Jump to content

Removal instructions for CrossBrowse


Recommended Posts

  • Staff

What is CrossBrowse?

The Malwarebytes research team has determined that CrossBrowse is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by CrossBrowse?

You may see these tasks in your Task Scheduler:

warning3.png

and this entry in your list of installed programs:

warning4.png

How did CrossBrowse get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove CrossBrowse?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of CrossBrowse?
  • No, Malwarebytes' Anti-Malware removes CrossBrowse completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the CrossBrowse hijacker. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

No visible signs in a HijackThis log

You may see these entries in a FRST log:

 () C:\Windows\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user.job () C:\Windows\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.job () C:\Program Files\CrossBrowse-1.4V28.04CrossBrowse-1.4V28.04 (HKLM\...\CrossBrowse-1.4V28.04) (Version: 1.36.01.22 - CrossBrowse-1.4V28.04) <==== ATTENTION!Task: {B02EA972-F1B4-40E3-9114-CF4E3D3D5FBA} - System32\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5 => C:\Program Files\CrossBrowse-1.4V28.04\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.exe [2015-04-29] (CrossBrowse-1.4V28.04) <==== ATTENTIONTask: {D92D3F52-32AC-4F00-9D66-410392CA2A29} - System32\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user => C:\Program Files\CrossBrowse-1.4V28.04\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.exe [2015-04-29] (CrossBrowse-1.4V28.04) <==== ATTENTIONTask: C:\Windows\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.job => C:\Program Files\CrossBrowse-1.4V28.04\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.exe <==== ATTENTIONTask: C:\Windows\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user.job => C:\Program Files\CrossBrowse-1.4V28.04\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.exe <==== ATTENTION
Alterations made by the installer:

 

File system details  ---------------------------------------------    Adds the folder C:\Program Files\CrossBrowse-1.4V28.04       Adds the file 2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.exe"="4/29/2015 1:53 PM, 1106512 bytes, A       Adds the file Uninstall.exe"="4/29/2015 1:53 PM, 117840 bytes, A       Adds the file utils.exe"="4/29/2015 1:53 PM, 1359237 bytes, A    In the existing folder C:\Windows\System32\Tasks       Adds the file 2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5"="4/29/2015 1:53 PM, 5478 bytes, A       Adds the file 2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user"="4/29/2015 1:53 PM, 5484 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file 2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.job"="4/29/2015 1:53 PM, 2448 bytes, A       Adds the file 2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user.job"="4/29/2015 1:53 PM, 2448 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "8655ebc447297b398088e5f1933333c9IE"       "Verifier"="REG_SZ", "4704d091642d168879ad647182ff110a"    [HKEY_LOCAL_MACHINE\SOFTWARE\ArenaHD]       "value"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\HighDefAction]       "value"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\30935]       "72895"="REG_SZ", "CrossBrowse-1.4V28.04"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\30935\Status]       "Installed"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CrossBrowse-1.4V28.04]       "CrAppId"="REG_SZ", "72895"       "CrPublisherId"="REG_SZ", "30935"       "DisplayIcon"="REG_SZ", "C:\Program Files\CrossBrowse-1.4V28.04\utils.exe"       "DisplayName"="REG_SZ", "CrossBrowse-1.4V28.04"       "DisplayVersion"="REG_SZ", "1.36.01.22"       "Publisher"="REG_SZ", "CrossBrowse-1.4V28.04"       "UninstallString"="REG_SZ", "C:\Program Files\CrossBrowse-1.4V28.04\Uninstall.exe /fcp=1  "    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]       "2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.job"="REG_BINARY, ................................       "2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.job.fp"="REG_DWORD", 1443243328       "2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user.job"="REG_BINARY, ................................       "2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user.job.fp"="REG_DWORD", 1568082352    [HKEY_LOCAL_MACHINE\SOFTWARE\YorkNewCin]       "value"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "8655ebc447297b398088e5f1933333c9IE"       "Verifier"="REG_SZ", "4704d091642d168879ad647182ff110a"    [HKEY_CURRENT_USER\Software\ArenaHD]       "value"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\HighDefAction]       "value"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\30935]       "72895"="REG_SZ", "CrossBrowse-1.4V28.04"    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\30935\Status]       "Installed"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\CrossBrowse-1.4V28.04]       "72895"="REG_SZ", "CrossBrowse-1.4V28.04"    [HKEY_CURRENT_USER\Software\YorkNewCin]       "value"="REG_DWORD", 1
Malwarebytes Anti-Malware log:

 

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 4/29/2015Scan Time: 2:02:02 PMLogfile: mbamCrossBrowser.txtAdministrator: YesVersion: 2.01.0.1004Malware Database: v2015.04.29.02Rootkit Database: v2015.04.21.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 287108Time Elapsed: 9 min, 0 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 9PUP.Optional.CrossRider.C, HKLM\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [d1854230a9e1a88e554ac30456ad5ca4], PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD, Quarantined, [ea6c2b478ffb7abcc7c1cc921fe610f0], PUP.Optional.PCTuner.C, HKLM\SOFTWARE\HIGHDEFACTION, Quarantined, [c49281f1f2983006761eb9a532d343bd], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [b0a6442e068457df19bf5eaccd3740c0], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [20366b0725652c0af18568d8ef16738d], PUP.Optional.CinemaPlus.C, HKCU\SOFTWARE\ARENAHD, Quarantined, [cf87a7cbc6c483b303845a044db826da], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [5afc3c36becc59dd79024a9e08fb4bb5], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\CrossBrowse-1.4V28.04, Quarantined, [96c0066c0a80fe38fda76875f50e827e], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CrossBrowse-1.4V28.04, Quarantined, [164090e2f397b87e3f56a01312f1d729], Registry Values: 4PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD|value, 1, Quarantined, [ea6c2b478ffb7abcc7c1cc921fe610f0]PUP.Optional.PCTuner.C, HKLM\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [c49281f1f2983006761eb9a532d343bd]PUP.Optional.CinemaPlus.C, HKCU\SOFTWARE\ARENAHD|value, 1, Quarantined, [cf87a7cbc6c483b303845a044db826da]PUP.Optional.PCTuner.C, HKCU\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [a8aefa78088275c1a9e9a8b6ac59f20e]Registry Data: 0(No malicious items detected)Folders: 1PUP.Optional.CrossRider.A, C:\Program Files\CrossBrowse-1.4V28.04, Quarantined, [164090e2f397b87e3f56a01312f1d729], Files: 8PUP.Optional.CrossRider, C:\Users\{username}\Desktop\2321.exe, Quarantined, [d77f5919afdb2c0a98450ad97988a65a], PUP.Optional.CrossRider.A, C:\Program Files\CrossBrowse-1.4V28.04\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.exe, Quarantined, [95c1c8aadcaeeb4b255e68d7b74fde22], PUP.Optional.CrossRider.A, C:\Program Files\CrossBrowse-1.4V28.04\utils.exe, Quarantined, [4b0b8de5177344f2473ceb544fb733cd], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5, Quarantined, [4016571b7b0ff44282b550a348bb9070], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user, Quarantined, [045276fc484283b3d0676d86cd3620e0], PUP.Optional.CrossRider.T, C:\Windows\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5.job, Quarantined, [3e18df93602a7fb771a4fb5146bf9769], PUP.Optional.CrossRider.T, C:\Windows\Tasks\2d74a2a5-79dd-4518-8dab-e4c074ad9d71-5_user.job, Quarantined, [10463a38a6e4092dab6afa52fb0a5aa6], PUP.Optional.CrossRider.A, C:\Program Files\CrossBrowse-1.4V28.04\Uninstall.exe, Quarantined, [164090e2f397b87e3f56a01312f1d729], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.