CrossRider

CrossRider Description

Type: Possibly Unwanted Program

CrossRider Web Apps is a Potentially Unwanted Program (PUP) that should be deleted as quickly as possible with the collaboration of a strong security program. Malware analysts have heard from PC users that report that their security programs detected CrossRider and indicated that CrossRider may be problematic. PCs affected by CrossRider Web Apps may slow down, crash, freeze and present other symptoms. Computer users also may observe that their Web browser behaves abnormally, and that unrecognized components are present on their computers. PC security analysts have observed that CrossRider may interfere with other Web browser add-ons on an affected computer. It is also notable that CrossRider may be difficult to remove. Computer users attempting to remove CrossRider may come across difficulties if they attempt to remove CrossRider as they would remove any other Web browser extension. Removing CrossRider may require special measures and the use of a security program that is fully up-to-date.

CrossRider and Similar Problematic Web Browser Add-Ons

PUPs may not be as destructive or severe as threats. However, most PUPs (CrossRider included) may cause symptoms that are most associated with threats. For example, CrossRider may cause pop-up advertisements, Web browser redirects and performance issues on computers CrossRider affects. There are many ways in which PUPs may spread, including typical threat distribution methods. However, the main way in which PUPs like CrossRider are distributed is by bundling them with other software. In most cases, CrossRider will be bundled with freeware or shareware from questionable sources, but in some cases, CrossRider may be bundled along with legitimate software being installed on a different installer or source.

Problems Associated with CrossRider and Other PUPs

As soon as CrossRider is installed, CrossRider may make changes to your Web browser settings. PC security analysts have noted that CrossRider may cause performance issues, such as causing the infected Web browser to crash, slow down or freeze. PUPs like CrossRider also may prevent other add-ons installed on the affected computer from functioning properly. Malware researchers have observed that CrossRider may be bundled along with numerous other PUPs which, when put together, may greatly tax your computer's resources. Because of these reasons, PC security analysts strongly recommend dealing with CrossRider and similar PUPs as soon as possible.

How to Deal with CrossRider

If CrossRider is installed on your computer, malware analysts advise the use of a known security program that is both fully up-to-date and capable of removing PUPs. In many cases, security software may be incapable of detecting PUPs since these programs may be geared towards more severe threats, such as worms, Trojans, viruses and rootkits. This has meant that many threat developers have increased their efforts into producing PUPs like CrossRider rather than full blown threat infections. This may result in substantial profits from advertising and affiliate marketing tactics. In most cases, computer users may find it difficult to remove CrossRider using their Web browser's extension or add-on manager – however, CrossRider and similar PUPs may be removed using the Add and Remove Programs option in the Windows Control Panel. But, even after removing CrossRider, it may be necessary to undo any unwanted changes made by CrossRider to your Web browser settings. For example, PC users may be obliged to revert their default search engine and homepage to CrossRider manually. After removing CrossRider, PC security analysts recommend using a strong anti-malware program that is fully up-to-date to perform a full scan of the affected computer. This step is crucial to ensure that CrossRider has not allowed other PUPs or more severe forms of threats to enter and affect the victim's computer.

Although a significant portion of computers infected by CrossRider is running on Windows, it is important to note that the adware has a separate version for Mac devices. The Mac version fulfills the same purpose, but it does have some extra features that are used to exploit the security features of OSX. The adware family also is known under the aliases Crossrider and SurfBuyer. However, apart from serving as adware, the CrossRider application also may partake in more suspicious behavior. The CrossRider tool is capable of spawning a bogus login prompt. The operators of the CrossRider application will use this feature to collect the login credentials of the user. Fortunately, the authors of the CrossRider tool do not use the collected credentials to carry out an unsafe operation. However, they utilize the collected credentials to plant additional components on the user's Mac without their knowledge or consent. This is not normal behavior that any genuine application would partake in. However, the adware can be modified to inject harmful payloads in the compromised system, which will make it far more threatening.

Users whose system is running OSX 10.11 or above, will have the CrossRider application displaying the fraudulent login prompt we mentioned to gather your administrator credentials and then plant new components on your computer. According to reports, among these new components is a bogus copy of the Safari Web browser that has a variety of add-ons installed on it. The browser extensions in question serve to spawn advertisements whenever the user is browsing the Web. To avoid raising suspicion, the fake variant of the Safari Web browser will replace the original version in all the menus on the system. However, users who are running versions of OSX older than 10.10 will not see the bogus prompt. Instead of spawning the fake prompt, the CrossRider application will run a script named 'install.sh.' This script serves to modify the active extensions present on the Safari and Google Chrome Web browsers. The CrossRider program will do this in the background to avoid raising red flags. The CrossRider application may end up collecting information from the infected computer, such as IP address, OS version, Web browser version, username, and the list of applications present on the user's Mac. The CrossRider program also can detect the version of the security tools on the Mac.

The CrossRider application is clearly not just regular adware. Make sure that your Mac is protected by a reputable anti-virus tool that will keep your machine and your data safe.

Aliases

15 security vendors flagged this file as malicious.

Anti-Virus Software Detection
AVG Crossrider.WFB
Panda Trj/Genetic.gen
Antiy-AVL Trojan[Downloader:HEUR]/Win32.AGeneric
Fortinet W32/AppRider.CT
McAfee-GW-Edition BehavesLike.Win32.ShopperPro.th
DrWeb Trojan.Crossrider1.43107
Sophos AppRider (PUA)
Kaspersky not-a-virus:HEUR:AdWare.Win32.CrossRider.gen
ClamAV Win.Trojan.Troldesh-2
Symantec Trojan.Gen.2
F-Prot W32/S-d60a457c!Eldorado
McAfee Artemis!DC24DF79A82D
Fortinet Riskware/CrossRider
McAfee Artemis!7016A5D74459
AhnLab-V3 PUP/Win32.CrossRider

Technical Information

Screenshots & Other Imagery

SpyHunter Detects & Remove CrossRider

File System Details

CrossRider creates the following file(s):
# File Name MD5 Detection Count
1 DCytaiesmt_smtyc_setup.exe ea0ca98847dc1a403ffec3be116e8b2f 3,103
2 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-1-6.exe 4b9ec41cadd5b9b6def12fbdeb4cb95a 1,579
3 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-1-7.exe fafb2ae235f914d74044af7aa31831f4 1,392
4 cf2f0c60-8b09-4897-ab0e-5643a89cf068-1-6.exe eadc29cedbb6bf00e84ae866c637f9bf 776
5 w3NjmMN5jwhw9pYvby.exe 3a1d89b89c9d62951957f0839578dd9b 719
6 4fa2116b-e112-49ed-9d9c-a5989d8ac246-1-6.exe 79d5efe13857da28a0f4ec1738ed002c 642
7 cf2f0c60-8b09-4897-ab0e-5643a89cf068-1-7.exe 40980117fd3fd681dc6306816eba07db 612
8 fc60f471-c544-4c68-8984-8bf384b0f3ec-1-6.exe 5146da2a1452fffdf4520cc5ff179cfa 583
9 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-5.exe 7bf342d7a2fe1f5a1cc03a87e8606f62 538
10 2ae81b89-e7fe-4ba1-8c55-04e02cb19118-1-6.exe 3f52805670502af0b57a04d1dc9eefc8 534
11 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-6.exe 202d0e52dcc36fba2ff8c73d10218c49 532
12 2cac6850-ffcf-4e74-a8a7-4b644c0a229f-10.exe 556bf18a659978b748cb5a3404ccac41 505
13 fc60f471-c544-4c68-8984-8bf384b0f3ec-1-7.exe 047093a17abb765c0bc26fb32f06c337 503
14 WMo6KeWiTVRt1VLTZ5v.exe 1bcc1f03714c5734db3e02eaca0e07e6 440
15 9bca0d70-bed7-4405-9b71-034c571672e8-1-7.exe d084d67525f16b4b4e869f989e18f816 381
16 c4YZaBBAZ8u5FRuWDcsj.exe ab6818a7ff17230a6e5119f6cdd1f85b 321
17 j2soiQ34cnwW0 fe8abceb645d8571b81c599d18846ae3 298
18 shopperamaisdabest_helper_service.exe 7057bd7392002f0522aec901d92bcb3d 292
19 9f16ff19-5066-4529-83c9-5ba1bafb0295-3.exe 69d16d185e7d0abfa4782c37ee51dfbc 199
20 9f16ff19-5066-4529-83c9-5ba1bafb0295-4.exe 6a332a302128ad2952bcf760dd0fde8f 193
21 31bcb83d-30ea-44b4-ad08-0311a30b4210-12.exe 2eaada9912138acd7374b8d549cdf295 79
22 ff8b367c-d6dc-48e6-9f3a-ceec62f7c5eb-12.exe edac749b875141edd94be72f57a444da 70
23 3c8160e2-e5c0-4ea6-b2bb-9e0c17ac2cbc-12.exe 3a098017c3c64c93bd46a56f10853826 69
24 388e1ece-aa85-4c5e-970f-40347719777e-12.exe ea98a95e48f6ebb77613718875e4d6de 53
25 ipMpK2Wj.exe c6d6a6d0267d124cb8d5076b9672fd28 12
26 CCKxnhguMk.exe c7c516caad688d159d293d439ec5d426 6
27 DCnsq681F.tmp d7982f444bbe30ea82a8805d207aa1bd 5
28 kong_games_notification_service.exe b03fb6166e87328e5c8348b7986263e0 2
29 kong_games_updating_service.exe 3245cf5a3996ae901336dd286e555d9e 2
More files

Registry Details

CrossRider creates the following registry entry or registry entries:
CLSID
{02A96331-0CA6-40E2-A87D-C224601985EB}
{3278F5CF-48F3-4253-A6BB-004CE84AF492}
{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
{5645E0E7-FC12-43BF-A6E4-F9751942B298}
{577975B8-C40E-43E6-B0DE-4C6B44088B52}
{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Directory
%LOCALAPPDATA%\download balance
%PROGRAMFILES%\48 dresses
%PROGRAMFILES%\BrowsrPlus4
%PROGRAMFILES%\compare for fun
%PROGRAMFILES%\CrossriderWebApps
%PROGRAMFILES%\dr games
%PROGRAMFILES%\dress4u
%PROGRAMFILES%\ext coupons
%PROGRAMFILES%\fun coupons
%PROGRAMFILES%\helper king
%PROGRAMFILES%\MedPlayvidV3.1
%PROGRAMFILES%\MyBrowser 1.0.2V31.10
%programfiles%\OpedBrowsrVersion5
%PROGRAMFILES%\shopping blast
%PROGRAMFILES%\web disco
%PROGRAMFILES%\winter web
%PROGRAMFILES(x86)%\48 dresses
%PROGRAMFILES(x86)%\compare for fun
%PROGRAMFILES(x86)%\CrossriderWebApps
%PROGRAMFILES(x86)%\dr games
%PROGRAMFILES(x86)%\dress4u
%PROGRAMFILES(x86)%\ext coupons
%PROGRAMFILES(x86)%\fun coupons
%PROGRAMFILES(x86)%\helper king
%PROGRAMFILES(x86)%\HQVidual2y-v2.5V11.11
%PROGRAMFILES(X86)%\MedPlayvidV3.1
%PROGRAMFILES(X86)%\MyBrowser 1.0.2V31.10
%PROGRAMFILES(x86)%\shopping blast
%PROGRAMFILES(x86)%\web disco
%PROGRAMFILES(x86)%\winter web
File name without path
https_d19tqk5t6qcjac.cloudfront.net_0.localstorage
https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal
Registry key
SOFTWARE\_CrossriderRegNamePlaceHolder_
SOFTWARE\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Software\AppDataLow\Software\Crossrider
Software\ArenaHD
SOFTWARE\Cinema_Plus-1.2V21.07
Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_
Software\Cr_Installer
Software\Crossrider
SOFTWARE\HD4Good
SOFTWARE\HighDefAction
Software\InstalledBrowserExtensions\215 Apps
Software\InstalledBrowserExtensions\32846
Software\InstalledBrowserExtensions\34087
Software\InstalledBrowserExtensions\App+Service
Software\InstalledBrowserExtensions\BrowserAppSPlus
Software\InstalledBrowserExtensions\Buca Apps
Software\InstalledBrowserExtensions\NewPlayerVideo+
SOFTWARE\MediaPlayRS3
SOFTWARE\MedPlayvidV3.1
SOFTWARE\MyBrowser 1.0.2V31.10
SOFTWARE\OpedBrowsrVersion5-nv
SOFTWARE\OpedBrowsrVersion5-nv-ie
SOFTWARE\Wow6432Node\AppDataLow\Software\Crossrider
SOFTWARE\Wow6432Node\ArenaHD
SOFTWARE\Wow6432Node\Cinema_Plus-1.2V21.07
SOFTWARE\Wow6432Node\Crossrider
SOFTWARE\Wow6432Node\HD4Good
SOFTWARE\Wow6432Node\HighDefAction
SOFTWARE\Wow6432Node\InstalledBrowserExtensions\32846
SOFTWARE\Wow6432Node\InstalledBrowserExtensions\34087
SOFTWARE\Wow6432Node\MediaPlayRS3
SOFTWARE\Wow6432Node\MedPlayvidV3.1
SOFTWARE\Wow6432Node\MyBrowser 1.0.2V31.10
SOFTWARE\Wow6432Node\YorkNewCin
Software\YorkNewCin
Uninstaller
Cinema_Plus-1.2V21.07
HD4Good
MediaPlayerVid2.4
MediaPlayRS3
MedPlayvidV3.1
MyBrowser 1.0.2V31.10

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.