Jump to content

Removal instructions for CrossBrowse-1.4V27.04


Recommended Posts

  • Staff

What is CrossBrowse-1.4V27.04?

The Malwarebytes research team has determined that CrossBrowse-1.4V27.04 is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by CrossBrowse-1.4V27.04?

You may see this entry in your list of installed programs:

warning4.png

and these Scheduled Tasks:

warning3.png

How did CrossBrowse-1.4V27.04 get on my computer?

Adware applications use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove CrossBrowse-1.4V27.04?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of CrossBrowse-1.4V27.04?
  • No, Malwarebytes' Anti-Malware removes CrossBrowse-1.4V27.04 completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this adware application.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the CrossBrowse-1.4V27.04 adware. It would have warned you before the application could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

No visible signs in a HijackThis log

You may see these signs in FRST logs:

 C:\Windows\System32\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5 C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5.job C:\Program Files (x86)\CrossBrowse-1.4V27.04CrossBrowse-1.4V27.04 (HKLM-x32\...\CrossBrowse-1.4V27.04) (Version: 1.36.01.22 - CrossBrowse-1.4V27.04) <==== ATTENTIONTask: {566307C6-4214-4EC4-A65D-45925B875A20} - System32\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5_user => C:\Program Files (x86)\CrossBrowse-1.4V27.04\38ffa0cb-d41d-4501-950b-8365b779e211-5.exe [2015-08-18] (CrossBrowse-1.4V27.04) <==== ATTENTIONTask: {DCBA87AF-B984-4B08-B684-E69B46568082} - System32\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5 => C:\Program Files (x86)\CrossBrowse-1.4V27.04\38ffa0cb-d41d-4501-950b-8365b779e211-5.exe [2015-08-18] (CrossBrowse-1.4V27.04) <==== ATTENTIONTask: C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5.job => C:\Program Files (x86)\CrossBrowse-1.4V27.04\38ffa0cb-d41d-4501-950b-8365b779e211-5.exe <==== ATTENTIONTask: C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job => C:\Program Files (x86)\CrossBrowse-1.4V27.04\38ffa0cb-d41d-4501-950b-8365b779e211-5.exe <==== ATTENTION
Alterations made by the installer:

File system details [View: All details] (Selection)---------------------------------------------------    Adds the folder C:\Program Files (x86)\CrossBrowse-1.4V27.04       Adds the file 38ffa0cb-d41d-4501-950b-8365b779e211-5.exe"="18/08/2015 13:14, 1053776 bytes, A       Adds the file Uninstall.exe"="18/08/2015 13:14, 121424 bytes, A       Adds the file utils.exe"="18/08/2015 13:14, 1374244 bytes, A    In the existing folder C:\Windows\System32\Tasks       Adds the file 38ffa0cb-d41d-4501-950b-8365b779e211-5"="18/08/2015 13:14, 5484 bytes, A       Adds the file 38ffa0cb-d41d-4501-950b-8365b779e211-5_user"="18/08/2015 13:14, 5496 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file 38ffa0cb-d41d-4501-950b-8365b779e211-5.job"="18/08/2015 13:14, 2454 bytes, A       Adds the file 38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job"="18/08/2015 13:14, 2454 bytes, ARegistry details [View: All details] (Selection)------------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\ArenaHD]       "value"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\HighDefAction]       "value"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\30935]       "72895"="REG_SZ", "CrossBrowse-1.4V27.04"    [HKEY_LOCAL_MACHINE\SOFTWARE\InstalledBrowserExtensions\30935\Status]       "Installed"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]       "38ffa0cb-d41d-4501-950b-8365b779e211-5.job"="REG_BINARY, ................................       "38ffa0cb-d41d-4501-950b-8365b779e211-5.job.fp"="REG_DWORD", -269643866       "38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job"="REG_BINARY, ................................       "38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job.fp"="REG_DWORD", 1386840557    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "2f2bc621a7c304774b7408716c3e8213IE"       "Verifier"="REG_SZ", "6ef6eac254a7632839836d3cb24698df"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ArenaHD]       "value"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HighDefAction]       "value"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\30935]       "72895"="REG_SZ", "CrossBrowse-1.4V27.04"    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\InstalledBrowserExtensions\30935\Status]       "Installed"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\CrossBrowse-1.4V27.04]       "CrAppId"="REG_SZ", "72895"       "CrPublisherId"="REG_SZ", "30935"       "DisplayIcon"="REG_SZ", "C:\Program Files (x86)\CrossBrowse-1.4V27.04\utils.exe"       "DisplayName"="REG_SZ", "CrossBrowse-1.4V27.04"       "DisplayVersion"="REG_SZ", "1.36.01.22"       "Publisher"="REG_SZ", "CrossBrowse-1.4V27.04"       "UninstallString"="REG_SZ", "C:\Program Files (x86)\CrossBrowse-1.4V27.04\Uninstall.exe /fcp=1  "    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\YorkNewCin]       "value"="REG_DWORD", 1    [HKEY_LOCAL_MACHINE\SOFTWARE\YorkNewCin]       "value"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\AppDataLow\Software\Crossrider]       "Bic"="REG_SZ", "2f2bc621a7c304774b7408716c3e8213IE"       "Verifier"="REG_SZ", "6ef6eac254a7632839836d3cb24698df"    [HKEY_CURRENT_USER\Software\ArenaHD]       "value"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\HighDefAction]       "value"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\30935]       "72895"="REG_SZ", "CrossBrowse-1.4V27.04"    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\30935\Status]       "Installed"="REG_DWORD", 1    [HKEY_CURRENT_USER\Software\InstalledBrowserExtensions\CrossBrowse-1.4V27.04]       "72895"="REG_SZ", "CrossBrowse-1.4V27.04"    [HKEY_CURRENT_USER\Software\YorkNewCin]       "value"="REG_DWORD", 1
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 18/08/2015Scan Time: 13:23Logfile: mbamCrossBrowse-14.txtAdministrator: YesVersion: 2.1.8.1057Malware Database: v2015.08.18.04Rootkit Database: v2015.08.16.01License: PremiumMalware Protection: DisabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: {username}Scan Type: Threat ScanResult: CompletedObjects Scanned: 329649Time Elapsed: 4 min, 10 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 18PUP.Optional.Downloader.C, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CrossBrowse-1.4V27.04, Quarantined, [113bb951513a7eb88cab9a1f3bc6d22e], PUP.Optional.HighDefAction.A, HKLM\SOFTWARE\HighDefAction, Quarantined, [3d0f0cfea8e3b6805fba05a3c044a15f], PUP.Optional.YorkNewCin.A, HKLM\SOFTWARE\YorkNewCin, Quarantined, [59f3c743ed9e96a030f43375d52f8a76], PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD, Quarantined, [103ccf3b5c2faf87b361168e33d1748c], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [460629e19deef541f25fbf9db54e48b8], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\38ffa0cb-d41d-4501-950b-8365b779e211-5, Delete-on-Reboot, [f4587f8b26657bbba2b09388927118e8], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\38ffa0cb-d41d-4501-950b-8365b779e211-5_user, Delete-on-Reboot, [5cf030dab8d32b0bd37f051647bc54ac], PUP.Optional.HighDefAction.A, HKLM\SOFTWARE\WOW6432NODE\HighDefAction, Quarantined, [ee5e7b8f3853300602170c9c689c09f7], PUP.Optional.YorkNewCin.A, HKLM\SOFTWARE\WOW6432NODE\YorkNewCin, Quarantined, [420a50babfcc1c1a9c88aefad133ae52], PUP.Optional.CrossRider.C, HKLM\SOFTWARE\WOW6432NODE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [6ede71991774ec4a82bc8a96a45fc23e], PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\WOW6432NODE\ARENAHD, Quarantined, [4705ee1c9eed1c1a9e76455f33d1fc04], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [4c00c149dbb082b43b16ea727a898f71], PUP.Optional.HighDefAction.A, HKCU\SOFTWARE\HighDefAction, Quarantined, [3715e02afb9051e564b400a8d72d2bd5], PUP.Optional.YorkNewCin.A, HKCU\SOFTWARE\YorkNewCin, Quarantined, [b19bb753414a3cfa2ef520889074cb35], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [2b217298494266d091104e3d2ed67888], PUP.Optional.CinemaPlus.C, HKCU\SOFTWARE\ARENAHD, Quarantined, [cb81be4c5e2de452749fd2d2758fbc44], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\30935, Quarantined, [ec60d7339eedd6606e4242fd5fa4f50b], PUP.Optional.CrossRider.A, HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\CrossBrowse-1.4V27.04, Quarantined, [1b31b951216aac8adfc4a98c8b78a45c], Registry Values: 6PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\ARENAHD|value, 1, Quarantined, [103ccf3b5c2faf87b361168e33d1748c]PUP.Optional.PCTuner.C, HKLM\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [8ac2a2682b60f442809ffda7d92b50b0]PUP.Optional.CinemaPlus.C, HKLM\SOFTWARE\WOW6432NODE\ARENAHD|value, 1, Quarantined, [4705ee1c9eed1c1a9e76455f33d1fc04]PUP.Optional.PCTuner.C, HKLM\SOFTWARE\WOW6432NODE\HIGHDEFACTION|value, 1, Quarantined, [be8edc2ed7b4e452928d931181831fe1]PUP.Optional.CinemaPlus.C, HKCU\SOFTWARE\ARENAHD|value, 1, Quarantined, [cb81be4c5e2de452749fd2d2758fbc44]PUP.Optional.PCTuner.C, HKCU\SOFTWARE\HIGHDEFACTION|value, 1, Quarantined, [c08cc8424f3c45f1fe1f8e16c1432ad6]Registry Data: 0(No malicious items detected)Folders: 1PUP.Optional.CrossRider.A, C:\Program Files (x86)\CrossBrowse-1.4V27.04, Quarantined, [391318f294f72016beeaff0107fce31d], Files: 8PUP.Optional.CrossRider.A, C:\Users\{username}\Desktop\Woskrdtn.exe, Quarantined, [43094cbe117a68ce23c93e1823deda26], PUP.Optional.CrossRider.A, C:\Program Files (x86)\CrossBrowse-1.4V27.04\38ffa0cb-d41d-4501-950b-8365b779e211-5.exe, Quarantined, [52fa9f6ba2e9af87df71e39dfc0936ca], PUP.Optional.Downloader.C, C:\Program Files (x86)\CrossBrowse-1.4V27.04\Uninstall.exe, Quarantined, [113bb951513a7eb88cab9a1f3bc6d22e], PUP.Optional.CrossRider.A, C:\Program Files (x86)\CrossBrowse-1.4V27.04\utils.exe, Quarantined, [e8643fcbfa910333760b48737c8535cb], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5, Quarantined, [c9835bafd1bafd3982bb63e691727888], PUP.Optional.CrossRider.T, C:\Windows\System32\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5_user, Quarantined, [8ebe729877143600380532174eb537c9], PUP.Optional.CrossRider.T, C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5.job, Quarantined, [68e42edc375466d0b085eca740c4e719], PUP.Optional.CrossRider.T, C:\Windows\Tasks\38ffa0cb-d41d-4501-950b-8365b779e211-5_user.job, Quarantined, [ed5fc54595f66ec80c290f8454b023dd], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.