Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for Plus-HighD

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,372 posts

Content is republished with permission from Malwarebytes.

 

What is Plus-HighD?
 
The Malwarebytes research team has determined that Plus-HighD is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements.
 
How do I know if my computer is affected by Plus-HighD?
 
You may see these browser extensions/add-ons:
 
warning1.png
 
warning2.png
 
warning3.png
 
and this entry in your list of installed programs:
 
warning4.png
 
How did Plus-HighD get on my computer?
 
Browser hijackers use different methods for distributing themselves. This particular one was offered as a video enhancing browser extension.
 
How do I remove Plus-HighD?
 
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
  • Enable free trial of Malwarebytes Anti-Malware Premium
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
  •  
    Is there anything else I need to do to get rid of Plus-HighD?
     
  • The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the Plus-HighD listing. Then confirm removal.
  • How would the full version of Malwarebytes Anti-Malware help protect me?
     
    We hope our application and this guide have helped you eradicate this hijacker.  
     
    As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Plus-HighD browser hijacker.  It would have warned you before the potentially unwanted program could install itself, giving you a chance to stop it before it became too late.
     

    protection1.png

    Technical details for experts
     
    Signs in a HijackThis log:
    O2 - BHO: CrossriderApp0053098 - {11111111-1111-1111-1111-110511301198} - C:\Program Files\Plus-HighD-ver9.3\Plus-HighD-ver9.3-bho.dll
    
     
    Alterations made by the installer:
    File system details  
    ---------------------------------------------
        Adds the folder C:\Program Files\Plus-HighD-ver9.3
           Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-2.exe"="4/9/2014 7:11 AM, 333824 bytes, A
           Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-3.exe"="4/9/2014 7:11 AM, 1861120 bytes, A
           Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-4.exe"="4/9/2014 7:11 AM, 796672 bytes, A
           Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-5.exe"="4/9/2014 7:11 AM, 321536 bytes, A
           Adds the file 53098.crx"="4/9/2014 7:11 AM, 273078 bytes, A
           Adds the file 53098.xpi"="4/9/2014 7:11 AM, 309823 bytes, A
           Adds the file background.html"="4/3/2014 4:47 PM, 729 bytes, A
           Adds the file Plus-HighD-ver9.3.ico"="4/3/2014 4:47 PM, 9662 bytes, A
           Adds the file Plus-HighD-ver9.3-bg.exe"="4/9/2014 7:11 AM, 519168 bytes, A
           Adds the file Plus-HighD-ver9.3-bho.dll"="4/9/2014 7:11 AM, 495104 bytes, A
           Adds the file Plus-HighD-ver9.3-codedownloader.exe"="4/9/2014 7:11 AM, 477696 bytes, A
           Adds the file Uninstall.exe"="4/9/2014 7:11 AM, 78336 bytes, A
           Adds the file utils.exe"="4/9/2014 7:11 AM, 2141693 bytes, A
        Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0
           Adds the file background.html"="4/9/2014 7:11 AM, 1705 bytes, A
           Adds the file chromeCoreFilesIndex.txt"="4/9/2014 7:11 AM, 853 bytes, A
           Adds the file crossriderManifest.json"="4/9/2014 7:11 AM, 528 bytes, A
           Adds the file manifest.json"="4/9/2014 7:11 AM, 1123 bytes, A
           Adds the file popup.html"="4/9/2014 7:11 AM, 139 bytes, A
        Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData
           Adds the file manifest.xml"="4/9/2014 7:11 AM, 1739 bytes, A
           Adds the file plugins.json"="4/9/2014 7:11 AM, 11735 bytes, A
        Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData\plugins
           Adds the file 1.js"="4/9/2014 7:11 AM, 6794 bytes, A
           Adds the file 102.js"="4/9/2014 7:11 AM, 2048 bytes, A
           Adds the file 103.js"="4/9/2014 7:11 AM, 2296 bytes, A
           Adds the file 104.js"="4/9/2014 7:11 AM, 1289 bytes, A
           Adds the file 119.js"="4/9/2014 7:11 AM, 5012 bytes, A
           Adds the file 123.js"="4/9/2014 7:11 AM, 697 bytes, A
           Adds the file 13.js"="4/9/2014 7:11 AM, 6993 bytes, A
           Adds the file 14.js"="4/9/2014 7:11 AM, 20752 bytes, A
           Adds the file 155.js"="4/9/2014 7:11 AM, 449 bytes, A
           Adds the file 17.js"="4/9/2014 7:11 AM, 79864 bytes, A
           Adds the file 177.js"="4/9/2014 7:11 AM, 31088 bytes, A
           Adds the file 179.js"="4/9/2014 7:11 AM, 704 bytes, A
           Adds the file 180.js"="4/9/2014 7:11 AM, 804 bytes, A
           Adds the file 182.js"="4/9/2014 7:11 AM, 14181 bytes, A
           Adds the file 183.js"="4/9/2014 7:11 AM, 2427 bytes, A
           Adds the file 184.js"="4/9/2014 7:11 AM, 1273 bytes, A
           Adds the file 19.js"="4/9/2014 7:11 AM, 7001 bytes, A
           Adds the file 190.js"="4/9/2014 7:11 AM, 2294 bytes, A
           Adds the file 191.js"="4/9/2014 7:11 AM, 1153 bytes, A
           Adds the file 195.js"="4/9/2014 7:11 AM, 378 bytes, A
           Adds the file 207.js"="4/9/2014 7:11 AM, 1537 bytes, A
           Adds the file 21.js"="4/9/2014 7:11 AM, 3560 bytes, A
           Adds the file 22.js"="4/9/2014 7:11 AM, 8958 bytes, A
           Adds the file 220.js"="4/9/2014 7:11 AM, 47120 bytes, A
           Adds the file 221.js"="4/9/2014 7:11 AM, 383 bytes, A
           Adds the file 223.js"="4/9/2014 7:11 AM, 453 bytes, A
           Adds the file 231.js"="4/9/2014 7:11 AM, 706 bytes, A
           Adds the file 232.js"="4/9/2014 7:11 AM, 703 bytes, A
           Adds the file 236.js"="4/9/2014 7:11 AM, 416 bytes, A
           Adds the file 242.js"="4/9/2014 7:11 AM, 1057 bytes, A
           Adds the file 244.js"="4/9/2014 7:11 AM, 470 bytes, A
           Adds the file 246.js"="4/9/2014 7:11 AM, 2049 bytes, A
           Adds the file 28.js"="4/9/2014 7:11 AM, 536 bytes, A
           Adds the file 4.js"="4/9/2014 7:11 AM, 94050 bytes, A
           Adds the file 47.js"="4/9/2014 7:11 AM, 7574 bytes, A
           Adds the file 64.js"="4/9/2014 7:11 AM, 2200 bytes, A
           Adds the file 7.js"="4/9/2014 7:11 AM, 685 bytes, A
           Adds the file 72.js"="4/9/2014 7:11 AM, 46062 bytes, A
           Adds the file 78.js"="4/9/2014 7:11 AM, 3187 bytes, A
           Adds the file 80.js"="4/9/2014 7:11 AM, 62 bytes, A
           Adds the file 9.js"="4/9/2014 7:11 AM, 2143 bytes, A
           Adds the file 91.js"="4/9/2014 7:11 AM, 151095 bytes, A
           Adds the file 93.js"="4/9/2014 7:11 AM, 560 bytes, A
           Adds the file 97.js"="4/9/2014 7:11 AM, 3157 bytes, A
        Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData\userCode
           Adds the file background.js"="4/9/2014 7:11 AM, 814 bytes, A
           Adds the file extension.js"="4/9/2014 7:11 AM, 737 bytes, A
        Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\icons
           Adds the file icon128.png"="4/9/2014 7:11 AM, 3997 bytes, A
           Adds the file icon16.png"="4/9/2014 7:11 AM, 1137 bytes, A
           Adds the file icon48.png"="4/9/2014 7:11 AM, 2245 bytes, A
        Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\icons\actions
           Adds the file 1.png"="4/9/2014 7:11 AM, 1223 bytes, A
        Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js
           Adds the file background.js"="4/9/2014 7:11 AM, 34941 bytes, A
           Adds the file main.js"="4/9/2014 7:11 AM, 8491 bytes, A
           Adds the file platformVersion.js"="4/9/2014 7:11 AM, 409 bytes, A
        Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\api
           Adds the file chrome.js"="4/9/2014 7:11 AM, 11499 bytes, A
           Adds the file cookie.js"="4/9/2014 7:11 AM, 11743 bytes, A
           Adds the file message.js"="4/9/2014 7:11 AM, 3346 bytes, A
           Adds the file monitor.js"="4/9/2014 7:11 AM, 2039 bytes, A
           Adds the file pageAction.js"="4/9/2014 7:11 AM, 1737 bytes, A
           Adds the file pageActionBG.js"="4/9/2014 7:11 AM, 2519 bytes, A
        Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\lib
           Adds the file app_api.js"="4/9/2014 7:11 AM, 6697 bytes, A
           Adds the file bg_app_api.js"="4/9/2014 7:11 AM, 4729 bytes, A
           Adds the file consts.js"="4/9/2014 7:11 AM, 429 bytes, A
           Adds the file cookie_store.js"="4/9/2014 7:11 AM, 5905 bytes, A
           Adds the file crossriderAPI.js"="4/9/2014 7:11 AM, 11366 bytes, A
           Adds the file delegate.js"="4/9/2014 7:11 AM, 2002 bytes, A
           Adds the file events.js"="4/9/2014 7:11 AM, 5757 bytes, A
           Adds the file extensionDataStore.js"="4/9/2014 7:11 AM, 6817 bytes, A
           Adds the file installer.js"="4/9/2014 7:11 AM, 780 bytes, A
           Adds the file logFile.js"="4/9/2014 7:11 AM, 775 bytes, A
           Adds the file logging.js"="4/9/2014 7:11 AM, 944 bytes, A
           Adds the file onBGDocumentLoad.js"="4/9/2014 7:11 AM, 480 bytes, A
           Adds the file reports.js"="4/9/2014 7:11 AM, 4949 bytes, A
           Adds the file storageWrapper.js"="4/9/2014 7:11 AM, 903 bytes, A
           Adds the file updateManager.js"="4/9/2014 7:11 AM, 8324 bytes, A
           Adds the file util.js"="4/9/2014 7:11 AM, 5142 bytes, A
           Adds the file xhr.js"="4/9/2014 7:11 AM, 2699 bytes, A
        Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\lib\popupResource
           Adds the file newPopup.js"="4/9/2014 7:11 AM, 40 bytes, A
           Adds the file popup.js"="4/9/2014 7:11 AM, 45 bytes, A
        Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]d73cee452.com
           Adds the file chrome.manifest"="4/9/2014 7:11 AM, 732 bytes, A
           Adds the file install.rdf"="4/9/2014 7:11 AM, 1375 bytes, A
        Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]d73cee452.com\chrome\content
           Adds the file api.js"="4/9/2014 7:11 AM, 18796 bytes, A
           Adds the file background.html"="4/9/2014 7:11 AM, 2001 bytes, A
           Adds the file baseObject.js"="4/9/2014 7:11 AM, 19 bytes, A
           Adds the file browser.xul"="4/9/2014 7:11 AM, 4825 bytes, A
           Adds the file dialog.js"="4/9/2014 7:11 AM, 1343 bytes, A
           Adds the file ffCoreFilesIndex.txt"="4/9/2014 7:11 AM, 1052 bytes, A
           Adds the file main.js"="4/9/2014 7:11 AM, 18708 bytes, A
           Adds the file options.js"="4/9/2014 7:11 AM, 1931 bytes, A
           Adds the file options.xul"="4/9/2014 7:11 AM, 1913 bytes, A
           Adds the file platformVersion.js"="4/9/2014 7:11 AM, 614 bytes, A
           Adds the file search_dialog.xul"="4/9/2014 7:11 AM, 2457 bytes, A
        Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]d73cee452.com\chrome\content\api
           Adds the file asyncDB.js"="4/9/2014 7:11 AM, 4805 bytes, A
           Adds the file background.js"="4/9/2014 7:11 AM, 1336 bytes, A
           Adds the file browserAction.js"="4/9/2014 7:11 AM, 8906 bytes, A
           Adds the file contextMenu.js"="4/9/2014 7:11 AM, 5359 bytes, A
           Adds the file dbManager.js"="4/9/2014 7:11 AM, 10097 bytes, A
           Adds the file dom_bg.js"="4/9/2014 7:11 AM, 2505 bytes, A
           Adds the file fileManager.js"="4/9/2014 7:11 AM, 943 bytes, A
           Adds the file firefox.js"="4/9/2014 7:11 AM, 353 bytes, A
           Adds the file firefoxNotifications.js"="4/9/2014 7:11 AM, 1116 bytes, A
           Adds the file firefoxOmnibox.js"="4/9/2014 7:11 AM, 1515 bytes, A
           Adds the file message.js"="4/9/2014 7:11 AM, 5210 bytes, A
           Adds the file pageAction.js"="4/9/2014 7:11 AM, 11257 bytes, A
           Adds the file request.js"="4/9/2014 7:11 AM, 2314 bytes, A
           Adds the file tabs.js"="4/9/2014 7:11 AM, 3628 bytes, A
           Adds the file webRequest.js"="4/9/2014 7:11 AM, 5638 bytes, A
           Adds the file windowsMessagingHandler.js"="4/9/2014 7:11 AM, 960 bytes, A
        Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]d73cee452.com\chrome\content\core
           Adds the file addressBarChangeObserver.js"="4/9/2014 7:11 AM, 130 bytes, A
           Adds the file console.js"="4/9/2014 7:11 AM, 1753 bytes, A
           Adds the file consts.js"="4/9/2014 7:11 AM, 2421 bytes, A
           Adds the file delegate.js"="4/9/2014 7:11 AM, 2180 bytes, A
           Adds the file extensionDataStore.js"="4/9/2014 7:11 AM, 10314 bytes, A
           Adds the file folderIOWrapper.js"="4/9/2014 7:11 AM, 3526 bytes, A
           Adds the file httpObserver.js"="4/9/2014 7:11 AM, 2561 bytes, A
           Adds the file IDBWrapper.js"="4/9/2014 7:11 AM, 4692 bytes, A
           Adds the file installer.js"="4/9/2014 7:11 AM, 1320 bytes, A
           Adds the file logFile.js"="4/9/2014 7:11 AM, 1562 bytes, A
           Adds the file prefs.js"="4/9/2014 7:11 AM, 1649 bytes, A
           Adds the file progressListenerObserver.js"="4/9/2014 7:11 AM, 1368 bytes, A
           Adds the file registry.js"="4/9/2014 7:11 AM, 1158 bytes, A
           Adds the file reloadObserver.js"="4/9/2014 7:11 AM, 1527 bytes, A
           Adds the file reports.js"="4/9/2014 7:11 AM, 3975 bytes, A
           Adds the file requestObject.js"="4/9/2014 7:11 AM, 1261 bytes, A
           Adds the file searchSettings.js"="4/9/2014 7:11 AM, 3426 bytes, A
           Adds the file uninstallObserver.js"="4/9/2014 7:11 AM, 2372 bytes, A
           Adds the file updateManager.js"="4/9/2014 7:11 AM, 11480 bytes, A
           Adds the file utils.js"="4/9/2014 7:11 AM, 18746 bytes, A
           Adds the file xhr.js"="4/9/2014 7:11 AM, 2852 bytes, A
        Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]d73cee452.com\defaults\preferences
           Adds the file prefs.js"="4/9/2014 7:11 AM, 3989 bytes, A
        Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]d73cee452.com\extensionData
           Adds the file manifest.xml"="4/9/2014 7:11 AM, 1736 bytes, A
           Adds the file plugins.json"="4/9/2014 7:11 AM, 11520 bytes, A
        Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b[email protected]\extensionData\plugins
           Adds the file 1.js"="4/9/2014 7:11 AM, 6794 bytes, A
           Adds the file 102.js"="4/9/2014 7:11 AM, 2048 bytes, A
           Adds the file 103.js"="4/9/2014 7:11 AM, 2296 bytes, A
           Adds the file 104.js"="4/9/2014 7:11 AM, 1289 bytes, A
           Adds the file 119.js"="4/9/2014 7:11 AM, 5012 bytes, A
           Adds the file 123.js"="4/9/2014 7:11 AM, 697 bytes, A
           Adds the file 13.js"="4/9/2014 7:11 AM, 6993 bytes, A
           Adds the file 14.js"="4/9/2014 7:11 AM, 20752 bytes, A
           Adds the file 155.js"="4/9/2014 7:11 AM, 449 bytes, A
           Adds the file 16.js"="4/9/2014 7:11 AM, 16022 bytes, A
           Adds the file 17.js"="4/9/2014 7:11 AM, 79864 bytes, A
           Adds the file 177.js"="4/9/2014 7:11 AM, 31088 bytes, A
           Adds the file 179.js"="4/9/2014 7:11 AM, 704 bytes, A
           Adds the file 180.js"="4/9/2014 7:11 AM, 804 bytes, A
           Adds the file 182.js"="4/9/2014 7:11 AM, 14181 bytes, A
           Adds the file 183.js"="4/9/2014 7:11 AM, 2427 bytes, A
           Adds the file 184.js"="4/9/2014 7:11 AM, 1273 bytes, A
           Adds the file 190.js"="4/9/2014 7:11 AM, 2294 bytes, A
           Adds the file 191.js"="4/9/2014 7:11 AM, 1153 bytes, A
           Adds the file 195.js"="4/9/2014 7:11 AM, 378 bytes, A
           Adds the file 207.js"="4/9/2014 7:11 AM, 1537 bytes, A
           Adds the file 21.js"="4/9/2014 7:11 AM, 3560 bytes, A
           Adds the file 22.js"="4/9/2014 7:11 AM, 8958 bytes, A
           Adds the file 220.js"="4/9/2014 7:11 AM, 47120 bytes, A
           Adds the file 221.js"="4/9/2014 7:11 AM, 383 bytes, A
           Adds the file 223.js"="4/9/2014 7:11 AM, 453 bytes, A
           Adds the file 231.js"="4/9/2014 7:11 AM, 706 bytes, A
           Adds the file 232.js"="4/9/2014 7:11 AM, 703 bytes, A
           Adds the file 236.js"="4/9/2014 7:11 AM, 416 bytes, A
           Adds the file 242.js"="4/9/2014 7:11 AM, 1057 bytes, A
           Adds the file 244.js"="4/9/2014 7:11 AM, 470 bytes, A
           Adds the file 246.js"="4/9/2014 7:11 AM, 2049 bytes, A
           Adds the file 28.js"="4/9/2014 7:11 AM, 536 bytes, A
           Adds the file 4.js"="4/9/2014 7:11 AM, 94050 bytes, A
           Adds the file 47.js"="4/9/2014 7:11 AM, 7574 bytes, A
           Adds the file 64.js"="4/9/2014 7:11 AM, 2200 bytes, A
           Adds the file 7.js"="4/9/2014 7:11 AM, 685 bytes, A
           Adds the file 72.js"="4/9/2014 7:11 AM, 46062 bytes, A
           Adds the file 78.js"="4/9/2014 7:11 AM, 3187 bytes, A
           Adds the file 9.js"="4/9/2014 7:11 AM, 2143 bytes, A
           Adds the file 91.js"="4/9/2014 7:11 AM, 151095 bytes, A
           Adds the file 93.js"="4/9/2014 7:11 AM, 560 bytes, A
           Adds the file 98.js"="4/9/2014 7:11 AM, 1806 bytes, A
        Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]d73cee452.com\extensionData\userCode
           Adds the file background.js"="4/9/2014 7:11 AM, 814 bytes, A
           Adds the file extension.js"="4/9/2014 7:11 AM, 737 bytes, A
        Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f[email protected]\locale\en-US
           Adds the file translations.dtd"="4/9/2014 7:11 AM, 425 bytes, A
        Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\[email protected]d73cee452.com\skin
           Adds the file button1.png"="4/9/2014 7:11 AM, 1361 bytes, A
           Adds the file button2.png"="4/9/2014 7:11 AM, 1361 bytes, A
           Adds the file button3.png"="4/9/2014 7:11 AM, 1361 bytes, A
           Adds the file button4.png"="4/9/2014 7:11 AM, 1361 bytes, A
           Adds the file button5.png"="4/9/2014 7:11 AM, 1361 bytes, A
           Adds the file crossrider_statusbar.png"="4/9/2014 7:11 AM, 1361 bytes, A
           Adds the file icon128.png"="4/9/2014 7:11 AM, 3997 bytes, A
           Adds the file icon16.png"="4/9/2014 7:11 AM, 1137 bytes, A
           Adds the file icon24.png"="4/9/2014 7:11 AM, 1502 bytes, A
           Adds the file icon48.png"="4/9/2014 7:11 AM, 2245 bytes, A
           Adds the file panelarrow-up.png"="4/9/2014 7:11 AM, 917 bytes, A
           Adds the file popup.html"="4/9/2014 7:11 AM, 349 bytes, A
           Adds the file skin.css"="4/9/2014 7:11 AM, 990 bytes, A
           Adds the file update.css"="4/9/2014 7:11 AM, 140 bytes, A
        In the existing folder C:\Windows\System32\Tasks
           Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-1"="4/9/2014 7:11 AM, 4408 bytes, A
           Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-2"="4/9/2014 7:11 AM, 4390 bytes, A
           Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-3"="4/9/2014 7:11 AM, 5818 bytes, A
           Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-4"="4/9/2014 7:11 AM, 5206 bytes, A
           Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-5"="4/9/2014 7:11 AM, 4494 bytes, A
        In the existing folder C:\Windows\Tasks
           Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-1.job"="4/9/2014 7:11 AM, 1378 bytes, A
           Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-2.job"="4/9/2014 7:11 AM, 1360 bytes, A
           Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-3.job"="4/9/2014 7:11 AM, 2788 bytes, A
           Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-4.job"="4/9/2014 7:11 AM, 2176 bytes, A
           Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-5.job"="4/9/2014 7:11 AM, 1464 bytes, A
     
    Registry details  
    ------------------------------------------
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}]
           "(Default)"="REG_SZ", "Plus-HighD-ver9.3"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\Implemented Categories]
           "(Default)"="REG_SZ", ""
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]
           "(Default)"="REG_SZ", ""
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\InprocServer32]
           "(Default)"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3\Plus-HighD-ver9.3-bho.dll"
           "ThreadingModel"="REG_SZ", "Apartment"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\ProgID]
           "(Default)"="REG_SZ", "CrossriderApp0053098.BHO.1"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\Programmable]
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\TypeLib]
           "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544304498}"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\VersionIndependentProgID]
           "(Default)"="REG_SZ", "CrossriderApp0053098"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}]
           "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}\InprocServer32]
           "(Default)"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3\Plus-HighD-ver9.3-bho.dll"
           "ThreadingModel"="REG_SZ", "Apartment"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}\ProgID]
           "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox.1"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}\Programmable]
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}\TypeLib]
           "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544304498}"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}\VersionIndependentProgID]
           "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.BHO]
           "(Default)"="REG_SZ", "CrossriderApp0053098"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.BHO\CLSID]
           "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110511301198}"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.BHO\CurVer]
           "(Default)"="REG_SZ", "CrossriderApp0053098"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.BHO.1]
           "(Default)"="REG_SZ", "CrossriderApp0053098"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.BHO.1\CLSID]
           "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110511301198}"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.Sandbox]
           "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.Sandbox\CLSID]
           "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220522302298}"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.Sandbox\CurVer]
           "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.Sandbox.1]
           "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.Sandbox.1\CLSID]
           "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220522302298}"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555305598}]
           "(Default)"="REG_SZ", "ICrossriderBHO"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555305598}\ProxyStubClsid]
           "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555305598}\ProxyStubClsid32]
           "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555305598}\TypeLib]
           "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544304498}"
           "Version"="REG_SZ", "1.0"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698}]
           "(Default)"="REG_SZ", "ISandBox"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698}\ProxyStubClsid]
           "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698}\ProxyStubClsid32]
           "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698}\TypeLib]
           "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544304498}"
           "Version"="REG_SZ", "1.0"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544304498}\1.0]
           "(Default)"="REG_SZ", "CrossriderApp0053098 Type Library"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544304498}\1.0\0\win32]
           "(Default)"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3\Plus-HighD-ver9.3-bho.dll"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544304498}\1.0\FLAGS]
           "(Default)"="REG_SZ", "0"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544304498}\1.0\HELPDIR]
           "(Default)"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3"
        [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\19979]
           "53098"="REG_SZ", "Plus-HighD-ver9.3"
        [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\19979\Status]
           "Installed"="REG_DWORD", 1
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511301198}]
           "(Default)"="REG_SZ", "CrossriderApp0053098"
           "NoExplorer"="REG_DWORD", 1
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110511301198}]
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]
           "{11111111-1111-1111-1111-110511301198}"="REG_SZ", "1"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HighD-ver9.3]
           "CrAppId"="REG_SZ", "53098"
           "CrPublisherId"="REG_SZ", "19979"
           "DisplayIcon"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3\utils.exe"
           "DisplayName"="REG_SZ", "Plus-HighD-ver9.3"
           "DisplayVersion"="REG_SZ", "1.34.3.28"
           "Publisher"="REG_SZ", "Plus HDv3"
           "UninstallString"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3\Uninstall.exe /fromcontrolpanel=1"
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
           "15bd27b4-73d3-425d-ab82-8d0da491c1c2-1.job"="REG_BINARY, ................................
           "15bd27b4-73d3-425d-ab82-8d0da491c1c2-1.job.fp"="REG_DWORD", 675488049
           "15bd27b4-73d3-425d-ab82-8d0da491c1c2-2.job"="REG_BINARY, ................................
           "15bd27b4-73d3-425d-ab82-8d0da491c1c2-2.job.fp"="REG_DWORD", -1287326301
           "15bd27b4-73d3-425d-ab82-8d0da491c1c2-3.job"="REG_BINARY, ................................
           "15bd27b4-73d3-425d-ab82-8d0da491c1c2-3.job.fp"="REG_DWORD", 1194776903
           "15bd27b4-73d3-425d-ab82-8d0da491c1c2-4.job"="REG_BINARY, ................................
           "15bd27b4-73d3-425d-ab82-8d0da491c1c2-4.job.fp"="REG_DWORD", -537664697
           "15bd27b4-73d3-425d-ab82-8d0da491c1c2-5.job"="REG_BINARY, ................................
           "15bd27b4-73d3-425d-ab82-8d0da491c1c2-5.job.fp"="REG_DWORD", 1117103314
        [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\Chrome]
           "TotalProfiles"="REG_DWORD", 1
        [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\Chrome-Profiles]
           "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default"="REG_DWORD", 1
        [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\ErrorLists-crchromeinstaller]
           "post_for_sign_Invalid HTTP(S) status code"="REG_DWORD", 1
        [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\Firefox]
           "TotalProfiles"="REG_DWORD", 1
        [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\Firefox\Profiles]
           "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default"="REG_DWORD", 1
        [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\IE]
           "TotalProfiles"="REG_DWORD", 1
        [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\IE\Profiles]
           "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1
        [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\Installer]
           "BundledChrome"="REG_DWORD", 1
           "BundledFirefox"="REG_DWORD", 1
           "BundledIe"="REG_DWORD", 1
        [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110511301198}]
        [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]
           "Bic"="REG_SZ", "861DB0D3D5DD44D3B36096C78F4EB724IE"
           "Verifier"="REG_SZ", "05a5218048819c815c9068372549acbd"
        [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate]
           "53098"="REG_SZ", ""
        [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest]
           "53098"="REG_SZ", ""
        [HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HighD-ver9.3]
           "ActiveAppId"="REG_SZ", "53098"
           "BhoRunningVersion"="REG_SZ", "153"
           "IsBhoEnabled"="REG_DWORD", 1
        [HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HighD-ver9.3\Background]
           "__onDocumentStart_script__"="REG_SZ", ""
           "__onDocumentStart_script_store__"="REG_SZ", ""
           "IsEnabled"="REG_DWORD", 1
        [HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HighD-ver9.3\Code]
           "AppJavaScript"="REG_SZ", "
     
    { javascript removed, full log available on request}"
        [HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HighD-ver9.3\Update]
           "LastCheck"="REG_DWORD", 1397020301
        [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\19979]
           "53098"="REG_SZ", "Plus-HighD-ver9.3"
        [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\19979\Status]
           "Installed"="REG_DWORD", 1
        [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\Plus HDv3]
           "53098"="REG_SZ", "Plus-HighD-ver9.3"
        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions]
           "{11111111-1111-1111-1111-110511301198}"="REG_BINARY, ............
        [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
           "{11111111-1111-1111-1111-110511301198}"="REG_SZ", ""
           "Timestamp
            REG_BINARY, .... ==> REG_BINARY, ....
     
    
     
    Malwarebytes Anti-Malware log:
    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Scan Date: 4/9/2014
    Scan Time: 7:45:37 AM
    Logfile: 
    Administrator: Yes
     
    Version: 2.00.1.1004
    Malware Database: v2014.04.08.09
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Chameleon: Disabled
     
    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Malwarebytes
     
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 208335
    Time Elapsed: 7 min, 3 sec
     
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled
     
    Processes: 0
    (No malicious items detected)
     
    Modules: 0
    (No malicious items detected)
     
    Registry Keys: 0
    (No malicious items detected)
     
    Registry Values: 0
    (No malicious items detected)
     
    Registry Data: 0
    (No malicious items detected)
     
    Folders: 12
    PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], 
    PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], 
    PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], 
    PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData\plugins, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], 
    PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData\userCode, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], 
    PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\icons, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], 
    PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\icons\actions, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], 
    PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], 
    PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\api, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], 
    PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\lib, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], 
    PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\lib\popupResource, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], 
    PUP.Optional.PlusHD.A, C:\Program Files\Plus-HighD-ver9.3, Quarantined, [c02967c0f88357dfd3bfd9875ba78779], 
     
    Files: 0
    (No malicious items detected)
     
    Physical Sectors: 0
    (No malicious items detected)
     
     
    (end)
    
     
    As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
    We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
  • Save yourself the hassle and get protected.

    • 0

    Advertisements





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    featured
    Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

    Never used a forum? Learn how.