CrossRider

CrossRider Description

CrossRider Web Apps is a Potentially Unwanted Program (PUP) that should be deleted as quickly as possible with the collaboration of a strong security program. Malware analysts have heard from PC users that report that their security programs detected CrossRider and indicated that CrossRider may be problematic. PCs affected by CrossRider Web Apps may slow down, crash, freeze and present other symptoms. Computer users also may observe that their Web browser behaves abnormally, and that unrecognized components are present on their computers. PC security analysts have observed that CrossRider may interfere with other Web browser add-ons on an affected computer. It is also notable that CrossRider may be difficult to remove. Computer users attempting to remove CrossRider may come across difficulties if they attempt to remove CrossRider as they would remove any other Web browser extension. Removing CrossRider may require special measures and the use of a security program that is fully up-to-date.

CrossRider and Similar Problematic Web Browser Add-Ons

PUPs may not be as destructive or severe as threats. However, most PUPs (CrossRider included) may cause symptoms that are most associated with threats. For example, CrossRider may cause pop-up advertisements, Web browser redirects and performance issues on computers CrossRider affects. There are many ways in which PUPs may spread, including typical threat distribution methods. However, the main way in which PUPs like CrossRider are distributed is by bundling them with other software. In most cases, CrossRider will be bundled with freeware or shareware from questionable sources, but in some cases, CrossRider may be bundled along with legitimate software being installed on a different installer or source.

Problems Associated with CrossRider and Other PUPs

As soon as CrossRider is installed, CrossRider may make changes to your Web browser settings. PC security analysts have noted that CrossRider may cause performance issues, such as causing the infected Web browser to crash, slow down or freeze. PUPs like CrossRider also may prevent other add-ons installed on the affected computer from functioning properly. Malware researchers have observed that CrossRider may be bundled along with numerous other PUPs which, when put together, may greatly tax your computer's resources. Because of these reasons, PC security analysts strongly recommend dealing with CrossRider and similar PUPs as soon as possible.

How to Deal with CrossRider

If CrossRider is installed on your computer, malware analysts advise the use of a known security program that is both fully up-to-date and capable of removing PUPs. In many cases, security software may be incapable of detecting PUPs since these programs may be geared towards more severe threats, such as worms, Trojans, viruses and rootkits. This has meant that many threat developers have increased their efforts into producing PUPs like CrossRider rather than full blown threat infections. This may result in substantial profits from advertising and affiliate marketing tactics. In most cases, computer users may find it difficult to remove CrossRider using their Web browser's extension or add-on manager – however, CrossRider and similar PUPs may be removed using the Add and Remove Programs option in the Windows Control Panel. But, even after removing CrossRider, it may be necessary to undo any unwanted changes made by CrossRider to your Web browser settings. For example, PC users may be obliged to revert their default search engine and homepage to CrossRider manually. After removing CrossRider, PC security analysts recommend using a strong anti-malware program that is fully up-to-date to perform a full scan of the affected computer. This step is crucial to ensure that CrossRider has not allowed other PUPs or more severe forms of threats to enter and affect the victim's computer.

Although a significant portion of computers infected by CrossRider is running on Windows, it is important to note that the adware has a separate version for Mac devices. The Mac version fulfills the same purpose, but it does have some extra features that are used to exploit the security features of OSX. The adware family also is known under the aliases Crossrider and SurfBuyer. However, apart from serving as adware, the CrossRider application also may partake in more suspicious behavior. The CrossRider tool is capable of spawning a bogus login prompt. The operators of the CrossRider application will use this feature to collect the login credentials of the user. Fortunately, the authors of the CrossRider tool do not use the collected credentials to carry out an unsafe operation. However, they utilize the collected credentials to plant additional components on the user's Mac without their knowledge or consent. This is not normal behavior that any genuine application would partake in. However, the adware can be modified to inject harmful payloads in the compromised system, which will make it far more threatening.

Users whose system is running OSX 10.11 or above, will have the CrossRider application displaying the fraudulent login prompt we mentioned to gather your administrator credentials and then plant new components on your computer. According to reports, among these new components is a bogus copy of the Safari Web browser that has a variety of add-ons installed on it. The browser extensions in question serve to spawn advertisements whenever the user is browsing the Web. To avoid raising suspicion, the fake variant of the Safari Web browser will replace the original version in all the menus on the system. However, users who are running versions of OSX older than 10.10 will not see the bogus prompt. Instead of spawning the fake prompt, the CrossRider application will run a script named 'install.sh.' This script serves to modify the active extensions present on the Safari and Google Chrome Web browsers. The CrossRider program will do this in the background to avoid raising red flags. The CrossRider application may end up collecting information from the infected computer, such as IP address, OS version, Web browser version, username, and the list of applications present on the user's Mac. The CrossRider program also can detect the version of the security tools on the Mac.

The CrossRider application is clearly not just regular adware. Make sure that your Mac is protected by a reputable anti-virus tool that will keep your machine and your data safe.

Aliases: Adware.Win32.CrossAd.CW, Crossrider.WFB [AVG], Trj/Genetic.gen [Panda], suspected of Trojan.Downloader.gen.h, PUP.CrossBrowse/Variant, Trojan[Downloader:HEUR]/Win32.AGeneric [Antiy-AVL], W32/AppRider.CT [Fortinet], ADWARE/CrossRider.1977928.16, TrojanDownloader.Generic.awhm, BehavesLike.Win32.ShopperPro.th [McAfee-GW-Edition], Trojan.Crossrider1.43107 [DrWeb], AppRider (PUA) [Sophos], Trojan.Win32.Crossrider1.duanbp, not-a-virus:HEUR:AdWare.Win32.CrossRider.gen [Kaspersky] and Win.Trojan.Troldesh-2 [ClamAV].

Do You Suspect Your Computer May Be Infected with CrossRider & Other Threats? Scan Your Computer for Threats with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide users with in-depth system security analysis, detection and removal of a wide range of threats like CrossRider as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover*
* Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Technical Information

File System Details

CrossRider creates the following file(s):
# File Name Size MD5 Detection Count
1 %PROGRAMFILES(x86)%\CinemaPlus-3.2cV02.04\96f49734-c533-4fe6-a3e0-d9e66db20495-1-7.exe 1,111,040 c21efa01b868db3a39437f4e4e6fa330 644
2 %PROGRAMFILES%\CinemaPlus-3.2cV06.04\b03b9d60-58c3-4fab-a2b1-689e7d86357f-1-7.exe 1,011,200 0e56196d070f5ca7f87e7c048c7c4196 616
3 %PROGRAMFILES(x86)%\CinemaPlus-3.2cV04.04\0638a092-76c3-420f-b95a-d826fc613e7e-1-6.exe 1,408,512 74e0b9e7d7080aa257658b6343d876d7 587
4 %PROGRAMFILES%\CinemaPlus-3.2cV05.04\7c4ae859-27e9-4d64-a3a6-81de04d84638-1-7.exe 993,792 d3eb62837aa99284a598e3fd3253c8df 557
5 %PROGRAMFILES(x86)%\CinemaPlus-3.2cV04.04\0638a092-76c3-420f-b95a-d826fc613e7e-1-7.exe 1,107,968 3f1049df62c6883636b0fdf9336886d8 477
6 %APPDATA%PBCj0Y6Zbnq7.exe 1,579,520 3a1d89b89c9d62951957f0839578dd9b 439
7 %PROGRAMFILES%\CinemaPlus-3.2cV02.04\96f49734-c533-4fe6-a3e0-d9e66db20495-10.exe 1,448,960 fa46568617551199fb2b700163295ead 297
8 %PROGRAMFILES(x86)%\CinemaPlus-3.2cV01.04\e495bdf6-9a57-4e3d-b197-6843614cf54a-10.exe 1,456,640 975056e7b59c13fec593c2024a16e92e 266
9 %PROGRAMFILES(x86)%\Cinema_Plus-3.6pV15.09\9ad4c26e-2fcb-4db4-a0f4-bda944f60011-3.exe 1,441,360 0d40d6bb39fffa93ce1c4bd07a5cf873 244
10 %PROGRAMFILES%\Winter Sports\winter_sports_helper_service.exe 191,719 7057bd7392002f0522aec901d92bcb3d 240
11 %PROGRAMFILES(x86)%\CinemaPlus-3.2cV03.04\fb883eda-b1f3-469b-9103-da175af9362b-10.exe 1,473,536 a6008fb518c2aa5bb3b59f4a765701dd 239
12 %PROGRAMFILES%\CinemaPlus-3.2cV06.04\b03b9d60-58c3-4fab-a2b1-689e7d86357f-10.exe 1,227,264 c6deee6457b3e1be9a82e461b047d29a 235
13 %APPDATA%rtSNy0MRmKFt.exe 1,246,720 ab6818a7ff17230a6e5119f6cdd1f85b 226
14 %PROGRAMFILES(x86)%\Cinema Plus v6V23.07\1c895bea-87f1-49b9-8fef-94dd222ff36f-4.exe 1,357,904 4b325638b37ce83909617a484587a25f 217
15 %APPDATA%j2soiQ34cnwW0 5,872 fe8abceb645d8571b81c599d18846ae3 206
16 %PROGRAMFILES%\Cinema_Plus_3.1jV07.07\9f16ff19-5066-4529-83c9-5ba1bafb0295-3.exe 1,308,752 69d16d185e7d0abfa4782c37ee51dfbc 199
17 %PROGRAMFILES%\Cinema_Plus_3.1jV07.07\9f16ff19-5066-4529-83c9-5ba1bafb0295-4.exe 1,470,032 6a332a302128ad2952bcf760dd0fde8f 193
18 %LOCALAPPDATA%\Plugin Experience\xBin\PluginExperience.dll 33,792 adf219c009b88cde33e2481f474d2ea1 118
19 %TEMP%2751.exe 1,977,928 dc24df79a82dcf59d28f0cd675de2cfb 14
20 %APPDATA%ipMpK2Wj.exe 1,579,008 c6d6a6d0267d124cb8d5076b9672fd28 11
21 %PROGRAMFILES(x86)%\CinemaP-1.9cV31.03\a0d28208-8e7d-41a8-96b3-65790cc7b642-1-7.exe 1,027,072 94f4ea0ecb70b5afe2e7d39c65d3c7fa 8
22 %APPDATA%CCKxnhguMk.exe 1,225,216 c7c516caad688d159d293d439ec5d426 5
23 %LOCALAPPDATA%\Installer\Install_28087\DCnsq681F.tmp 1,128,448 d7982f444bbe30ea82a8805d207aa1bd 4
24 %PROGRAMFILES%\kong games\kong_games_notification_service.exe 1,475,072 b03fb6166e87328e5c8348b7986263e0 2
25 %PROGRAMFILES%\kong games\kong_games_updating_service.exe 154,112 3245cf5a3996ae901336dd286e555d9e 2
26 %PROGRAMFILES%\OpenBrowserVersion4\0a6a8880-04fb-4624-8871-7e855deffc45-1-6.exe 1,408,512 d4e2ff667a30093450315497841ffc71 1
27 %PROGRAMFILES(x86)%\Crossbrowse\Crossbrowse\Application\utility.exe 1,818,200 d2fbfa58a686d5de53d4ae24d3e0c066 1
28 %LOCALAPPDATA%\Bus Form\xBin\BusForm.dll 34,304 5cd4a238b5c295d940f18a7ee93ad4c2 1
More files

Registry Details

CrossRider creates the following registry entry or registry entries:
Directory
%LOCALAPPDATA%\download balance
%PROGRAMFILES%\48 dresses
%PROGRAMFILES%\BrowsrPlus4
%PROGRAMFILES%\compare for fun
%PROGRAMFILES%\CrossriderWebApps
%PROGRAMFILES%\dr games
%PROGRAMFILES%\dress4u
%PROGRAMFILES%\ext coupons
%PROGRAMFILES%\fun coupons
%PROGRAMFILES%\helper king
%PROGRAMFILES%\MedPlayvidV3.1
%PROGRAMFILES%\MyBrowser 1.0.2V31.10
%programfiles%\OpedBrowsrVersion5
%PROGRAMFILES%\shopping blast
%PROGRAMFILES%\web disco
%PROGRAMFILES%\winter web
%PROGRAMFILES(x86)%\48 dresses
%PROGRAMFILES(x86)%\compare for fun
%PROGRAMFILES(x86)%\CrossriderWebApps
%PROGRAMFILES(x86)%\dr games
%PROGRAMFILES(x86)%\dress4u
%PROGRAMFILES(x86)%\ext coupons
%PROGRAMFILES(x86)%\fun coupons
%PROGRAMFILES(x86)%\helper king
%PROGRAMFILES(x86)%\HQVidual2y-v2.5V11.11
%PROGRAMFILES(X86)%\MedPlayvidV3.1
%PROGRAMFILES(X86)%\MyBrowser 1.0.2V31.10
%PROGRAMFILES(x86)%\shopping blast
%PROGRAMFILES(x86)%\web disco
%PROGRAMFILES(x86)%\winter web
Registry key
SOFTWARE\_CrossriderRegNamePlaceHolder_
SOFTWARE\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Software\AppDataLow\Software\Crossrider
Software\ArenaHD
SOFTWARE\Cinema_Plus-1.2V21.07
Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Software\Cr_Installer
Software\Crossrider
SOFTWARE\HD4Good
SOFTWARE\HighDefAction
Software\InstalledBrowserExtensions\32846
Software\InstalledBrowserExtensions\34087
Software\InstalledBrowserExtensions\App+Service
Software\InstalledBrowserExtensions\BrowserAppSPlus
Software\InstalledBrowserExtensions\Buca Apps
Software\InstalledBrowserExtensions\NewPlayerVideo+
SOFTWARE\MediaPlayRS3
SOFTWARE\MedPlayvidV3.1
SOFTWARE\MyBrowser 1.0.2V31.10
SOFTWARE\OpedBrowsrVersion5-nv
SOFTWARE\OpedBrowsrVersion5-nv-ie
SOFTWARE\Wow6432Node\AppDataLow\Software\Crossrider
SOFTWARE\Wow6432Node\ArenaHD
SOFTWARE\Wow6432Node\Cinema_Plus-1.2V21.07
SOFTWARE\Wow6432Node\Crossrider
SOFTWARE\Wow6432Node\HD4Good
SOFTWARE\Wow6432Node\HighDefAction
SOFTWARE\Wow6432Node\InstalledBrowserExtensions\32846
SOFTWARE\Wow6432Node\InstalledBrowserExtensions\34087
SOFTWARE\Wow6432Node\MediaPlayRS3
SOFTWARE\Wow6432Node\MedPlayvidV3.1
SOFTWARE\Wow6432Node\MyBrowser 1.0.2V31.10
SOFTWARE\Wow6432Node\YorkNewCin
Software\YorkNewCin
File name without path
https_d19tqk5t6qcjac.cloudfront.net_0.localstorage
https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal
Uninstaller
Cinema_Plus-1.2V21.07
HD4Good
MediaPlayerVid2.4
MediaPlayRS3
MedPlayvidV3.1
MyBrowser 1.0.2V31.10
CLSID
{02A96331-0CA6-40E2-A87D-C224601985EB}
{3278F5CF-48F3-4253-A6BB-004CE84AF492}
{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
{5645E0E7-FC12-43BF-A6E4-F9751942B298}
{577975B8-C40E-43E6-B0DE-4C6B44088B52}
{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.