Jump to content

Recommended Posts

  • Staff

What is Pricora?

The Malwarebytes research team has determined that Pricora is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice.

This particular one displays advertisements in your browser(s).

How do I know if my computer is effected by Pricora?

This is how the welcome page looks:

main.png

And you may see these toolbars/extensions:

warning1.png

warning2.png

warning3.png

and this entry in your list of installed programs:

warning4.png

How did Pricora get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove Pricora?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program. You will need Malwarebytes Anti-Malware version 2.00 (beta) or newer to disable the Chrome and Firefox extensions.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-consumer.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Pricora?
  • The Firefox extension can now safely be removed. Open the "Extensions" tab under "Add-ons" and click "Remove" and "Restart" to complete the removal.
  • The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the Picora 2.0 listing. Then confirm removal.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Pricora rogue. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

Signs in a HijackThis log:

O2 - BHO: CrossriderApp0035499 - {11111111-1111-1111-1111-110311541199} - C:\Program Files\Pricora 2.0\Pricora 2.0-bho.dll
Alterations made by the installer:

Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2/15/2014Scan Time: 10:18:07 AMLogfile: mbam-log-2014-02-15 (10-14-57).txtAdministrator: YesVersion: 2.00.0.0503Malware Database: v2014.02.15.03Rootikt Database: v2013.12.18.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 194781Time Elapsed: 2 min, 43 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 17Registry Key, PUP.Optional.CrossRider.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [7708a933fd7dd06646498e1c798a926e], Registry Key, PUP.Optional.Pricora.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Pricora 2.0, Quarantined, [4738e6f6f882ab8bdd65b4c6ee14c23e], Registry Key, PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\Corporate Inc, Quarantined, [2d5296466812d660caad4933da28b64a], Registry Key, PUP.Optional.Pricora.A, HKLM\SOFTWARE\Pricora 2.0, Quarantined, [67183aa287f34ceab28ecab044bef50b], Registry Key, PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035499.BHO, Quarantined, [8df24c90b6c463d3a62a375f0102f10f], Registry Key, PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035499.BHO.1, Quarantined, [512efce01c5ec472c50bdfb743c08779], Registry Key, PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035499.Sandbox, Quarantined, [bac59745f684cd695d73eea83ec53ac6], Registry Key, PUP.Optional.CrossRider.A, HKLM\SOFTWARE\CLASSES\CrossriderApp0035499.Sandbox.1, Quarantined, [e49b6f6def8b063098385a3cb44f05fb], Registry Key, PUP.Optional.Ligtning.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [1d62fbe1b4c60d29f48f1c5f4eb430d0], Registry Key, PUP.Optional.Pricora.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Pricora 2.0, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], Registry Key, PUP.Optional.CrossRider.M, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{11111111-1111-1111-1111-110311541199}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], Registry Key, PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\CLSID\{11111111-1111-1111-1111-110311541199}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], Registry Key, PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440344544499}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], Registry Key, PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550355545599}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], Registry Key, PUP.Optional.CrossRider.M, HKLM\SOFTWARE\CLASSES\INTERFACE\{66666666-6666-6666-6666-660366546699}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], Registry Key, PUP.Optional.CrossRider.M, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110311541199}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], Registry Key, PUP.Optional.CrossRider.M, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{11111111-1111-1111-1111-110311541199}, Quarantined, [ec93c814fd7dec4a92672feeca3a21df], Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 15Folder, PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [5b245e7ea5d50135762981fa7d85dd23], Folder, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml, Quarantined, [007fa933fa805dd99b2f84f4907243bd], Folder, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0, Quarantined, [007fa933fa805dd99b2f84f4907243bd], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\userCode, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons\actions, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\popupResource, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], Folder, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], Files: 117File, PUP.Optional.Pricora.A, C:\Users\{username}\Desktop\Pricora.exe, Quarantined, [5827e1fba0da54e2b3a7ebabd22f649c], File, PUP.Optional.Pricora.A, C:\Windows\Tasks\Pricora 2.0-chromeinstaller.job, Quarantined, [1a65a23af68458deb58ac5b5e81a5fa1], File, PUP.Optional.Pricora.A, C:\Windows\Tasks\Pricora 2.0-codedownloader.job, Quarantined, [a0df96461a60e1556ad588f2d52d21df], File, PUP.Optional.Pricora.A, C:\Windows\Tasks\Pricora 2.0-enabler.job, Quarantined, [f08f6775aeccb08668d71e5c40c27789], File, PUP.Optional.Pricora.A, C:\Windows\Tasks\Pricora 2.0-firefoxinstaller.job, Quarantined, [91eefce06d0dc670ea558febed154cb4], File, PUP.Optional.Pricora.A, C:\Windows\Tasks\Pricora 2.0-updater.job, Quarantined, [6b14b923067455e17ac53d3d768c45bb], File, PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [5b245e7ea5d50135762981fa7d85dd23], File, PUP.Optional.NewTab.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx, Quarantined, [88f73d9fc0bab680928a4d2f10f2b749], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.html, Quarantined, [007fa933fa805dd99b2f84f4907243bd], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\background.js, Quarantined, [007fa933fa805dd99b2f84f4907243bd], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\data.json, Quarantined, [007fa933fa805dd99b2f84f4907243bd], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\icon128.png, Quarantined, [007fa933fa805dd99b2f84f4907243bd], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\jquery.js, Quarantined, [007fa933fa805dd99b2f84f4907243bd], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\manifest.json, Quarantined, [007fa933fa805dd99b2f84f4907243bd], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xa.js, Quarantined, [007fa933fa805dd99b2f84f4907243bd], File, PUP.Optional.Lightning.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.3_0\xagainit.js, Quarantined, [007fa933fa805dd99b2f84f4907243bd], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\background.html, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\crossriderManifest.json, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\manifest.json, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\popup.html, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\manifest.xml, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins.json, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\64_appApiMessage.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\102_dealply_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\103_intext_5_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\104_jollywallet_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\105_corticas_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\108_icm_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\117_coupons_intext_ads_5_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\119_similar_web_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\120_luck_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\123_intext_adv_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\175_coolmirage_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\178_revizer_ws_dynamic_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\179_revizer_p_dynamic_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\17_jQuery.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\180_bpo_serp_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\184_noproblemppc_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\19_CHAppAPIWrapper.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\1_base.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\21_debug.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\22_resources.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\28_initializer.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\47_resources_background.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\4_jquery_1_7_1.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\125_arcadi2_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\126_revizer_ws_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\127_revizer_p_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\128_superfish_pricora_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\135_arcadi3_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\138_getdeal_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\13_CrossriderAppUtils.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\141_corticas_ru_m.js.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\142_intext_fa_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\14_CrossriderUtils.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\155_ibario_pops_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\159_cortica_rollover_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\171_arcadi2_sourceID_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\72_appApiValidation.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\78_CrossriderInfo.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\7_hooks.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\80_CHPopupAppAPI.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\87_ginyas_wrapper.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\91_monetizationLoader.js.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\93_superfish_no_coupons_m.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\97_resourceApiWrapper.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\plugins\9_search_engine_hook.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\userCode\background.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\extensionData\userCode\extension.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons\icon128.png, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons\icon16.png, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons\icon48.png, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\icons\actions\1.png, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\background.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\main.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api\chrome.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api\cookie.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api\message.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api\pageAction.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\api\pageActionBG.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\app_api.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\bg_app_api.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\consts.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\cookie_store.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\crossriderAPI.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\delegate.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\events.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\extensionDataStore.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\installer.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\logFile.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\logging.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\onBGDocumentLoad.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\reports.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\storageWrapper.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\updateManager.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\util.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\xhr.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\popupResource\newPopup.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.CrossRider.A, C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmookaamlkjilnemkglmedgieblahbcn\1.25.76_0\js\lib\popupResource\popup.js, Quarantined, [0b74f9e3b3c74fe78cc51d5c738fda26], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\35499.crx, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\35499.xpi, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\background.html, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Installer.log, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-bg.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-buttonutil.dll, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-buttonutil.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-chromeinstaller.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-codedownloader.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-firefoxinstaller.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-helper.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0-updater.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Pricora 2.0.ico, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\Uninstall.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], File, PUP.Optional.Pricora.A, C:\Program Files\Pricora 2.0\utils.exe, Quarantined, [6f105f7db8c2a98d3e1d6e0b07fbc739], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.