyrics-15]
[HKLMSoftwareWow6432NodeV-9.1HQ-nv]
[HKCUSoftwareAppDataLowSoftwarewinservice86]
[HKLMSoftwareWow6432Nodewinservice86-nv]
[HKLMSoftwareWow6432Nodewinservice86]
[HKCUSoftwareAppDataLowSoftwareTotalPlus01-3.1V21.09]
[HKCUSoftwareHBLDI]
[HKLMSoftwareBrowsers+_App+s+-nv]
[HKLMSoftwareBrowsers+_App+s+]
[HKCUSoftwareAppDataLowSoftwareBrowsersAppProPlus-v2.3]
[HKLMSoftwareHQual2y-v2.5V01.11-nv]
[HKLMSoftwareWow6432NodeHQual2y-v2.5V01.11-nv]
[HKLMSoftwareWow6432NodeVideoMedia+Player_v2.3-nv]
[HKCUSoftwareAppDataLowSoftwareHD_Quality_v1.1V21.11]
[HKCUSoftwareAppDataLowSoftwareI – Cinema]
[HKLMSoftwareWow6432NodeI – Cinema nv]
[HKLMSoftwareWow6432NodeGe-Force]
[HKCUSoftwareSavePass 1.1-nv]
[HKCUSoftwareSavePass 1.1]
[HKCUSoftwareSense-nv]
[HKLM Software CinPlus-2.4cV03.12 nv]
O43 – CFD: 07/04/2013 – 00:38:19 – [0,009] —-D C:\UsersCoolmanAppDataLocalServices x86
O43 – CFD: 02/04/2013 – 18:59:59 – [0] —-D C:\UsersCoolmanAppDataLocalSavings Wave
O43 – CFD: 18/05/2013 – 17:52:32 – [0,201] —-D C:\UsersCoolmanAppDataLocalUpdater12765
O43 – CFD: 20/05/2013 – 15:11:27 – [4,447] —-D C:\Program Files (x86)\Services x86
O43 – CFD: 06/10/2013 – 21:26:41 – [5,338] —-D C:\Program FilesShop-Up
O43 – CFD: 09/03/2014 – 19:01:31 – [5,541] —-D C:\Program Filesvideo-high
O43 – CFD: 25/04/2014 – 03:20:22 – [] —-D C:\Program Files (x86)\BetterDeals-11
O43 – CFD: 11/05/2014 – 21:29:15 – [] —-D C:\Program Files (x86)\BobyLyrics-15
O43 – CFD: 09/06/2014 – 19:01:31 – [] —-D c:\program filesHDvid-Codec V9.0
O43 – CFD: 09/06/2014 – 19:01:31 – [] —-D c:\program fileshdvidcodec.com
O43 – CFD: 23/07/2014 – 02:07:42 – [] —-D C:\Program Files (x86)\video MediaPlay-Air
O43 – CFD: 22/07/2014 – 23:17:02 – [] —-D C:\Program Files (x86)\HQPureV1.8
O43 – CFD: 26/07/2014 – 13:15:32 – [] —-D C:\UsersCoolmanAppDataLocalfabulous_07261115
O43 – CFD: 31/07/2014 – 20:07:44 – [] —-D C:\Program Files (x86)\Browsers App
O43 – CFD: 18/08/2014 – 01:36:34 – [] —-D C:\Program Files (x86)\CinamHDPureV9.5
O43 – CFD: 16/09/2014 – 19:47:05 – [] —-D C:\Program Files (x86)\winservice86
O43 – CFD: 21/09/2014 – 17:06:31 – [] —-D C:\Program FilesTotalPlus01-3.1V21.09
O43 – CFD: 02/12/2014 – 14:16:48 – [] —-D C:\Program Files (x86)\Ge-Force
O43 – CFD: 01/12/2014 – 16:25:24 – [0] —-D C:\Program FilesCinema Video Pro 2.1V14.11
O43 – CFD: 15/02/2015 – 22:43:22 – [] —-D C:\Program FilesMedPlayV3.1
O61 – LFC: 18/05/2013 – 16:54:35 —A- C:\UsersCoolmanAppDataRoamingDesk 365iconschrome_1da37a02e412dbdb6c2392f85ed86555.ico [55773]
O61 – LFC: 18/05/2013 – 16:54:35 —A- C:\UsersCoolmanAppDataRoamingDesk 365iconsfirefox_266215028a0bf0cee2a4f5132062976d.ico [295606]
O61 – LFC: 26/07/2014 – 13:17:01 —A- . (…) — C:\UsersCoolmanAppDataLocalfabulous_07261115fabulous_07261115.exe [2293760]
O69 – SBI: prefs.js [Coolman – rwby5je5.default] user_pref(“extensions.crossrider.bic”, “13de1811d542bec9b2bf2643f3b612eb”);
O69 – SBI: prefs.js [Coolman – tlj96prl.default] user_pref(“extensions.crossriderapp12765.12765.InstallationThankYouPage”, true);
[HKCRCLSID{22222222-2222-2222-2222-220522312272}] (CrossriderApp0053172.Sandbox) =>PUP.CrossRider
[HKCRCLSID{22222222-2222-2222-2222-220522422246}] (CrossriderApp0054246.Sandbox) =>PUP.CrossRider
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallSavings Wave]
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallServices x86]
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallSavings Sidekick]
[HKLMSoftwareMicrosoftWindowsCurrentVersionUninstallBetterDeals-11]
[HKLMSoftwareWow6432NodeServices x86]
[HKCUSoftwareAppDataLowSoftwareServices x86]
[HKLMSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExtPreApproved{11111111-1111-1111-1111-110211701196}]
[HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{11111111-1111-1111-1111-110211701196}]
[HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{21111111-1111-1111-1111-110211701196}]
[HKLMSoftwareWow6432NodeMicrosoftInternet ExplorerLow RightsElevationPolicy{31111111-1111-1111-1111-110211701196}]
[HKCUSoftwareAppDataLowSoftwareCrossrider]
[HKCUSoftwareAppDataLowSoftwareSavings Wave]
[HKCUSoftwareCr_Installer]
[HKLMSoftwareClassesCrossriderApp0002258.BHO.1]
[HKLMSoftwareClassesCrossriderApp0002258.FBApi.1]
[HKLMSoftwareClassesCrossriderApp0002258.Sandbox.1]
[HKLMSoftwareGoogleChromeExtensionslglkfgcmohcdajpldlnhjjiojjgkbmhm]
[HKLMSoftwareGoogleChromeExtensionskigpmgkoelepakabiliblldhdpnidcod]
C:\UsersCoolmanAppDataLocalGoogleChromeUser DataDefaultExtensionslglkfgcmohcdajpldlnhjjiojjgkbmhm
C:\UsersCoolmanAppDataLocalGoogleChromeUser DataDefaultExtensionskigpmgkoelepakabiliblldhdpnidcod
C:\UsersCoolmanAppDataLocalServices x86
C:\UsersCoolmanAppDataLocalSavings Wave
C:\UsersCoolmanAppDataLocalUpdater12765
C:\Program Files (x86)\Services x86
C:\Program Files (x86)\Feven
C:\Program FilesShop-Up
C:\WINDOWStasksShop-Up-updater.job
C:\WINDOWStasksShop-Up-enabler.job
C:\WINDOWStasksShop-Up-chromeinstaller.job
C:\WINDOWStasksShop-Up-firefoxinstaller.job
C:\WINDOWStasksShop-Up-codedownloader.job
C:\Program Files (x86)\Shop-Up
C:\Program Files (x86)\Shop-UpShop-Up-updater.exe
C:\Program Files (x86)\Shop-UpShop-Up-firefoxinstaller.exe
C:\Program Files (x86)\Shop-UpShop-Up-enabler.exe
C:\Program Files (x86)\Shop-UpShop-Up-codedownloader.exe
C:\Program Files (x86)\Shop-UpShop-Up-chromeinstaller.exe
C:\Program Files (x86)\BetterDeals-11
C:\UsersCoolmanAppDataLocalGoogleChromeUser DataDefaultExtensionsmfhkgfigejkhikbkfkkglinnkfojkdek1.26.10_0crossrider
C:\WindowsTasksHDvid-Codec V9.0-chromeinstaller.job
C:\WindowsSystem32TasksHDvid-Codec V9.0-chromeinstaller
C:\WindowsTasksHDvid-Codec V9.0-codedownloader.job
C:\WindowsSystem32TasksHDvid-Codec V9.0-codedownloader
C:\WindowsTasksHDvid-Codec V9.0-enabler.job
C:\WindowsSystem32TasksHDvid-Codec V9.0-enabler
C:\WindowsTasksHDvid-Codec V9.0-firefoxinstaller.job
C:\WindowsSystem32TasksHDvid-Codec V9.0-firefoxinstaller
C:\WindowsTasksHDvid-Codec V9.0-updater.job
C:\WindowsSystem32TasksHDvid-Codec V9.0-updater
C:\Program Files (x86)\Ultimate Companionultimate_companion_helper_service.exe

identified the 22/06/2016
[MD5.237AAA173D673B77740BE6AE3359AE47] – (…) — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344AhnsyEE62.tmp [138240] [PID.2096]
[MD5.AB798F6DF51BCCB31E1E42E5F77ACB4F] – (…) — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344AjnstD52B.tmp [244224] [PID.2260]
[MD5.5247686493366E09A2C4BF0C9A9369D9] – (…) — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344Aknsq79B2.tmp [356352] [PID.4660]
SR – Auto [22/06/2016] [ 244224] Renew Single Click (dowidoly) . (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344AjnstD52B.tmp
SR – Auto [22/06/2016] [ 138240] Reservation Plastic (rijufoze) . (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344AhnsyEE62.tmp
SR – Auto [22/06/2016] [ 356352] Check Default (vopudypezbt) . (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344Aknsq79B2.tmp
O43 – CFD: 22/06/2016 – [] D — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A
HKLMSYSTEMCurrentControlSetServicesdowidoly
HKLMSYSTEMCurrentControlSetServicesrijufoze
HKLMSYSTEMCurrentControlSetServicesvopudypezbt

identified the 11/03/2017
FOUND file: C:\UsersCoolmanAppDataRoamingKyubeyKyubey.exe
FOUND folder: C:\UsersCoolmanAppDataRoamingKyubey
FOUND key: HKLMSYSTEMCurrentControlSetServicesKyubey [C:\UsersCoolmanAppDataRoamingKyubeyKyubey.exe

[collapse]

Alias

See details of lines

PUP.Optional.Crossrider [Malwarebytes]
Adware.CrossRider [Malwarebytes]
a variant of Win32/Toolbar.CrossRider.AX [ESET NOD32,]

[collapse]

HOW TO REMOVE Crossrider ?

Delete Microsoft Windows

zhpcleaner

Delete with ZHPCleaner

Diagnose ZHPDiag

Responsibility : The principle of non-responsibility of the original site, in terms of content pointed target sites, recalled by Case 19 September 2001 the Court of Appeal of Paris. The words that I hold here reflect my opinions and suggestions are - the visitor does not have to follow the.
CrossRider, Potentially Unwanted Software.
4.9 (98.62%) 29 vote[s]

Total views 36,462 (Today 27 )