Malware

Win32/Toolbar.Crossrider.B potentially unwanted removal tips

Malware Removal

The Win32/Toolbar.Crossrider.B potentially unwanted is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Win32/Toolbar.Crossrider.B potentially unwanted virus can do?

  • A file was accessed within the Public folder.
  • Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Performs HTTP requests potentially not found in PCAP.
  • Reads data out of its own binary image
  • Drops a binary and executes it
  • Authenticode signature is invalid
  • A scripting utility was executed
  • Attempts to identify installed AV products by registry key
  • Attempts to create or modify a Browser Helper Object
  • Attempts to modify proxy settings
  • Deletes executed files from disk
  • Anomalous binary characteristics
  • Yara rule detections observed from a process memory dump/dropped files/CAPE

How to determine Win32/Toolbar.Crossrider.B potentially unwanted?



File Info:

name: 7DBB72873A0F206B94B9.mlw
path: /opt/CAPEv2/storage/binaries/44c563ab616febd0c56316cb57fe37bc81a56a46d60a0061ce5d4a7459724945
crc32: 5E18291F
md5: 7dbb72873a0f206b94b9c9ca07085bd7
sha1: a065b2dc4b5694bea519d309cf97fcc39233f600
sha256: 44c563ab616febd0c56316cb57fe37bc81a56a46d60a0061ce5d4a7459724945
sha512: 2e5097c2041d11e8609b8af6fa929667f63ad415ecd992bc7f6c06327c8c6e85de381b6db66dd010dc3f3750f5314ef90a6337d3606fb5f63db33b5678833499
ssdeep: 24576:zTXRsAgTnHAgLUoD8NF8OZmOTQEwPoU+E1jTzDCIM8YJYqUcL2N4/CfnPtPwR/b8:fhslnpBShZmOkE4oU+E1jvD1M8I75/Cd
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T17A652345D61EE0B1DA1301B894EAEBFE87300D60DA107F77F7943EF2FB2A456A245609
sha3_384: 9d2bfdff696799de8bcbf0e3f546c95603b5a8732b00166e2bdbeb69243d598172e87ab38636f2313db6bd9f4c53a93d
ep_bytes: 5589e557565381ecac010000e8975200
timestamp: 2010-01-05 12:09:32


Version Info:

CompanyName: Dor Kalev
FileDescription: spiq.it Installer
FileVersion: 1.19.150.150
LegalCopyright: Copyright Dor Kalev
ProductName: spiq.it
Translation: 0x0409 0x0000

Win32/Toolbar.Crossrider.B potentially unwanted also known as:

BkavW32.AIDetectMalware
MicroWorld-eScanGen:Application.Heur.Iy8@m8jRrRdi
FireEyeGeneric.mg.7dbb72873a0f206b
CAT-QuickHealPUA.GenericPMF.S1646546
SkyhighArtemis
ALYacApplication.Crossrider.BrowExt.ND
MalwarebytesGeneric.Malware.AI.DDS
ZillyaAdware.CrossRider.Win32.34971
K7AntiVirusTrojan ( 0048c9531 )
K7GWTrojan ( 0048c9531 )
ArcabitPUP.Adware.Crossrider.a
VirITAdware.Win32.Crossrider.P
SymantecTrojan.Gen.2
Elasticmalicious (high confidence)
ESET-NOD32Win32/Toolbar.Crossrider.B potentially unwanted
CynetMalicious (score: 100)
APEXMalicious
Kasperskynot-a-virus:AdWare.JS.CrossRider.a
BitDefenderGen:Application.Heur.Iy8@m8jRrRdi
NANO-AntivirusRiskware.Win32.Plugin.dnnugz
AvastBV:Pirrit-E [PUP]
RisingPUF.Crossrider!8.84 (TOPIS:E0:jP6vAuqBwhU)
EmsisoftGen:Application.Heur.Iy8@m8jRrRdi (B)
F-SecureAdware.ADWARE/CrossRider.Gen2
DrWebTrojan.Crossrider.1
VIPREGen:Application.Heur.Iy8@m8jRrRdi
TrendMicroTROJ_GEN.R002C0OAF24
SophosGeneric ML PUA (PUA)
JiangminAdWare.CrossRider.chq
VaristW32/S-a6630c80!Eldorado
AviraADWARE/CrossRider.Gen2
Antiy-AVLGrayWare[Toolbar]/Win32.CrossRider
MicrosoftPUAAdvertising:Win32/CrossRider
ZoneAlarmnot-a-virus:HEUR:AdWare.Win32.CrossRider.gen
GDataWin32.Adware.Crossrider.AB (2x)
GoogleDetected
McAfeeArtemis!7E4E6799E301
TrendMicro-HouseCallTROJ_GEN.R002C0OAF24
YandexTrojan.GenAsa!5lqT7zpmxzI
IkarusAdWare.GamePlayLabs
FortinetRiskware/CrossRider
BitDefenderThetaGen:NN.ZexaE.36680.Vu0@aKkaLEfi
AVGBV:Pirrit-E [PUP]
DeepInstinctMALICIOUS
CrowdStrikewin/grayware_confidence_100% (D)

How to remove Win32/Toolbar.Crossrider.B potentially unwanted?

Win32/Toolbar.Crossrider.B potentially unwanted removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment