Jump to content
Sign in to follow this  
Metallica

Removal instructions for CrossBrowse

Recommended Posts

What is CrossBrowse?

The Malwarebytes research team has determined that CrossBrowse is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by CrossBrowse?

You may see these tasks in your Task Scheduler:

warning3.png

and this entry in your list of installed programs:

warning4.png

How did CrossBrowse get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove CrossBrowse?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of CrossBrowse?
  • No, Malwarebytes' Anti-Malware removes CrossBrowse completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the CrossBrowse hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

No visible signs in a HijackThis log

You may see these entries in a FRST log:

 () C:\Windows\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user.job () C:\Windows\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.job () C:\Program Files\CrossBrowse-1.4V28.04CrossBrowse-1.4V28.04 (HKLM\...\CrossBrowse-1.4V28.04) (Version: 1.36.01.22 - CrossBrowse-1.4V28.04) <==== ATTENTION!Task: {B02EA972-F1B4-40E3-9114-CF4E3D3D5FBA} - System32\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5 => C:\Program Files\CrossBrowse-1.4V28.04\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.exe [2015-04-29] (CrossBrowse-1.4V28.04) <==== ATTENTIONTask: {D92D3F52-32AC-4F00-9D66-410392CA2A29} - System32\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user => C:\Program Files\CrossBrowse-1.4V28.04\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.exe [2015-04-29] (CrossBrowse-1.4V28.04) <==== ATTENTIONTask: C:\Windows\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.job => C:\Program Files\CrossBrowse-1.4V28.04\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.exe <==== ATTENTIONTask: C:\Windows\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user.job => C:\Program Files\CrossBrowse-1.4V28.04\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.exe <==== ATTENTION
Alterations made by the installer:

 

File system details  ---------------------------------------------    Adds the folder C:\Program Files\CrossBrowse-1.4V28.04       Adds the file 2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.exe"="4/29/2015 1:53 PM, 1106512 bytes, A       Adds the file Uninstall.exe"="4/29/2015 1:53 PM, 117840 bytes, A       Adds the file utils.exe"="4/29/2015 1:53 PM, 1359237 bytes, A    In the existing folder C:\Windows\System32\Tasks       Adds the file 2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5"="4/29/2015 1:53 PM, 5478 bytes, A       Adds the file 2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user"="4/29/2015 1:53 PM, 5484 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file 2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.job"="4/29/2015 1:53 PM, 2448 bytes, A       Adds the file 2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user.job"="4/29/2015 1:53 PM, 2448 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "8655ebc447297b398088e5f1933333c9IE"       "Verifier"="REG_SZ", "4704d091642d168879ad647182ff110a"    [HKEY_LOCAL_MACHINE\SOFTWARE\ArenaHD]       "value"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\HighDefAction]       "value"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\30935]       "72895"="REG_SZ", "CrossBrowse-1.4V28.04"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\30935\Status]       "Installed"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CrossBrowse-1.4V28.04]       "CrAppId"="REG_SZ", "72895"       "CrPublisherId"="REG_SZ", "30935"       "DisplayIcon"="REG_SZ", "C:\Program Files\CrossBrowse-1.4V28.04\utils.exe"       "DisplayName"="REG_SZ", "CrossBrowse-1.4V28.04"       "DisplayVersion"="REG_SZ", "1.36.01.22"       "Publisher"="REG_SZ", "CrossBrowse-1.4V28.04"       "UninstallString"="REG_SZ", "C:\Program Files\CrossBrowse-1.4V28.04\Uninstall.exe /fcp=1  "    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]       "2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.job"="REG_BINARY, ................................       "2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.job.fp"="REG_DWORD", 1443243328       "2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user.job"="REG_BINARY, ................................       "2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user.job.fp"="REG_DWORD", 1568082352    [HKEY_LOCAL_MACHINE\SOFTWARE\YorkNewCin]       "value"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "8655ebc447297b398088e5f1933333c9IE"       "Verifier"="REG_SZ", "4704d091642d168879ad647182ff110a"    [HKEY_CURRENT_USER\Software\ArenaHD]       "value"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\HighDefAction]       "value"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\30935]       "72895"="REG_SZ", "CrossBrowse-1.4V28.04"    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\30935\Status]       "Installed"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\CrossBrowse-1.4V28.04]       "72895"="REG_SZ", "CrossBrowse-1.4V28.04"    [HKEY_CURRENT_USER\Software\YorkNewCin]       "value"="REG_DWORD", 1
Malwarebytes Anti-Malware log:

 

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 4/29/2015Scan Time: 2:02:02 PMLogfile: mbamCrossBrowser.txtAdministrator: YesVersion: 2.01.0.1004Malware Database: v2015.04.29.02Rootkit Database: v2015.04.21.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 287108Time Elapsed: 9 min, 0 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 9PUP.Optional.CrossRider.C, HKLM\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [d1854230a9e1a88e554ac30456ad5ca4], PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD, Quarantined, [ea6c2b478ffb7abcc7c1cc921fe610f0], PUP.Optional.PCTuner.C, HKLM\SOFTWARE\HIGHDEFACTION, Quarantined, [c49281f1f2983006761eb9a532d343bd], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [b0a6442e068457df19bf5eaccd3740c0], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [20366b0725652c0af18568d8ef16738d], PUP.Optional.CinemaPlus.C, HKCU\SOFTWARE\ARENAHD, Quarantined, [cf87a7cbc6c483b303845a044db826da], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [5afc3c36becc59dd79024a9e08fb4bb5], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\CrossBrowse-1.4V28.04, Quarantined, [96c0066c0a80fe38fda76875f50e827e], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CrossBrowse-1.4V28.04, Quarantined, [164090e2f397b87e3f56a01312f1d729], Registry Values: 4PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD|value, 1, Quarantined, [ea6c2b478ffb7abcc7c1cc921fe610f0]PUP.Optional.PCTuner.C, HKLM\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [c49281f1f2983006761eb9a532d343bd]PUP.Optional.CinemaPlus.C, HKCU\SOFTWARE\ARENAHD|value, 1, Quarantined, [cf87a7cbc6c483b303845a044db826da]PUP.Optional.PCTuner.C, HKCU\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [a8aefa78088275c1a9e9a8b6ac59f20e]Registry Data: 0(No malicious items detected)Folders: 1PUP.Optional.CrossRider.A, C:\Program Files\CrossBrowse-1.4V28.04, Quarantined, [164090e2f397b87e3f56a01312f1d729], Files: 8PUP.Optional.CrossRider, C:\Users\{username}\Desktop\2321.exe, Quarantined, [d77f5919afdb2c0a98450ad97988a65a], PUP.Optional.CrossRider.A, C:\Program Files\CrossBrowse-1.4V28.04\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.exe, Quarantined, [95c1c8aadcaeeb4b255e68d7b74fde22], PUP.Optional.CrossRider.A, C:\Program Files\CrossBrowse-1.4V28.04\utils.exe, Quarantined, [4b0b8de5177344f2473ceb544fb733cd], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5, Quarantined, [4016571b7b0ff44282b550a348bb9070], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user, Quarantined, [045276fc484283b3d0676d86cd3620e0], PUP.Optional.CrossRider.T, C:\Windows\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.job, Quarantined, [3e18df93602a7fb771a4fb5146bf9769], PUP.Optional.CrossRider.T, C:\Windows\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user.job, Quarantined, [10463a38a6e4092dab6afa52fb0a5aa6], PUP.Optional.CrossRider.A, C:\Program Files\CrossBrowse-1.4V28.04\Uninstall.exe, Quarantined, [164090e2f397b87e3f56a01312f1d729], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.