Shop-Up

Shop-Up Description

Shop-Up is an actual application that is said to be legitimate but has the tendency to display random commercial pop-up advertisements. Most of the ads displayed by Shop-Up attempt to offer online shopping savings and coupon deals. Even though Shop-Up is not a virus or malware, it can be considered to be annoying from the several ads that it displays at random on a system that it is installed on. Removal of Shop-Up should be done to stop the ads from being displayed potentially interrupting use of your system or surfing the internet using a popular web browser application.
Aliases: W32.Clod7ad.Trojan.8141 [Bkav], TROJ_GEN.R047H05JH13 [TrendMicro-HouseCall], not-a-virus:AdWare.Win32.Lyckriks.ly [Kaspersky], Adware.Generic.610485 (B) [Emsisoft], Generic PUA JL [Sophos], AdWare/Lyckriks.dm [Jiangmin], AdWare/Win32.Lyckriks [Antiy-AVL], Win32.Troj.Generic.a.(kcloud) [Kingsoft], a variant of Win32/Toolbar.CrossRider.K [ESET-NOD32], Adware/Lyckriks [Fortinet], Generic5.AIIQ [AVG], Adware.FindLyrics [Symantec], Trojan ( 0048e2ed1 ) [K7GW], Artemis!0649C84A801C [McAfee] and Artemis!F5FD1BA18582 [McAfee].

Infected with Shop-Up? Scan Your PC for Free

Download SpyHunter’s Spyware Scanner
to Detect Shop-Up

Security Doesn't Let You Download SpyHunter or Access the Internet?


Solutions: Your computer may have malware hiding in memory that prevents any program, including SpyHunter, from executing on your computer. Follow to download SpyHunter and gain access to the Internet:
  • Use an alternative browser. Malware may disable your browser. If you're using IE, for example, and having problems downloading SpyHunter, you should open Firefox, Chrome or Safari browser instead.
  • Use a removable media. Download SpyHunter on another clean computer, burn it to a USB flash drive, DVD/CD, or any preferred removable media, then install it on your infected computer and run SpyHunter's malware scanner.
  • Start Windows in Safe Mode. If you can not access your Window's desktop, reboot your computer in 'Safe Mode with Networking' and install SpyHunter in Safe Mode.
  • IE Users: Disable proxy server for Internet Explorer to browse the web with Internet Explorer or update your anti-spyware program. Malware modifies your Windows settings to use a proxy server to prevent you from browsing the web with IE.

If you still can't install SpyHunter? View other possible causes of installation issues.

Technical Information

Infection Statistics


Our MalwareTracker shows malware activity across the world. Explore real-time data of Shop-Up outbreaks and other threats from global to local level.

File System Details

Shop-Up creates the following file(s):
# File Name Size MD5 Detection Count
1 %PROGRAMFILES(x86)%\Shop-Up\Shop-Up-bho64.dll 940,544 500be214ac12367d9ff78681aa5833b6 995
2 %PROGRAMFILES%\Shop-Up\Shop-Up-bho.dll 598,528 66137d0fb467f5b76ba01c28340b242e 250
3 %PROGRAMFILES(x86)%\shop-up\shop-up-bg.exe 738,304 687897f2316a4c399aa07f2fb4200c19 89
4 %PROGRAMFILES(x86)%\Shop-Up\Uninstall.exe 115,200 bf3302472f98b5908c2a94aa0ed16cf7 44
5 %PROGRAMFILES%\shop-up\shop-up-buttonutil.exe 343,552 7a117c59abcb9110fb67e92c8b978cb6 27
6 %PROGRAMFILES(x86)%\Shop-Up\Shop-Up-enabler.exe 346,624 e1cba0dfb6b4b68e47168c99c51c3f2a 2,285
7 %PROGRAMFILES(x86)%\Shop-Up\Shop-Up-updater.exe 391,680 7b8e24bc969730790d5b010310f986cd 2,114
8 %LOCALAPPDATA%\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod 14
9 %UserProfile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kigpmgkoelepakabiliblldhdpnidcod 13
10 %PROGRAMFILES(x86)%\Shop-Up 12
11 %PROGRAMFILES%\Shop-Up 11
12 %PROGRAMFILES%\Shop-Up\Shop-Up-chromeinstaller.exe 484,864 0649c84a801cab88d5aa536695056e7f 1,962
13 %PROGRAMFILES%\Shop-Up\Shop-Up-codedownloader.exe 487,424 0bd6b44644641c0e3659d920526542cf 1,885
14 %PROGRAMFILES(x86)%\Shop-Up\Shop-Up-firefoxinstaller.exe 722,944 ac58189b0ffa0ef916473a6d56c0d97d 1,329
15 %PROGRAMFILES(x86)%\shop-up\shop-up-buttonutil64.exe 423,936 dad868d7b1ffc0737dd44df49e31773c 1

More files

Registry Details

Shop-Up creates the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\Shop-Up
SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION, value: Shop-Up-bg.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411281122}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shop-Up
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94d5bbb9-8461-4f9a-926c-d191e5c1fd71}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION, value: Shop-Up-bg.exe
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411281122}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Shop-Up-firefoxinstaller
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Shop-Up-updater
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12c06a37-1ac5-440d-85aa-a3375af63f9d}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4008e9db-e90a-458c-a87e-00b5febf2a1d}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ba583d7-b5d1-4c0e-83fa-3185f6bfaaa2}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ee054ca-7614-4ae7-a014-53dfcdaace7e}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{822544A7-A122-4365-990E-0372D5C4C7D4}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Shop-Up-codedownloader
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Shop-Up-enabler
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C704E2E-508D-45BA-9704-1F0DAC7B8CD3}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{822544A7-A122-4365-990E-0372D5C4C7D4}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F895DDDB-EFC6-41D5-A827-98EEC5FC63C0}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FCBE5DA2-4F02-44A0-916A-30B982A91B3F}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21C8AF9D-84BD-4CF5-9E6B-B66E035E2A8F}
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411281122}
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21C8AF9D-84BD-4CF5-9E6B-B66E035E2A8F}
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C0F239-8BA8-4D41-842D-8D1F59E14660}
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6ABEC43-E1CD-465C-B176-3CBDB040812A}
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F12DE84F-27F5-4757-9EBD-508990551913}
SOFTWARE\Classes\CrossriderApp0042822.BHO
SOFTWARE\Classes\CrossriderApp0042822.BHO.1
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7ee054ca-7614-4ae7-a014-53dfcdaace7e}
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{94d5bbb9-8461-4f9a-926c-d191e5c1fd71}
CrossriderApp0042822.BHO
CrossriderApp0042822.BHO.1
CrossriderApp0042822.Sandbox
CrossriderApp0042822.Sandbox.
Software\AppDataLow\Software\Shop-Up
Software\InstalledBrowserExtensions\Winportal, value: 42822
The following CLSID's were found:
HKEY..\..\{CLSID Path}
{11111111-1111-1111-1111-110411281122}
{22222222-2222-2222-2222-220422282222}
{44444444-4444-4444-4444-440444284422}
{55555555-5555-5555-5555-550455285522}
{66666666-6666-6666-6666-660466286622}

Site Disclaimer

Leave a Reply

IMPORTANT! To be able to proceed, you need to solve the following simple math.
Please leave these two fields as-is:
What is 11 + 7 ?