Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account
Photo

Removal instructions for CrossBrowse-1.4V27.04

- - - - -

  • Please log in to reply
No replies to this topic

#1
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 32,132 posts
Content is republished with permission from Malwarebytes.

What is CrossBrowse-1.4V27.04?

The Malwarebytes research team has determined that CrossBrowse-1.4V27.04 is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by CrossBrowse-1.4V27.04?

You may see this entry in your list of installed programs:

warning4.png

and these Scheduled Tasks:

warning3.png

How did CrossBrowse-1.4V27.04 get on my computer?

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove CrossBrowse-1.4V27.04?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of CrossBrowse-1.4V27.04?
  • No, Malwarebytes' Anti-Malware removes CrossBrowse-1.4V27.04 completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this adware application.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the CrossBrowse-1.4V27.04 adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.


protection1.png


Technical details for experts

No visible signs in a HijackThis log

You may see these signs in FRST logs:
 C:\Windows\System32\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5
 C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job
 C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5.job
 C:\Program Files (x86)\CrossBrowse-1.4V27.04

CrossBrowse-1.4V27.04 (HKLM-x32\...\CrossBrowse-1.4V27.04) (Version: 1.36.01.22 - CrossBrowse-1.4V27.04) <==== ATTENTION
Task: {566307C6-4214-4EC4-A65D-45925B875A20} - System32\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5_user => C:\Program Files (x86)\CrossBrowse-1.4V27.04\38ffa0cb-d41d-4501-950b-8365b779e211-5.exe [2015-08-18] (CrossBrowse-1.4V27.04) <==== ATTENTION
Task: {DCBA87AF-B984-4B08-B684-E69B46568082} - System32\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5 => C:\Program Files (x86)\CrossBrowse-1.4V27.04\38ffa0cb-d41d-4501-950b-8365b779e211-5.exe [2015-08-18] (CrossBrowse-1.4V27.04) <==== ATTENTION
Task: C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5.job => C:\Program Files (x86)\CrossBrowse-1.4V27.04\38ffa0cb-d41d-4501-950b-8365b779e211-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job => C:\Program Files (x86)\CrossBrowse-1.4V27.04\38ffa0cb-d41d-4501-950b-8365b779e211-5.exe <==== ATTENTION
Alterations made by the installer:
File system details [View: All details] (Selection)
---------------------------------------------------
    Adds the folder C:\Program Files (x86)\CrossBrowse-1.4V27.04
       Adds the file 38ffa0cb-d41d-4501-950b-8365b779e211-5.exe"="18/08/2015 13:14, 1053776 bytes, A
       Adds the file Uninstall.exe"="18/08/2015 13:14, 121424 bytes, A
       Adds the file utils.exe"="18/08/2015 13:14, 1374244 bytes, A
    In the existing folder C:\Windows\System32\Tasks
       Adds the file 38ffa0cb-d41d-4501-950b-8365b779e211-5"="18/08/2015 13:14, 5484 bytes, A
       Adds the file 38ffa0cb-d41d-4501-950b-8365b779e211-5_user"="18/08/2015 13:14, 5496 bytes, A
    In the existing folder C:\Windows\Tasks
       Adds the file 38ffa0cb-d41d-4501-950b-8365b779e211-5.job"="18/08/2015 13:14, 2454 bytes, A
       Adds the file 38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job"="18/08/2015 13:14, 2454 bytes, A

Registry details [View: All details] (Selection)
------------------------------------------------
    [HKEY_LOCAL_MACHINE\SOFTWARE\ArenaHD]
       "value"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\HighDefAction]
       "value"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\30935]
       "72895"="REG_SZ", "CrossBrowse-1.4V27.04"
    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\30935\Status]
       "Installed"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]
       "38ffa0cb-d41d-4501-950b-8365b779e211-5.job"="REG_BINARY, ................................
       "38ffa0cb-d41d-4501-950b-8365b779e211-5.job.fp"="REG_DWORD", -269643866
       "38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job"="REG_BINARY, ................................
       "38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job.fp"="REG_DWORD", 1386840557
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AppDataLow\Software\Crossrider]
       "Bic"="REG_SZ", "2f2bc621a7c304774b7408716c3e8213IE"
       "Verifier"="REG_SZ", "6ef6eac254a7632839836d3cb24698df"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ArenaHD]
       "value"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HighDefAction]
       "value"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\30935]
       "72895"="REG_SZ", "CrossBrowse-1.4V27.04"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\30935\Status]
       "Installed"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CrossBrowse-1.4V27.04]
       "CrAppId"="REG_SZ", "72895"
       "CrPublisherId"="REG_SZ", "30935"
       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\CrossBrowse-1.4V27.04\utils.exe"
       "DisplayName"="REG_SZ", "CrossBrowse-1.4V27.04"
       "DisplayVersion"="REG_SZ", "1.36.01.22"
       "Publisher"="REG_SZ", "CrossBrowse-1.4V27.04"
       "UninstallString"="REG_SZ", "C:\Program Files (x86)\CrossBrowse-1.4V27.04\Uninstall.exe /fcp=1  "
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\YorkNewCin]
       "value"="REG_DWORD", 1
    [HKEY_LOCAL_MACHINE\SOFTWARE\YorkNewCin]
       "value"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]
       "Bic"="REG_SZ", "2f2bc621a7c304774b7408716c3e8213IE"
       "Verifier"="REG_SZ", "6ef6eac254a7632839836d3cb24698df"
    [HKEY_CURRENT_USER\Software\ArenaHD]
       "value"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\HighDefAction]
       "value"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\30935]
       "72895"="REG_SZ", "CrossBrowse-1.4V27.04"
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\30935\Status]
       "Installed"="REG_DWORD", 1
    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\CrossBrowse-1.4V27.04]
       "72895"="REG_SZ", "CrossBrowse-1.4V27.04"
    [HKEY_CURRENT_USER\Software\YorkNewCin]
       "value"="REG_DWORD", 1
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 18/08/2015
Scan Time: 13:23
Logfile: mbamCrossBrowse-14.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.08.18.04
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 329649
Time Elapsed: 4 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 18
PUP.Optional.Downloader.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CrossBrowse-1.4V27.04, Quarantined, [113bb951513a7eb88cab9a1f3bc6d22e], 
PUP.Optional.HighDefAction.A, HKLM\SOFTWARE\HighDefAction, Quarantined, [3d0f0cfea8e3b6805fba05a3c044a15f], 
PUP.Optional.YorkNewCin.A, HKLM\SOFTWARE\YorkNewCin, Quarantined, [59f3c743ed9e96a030f43375d52f8a76], 
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD, Quarantined, [103ccf3b5c2faf87b361168e33d1748c], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [460629e19deef541f25fbf9db54e48b8], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\38ffa0cb-d41d-4501-950b-8365b779e211-5, Delete-on-Reboot, [f4587f8b26657bbba2b09388927118e8], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\38ffa0cb-d41d-4501-950b-8365b779e211-5_user, Delete-on-Reboot, [5cf030dab8d32b0bd37f051647bc54ac], 
PUP.Optional.HighDefAction.A, HKLM\SOFTWARE\WOW6432NODE\HighDefAction, Quarantined, [ee5e7b8f3853300602170c9c689c09f7], 
PUP.Optional.YorkNewCin.A, HKLM\SOFTWARE\WOW6432NODE\YorkNewCin, Quarantined, [420a50babfcc1c1a9c88aefad133ae52], 
PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [6ede71991774ec4a82bc8a96a45fc23e], 
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\WOW6432NODE\ARENAHD, Quarantined, [4705ee1c9eed1c1a9e76455f33d1fc04], 
PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [4c00c149dbb082b43b16ea727a898f71], 
PUP.Optional.HighDefAction.A, HKCU\SOFTWARE\HighDefAction, Quarantined, [3715e02afb9051e564b400a8d72d2bd5], 
PUP.Optional.YorkNewCin.A, HKCU\SOFTWARE\YorkNewCin, Quarantined, [b19bb753414a3cfa2ef520889074cb35], 
PUP.Optional.CrossRider.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [2b217298494266d091104e3d2ed67888], 
PUP.Optional.CinemaPlus.C, HKCU\SOFTWARE\ARENAHD, Quarantined, [cb81be4c5e2de452749fd2d2758fbc44], 
PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [ec60d7339eedd6606e4242fd5fa4f50b], 
PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\CrossBrowse-1.4V27.04, Quarantined, [1b31b951216aac8adfc4a98c8b78a45c], 

Registry Values: 6
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD|value, 1, Quarantined, [103ccf3b5c2faf87b361168e33d1748c]
PUP.Optional.PCTuner.C, HKLM\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [8ac2a2682b60f442809ffda7d92b50b0]
PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\WOW6432NODE\ARENAHD|value, 1, Quarantined, [4705ee1c9eed1c1a9e76455f33d1fc04]
PUP.Optional.PCTuner.C, HKLM\SOFTWARE\WOW6432NODE\HIGHDEFACTION|value, 1, Quarantined, [be8edc2ed7b4e452928d931181831fe1]
PUP.Optional.CinemaPlus.C, HKCU\SOFTWARE\ARENAHD|value, 1, Quarantined, [cb81be4c5e2de452749fd2d2758fbc44]
PUP.Optional.PCTuner.C, HKCU\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [c08cc8424f3c45f1fe1f8e16c1432ad6]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CrossBrowse-1.4V27.04, Quarantined, [391318f294f72016beeaff0107fce31d], 

Files: 8
PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\Woskrdtn.exe, Quarantined, [43094cbe117a68ce23c93e1823deda26], 
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CrossBrowse-1.4V27.04\38ffa0cb-d41d-4501-950b-8365b779e211-5.exe, Quarantined, [52fa9f6ba2e9af87df71e39dfc0936ca], 
PUP.Optional.Downloader.C, C:\Program Files (x86)\CrossBrowse-1.4V27.04\Uninstall.exe, Quarantined, [113bb951513a7eb88cab9a1f3bc6d22e], 
PUP.Optional.CrossRider.A, C:\Program Files (x86)\CrossBrowse-1.4V27.04\utils.exe, Quarantined, [e8643fcbfa910333760b48737c8535cb], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5, Quarantined, [c9835bafd1bafd3982bb63e691727888], 
PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5_user, Quarantined, [8ebe729877143600380532174eb537c9], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5.job, Quarantined, [68e42edc375466d0b085eca740c4e719], 
PUP.Optional.CrossRider.T, C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job, Quarantined, [ed5fc54595f66ec80c290f8454b023dd], 

Physical Sectors: 0
(No malicious items detected)


(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0

Advertisements





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured
Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.