What is CrossBrowse-1.4V27.04?
The Malwarebytes research team has determined that CrossBrowse-1.4V27.04 is adware. These adware applications display advertisements not originating from the sites you are browsing.
How do I know if my computer is affected by CrossBrowse-1.4V27.04?
You may see this entry in your list of installed programs:
and these Scheduled Tasks:
How did CrossBrowse-1.4V27.04 get on my computer?
Adware applications use different methods for distributing themselves. This particular one was bundled with other software.
How do I remove CrossBrowse-1.4V27.04?
Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
- Please download Malwarebytes Anti-Malware to your desktop.
- Double-click mbam-setup-version.exe and follow the prompts to install the program.
- At the end, be sure a check-mark is placed next to the following:
- Enable free trial of Malwarebytes Anti-Malware Premium
- Launch Malwarebytes Anti-Malware
- Then click Finish.
- If an update is found, you will be prompted to download and install the latest version.
- Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
- When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
- Reboot your computer if prompted.
- No, Malwarebytes' Anti-Malware removes CrossBrowse-1.4V27.04 completely.
- This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
We hope our application and this guide have helped you eradicate this adware application.
As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the CrossBrowse-1.4V27.04 adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.
Technical details for experts
No visible signs in a HijackThis log
You may see these signs in FRST logs:
C:\Windows\System32\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5
C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job
C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5.job
C:\Program Files (x86)\CrossBrowse-1.4V27.04
CrossBrowse-1.4V27.04 (HKLM-x32\...\CrossBrowse-1.4V27.04) (Version: 1.36.01.22 - CrossBrowse-1.4V27.04) <==== ATTENTION
Task: {566307C6-4214-4EC4-A65D-45925B875A20} - System32\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5_user => C:\Program Files (x86)\CrossBrowse-1.4V27.04\38ffa0cb-d41d-4501-950b-8365b779e211-5.exe [2015-08-18] (CrossBrowse-1.4V27.04) <==== ATTENTION
Task: {DCBA87AF-B984-4B08-B684-E69B46568082} - System32\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5 => C:\Program Files (x86)\CrossBrowse-1.4V27.04\38ffa0cb-d41d-4501-950b-8365b779e211-5.exe [2015-08-18] (CrossBrowse-1.4V27.04) <==== ATTENTION
Task: C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5.job => C:\Program Files (x86)\CrossBrowse-1.4V27.04\38ffa0cb-d41d-4501-950b-8365b779e211-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job => C:\Program Files (x86)\CrossBrowse-1.4V27.04\38ffa0cb-d41d-4501-950b-8365b779e211-5.exe <==== ATTENTION
Alterations made by the installer:File system details [View: All details] (Selection)
---------------------------------------------------
Adds the folder C:\Program Files (x86)\CrossBrowse-1.4V27.04
Adds the file 38ffa0cb-d41d-4501-950b-8365b779e211-5.exe"="18/08/2015 13:14, 1053776 bytes, A
Adds the file Uninstall.exe"="18/08/2015 13:14, 121424 bytes, A
Adds the file utils.exe"="18/08/2015 13:14, 1374244 bytes, A
In the existing folder C:\Windows\System32\Tasks
Adds the file 38ffa0cb-d41d-4501-950b-8365b779e211-5"="18/08/2015 13:14, 5484 bytes, A
Adds the file 38ffa0cb-d41d-4501-950b-8365b779e211-5_user"="18/08/2015 13:14, 5496 bytes, A
In the existing folder C:\Windows\Tasks
Adds the file 38ffa0cb-d41d-4501-950b-8365b779e211-5.job"="18/08/2015 13:14, 2454 bytes, A
Adds the file 38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job"="18/08/2015 13:14, 2454 bytes, A
Registry details [View: All details] (Selection)
------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\ArenaHD]
"value"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\HighDefAction]
"value"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\30935]
"72895"="REG_SZ", "CrossBrowse-1.4V27.04"
[HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\30935\Status]
"Installed"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
"38ffa0cb-d41d-4501-950b-8365b779e211-5.job"="REG_BINARY, ................................
"38ffa0cb-d41d-4501-950b-8365b779e211-5.job.fp"="REG_DWORD", -269643866
"38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job"="REG_BINARY, ................................
"38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job.fp"="REG_DWORD", 1386840557
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AppDataLow\Software\Crossrider]
"Bic"="REG_SZ", "2f2bc621a7c304774b7408716c3e8213IE"
"Verifier"="REG_SZ", "6ef6eac254a7632839836d3cb24698df"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ArenaHD]
"value"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HighDefAction]
"value"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\30935]
"72895"="REG_SZ", "CrossBrowse-1.4V27.04"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\30935\Status]
"Installed"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CrossBrowse-1.4V27.04]
"CrAppId"="REG_SZ", "72895"
"CrPublisherId"="REG_SZ", "30935"
"DisplayIcon"="REG_SZ", "C:\Program Files (x86)\CrossBrowse-1.4V27.04\utils.exe"
"DisplayName"="REG_SZ", "CrossBrowse-1.4V27.04"
"DisplayVersion"="REG_SZ", "1.36.01.22"
"Publisher"="REG_SZ", "CrossBrowse-1.4V27.04"
"UninstallString"="REG_SZ", "C:\Program Files (x86)\CrossBrowse-1.4V27.04\Uninstall.exe /fcp=1 "
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\YorkNewCin]
"value"="REG_DWORD", 1
[HKEY_LOCAL_MACHINE\SOFTWARE\YorkNewCin]
"value"="REG_DWORD", 1
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]
"Bic"="REG_SZ", "2f2bc621a7c304774b7408716c3e8213IE"
"Verifier"="REG_SZ", "6ef6eac254a7632839836d3cb24698df"
[HKEY_CURRENT_USER\Software\ArenaHD]
"value"="REG_DWORD", 1
[HKEY_CURRENT_USER\Software\HighDefAction]
"value"="REG_DWORD", 1
[HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\30935]
"72895"="REG_SZ", "CrossBrowse-1.4V27.04"
[HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\30935\Status]
"Installed"="REG_DWORD", 1
[HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\CrossBrowse-1.4V27.04]
"72895"="REG_SZ", "CrossBrowse-1.4V27.04"
[HKEY_CURRENT_USER\Software\YorkNewCin]
"value"="REG_DWORD", 1Malwarebytes Anti-Malware log:Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 18/08/2015
Scan Time: 13:23
Logfile: mbamCrossBrowse-14.txt
Administrator: Yes
Version: 2.1.8.1057
Malware Database: v2015.08.18.04
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329649
Time Elapsed: 4 min, 10 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 18
PUP.Optional.Downloader.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CrossBrowse-1.4V27.04, Quarantined, [113bb951513a7eb88cab9a1f3bc6d22e],
PUP.Optional.HighDefAction.A, HKLM\SOFTWARE\HighDefAction, Quarantined, [3d0f0cfea8e3b6805fba05a3c044a15f],
PUP.Optional.YorkNewCin.A, HKLM\SOFTWARE\YorkNewCin, Quarantined, [59f3c743ed9e96a030f43375d52f8a76],
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD, Quarantined, [103ccf3b5c2faf87b361168e33d1748c],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [460629e19deef541f25fbf9db54e48b8],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\38ffa0cb-d41d-4501-950b-8365b779e211-5, Delete-on-Reboot, [f4587f8b26657bbba2b09388927118e8],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\38ffa0cb-d41d-4501-950b-8365b779e211-5_user, Delete-on-Reboot, [5cf030dab8d32b0bd37f051647bc54ac],
PUP.Optional.HighDefAction.A, HKLM\SOFTWARE\WOW6432NODE\HighDefAction, Quarantined, [ee5e7b8f3853300602170c9c689c09f7],
PUP.Optional.YorkNewCin.A, HKLM\SOFTWARE\WOW6432NODE\YorkNewCin, Quarantined, [420a50babfcc1c1a9c88aefad133ae52],
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [6ede71991774ec4a82bc8a96a45fc23e],
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\WOW6432NODE\ARENAHD, Quarantined, [4705ee1c9eed1c1a9e76455f33d1fc04],
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [4c00c149dbb082b43b16ea727a898f71],
PUP.Optional.HighDefAction.A, HKCU\SOFTWARE\HighDefAction, Quarantined, [3715e02afb9051e564b400a8d72d2bd5],
PUP.Optional.YorkNewCin.A, HKCU\SOFTWARE\YorkNewCin, Quarantined, [b19bb753414a3cfa2ef520889074cb35],
PUP.Optional.CrossRider.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [2b217298494266d091104e3d2ed67888],
PUP.Optional.CinemaPlus.C, HKCU\SOFTWARE\ARENAHD, Quarantined, [cb81be4c5e2de452749fd2d2758fbc44],
PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [ec60d7339eedd6606e4242fd5fa4f50b],
PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\CrossBrowse-1.4V27.04, Quarantined, [1b31b951216aac8adfc4a98c8b78a45c],
Registry Values: 6
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD|value, 1, Quarantined, [103ccf3b5c2faf87b361168e33d1748c]
PUP.Optional.PCTuner.C, HKLM\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [8ac2a2682b60f442809ffda7d92b50b0]
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\WOW6432NODE\ARENAHD|value, 1, Quarantined, [4705ee1c9eed1c1a9e76455f33d1fc04]
PUP.Optional.PCTuner.C, HKLM\SOFTWARE\WOW6432NODE\HIGHDEFACTION|value, 1, Quarantined, [be8edc2ed7b4e452928d931181831fe1]
PUP.Optional.CinemaPlus.C, HKCU\SOFTWARE\ARENAHD|value, 1, Quarantined, [cb81be4c5e2de452749fd2d2758fbc44]
PUP.Optional.PCTuner.C, HKCU\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [c08cc8424f3c45f1fe1f8e16c1432ad6]
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CrossBrowse-1.4V27.04, Quarantined, [391318f294f72016beeaff0107fce31d],
Files: 8
PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\Woskrdtn.exe, Quarantined, [43094cbe117a68ce23c93e1823deda26],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CrossBrowse-1.4V27.04\38ffa0cb-d41d-4501-950b-8365b779e211-5.exe, Quarantined, [52fa9f6ba2e9af87df71e39dfc0936ca],
PUP.Optional.Downloader.C, C:\Program Files (x86)\CrossBrowse-1.4V27.04\Uninstall.exe, Quarantined, [113bb951513a7eb88cab9a1f3bc6d22e],
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CrossBrowse-1.4V27.04\utils.exe, Quarantined, [e8643fcbfa910333760b48737c8535cb],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5, Quarantined, [c9835bafd1bafd3982bb63e691727888],
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5_user, Quarantined, [8ebe729877143600380532174eb537c9],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5.job, Quarantined, [68e42edc375466d0b085eca740c4e719],
PUP.Optional.CrossRider.T, C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job, Quarantined, [ed5fc54595f66ec80c290f8454b023dd],
Physical Sectors: 0
(No malicious items detected)
(end)As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.We use different ways of protecting your computer(s):
- Dynamically Blocks Malware Sites & Servers
- Malware Execution Prevention
Back to top
Sign In
Create Account
