Jump to content

Removal instructions for Plus-HighD


Recommended Posts

  • Staff

What is Plus-HighD?

The Malwarebytes research team has determined that Plus-HighD is a browser hijacker. These so-called "hijackers" alter your startpage or searchscopes so that the effected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by Plus-HighD?

You may see these browser extensions/add-ons:

warning1.png

warning2.png

warning3.png

and this entry in your list of installed programs:

warning4.png

How did Plus-HighD get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was offered as a video enhancing browser extension.

How do I remove Plus-HighD?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of Plus-HighD?
  • The Chrome extension can now safely be removed. Open "Settings" > "Extensions" and click the bin behind the Plus-HighD listing. Then confirm removal.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Plus-HighD browser hijacker. It would have warned you before the potentially unwanted program could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

Signs in a HijackThis log:

O2 - BHO: CrossriderApp0053098 - {11111111-1111-1111-1111-110511301198} - C:\Program Files\Plus-HighD-ver9.3\Plus-HighD-ver9.3-bho.dll
Alterations made by the installer:

File system details  ---------------------------------------------    Adds the folder C:\Program Files\Plus-HighD-ver9.3       Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-2.exe"="4/9/2014 7:11 AM, 333824 bytes, A       Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-3.exe"="4/9/2014 7:11 AM, 1861120 bytes, A       Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-4.exe"="4/9/2014 7:11 AM, 796672 bytes, A       Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-5.exe"="4/9/2014 7:11 AM, 321536 bytes, A       Adds the file 53098.crx"="4/9/2014 7:11 AM, 273078 bytes, A       Adds the file 53098.xpi"="4/9/2014 7:11 AM, 309823 bytes, A       Adds the file background.html"="4/3/2014 4:47 PM, 729 bytes, A       Adds the file Plus-HighD-ver9.3.ico"="4/3/2014 4:47 PM, 9662 bytes, A       Adds the file Plus-HighD-ver9.3-bg.exe"="4/9/2014 7:11 AM, 519168 bytes, A       Adds the file Plus-HighD-ver9.3-bho.dll"="4/9/2014 7:11 AM, 495104 bytes, A       Adds the file Plus-HighD-ver9.3-codedownloader.exe"="4/9/2014 7:11 AM, 477696 bytes, A       Adds the file Uninstall.exe"="4/9/2014 7:11 AM, 78336 bytes, A       Adds the file utils.exe"="4/9/2014 7:11 AM, 2141693 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0       Adds the file background.html"="4/9/2014 7:11 AM, 1705 bytes, A       Adds the file chromeCoreFilesIndex.txt"="4/9/2014 7:11 AM, 853 bytes, A       Adds the file crossriderManifest.json"="4/9/2014 7:11 AM, 528 bytes, A       Adds the file manifest.json"="4/9/2014 7:11 AM, 1123 bytes, A       Adds the file popup.html"="4/9/2014 7:11 AM, 139 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData       Adds the file manifest.xml"="4/9/2014 7:11 AM, 1739 bytes, A       Adds the file plugins.json"="4/9/2014 7:11 AM, 11735 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData\plugins       Adds the file 1.js"="4/9/2014 7:11 AM, 6794 bytes, A       Adds the file 102.js"="4/9/2014 7:11 AM, 2048 bytes, A       Adds the file 103.js"="4/9/2014 7:11 AM, 2296 bytes, A       Adds the file 104.js"="4/9/2014 7:11 AM, 1289 bytes, A       Adds the file 119.js"="4/9/2014 7:11 AM, 5012 bytes, A       Adds the file 123.js"="4/9/2014 7:11 AM, 697 bytes, A       Adds the file 13.js"="4/9/2014 7:11 AM, 6993 bytes, A       Adds the file 14.js"="4/9/2014 7:11 AM, 20752 bytes, A       Adds the file 155.js"="4/9/2014 7:11 AM, 449 bytes, A       Adds the file 17.js"="4/9/2014 7:11 AM, 79864 bytes, A       Adds the file 177.js"="4/9/2014 7:11 AM, 31088 bytes, A       Adds the file 179.js"="4/9/2014 7:11 AM, 704 bytes, A       Adds the file 180.js"="4/9/2014 7:11 AM, 804 bytes, A       Adds the file 182.js"="4/9/2014 7:11 AM, 14181 bytes, A       Adds the file 183.js"="4/9/2014 7:11 AM, 2427 bytes, A       Adds the file 184.js"="4/9/2014 7:11 AM, 1273 bytes, A       Adds the file 19.js"="4/9/2014 7:11 AM, 7001 bytes, A       Adds the file 190.js"="4/9/2014 7:11 AM, 2294 bytes, A       Adds the file 191.js"="4/9/2014 7:11 AM, 1153 bytes, A       Adds the file 195.js"="4/9/2014 7:11 AM, 378 bytes, A       Adds the file 207.js"="4/9/2014 7:11 AM, 1537 bytes, A       Adds the file 21.js"="4/9/2014 7:11 AM, 3560 bytes, A       Adds the file 22.js"="4/9/2014 7:11 AM, 8958 bytes, A       Adds the file 220.js"="4/9/2014 7:11 AM, 47120 bytes, A       Adds the file 221.js"="4/9/2014 7:11 AM, 383 bytes, A       Adds the file 223.js"="4/9/2014 7:11 AM, 453 bytes, A       Adds the file 231.js"="4/9/2014 7:11 AM, 706 bytes, A       Adds the file 232.js"="4/9/2014 7:11 AM, 703 bytes, A       Adds the file 236.js"="4/9/2014 7:11 AM, 416 bytes, A       Adds the file 242.js"="4/9/2014 7:11 AM, 1057 bytes, A       Adds the file 244.js"="4/9/2014 7:11 AM, 470 bytes, A       Adds the file 246.js"="4/9/2014 7:11 AM, 2049 bytes, A       Adds the file 28.js"="4/9/2014 7:11 AM, 536 bytes, A       Adds the file 4.js"="4/9/2014 7:11 AM, 94050 bytes, A       Adds the file 47.js"="4/9/2014 7:11 AM, 7574 bytes, A       Adds the file 64.js"="4/9/2014 7:11 AM, 2200 bytes, A       Adds the file 7.js"="4/9/2014 7:11 AM, 685 bytes, A       Adds the file 72.js"="4/9/2014 7:11 AM, 46062 bytes, A       Adds the file 78.js"="4/9/2014 7:11 AM, 3187 bytes, A       Adds the file 80.js"="4/9/2014 7:11 AM, 62 bytes, A       Adds the file 9.js"="4/9/2014 7:11 AM, 2143 bytes, A       Adds the file 91.js"="4/9/2014 7:11 AM, 151095 bytes, A       Adds the file 93.js"="4/9/2014 7:11 AM, 560 bytes, A       Adds the file 97.js"="4/9/2014 7:11 AM, 3157 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData\userCode       Adds the file background.js"="4/9/2014 7:11 AM, 814 bytes, A       Adds the file extension.js"="4/9/2014 7:11 AM, 737 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\icons       Adds the file icon128.png"="4/9/2014 7:11 AM, 3997 bytes, A       Adds the file icon16.png"="4/9/2014 7:11 AM, 1137 bytes, A       Adds the file icon48.png"="4/9/2014 7:11 AM, 2245 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\icons\actions       Adds the file 1.png"="4/9/2014 7:11 AM, 1223 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js       Adds the file background.js"="4/9/2014 7:11 AM, 34941 bytes, A       Adds the file main.js"="4/9/2014 7:11 AM, 8491 bytes, A       Adds the file platformVersion.js"="4/9/2014 7:11 AM, 409 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\api       Adds the file chrome.js"="4/9/2014 7:11 AM, 11499 bytes, A       Adds the file cookie.js"="4/9/2014 7:11 AM, 11743 bytes, A       Adds the file message.js"="4/9/2014 7:11 AM, 3346 bytes, A       Adds the file monitor.js"="4/9/2014 7:11 AM, 2039 bytes, A       Adds the file pageAction.js"="4/9/2014 7:11 AM, 1737 bytes, A       Adds the file pageActionBG.js"="4/9/2014 7:11 AM, 2519 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\lib       Adds the file app_api.js"="4/9/2014 7:11 AM, 6697 bytes, A       Adds the file bg_app_api.js"="4/9/2014 7:11 AM, 4729 bytes, A       Adds the file consts.js"="4/9/2014 7:11 AM, 429 bytes, A       Adds the file cookie_store.js"="4/9/2014 7:11 AM, 5905 bytes, A       Adds the file crossriderAPI.js"="4/9/2014 7:11 AM, 11366 bytes, A       Adds the file delegate.js"="4/9/2014 7:11 AM, 2002 bytes, A       Adds the file events.js"="4/9/2014 7:11 AM, 5757 bytes, A       Adds the file extensionDataStore.js"="4/9/2014 7:11 AM, 6817 bytes, A       Adds the file installer.js"="4/9/2014 7:11 AM, 780 bytes, A       Adds the file logFile.js"="4/9/2014 7:11 AM, 775 bytes, A       Adds the file logging.js"="4/9/2014 7:11 AM, 944 bytes, A       Adds the file onBGDocumentLoad.js"="4/9/2014 7:11 AM, 480 bytes, A       Adds the file reports.js"="4/9/2014 7:11 AM, 4949 bytes, A       Adds the file storageWrapper.js"="4/9/2014 7:11 AM, 903 bytes, A       Adds the file updateManager.js"="4/9/2014 7:11 AM, 8324 bytes, A       Adds the file util.js"="4/9/2014 7:11 AM, 5142 bytes, A       Adds the file xhr.js"="4/9/2014 7:11 AM, 2699 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\lib\popupResource       Adds the file newPopup.js"="4/9/2014 7:11 AM, 40 bytes, A       Adds the file popup.js"="4/9/2014 7:11 AM, 45 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com       Adds the file chrome.manifest"="4/9/2014 7:11 AM, 732 bytes, A       Adds the file install.rdf"="4/9/2014 7:11 AM, 1375 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\chrome\content       Adds the file api.js"="4/9/2014 7:11 AM, 18796 bytes, A       Adds the file background.html"="4/9/2014 7:11 AM, 2001 bytes, A       Adds the file baseObject.js"="4/9/2014 7:11 AM, 19 bytes, A       Adds the file browser.xul"="4/9/2014 7:11 AM, 4825 bytes, A       Adds the file dialog.js"="4/9/2014 7:11 AM, 1343 bytes, A       Adds the file ffCoreFilesIndex.txt"="4/9/2014 7:11 AM, 1052 bytes, A       Adds the file main.js"="4/9/2014 7:11 AM, 18708 bytes, A       Adds the file options.js"="4/9/2014 7:11 AM, 1931 bytes, A       Adds the file options.xul"="4/9/2014 7:11 AM, 1913 bytes, A       Adds the file platformVersion.js"="4/9/2014 7:11 AM, 614 bytes, A       Adds the file search_dialog.xul"="4/9/2014 7:11 AM, 2457 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\chrome\content\api       Adds the file asyncDB.js"="4/9/2014 7:11 AM, 4805 bytes, A       Adds the file background.js"="4/9/2014 7:11 AM, 1336 bytes, A       Adds the file browserAction.js"="4/9/2014 7:11 AM, 8906 bytes, A       Adds the file contextMenu.js"="4/9/2014 7:11 AM, 5359 bytes, A       Adds the file dbManager.js"="4/9/2014 7:11 AM, 10097 bytes, A       Adds the file dom_bg.js"="4/9/2014 7:11 AM, 2505 bytes, A       Adds the file fileManager.js"="4/9/2014 7:11 AM, 943 bytes, A       Adds the file firefox.js"="4/9/2014 7:11 AM, 353 bytes, A       Adds the file firefoxNotifications.js"="4/9/2014 7:11 AM, 1116 bytes, A       Adds the file firefoxOmnibox.js"="4/9/2014 7:11 AM, 1515 bytes, A       Adds the file message.js"="4/9/2014 7:11 AM, 5210 bytes, A       Adds the file pageAction.js"="4/9/2014 7:11 AM, 11257 bytes, A       Adds the file request.js"="4/9/2014 7:11 AM, 2314 bytes, A       Adds the file tabs.js"="4/9/2014 7:11 AM, 3628 bytes, A       Adds the file webRequest.js"="4/9/2014 7:11 AM, 5638 bytes, A       Adds the file windowsMessagingHandler.js"="4/9/2014 7:11 AM, 960 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\chrome\content\core       Adds the file addressBarChangeObserver.js"="4/9/2014 7:11 AM, 130 bytes, A       Adds the file console.js"="4/9/2014 7:11 AM, 1753 bytes, A       Adds the file consts.js"="4/9/2014 7:11 AM, 2421 bytes, A       Adds the file delegate.js"="4/9/2014 7:11 AM, 2180 bytes, A       Adds the file extensionDataStore.js"="4/9/2014 7:11 AM, 10314 bytes, A       Adds the file folderIOWrapper.js"="4/9/2014 7:11 AM, 3526 bytes, A       Adds the file httpObserver.js"="4/9/2014 7:11 AM, 2561 bytes, A       Adds the file IDBWrapper.js"="4/9/2014 7:11 AM, 4692 bytes, A       Adds the file installer.js"="4/9/2014 7:11 AM, 1320 bytes, A       Adds the file logFile.js"="4/9/2014 7:11 AM, 1562 bytes, A       Adds the file prefs.js"="4/9/2014 7:11 AM, 1649 bytes, A       Adds the file progressListenerObserver.js"="4/9/2014 7:11 AM, 1368 bytes, A       Adds the file registry.js"="4/9/2014 7:11 AM, 1158 bytes, A       Adds the file reloadObserver.js"="4/9/2014 7:11 AM, 1527 bytes, A       Adds the file reports.js"="4/9/2014 7:11 AM, 3975 bytes, A       Adds the file requestObject.js"="4/9/2014 7:11 AM, 1261 bytes, A       Adds the file searchSettings.js"="4/9/2014 7:11 AM, 3426 bytes, A       Adds the file uninstallObserver.js"="4/9/2014 7:11 AM, 2372 bytes, A       Adds the file updateManager.js"="4/9/2014 7:11 AM, 11480 bytes, A       Adds the file utils.js"="4/9/2014 7:11 AM, 18746 bytes, A       Adds the file xhr.js"="4/9/2014 7:11 AM, 2852 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\defaults\preferences       Adds the file prefs.js"="4/9/2014 7:11 AM, 3989 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\extensionData       Adds the file manifest.xml"="4/9/2014 7:11 AM, 1736 bytes, A       Adds the file plugins.json"="4/9/2014 7:11 AM, 11520 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\extensionData\plugins       Adds the file 1.js"="4/9/2014 7:11 AM, 6794 bytes, A       Adds the file 102.js"="4/9/2014 7:11 AM, 2048 bytes, A       Adds the file 103.js"="4/9/2014 7:11 AM, 2296 bytes, A       Adds the file 104.js"="4/9/2014 7:11 AM, 1289 bytes, A       Adds the file 119.js"="4/9/2014 7:11 AM, 5012 bytes, A       Adds the file 123.js"="4/9/2014 7:11 AM, 697 bytes, A       Adds the file 13.js"="4/9/2014 7:11 AM, 6993 bytes, A       Adds the file 14.js"="4/9/2014 7:11 AM, 20752 bytes, A       Adds the file 155.js"="4/9/2014 7:11 AM, 449 bytes, A       Adds the file 16.js"="4/9/2014 7:11 AM, 16022 bytes, A       Adds the file 17.js"="4/9/2014 7:11 AM, 79864 bytes, A       Adds the file 177.js"="4/9/2014 7:11 AM, 31088 bytes, A       Adds the file 179.js"="4/9/2014 7:11 AM, 704 bytes, A       Adds the file 180.js"="4/9/2014 7:11 AM, 804 bytes, A       Adds the file 182.js"="4/9/2014 7:11 AM, 14181 bytes, A       Adds the file 183.js"="4/9/2014 7:11 AM, 2427 bytes, A       Adds the file 184.js"="4/9/2014 7:11 AM, 1273 bytes, A       Adds the file 190.js"="4/9/2014 7:11 AM, 2294 bytes, A       Adds the file 191.js"="4/9/2014 7:11 AM, 1153 bytes, A       Adds the file 195.js"="4/9/2014 7:11 AM, 378 bytes, A       Adds the file 207.js"="4/9/2014 7:11 AM, 1537 bytes, A       Adds the file 21.js"="4/9/2014 7:11 AM, 3560 bytes, A       Adds the file 22.js"="4/9/2014 7:11 AM, 8958 bytes, A       Adds the file 220.js"="4/9/2014 7:11 AM, 47120 bytes, A       Adds the file 221.js"="4/9/2014 7:11 AM, 383 bytes, A       Adds the file 223.js"="4/9/2014 7:11 AM, 453 bytes, A       Adds the file 231.js"="4/9/2014 7:11 AM, 706 bytes, A       Adds the file 232.js"="4/9/2014 7:11 AM, 703 bytes, A       Adds the file 236.js"="4/9/2014 7:11 AM, 416 bytes, A       Adds the file 242.js"="4/9/2014 7:11 AM, 1057 bytes, A       Adds the file 244.js"="4/9/2014 7:11 AM, 470 bytes, A       Adds the file 246.js"="4/9/2014 7:11 AM, 2049 bytes, A       Adds the file 28.js"="4/9/2014 7:11 AM, 536 bytes, A       Adds the file 4.js"="4/9/2014 7:11 AM, 94050 bytes, A       Adds the file 47.js"="4/9/2014 7:11 AM, 7574 bytes, A       Adds the file 64.js"="4/9/2014 7:11 AM, 2200 bytes, A       Adds the file 7.js"="4/9/2014 7:11 AM, 685 bytes, A       Adds the file 72.js"="4/9/2014 7:11 AM, 46062 bytes, A       Adds the file 78.js"="4/9/2014 7:11 AM, 3187 bytes, A       Adds the file 9.js"="4/9/2014 7:11 AM, 2143 bytes, A       Adds the file 91.js"="4/9/2014 7:11 AM, 151095 bytes, A       Adds the file 93.js"="4/9/2014 7:11 AM, 560 bytes, A       Adds the file 98.js"="4/9/2014 7:11 AM, 1806 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\extensionData\userCode       Adds the file background.js"="4/9/2014 7:11 AM, 814 bytes, A       Adds the file extension.js"="4/9/2014 7:11 AM, 737 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\locale\en-US       Adds the file translations.dtd"="4/9/2014 7:11 AM, 425 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default\extensions\120b8567-cef7-4a3f-bc74-951746209d5b@e3f0d12e-110a-4dac-a277-22ad73cee452.com\skin       Adds the file button1.png"="4/9/2014 7:11 AM, 1361 bytes, A       Adds the file button2.png"="4/9/2014 7:11 AM, 1361 bytes, A       Adds the file button3.png"="4/9/2014 7:11 AM, 1361 bytes, A       Adds the file button4.png"="4/9/2014 7:11 AM, 1361 bytes, A       Adds the file button5.png"="4/9/2014 7:11 AM, 1361 bytes, A       Adds the file crossrider_statusbar.png"="4/9/2014 7:11 AM, 1361 bytes, A       Adds the file icon128.png"="4/9/2014 7:11 AM, 3997 bytes, A       Adds the file icon16.png"="4/9/2014 7:11 AM, 1137 bytes, A       Adds the file icon24.png"="4/9/2014 7:11 AM, 1502 bytes, A       Adds the file icon48.png"="4/9/2014 7:11 AM, 2245 bytes, A       Adds the file panelarrow-up.png"="4/9/2014 7:11 AM, 917 bytes, A       Adds the file popup.html"="4/9/2014 7:11 AM, 349 bytes, A       Adds the file skin.css"="4/9/2014 7:11 AM, 990 bytes, A       Adds the file update.css"="4/9/2014 7:11 AM, 140 bytes, A    In the existing folder C:\Windows\System32\Tasks       Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-1"="4/9/2014 7:11 AM, 4408 bytes, A       Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-2"="4/9/2014 7:11 AM, 4390 bytes, A       Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-3"="4/9/2014 7:11 AM, 5818 bytes, A       Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-4"="4/9/2014 7:11 AM, 5206 bytes, A       Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-5"="4/9/2014 7:11 AM, 4494 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-1.job"="4/9/2014 7:11 AM, 1378 bytes, A       Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-2.job"="4/9/2014 7:11 AM, 1360 bytes, A       Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-3.job"="4/9/2014 7:11 AM, 2788 bytes, A       Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-4.job"="4/9/2014 7:11 AM, 2176 bytes, A       Adds the file 15bd27b4-73d3-425d-ab82-8d0da491c1c2-5.job"="4/9/2014 7:11 AM, 1464 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}]       "(Default)"="REG_SZ", "Plus-HighD-ver9.3"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\Implemented Categories]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\Implemented Categories\{59fb2056-d625-48d0-a944-1a85b5ab2640}]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3\Plus-HighD-ver9.3-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\ProgID]       "(Default)"="REG_SZ", "CrossriderApp0053098.BHO.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544304498}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511301198}\VersionIndependentProgID]       "(Default)"="REG_SZ", "CrossriderApp0053098"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}]       "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}\InprocServer32]       "(Default)"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3\Plus-HighD-ver9.3-bho.dll"       "ThreadingModel"="REG_SZ", "Apartment"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}\ProgID]       "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}\Programmable]    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544304498}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522302298}\VersionIndependentProgID]       "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.BHO]       "(Default)"="REG_SZ", "CrossriderApp0053098"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.BHO\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110511301198}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.BHO\CurVer]       "(Default)"="REG_SZ", "CrossriderApp0053098"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.BHO.1]       "(Default)"="REG_SZ", "CrossriderApp0053098"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.BHO.1\CLSID]       "(Default)"="REG_SZ", "{11111111-1111-1111-1111-110511301198}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.Sandbox]       "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.Sandbox\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220522302298}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.Sandbox\CurVer]       "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.Sandbox.1]       "(Default)"="REG_SZ", "CrossriderApp0053098.Sandbox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0053098.Sandbox.1\CLSID]       "(Default)"="REG_SZ", "{22222222-2222-2222-2222-220522302298}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555305598}]       "(Default)"="REG_SZ", "ICrossriderBHO"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555305598}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555305598}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555305598}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544304498}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698}]       "(Default)"="REG_SZ", "ISandBox"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698}\ProxyStubClsid]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698}\ProxyStubClsid32]       "(Default)"="REG_SZ", "{00020424-0000-0000-C000-000000000046}"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566306698}\TypeLib]       "(Default)"="REG_SZ", "{44444444-4444-4444-4444-440544304498}"       "Version"="REG_SZ", "1.0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544304498}\1.0]       "(Default)"="REG_SZ", "CrossriderApp0053098 Type Library"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544304498}\1.0\0\win32]       "(Default)"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3\Plus-HighD-ver9.3-bho.dll"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544304498}\1.0\FLAGS]       "(Default)"="REG_SZ", "0"    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544304498}\1.0\HELPDIR]       "(Default)"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\19979]       "53098"="REG_SZ", "Plus-HighD-ver9.3"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\19979\Status]       "Installed"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511301198}]       "(Default)"="REG_SZ", "CrossriderApp0053098"       "NoExplorer"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110511301198}]    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID]       "{11111111-1111-1111-1111-110511301198}"="REG_SZ", "1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HighD-ver9.3]       "CrAppId"="REG_SZ", "53098"       "CrPublisherId"="REG_SZ", "19979"       "DisplayIcon"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3\utils.exe"       "DisplayName"="REG_SZ", "Plus-HighD-ver9.3"       "DisplayVersion"="REG_SZ", "1.34.3.28"       "Publisher"="REG_SZ", "Plus HDv3"       "UninstallString"="REG_SZ", "C:\Program Files\Plus-HighD-ver9.3\Uninstall.exe /fromcontrolpanel=1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]       "15bd27b4-73d3-425d-ab82-8d0da491c1c2-1.job"="REG_BINARY, ................................       "15bd27b4-73d3-425d-ab82-8d0da491c1c2-1.job.fp"="REG_DWORD", 675488049       "15bd27b4-73d3-425d-ab82-8d0da491c1c2-2.job"="REG_BINARY, ................................       "15bd27b4-73d3-425d-ab82-8d0da491c1c2-2.job.fp"="REG_DWORD", -1287326301       "15bd27b4-73d3-425d-ab82-8d0da491c1c2-3.job"="REG_BINARY, ................................       "15bd27b4-73d3-425d-ab82-8d0da491c1c2-3.job.fp"="REG_DWORD", 1194776903       "15bd27b4-73d3-425d-ab82-8d0da491c1c2-4.job"="REG_BINARY, ................................       "15bd27b4-73d3-425d-ab82-8d0da491c1c2-4.job.fp"="REG_DWORD", -537664697       "15bd27b4-73d3-425d-ab82-8d0da491c1c2-5.job"="REG_BINARY, ................................       "15bd27b4-73d3-425d-ab82-8d0da491c1c2-5.job.fp"="REG_DWORD", 1117103314    [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\Chrome]       "TotalProfiles"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\Chrome-Profiles]       "C:\Users\{username}\AppData\Local\Google\Chrome\User Data\Default"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\ErrorLists-crchromeinstaller]       "post_for_sign_Invalid HTTP(S) status code"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\Firefox]       "TotalProfiles"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\Firefox\Profiles]       "C:\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\joxsq3f5.default"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\IE]       "TotalProfiles"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\IE\Profiles]       "S-1-5-21-4016700205-1717049133-1125222536-1001"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HighD-ver9.3\Installer]       "BundledChrome"="REG_DWORD", 1       "BundledFirefox"="REG_DWORD", 1       "BundledIe"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110511301198}]    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "861DB0D3D5DD44D3B36096C78F4EB724IE"       "Verifier"="REG_SZ", "05a5218048819c815c9068372549acbd"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onBeforeNavigate]       "53098"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider\onRequest]       "53098"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HighD-ver9.3]       "ActiveAppId"="REG_SZ", "53098"       "BhoRunningVersion"="REG_SZ", "153"       "IsBhoEnabled"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HighD-ver9.3\Background]       "__onDocumentStart_script__"="REG_SZ", ""       "__onDocumentStart_script_store__"="REG_SZ", ""       "IsEnabled"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HighD-ver9.3\Code]       "AppJavaScript"="REG_SZ", "{ javascript removed, full log available on request}"    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Plus-HighD-ver9.3\Update]       "LastCheck"="REG_DWORD", 1397020301    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\19979]       "53098"="REG_SZ", "Plus-HighD-ver9.3"    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\19979\Status]       "Installed"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\Plus HDv3]       "53098"="REG_SZ", "Plus-HighD-ver9.3"    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions]       "{11111111-1111-1111-1111-110511301198}"="REG_BINARY, ............    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]       "{11111111-1111-1111-1111-110511301198}"="REG_SZ", ""       "Timestamp        REG_BINARY, .... ==> REG_BINARY, ....
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 4/9/2014Scan Time: 7:45:37 AMLogfile: Administrator: YesVersion: 2.00.1.1004Malware Database: v2014.04.08.09Rootkit Database: v2014.03.27.01License: TrialMalware Protection: DisabledMalicious Website Protection: DisabledChameleon: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 208335Time Elapsed: 7 min, 3 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledShuriken: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 12PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData\plugins, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\extensionData\userCode, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\icons, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\icons\actions, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\api, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\lib, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.CrossRider.A, C:\Users\Malwarebytes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngfnjclpjflgomhidfecidndbfaniak\1.26.53_0\js\lib\popupResource, Quarantined, [9b4e40e79cdfd1659d2982db0af85ca4], PUP.Optional.PlusHD.A, C:\Program Files\Plus-HighD-ver9.3, Quarantined, [c02967c0f88357dfd3bfd9875ba78779], Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.