PUP.Optional.CrossRider

CrossRider est un programme qui s’installe généralement à votre insu via le téléchargement de logiciels gratuits.

Contents

Caractéristiques

– Il appartient à une famille de PUP (Potentially Unwanted Programs).
– Vendeur : PUP.Optional.

Actions principales

– Il installe un programme d’extension pour le navigateur Google Chrome (G2) (« Savings Wave », « Feven », « Color FB », « Shot-Up », « HQVid1 »)
– Il installe des programmes d’extension pour le navigateur Mozilla Firefox (M2) (« Savings Wave », « I Want This », « Feven »,)
– Il s’installe en tant que BHO (Browser Helper Object) de Navigateur internet (O2),
– Il démarre une tâche planifiée en automatique (O39),
– Il s’installe en tant que programme (O42),
– Il crée de multiples clés de Registre « Software »,
– Il modifie le fournisseur de recherche Internet (O69),
– Il pollue la base de Registres avec de nombreuses clés et valeurs (O88 ),

Aperçu ZHPDiag, NCDiag

—\\ Google Chrome, Démarrage,Recherche,Extensions (G0,G1,G2)
G2 – GCE: Preference [User Data\Default] [lglkfgcmohcdajpldlnhjjiojjgkbmhm] Savings Wave v.1.23.65 (Désactivé )
G2 – GCE: Preference [User Data\Default] [pgjflcoiggljdahilbdhjodelfpgaebm] Color FB v.1.23.97, (Désactivé )
G2 – GCE: Preference [User Data\Default] [fglhnbihmeinbfgalpnaiembmdhfijli] Feven v.1.23.23, (Activé )
G2 – GCE: Preference [User Data\Default] [hjghiofiijcepdnocbgefbdlbckjfheg] Feven Pro 1.1 v.1.26.18, (Activé)
G2 – GCE: Preference [User Data\Default] [kigpmgkoelepakabiliblldhdpnidcod] Shop-Up v.1.24.6 (Activé )
G2 – GCE: Preference [User Data\Default] [deghekbbihbapplmbffglehkdhkeibbm] HQVid1.9v3 v.1.26.35, (Activé)
G2 – GCE: Preference [User Data\Default] [lgonpmchaeokedifbjenbcnjcdefdceg] FLV Player Addon v.1.26.35, (Activé)
G2 – GCE: Preference [User Data\Default] [dmgpbjjcdccinnndjdgmegndbmhbgglb] Fpro1.2 v.1.26.29, (Activé)
G2 – GCE: Preference [User Data\Default] [majjphhgppkndjjkmhhnbgafooenebhd] MPlayerplus v.1.26.31, (Activé)
G2 – GCE: Preference [User Data\Default] [ceenmgoldhkkegcnlieacjjhndklllkp] Frevens Pro 12 v.1.26.15, (Activé)
G2 – GCE: Preference [User Data\Default] [fbjkggpkjbbmknmckfdelgiebjfhlklj] AllSaver v.1.4 (Activé)
G2 – GCE: Preference [User Data\Default] [lndipknmjijnalnkamonmljeaojdbpna] Week Index v.0.1 (Activé)
G2 – EXT: C:\Users\Maylis\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [Text Highlighter]

—\\ Mozilla Firefox, Plugins,Demarrage,Recherche,Extensions (P1,P2,M0,M1,M2)
M2 – MFEP: prefs.js [Coolman – plj96prl.default\[email protected]] [] Savings Wave v2.0 (..)
M2 – MFEP: prefs.js [Coolman – plj96prl.default\[email protected]] [] I Want This v5.0.7.0 (..)
M2 – MFEP: prefs.js [Coolman – plj96prl.default\6be3335b-ef79-4b0b-a0ba-b87afbc6f4ad@6bbb4d2e-e33e-4fa5-9b37-934f4fb50182.com] [] Feven v (..)

—\\ Browser Helper Objects de navigateur (O2)
O2 – BHO: CrossriderApp0012765 [64Bits] – {11111111-1111-1111-1111-110111271165} . (.Innovative Apps – Savings Wave BHO.) — C:\Program Files (x86)\Savings Wave\Savings Wave-bho.dll
O2 – BHO: CrossriderApp0027096 [64Bits] – {11111111-1111-1111-1111-110211701196} . (.Corporate Inc – Services x86 BHO.) — C:\Program Files (x86)\Services x86\Services x86-bho.dll
O2 – BHO: CrossriderApp0031554 [64Bits] – {11111111-1111-1111-1111-110311151154} . (.Feven – Feven BHO.) — C:\Program Files (x86)\Feven\Feven-bho.dll

—\\ Tâches planifiées en automatique (O39)
[MD5.6B927A0E10DD90F2189F66C3DB9DFAF3] [APT] [Updater12765.exe] (.Innovative Apps.) — C:\Users\Coolman\AppData\Local\Updater12765\Updater12765.exe [210312] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-chromeinstaller.job [1872] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-codedownloader.job [1176] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-enabler.job [1076] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-firefoxinstaller.job [1796] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\Feven-updater.job [1172] O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-chromeinstaller.job [1976] O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-codedownloader.job [1262] O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-enabler.job [1162] O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-firefoxinstaller.job [1900] O39 – APT: – (..) — C:\Windows\Tasks\BetterDeals-11-updater.job [1356] [MD5.3358CCA51C64ACF4968F0B78B1151B9D] [APT] [Feven-chromeinstaller] (.Feven.) — C:\Program Files (x86)\Feven\Feven-chromeinstaller.exe [464232] [MD5.0F603FE8B10DB23F94A5891B477F6D91] [APT] [Feven-codedownloader] (.Feven.) — C:\Program Files (x86)\Feven\Feven-codedownloader.exe [478568] [MD5.2DD33F1BBE254BE24A5B12D648817BC0] [APT] [Feven-enabler] (.Feven.) — C:\Program Files (x86)\Feven\Feven-enabler.exe [345960] [MD5.DDED161DE2CB30DB7F32701C862693BB] [APT] [Feven-firefoxinstaller] (.Feven.) — C:\Program Files (x86)\Feven\Feven-firefoxinstaller.exe [725352] [MD5.987F5D34F03D3C6D200C2A9955DC2FA1] [APT] [Feven-updater] (.Feven.) — C:\Program Files (x86)\Feven\Feven-updater.exe [364392] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-chromeinstaller.job [1296] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-codedownloader.job [1908] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-enabler.job [1832] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-firefoxinstaller.job [1200] O39 – APT:Automatic Planified Task – C:\Windows\Tasks\TubeSaver-updater.job [1100] O39 – APT:Automatic Planified Task – C:\WINDOWS\Tasks\video-high-codedownloader.job [1446] O39 – APT:Automatic Planified Task – C:\WINDOWS\Tasks\video-high-enabler.job [1346] O39 – APT:Automatic Planified Task – C:\WINDOWS\Tasks\video-high-firefoxinstaller.job [2506] O39 – APT:Automatic Planified Task – C:\WINDOWS\Tasks\video-high-updater.job [1492]

—\\ Logiciels installés (O42)
O42 – Logiciel: Savings Wave – (.Innovative Apps.) [HKLM][64Bits] — Savings Wave
O42 – Logiciel: Services x86 – (.Corporate Inc.) [HKLM][64Bits] — Services x86
O42 – Logiciel: video-high – (.videohq.) [HKLM] — video-high
O42 – Logiciel: BetterDeals-11 – (.BetterDeals.) [HKLM][64Bits] — BetterDeals-11

—\\ HKCU & HKLM Software Keys
[HKLM\Software\Wow6432Node\Services x86] [HKCU\Software\AppDataLow\Software\Services x86] [HKCU\Software\AppDataLow\Software\Crossrider] [HKCU\Software\AppDataLow\Software\Savings Wave] [HKCU\Software\Cr_Installer] [HKLM\Software\Shop-Up] [HKCU\Software\video-high]

—\\ Contenu des dossiers Programs/ProgramFiles/ProgramData/AppData (O43)
O43 – CFD: 07/04/2013 – 00:38:19 – [0,009] —-D C:\Users\Coolman\AppData\Local\Services x86
O43 – CFD: 02/04/2013 – 18:59:59 – [0] —-D C:\Users\Coolman\AppData\Local\Savings Wave
O43 – CFD: 18/05/2013 – 17:52:32 – [0,201] —-D C:\Users\Coolman\AppData\Local\Updater12765
O43 – CFD: 20/05/2013 – 15:11:27 – [4,447] —-D C:\Program Files (x86)\Services x86
O43 – CFD: 06/10/2013 – 21:26:41 – [5,338] —-D C:\Program Files\Shop-Up
O43 – CFD: 09/03/2014 – 19:01:31 – [5,541] —-D C:\Program Files\video-high
O43 – CFD: 2014-04-25 – 03:20:22 – [] —-D C:\Program Files (x86)\BetterDeals-11

—\\ Derniers fichiers modifiés ou crées (Utilisateur) (O61)
O61 – LFC: 18/05/2013 – 16:54:35 —A- C:\Users\Coolman\AppData\Roaming\Desk 365\icons\chrome_1da37a02e412dbdb6c2392f85ed86555.ico [55773] O61 – LFC: 18/05/2013 – 16:54:35 —A- C:\Users\Coolman\AppData\Roaming\Desk 365\icons\firefox_266215028a0bf0cee2a4f5132062976d.ico [295606]

—\\ Search Browser Infection (O69)
O69 – SBI: prefs.js [Coolman – rwby5je5.default] user_pref(« extensions.crossrider.bic », « 13de1811d542bec9b2bf2643f3b612eb »);
O69 – SBI: prefs.js [Coolman – tlj96prl.default] user_pref(« extensions.crossriderapp12765.12765.InstallationThankYouPage », true);

—\\ Recherche de clés de registre CLSID (O101)
[HKCR\CLSID\{22222222-2222-2222-2222-220522312272}] (CrossriderApp0053172.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220522422246}] (CrossriderApp0054246.Sandbox) =>PUP.CrossRider

—\\ Scan Additionnel (O88 )
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savings Wave] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Services x86] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Savings Sidekick] [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\BetterDeals-11] [HKLM\Software\Wow6432Node\Services x86] [HKCU\Software\AppDataLow\Software\Services x86] [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211701196}] [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211701196}] [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211701196}] [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110211701196}] [HKCU\Software\AppDataLow\Software\Crossrider] [HKCU\Software\AppDataLow\Software\Savings Wave] [HKCU\Software\Cr_Installer] [HKLM\Software\Classes\CrossriderApp0002258.BHO.1] [HKLM\Software\Classes\CrossriderApp0002258.FBApi.1] [HKLM\Software\Classes\CrossriderApp0002258.Sandbox.1] [HKLM\Software\Google\Chrome\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm] [HKLM\Software\Google\Chrome\Extensions\kigpmgkoelepakabiliblldhdpnidcod] C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm
C:\Users\Coolman\AppData\Local\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod
C:\Users\Coolman\AppData\Local\Services x86
C:\Users\Coolman\AppData\Local\Savings Wave
C:\Users\Coolman\AppData\Local\Updater12765
C:\Program Files (x86)\Services x86
C:\Program Files (x86)\Feven
C:\Program Files\Shop-Up
C:\WINDOWS\tasks\Shop-Up-updater.job
C:\WINDOWS\tasks\Shop-Up-enabler.job
C:\WINDOWS\tasks\Shop-Up-chromeinstaller.job
C:\WINDOWS\tasks\Shop-Up-firefoxinstaller.job
C:\WINDOWS\tasks\Shop-Up-codedownloader.job
C:\Program Files (x86)\Shop-Up
C:\Program Files (x86)\Shop-Up\Shop-Up-updater.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-firefoxinstaller.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-enabler.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-codedownloader.exe
C:\Program Files (x86)\Shop-Up\Shop-Up-chromeinstaller.exe
C:\Program Files (x86)\BetterDeals-11

Alias :

PUP.Optional.Crossrider [Malwarebytes] Adware.CrossRider

Supprimer (Remove) :

– Supprimer l’extension « Savings Wave » de tous les navigateurs installés,
– Supprimer l’extension « Feven » de tous les navigateurs installés,
– Supprimer l’extension « Color FB » de tous les navigateurs installés,
– Supprimer l’extension « Shot-Up » de tous les navigateurs installés,
– Supprimer le logiciel « Savings Wave » via le panneau de configuration Windows,
– Supprimer le logiciel « Services x86 » via le panneau de configuration Windows,
– Modifier les pages de recherche et de démarrage de tous les navigateurs installés,
– Vider le cache des navigateurs
Nettoyer avec ZHPCleaner

Rate this post
Retour en haut