4.9 / 5 - (8 votes)

CrossRider, Potentially Unwanted Software.

CrossRider is a family of Optional Potentially Unwanted Software with adware, browser hijacker and spam functionality. 

It adds other programs without the user's knowledge. It pollutes storage units and/or the Registry Base.

It installs with random program names like “Savings Wave","Video-high","BrowsersAppProPlus" or "MedPlayV3“. It collects your browsing habits and communicates them to a server (Tracking).

Potentially Unwanted Software (PUP/LPI) can launch services, start scheduled tasks, and create shortcuts on your Desktop. All these operations are done with or without your consent according to the terms of its user contract. Once installed, an LPI can modify certain parameters of your browsers such as search pages, the start page or even your error page. It can collect your browsing habits and communicate them to a server using the tracking method. While browsing, it may display advertisements (coupons) and advertising banners (popups). The goal of this program is often to make money by generating web traffic to sponsored sites.


Potentially unwanted software (LPI) or Potentialy Unwanted Programs (PUP) are the cause of many infections. The most common example is adware. InstallCore, Crossrider, Graftor ou Boxore which pollute the Registry and your data storage units. They are usually installed without your knowledge by downloading freeware. Indeed some sites use the repackaging method, an operation which consists of redoing the software installation module by adding download options. These options allow you to add other software such as browser toolbars, adware, potentially unwanted software, intrusive advertising software, or even browser hijackers.


Spyware (spyware) and adware (adwares) unwanted files, just like malware, can use the writing flaws of legitimate software or those of operating systems. It is therefore essential to have official software and that it has automatic updating. Likewise, your Windows operating system must be programmed in automatic update mode and activated, so that you can have the latest updates for critical security vulnerabilities.

Crossrider

TECHNICAL ELEMENTS

 Features

– It installs as a process launched at system startup (RP),
– It installs an extension program for the Google Chrome (G2) browser
– It installs extension programs for the Mozilla Firefox (M2) browser:
– It is installed as a BHO (Browser Helper Object) of Internet Browser (O2),
– It is installed in the Registry Base in order to be launched each time the system starts (O4)
– It starts a scheduled task automatically (O39),
– It is installed as a program (O42),
– It creates multiple “Software” registry keys,
– It modifies the Internet search provider (O69),
– It pollutes the Registry base with many keys and values ​​(O88),

 Associate Editors

BetterDeals,
CinamHDPure
Corporate Inc,
Freeven,
Innovative Apps,
LKB boby soft

 Preview in reports

Recorded on 19/05/2013
Numéro de série : 15BE65185D88F5DE7A3448CCA2ADF5A7
Serial number: 3CA29099B9BFC9588C192E76F20EAF86
Serial number: 35A869FCC12511DF6082FA913302AD11
[MD5.4239A0205C7C210A2787E2E8197C4AC8] – (.shift – Friven_s_Pro_16 exe.) — C:\Program Files (x86)\Friven_s_Pro_16\Friven_s_Pro_16-nova.exe [593768] [PID.2684]
[MD5.0543F3B68F45FA6C641CBB528A3AEA54] – (.shift – Frieven_s_Prox_1.8 exe.) — C:\program files (x86)\frieven_s_prox_1.8\frieven_s_prox_1.8-bg.exe [577384] [PID.8456]
[MD5.B723D7C2793B20EFB42AA9B8E8889D80] [SPRF][24/07/2014] (.Dwnloader – Dwnloader Setup.) — D:\Office\Setup.exe [414200]
[MD5.7E20B594C938AB70D9DC4E5E6B365F38] – (…) — C:\Users\Coolman\AppData\Local\fabulous_07261115\fabulous_07261115.exe [2293760] [PID.1424]
[MD5.75EF5C0ABD3306D094B23C03BBECBDEC] – (.Corporate Inc – winservice86 exe.) — C:\Program Files (x86)\winservice86\721bec50-90c3-42e5-9ee9-a7a3f064a495.exe [370544] [PID.1924]
[MD5.13B8012D03A1BBA6AD4CA241A4D19E69] – (.No owner – Torpedo.) — C:\Program Files\videos+ MediaPlayer+\1cc062c8-4b55-4e61-9226-b044dded3960.exe [32152] [PID.2984]
G2 – GCE: Preference [User Data\Default] [lglkfgcmohcdajpldlnhjjiojjgkbmhm] Savings Wave v.1.23.65 (Disabled)
G2 – GCE: Preference [User Data\Default] [pgjflcoiggljdahilbdhjodelfpgaebm] Color FB v.1.23.97, (Disabled)
G2 – GCE: Preference [User Data\Default] [fglhnbihmeinbfgalpnaiembmdhfijli] Feven v.1.23.23, (Enabled)
G2 – GCE: Preference [User Data\Default] [hjghiofiijcepdnocbgefbdlbckjfheg] Feven Pro 1.1 v.1.26.18, (Enabled)
G2 – GCE: Preference [User Data\Default] [kigpmgkoelepakabiliblldhdpnidcod] Shop-Up v.1.24.6 (Enabled)
G2 – GCE: Preference [User Data\Default] [deghekbbihbapplmbffglehkdhkeibbm] HQVid1.9v3 v.1.26.35, (Enabled)
G2 – GCE: Preference [User Data\Default] [lgonpmchaeokedifbjenbcnjcdefdceg] FLV Player Addon v.1.26.35, (Enabled)
G2 – GCE: Preference [User Data\Default] [dmgpbjjcdccinnndjdgmegndbmhbgglb] Fpro1.2 v.1.26.29, (Enabled) //Be careful with PDFpro1 LEGITIMATE
G2 – GCE: Preference [User Data\Default] [majjphhgppkndjjkmhhnbgafooenebhd] MPlayerplus v.1.26.31, (Enabled)
G2 – GCE: Preference [User Data\Default] [ceenmgoldhkkegcnlieacjjhndklllkp] Frevens Pro 12 v.1.26.15, (Enabled)
G2 – GCE: Preference [User Data\Default] [fbjkggpkjbbmknmckfdelgiebjfhlklj] AllSaver v.1.4 (Enabled)
G2 – GCE: Preference [User Data\Default] [lndipknmjijnalnkamonmljeaojdbpna] Week Index v.0.1 (Enabled)
G2 – GCE: Preference [User Data\Default] [ceenmgoldhkkegcnlieacjjhndklllkp] Frieven_s_Prox_1.8 v.1.26.18, (Enabled)
G2 – GCE: Preference [User Data\Default] [mfhkgfigejkhikbkfkkglinnkfojkdek] Clock View v.0.1 (Enabled)
G2 – GCE: Preference [User Data\Default] [ldikpdnngdmeceeameoaannjilbjppnm] Custom Print v.0.1, (Enabled)
G2 – GCE: Preference [User Data\Default] [ookcommfdhjlndngjeppjcolccnkjgho] Favicon Grabber v.0.1 (Enabled)
G2 – GCE: Preference [User Data\Default] [dnaojefanpmakfgcaliphepgoiiafmpf] video MediaPlay-Air v.1.26.35, (Enabled)
G2 – GCE: Preference [User Data\Default] [mpfeggemggokijeahnacacopejaabljl] Plus-HD-2.6 v.1.23.7, (Enabled)
G2 – GCE: Preference [User Data\Default] [ffhfoagmjcnkolneahbpagjcjjaeofbg] Browsers App v.1.26.10, (Enabled)
G2 – GCE: Preference [User Data\Default] [hcbpgfdicpejhfdgnpnggefimkncelki] Auto Clip v.0.1 (Enabled)
G2 – GCE: Preference [User Data\Default] [kpiglpdbbmcnncekagalndhikllimchm] Reddit this! v.0.1 (Enabled)
G2 – GCE: Preference [User Data\Default] [onlnnachibjmjahfpoemhledlpakoicg] Remove Bloat! v.0.1 (Enabled)
G2 – GCE: Preference [User Data\Default] [eeibjhjmddgcdbniedjoghdgbofbecad] Wiki Like v.0.1, (Enabled)
G2 – GCE: Preference [User Data\Default] [dndpbhehbclolnjdfholblgioegcadih] BobyLyrics-15 v.1.25.15, (Enabled)
G2 – GCE: Preference [User Data\Default] [jfmejhpappjkfglmlfgahliibnfgjibh] HQualityPro-1.6V03.10 v.1.26.33, (Disabled)
G2 – GCE: Preference [User Data\Default] [hoidflomjnnnbiemmkjdjkkialmhbago] Browsers+_App+s+ v.1.26.9, (Enabled)
G2 – GCE: Preference [User Data\Default] [cgbeihidkikgdcoogkeoeconphggdhop] Total-1.8 v.1.26.53, (Enabled)
G2 – GCE: Preference [User Data\Default] [ofaemmlijemfcopjandkcndefpnacabg] HQual2y-v2.5V01.11 v.1.26.76, (Disabled)
G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dndpbhehbclolnjdfholblgioegcadih [BobyLyrics-15]
G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek [Clock View]
G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceenmgoldhkkegcnlieacjjhndklllkp [Frieven_s_Prox_1.8]
G2 – EXT: C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [Text Highlighter]
G2 – EXT: C:\Users\Ryad\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlnnachibjmjahfpoemhledlpakoicg [Remove Bloat!]
G2 – EXT: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeibjhjmddgcdbniedjoghdgbofbecad [Wiki Like]
G2 – EXT: C:\Users\carolephiphi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofaemmlijemfcopjandkcndefpnacabg [HQual2y-v2.5V01.11]
M2 – MFEP: prefs.js [Coolman – plj96prl.default\crossriderapp12765@crossrider.com] [] Savings Wave v2.0 (..)
M2 – MFEP: prefs.js [Coolman – plj96prl.default\crossriderapp2258@crossrider.com] [] I Want This v5.0.7.0 (..)
M2 – MFEP: prefs.js [Coolman – plj96prl.default\6be3335b-ef79-4b0b-a0ba-b87afbc6f4ad@6bbb4d2e-e33e-4fa5-9b37-934f4fb50182.com] [] Feven v (..)
O2 – BHO: CrossriderApp0012765 [64Bits] – {11111111-1111-1111-1111-110111271165} . (.Innovative Apps – Savings Wave BHO.) — C:\Program Files (x86)\Savings Wave\Savings Wave-bho.dll
O2 – BHO: CrossriderApp0027096 [64Bits] – {11111111-1111-1111-1111-110211701196} . (.Corporate Inc – Services x86 BHO.) — C:\Program Files (x86)\Services x86\Services x86-bho.dll
O2 – BHO: CrossriderApp0031554 [64Bits] – {11111111-1111-1111-1111-110311151154} . (.Feven – Feven BHO.) — C:\Program Files (x86)\Feven\Feven-bho.dll
O2 – BHO: HDvid-Codec V9.0 – {11111111-1111-1111-1111-110511131156}. (…) — c:\program files\hdvid-codec v9.0\HDvid-Codec V9.0-bho.dll
O2 – BHO: CrossriderApp0059599 [64Bits] – {11111111-1111-1111-1111-110511951199} . (.enter – video MediaPlay-Air BHO.) — C:\Program Files (x86)\video MediaPlay-Air\video MediaPlay-Air-bho.dll
O2 – BHO: Vaudix [64Bits] – {33352849-DE7E-1FEA-41E2-A93D67F34C33} . (…) — C:\Program Files (x86)\Vaudix\1Swh5Aa.dll
O2 – BHO: CrossriderApp0043914 [64Bits] – {11111111-1111-1111-1111-110411391114} . (.LKB boby soft – BobyLyrics-15 BHO.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-bho.dll
O2 – BHO: edccb4a004ec01329fbb0fbe6070a3f60063285 – {11111111-1111-1111-1111-110611321185}. (.HDPlus-01TotalV21.09 – TotalPlus01-3.1V21.09 BHO.) — C:\Program Files\TotalPlus01-3.1V21.09\TotalPlus01-3.1V21.09-bho.dll
O2 – BHO: e105fff0f3e80131b6584734478597d40061911 [64Bits] – {11111111-1111-1111-1111-110611191111} . (.iWebar – Ge-Force BHO.) — C:\Program Files (x86)\Ge-Force\Ge-Force-bho.dll
O4 – HKCU\..\Run: [fabulous_07261115] . (…) — c:\users\Coolman\appdata\local\fabulous_07261115\fabulous_07261115.exe
O4 – HKUS\S-1-5-21-1137401237-2199336907-3109346764-1000\..\Run: [fabulous_07261115] . (…) — c:\users\Coolman\appdata\local\fabulous_07261115\fabulous_07261115.exe
[MD5.6B927A0E10DD90F2189F66C3DB9DFAF3] [APT] [Updater12765.exe] (.Innovative Apps.) — C:\Users\Coolman\AppData\Local\Updater12765\Updater12765.exe [210312]
O39 – APT:Automatic Scheduled Task – C:\Windows\Tasks\Feven-chromeinstaller.job [1872]
O39 – APT:Automatic Scheduled Task – C:\Windows\Tasks\Feven-codedownloader.job [1176]
O39 – APT:Automatic Scheduled Task – C:\Windows\Tasks\Feven-enabler.job [1076]
O39 – APT:Automatic Scheduled Task – C:\Windows\Tasks\Feven-firefoxinstaller.job [1796]
O39 – APT:Automatic Scheduled Task – C:\Windows\Tasks\Feven-updater.job [1172]
O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-chromeinstaller.job [1976]
O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-codedownloader.job [1262]
O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-enabler.job [1162]
O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-firefoxinstaller.job [1900]
O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-updater.job [1356]
[MD5.3358CCA51C64ACF4968F0B78B1151B9D] [APT] [Feven-chromeinstaller] (.Feven.) — C:\Program Files (x86)\Feven\Feven-chromeinstaller.exe [464232]
[MD5.0F603FE8B10DB23F94A5891B477F6D91] [APT] [Feven-codedownloader] (.Feven.) — C:\Program Files (x86)\Feven\Feven-codedownloader.exe [478568]
[MD5.2DD33F1BBE254BE24A5B12D648817BC0] [APT] [Feven-enabler] (.Feven.) — C:\Program Files (x86)\Feven\Feven-enabler.exe [345960]
[MD5.DDED161DE2CB30DB7F32701C862693BB] [APT] [Feven-firefoxinstaller] (.Feven.) — C:\Program Files (x86)\Feven\Feven-firefoxinstaller.exe [725352]
[MD5.987F5D34F03D3C6D200C2A9955DC2FA1] [APT] [Feven-updater] (.Feven.) — C:\Program Files (x86)\Feven\Feven-updater.exe [364392]
O39 – APT:Automatic Scheduled Task – C:\Windows\Tasks\TubeSaver-chromeinstaller.job [1296]
O39 – APT:Automatic Scheduled Task – C:\Windows\Tasks\TubeSaver-codedownloader.job [1908]
O39 – APT:Automatic Scheduled Task – C:\Windows\Tasks\TubeSaver-enabler.job [1832]
O39 – APT:Automatic Scheduled Task – C:\Windows\Tasks\TubeSaver-firefoxinstaller.job [1200]
O39 – APT:Automatic Scheduled Task – C:\Windows\Tasks\TubeSaver-updater.job [1100]
O39 – APT:Automatic Scheduled Task – C:\WINDOWS\Tasks\video-high-codedownloader.job [1446]
O39 – APT:Automatic Scheduled Task – C:\WINDOWS\Tasks\video-high-enabler.job [1346]
O39 – APT:Automatic Scheduled Task – C:\WINDOWS\Tasks\video-high-firefoxinstaller.job [2506]
O39 – APT:Automatic Scheduled Task – C:\WINDOWS\Tasks\video-high-updater.job [1492]
[MD5.1F1C07E7DE9A70D97E11E7C083FA2331] [APT] [OnlineHD V6.0-chromeinstaller] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-chromeinstaller.exe [817664]
[MD5.178DAF15539807530486B929242CEDA2] [APT] [OnlineHD V6.0-codedownloader] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-codedownloader.exe [523776]
[MD5.8D06AD8D0935BD879E62F2927A7470E0] [APT] [OnlineHD V6.0-firefoxinstaller] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-firefoxinstaller.exe [886272]
[MD5.D05AE10289E2629973013F193F03B70B] [APT] [OnlineHD V6.0-updater] (.installdaddy.) — C:\Program Files (x86)\OnlineHD V6.0\OnlineHD V6.0-updater.exe [353792]
O39 – APT: OnlineHD V6.0-chromeinstaller – (.installdaddy.) — C:\Windows\Tasks\OnlineHD V6.0-chromeinstaller.job [2002]
O39 – APT: OnlineHD V6.0-chromeinstaller – (.installdaddy.) — C:\Windows\System32\Tasks\OnlineHD V6.0-chromeinstaller [2002]
O39 – APT: OnlineHD V6.0-codedownloader – (.installdaddy.) — C:\Windows\Tasks\OnlineHD V6.0-codedownloader.job [1244]
O39 – APT: OnlineHD V6.0-codedownloader – (.installdaddy.) — C:\Windows\System32\Tasks\OnlineHD V6.0-codedownloader [1244]
O39 – APT: OnlineHD V6.0-enabler – (…) — C:\Windows\Tasks\OnlineHD V6.0-enabler.job [1154]
O39 – APT: OnlineHD V6.0-enabler – (…) — C:\Windows\System32\Tasks\OnlineHD V6.0-enabler [1154]
O39 – APT: OnlineHD V6.0-firefoxinstaller – (.installdaddy.) — C:\Windows\Tasks\OnlineHD V6.0-firefoxinstaller.job [2236]
O39 – APT: OnlineHD V6.0-firefoxinstaller – (.installdaddy.) — C:\Windows\System32\Tasks\OnlineHD V6.0-firefoxinstaller [2236]
O39 – APT: OnlineHD V6.0-updater – (.installdaddy.) — C:\Windows\Tasks\OnlineHD V6.0-updater.job [1352]
O39 – APT: OnlineHD V6.0-updater – (.installdaddy.) — C:\Windows\System32\Tasks\OnlineHD V6.0-updater [1352]
[MD5.FD4B699623E3BFCD0F23B1DCC290A208] [APT] [BobyLyrics-15-chromeinstaller] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-chromeinstaller.exe [471040]
[MD5.147579A8789B144AAAC67258297963A1] [APT] [BobyLyrics-15-codedownloader] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-codedownloader.exe [494592]
[MD5.3829BEB6C6E5E6EE689DAEF19419236A] [APT] [BobyLyrics-15-enabler] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-enabler.exe [355840]
[MD5.91CEF1E7BC7CC35BFB4BE523CB509567] [APT] [BobyLyrics-15-firefoxinstaller] (.LKB boby soft.) — C:\Program Files (x86)\BobyLyrics-15\BobyLyrics-15-firefoxinstaller.exe [732160]
61F330E3F24D8FBDD3A7A02F7F52FEBF] [APT] [55d88d94-6b9b-4c81-bb2c-9653d27581f8-1] (.HDPlus-01TotalV21.09.) — C:\Program Files\TotalPlus01-3.1V21.09\TotalPlus01-3.1V21.09-codedownloader.exe [1110936]
[MD5.66EFD4D54C14927D74DD590E6CD29A5B] [APT] [55d88d94-6b9b-4c81-bb2c-9653d27581f8-11] (.HDPlus-01TotalV21.09.) — C:\Program Files\TotalPlus01-3.1V21.09\55d88d94-6b9b-4c81-bb2c-9653d27581f8-11.exe [1965464]
O39 – APT: ca4b525e-2a52-4c7a-a4ec-2d6f975fd891-11 – (.smarts.) — C:\Windows\System32\Tasks\ca4b525e-2a52-4c7a-a4ec-2d6f975fd891-11 [4490]
O39 – APT: ca4b525e-2a52-4c7a-a4ec-2d6f975fd891-5_user – (.smarts.) — C:\Windows\Tasks\ca4b525e-2a52-4c7a-a4ec-2d6f975fd891-5_user.job [1696]
[MD5.CE6C8D1B2BE9E1C93E150C0BA518E03F] [APT] [d1d2c144-47e8-4a2a-8b2a-51a0abf46219-4] (.HighD7.) — C:\Program Files (x86)\HighD-V11\d1d2c144-47e8-4a2a-8b2a-51a0abf46219-4.exe [1435512]
[MD5.94664AD21A2B6383BA1BE658B2C7F6C0] [APT] [dc28f4f3-f705-4d8e-a99d-369241422a99] (…) — C:\Program Files (x86)\HighD-V11\dc28f4f3-f705-4d8e-a99d-369241422a99.exe [32120]


O42 – Software: Savings Wave – (.Innovative Apps.) [HKLM][64Bits] — Savings Wave
O42 – Software: x86 Services – (.Corporate Inc.) [HKLM][64Bits] — x86 Services
O42 – Software: video-high – (.videohq.) [HKLM] — video-high
O42 – Software: BetterDeals-11 – (.BetterDeals.) [HKLM][64Bits] — BetterDeals-11
O42 – Software: Fpro1.2 – (.Freeven.) [HKLM] — Fpro1.2
O42 – Software: MPlayerplus – (.Freeven.) [HKLM] — MPlayerplus
O42 – Software: video MediaPlay-Air – (.enter.) [HKLM][64Bits] — video MediaPlay-Air
O42 – Software: HQPureV1.8 – (.HQPure.) [HKLM][64Bits] — HQPureV1.8
O42 – Software: Fabulous discounts – (…) [HKCU] — fabulous_07261115
O42 – Software: Browsers App – (.browser.) [HKLM][64Bits] — Browsers App
O42 – Software: CinamHDPureV9.5 – (.CinamHDPure.) [HKLM][64Bits] — CinamHDPureV9.5
O42 – Software: BobyLyrics-15 – (.LKB boby soft.) [HKLM][64Bits] — BobyLyrics-15
O42 – Software: TotalPlus01-3.1V21.09 – (.HDPlus-01TotalV21.09.) [HKLM] — TotalPlus01-3.1V21.09
O42 – Software: BrowsersAppProPlus-v2.3 – (.browser.) [HKLM][64Bits] — BrowsersAppProPlus-v2.3
O42 – Software: BrowserPlusBApps_version10.1 – (.App.) [HKLM][64Bits] — BrowserPlusBApps_version10.1
O42 – Software: BROsrAppsEd3 – (.BrowserServiApp23.) [HKLM] — BROsrAppsEd3
O42 – Software: MPPlayvideoEd2.0 – (.MediaProPlayer+.) [HKLM] — MPPlayvideoEd2.0
O42 – Software: MedPlayV3.1 – (.PlayersMComp.) [HKLM] — MedPlayV3.1
[HKLM\Software\Wow6432Node\Services x86]
[HKCU\Software\AppDataLow\Software\Services x86]
[HKCU\Software\AppDataLow\Software\Crossrider]
[HKCU\Software\AppDataLow\Software\Savings Wave]
[HKCU\Software\Cr_Installer]
[HKLM\Software\Shop-Up]
[HKCU\Software\video-high]
[HKCU\Software\AppDataLow\Software\Frieven_s_Prox_1.8]
[HKCU\Software\AppDataLow\Software\video MediaPlay-Air]
[HKCU\Software\fabulous]
[HKCU\Software\AppDataLow\Software\Browsers App]
[HKLM\Software\Wow6432Node\CinamHDPureV9.5-nv]
[HKCU\Software\AppDataLow\Software\BobyLyrics-15]
[HKLM\Software\Wow6432Node\V-9.1HQ-nv]
[HKCU\Software\AppDataLow\Software\winservice86]
[HKLM\Software\Wow6432Node\winservice86-nv]
[HKLM\Software\Wow6432Node\winservice86]
[HKCU\Software\AppDataLow\Software\TotalPlus01-3.1V21.09]
[HKCU\Software\HBLDI]
[HKLM\Software\Browsers+_App+s+-nv]
[HKLM\Software\Browsers+_App+s+]
[HKCU\Software\AppDataLow\Software\BrowsersAppProPlus-v2.3]
[HKLM\Software\HQual2y-v2.5V01.11-nv]
[HKLM\Software\Wow6432Node\HQual2y-v2.5V01.11-nv]
[HKLM\Software\Wow6432Node\VideoMedia+Player_v2.3-nv]
[HKCU\Software\AppDataLow\Software\HD_Quality_v1.1V21.11]
[HKCU\Software\AppDataLow\Software\I – Cinema]
[HKLM\Software\Wow6432Node\I – Cinema-nv]
[HKLM\Software\Wow6432Node\Ge-Force]
[HKCU\Software\SavePass 1.1-nv]
[HKCU\Software\SavePass 1.1]
[HKCU\Software\Sense-nv]
[HKLM\Software\CinPlus-2.4cV03.12-nv]
O43 – CFD: 07/04/2013 – 00:38:19 – [0,009] —-DC:\Users\Coolman\AppData\Local\Services x86
O43 – CFD: 02/04/2013 – 18:59:59 – [0] —-DC:\Users\Coolman\AppData\Local\Savings Wave
O43 – CFD: 18/05/2013 – 17:52:32 – [0,201] —-DC:\Users\Coolman\AppData\Local\Updater12765
O43 – CFD: 20/05/2013 – 15:11:27 – [4,447] —-DC:\Program Files (x86)\Services x86
O43 – CFD: 06/10/2013 – 21:26:41 – [5,338] —-DC:\Program Files\Shop-Up
O43 – CFD: 09/03/2014 – 19:01:31 – [5,541] —-DC:\Program Files\video-high
O43 – CFD: 25/04/2014 – 03:20:22 – [] —-DC:\Program Files (x86)\BetterDeals-11
O43 – CFD: 11/05/2014 – 21:29:15 – [] —-DC:\Program Files (x86)\BobyLyrics-15
O43 – CFD: 09/06/2014 – 19:01:31 – [] —-D c:\program files\HDvid-Codec V9.0
O43 – CFD: 09/06/2014 – 19:01:31 – [] —-D c:\program files\hdvidcodec.com
O43 – CFD: 23/07/2014 – 02:07:42 – [] —-DC:\Program Files (x86)\video MediaPlay-Air
O43 – CFD: 22/07/2014 – 23:17:02 – [] —-DC:\Program Files (x86)\HQPureV1.8
O43 – CFD: 26/07/2014 – 13:15:32 PM – [] —-DC:\Users\Coolman\AppData\Local\fabulous_07261115
O43 – CFD: 31/07/2014 – 20:07:44 – [] —-DC:\Program Files (x86)\Browsers App
O43 – CFD: 18/08/2014 – 01:36:34 – [] —-DC:\Program Files (x86)\CinamHDPureV9.5
O43 – CFD: 16/09/2014 – 19:47:05 – [] —-DC:\Program Files (x86)\winservice86
O43 – CFD: 21/09/2014 – 17:06:31 – [] —-DC:\Program Files\TotalPlus01-3.1V21.09
O43 – CFD: 02/12/2014 – 14:16:48 – [] —-DC:\Program Files (x86)\Ge-Force
O43 – CFD: 01/12/2014 – 16:25:24 – [0] —-DC:\Program Files\Cinema Video Pro 2.1V14.11
O43 – CFD: 15/02/2015 – 22:43:22 – [] —-DC:\Program Files\MedPlayV3.1
O61 – LFC: 18/05/2013 – 16:54:35 —A- C:\Users\Coolman\AppData\Roaming\Desk 365\icons\chrome_1da37a02e412dbdb6c2392f85ed86555.ico [55773]
O61 – LFC: 18/05/2013 – 16:54:35 —A- C:\Users\Coolman\AppData\Roaming\Desk 365\icons\firefox_266215028a0bf0cee2a4f5132062976d.ico [295606]
O61 – LFC: 26/07/2014 – 13:17:01 p.m. —A- . (…) — C:\Users\Coolman\AppData\Local\fabulous_07261115\fabulous_07261115.exe [2293760]
O69 – SBI: prefs.js [Coolman – rwby5je5.default] user_pref(“extensions.crossrider.bic”, “13de1811d542bec9b2bf2643f3b612eb”);
O69 – SBI: prefs.js [Coolman – tlj96prl.default] user_pref(“extensions.crossriderapp12765.12765.InstallationThankYouPage”, true);
[HKCR\CLSID\{22222222-2222-2222-2222-220522312272}] (CrossriderApp0053172.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}] (CrossriderApp0054246.Sandbox) =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savings Wave]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Services x86]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BetterDeals-11]
[HKLM\Software\Wow6432Node\Services x86]
[HKCU\Software\AppDataLow\Software\Services x86]
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211701196}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211701196}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211701196}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110211701196}]
[HKCU\Software\AppDataLow\Software\Crossrider]
[HKCU\Software\AppDataLow\Software\Savings Wave]
[HKCU\Software\Cr_Installer]
[HKLM\Software\Classes\CrossriderApp0002258.BHO.1]
[HKLM\Software\Classes\CrossriderApp0002258.FBApi.1]
[HKLM\Software\Classes\CrossriderApp0002258.Sandbox.1]
[HKLM\Software\Google\Chrome\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm]
[HKLM\Software\Google\Chrome\Extensions\kigpmgkoelepakabiliblldhdpnidcod]
C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm
C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod
C:\Users\Coolman\AppData\Local\Services x86
C:\Users\Coolman\AppData\Local\Savings Wave
C:\Users\Coolman\AppData\Local\Updater12765
C:\Program Files (x86)\Services x86
C:\Program Files (x86)\Feven
C:\Program Files\Shop-Up
C:\WINDOWS\tasks\Shop-Up-updater.job
C:\WINDOWS\tasks\Shop-Up-enabler.job
C:\WINDOWS\tasks\Shop-Up-chromeinstaller.job
C:\WINDOWS\tasks\Shop-Up-firefoxinstaller.job
C:\WINDOWS\tasks\Shop-Up-codedownloader.job
C:\Program Files (x86)\Shop-Up
C:\Program Files (x86)\Shop-Up\Shop-Up-updater.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-firefoxinstaller.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-enabler.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-codedownloader.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-chromeinstaller.exe
C:\Program Files (x86)\BetterDeals-11
C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhkgfigejkhikbkfkkglinnkfojkdek\1.26.10_0\crossrider
C:\Windows\Tasks\HDvid-Codec V9.0-chromeinstaller.job
C:\Windows\System32\Tasks\HDvid-Codec V9.0-chromeinstaller
C:\Windows\Tasks\HDvid-Codec V9.0-codedownloader.job
C:\Windows\System32\Tasks\HDvid-Codec V9.0-codedownloader
C:\Windows\Tasks\HDvid-Codec V9.0-enabler.job
C:\Windows\System32\Tasks\HDvid-Codec V9.0-enabler
C:\Windows\Tasks\HDvid-Codec V9.0-firefoxinstaller.job
C:\Windows\System32\Tasks\HDvid-Codec V9.0-firefoxinstaller
C:\Windows\Tasks\HDvid-Codec V9.0-updater.job
C:\Windows\System32\Tasks\HDvid-Codec V9.0-updater
C:\Program Files (x86)\Ultimate Companion\ultimate_companion_helper_service.exe

Recorded on 22/06/2016
[MD5.237AAA173D673B77740BE6AE3359AE47] – (…) — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\hnsyEE62.tmp [138240] [PID.2096]
[MD5.AB798F6DF51BCCB31E1E42E5F77ACB4F] – (…) — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\jnstD52B.tmp [244224] [PID.2260]
[MD5.5247686493366E09A2C4BF0C9A9369D9] – (…) — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\knsq79B2.tmp [356352] [PID.4660]
SR – Auto [22/06/2016] [244224] Renew Single Click (dowidoly) . (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\jnstD52B.tmp
SR – Auto [22/06/2016] [138240] Reservation Plastic (rijufoze). (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\hnsyEE62.tmp
SR – Auto [22/06/2016] [356352] Check Default (vopudypezbt). (…) – C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A\knsq79B2.tmp
O43 – CFD: 22/06/2016 – [] D — C:\Program Files (x86)\4C4C4544-1466548252-3510-8052-C7C04F4B344A
HKLM\SYSTEM\CurrentControlSet\Services\dowidoly
HKLM\SYSTEM\CurrentControlSet\Services\rijufoze
HKLM\SYSTEM\CurrentControlSet\Services\vopudypezbt

Recorded on 11/03/2017
FOUND file: C:\Users\Coolman\AppData\Roaming\Kyubey\Kyubey.exe
FOUND folder: C:\Users\Coolman\AppData\Roaming\Kyubey
FOUND key: HKLM\SYSTEM\CurrentControlSet\Services\Kyubey [C:\Users\Coolman\AppData\Roaming\Kyubey\Kyubey.exe

 Alias

PUP.Optional.Crossrider [Malwarebytes]
Adware.CrossRider [Malwarebytes]
a variant of Win32/Toolbar.CrossRider.AX [ESET-NOD32]

HOW TO REMOVE CrossRider?

Delete with Windows

Delete with ZHPCleaner

   Delete with ZHPSuite

Responsibility :   The principle of absence of responsibility of the original site, with regard to the contents of the targeted target sites, is recalled by the judgment of September 19, 2001 of the Paris Court of Appeal. The comments I make here reflect my opinion and are suggestions - the visitor is not obliged to follow them.

About the Author

Leave comments

Back to top