Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.Optional.CrossRider found by MBAM - What should I do?


  • Please log in to reply
6 replies to this topic

#1 GoshenBleeping

GoshenBleeping

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 12 August 2013 - 02:31 PM

Malwarebytes found 9 registry keys (see below) associated with   PUP.Optional.CrossRider.  I did not as yet have Malwarebytes remove these keys. I first wanted to post this message.
 
What actions should I take?
 
Thank you.
 
Registry Keys Detected: 9
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider)
HKCR\CLSID\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider)
HKCR\TypeLib\{44444444-4444-4444-4444-440244094400} (PUP.Optional.CrossRider)
HKCR\Interface\{55555555-5555-5555-5555-550255095500} (PUP.Optional.CrossRider)
HKCR\CrossriderApp0020900.BHO.1 (PUP.Optional.CrossRider)
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider)
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider)

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:05 AM

Posted 12 August 2013 - 05:59 PM

A PUP detection means a "Potentially Unwanted Program". PUP is a very broad threat category which can encompass any number of different programs to include those which are benign as well as malicious. PUPs in and of themselves are not always bad...many are generally known, non-malicious but unwanted software. PUPs are considered unwanted because they can cause undesirable system performance or other problems and are sometimes installed without the user's consent since they are often included when downloading legitimate programs.

In the past, Malwarebytes Anti-Malware detected only PUPs that were considered mostly harmful and deceiving but they revised their policy, taking a more aggressive approach to include PUPs that most users found annoying or misleading.

PUPs may be defined somewhat differently by various security vendors. This is what Malwarebytes has to say:
What are the 'PUP' detections, are they threats and should they be deleted?.

If you recognize the PUP detection(s) as belonging to a program you installed and/or want to keep, you can add those items to the exclusion or ignore list (by right-clicking) so they will not show in future scans. If you don't recognize the detection(s), then you can remove them.
 

...Crossrider, an emerging programming framework designed to simplify the process of writing plugins that will run on Google Chrome, Internet Explorer, and Mozilla Firefox. The plugin spreads by posting a link to a video on a users Facebook wall, and friends who follow the link are told they need to accept the installation of the plugin in order to view the video. Users who install LilyJade will have their accounts modified to periodically post links that help pimp the program...

Crossrider Krebs on Security
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#3 GoshenBleeping

GoshenBleeping
  • Topic Starter

  • Members
  • 154 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 13 August 2013 - 05:52 PM

Thank you for the information. I have not noticed any aberrant behavior on my laptop and none of the other scanners (Avast, Gmer, TDSSKiller, Stinger, SUPERAntiSpyware) have reported anything amiss. Since I am always wary of deleting any item from the registry, I think I will leave these 9 items. Make sense?

 

Thanks again.

 

    David



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:05 AM

Posted 14 August 2013 - 06:37 AM

You're welcome.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#5 ShaneInFlorida

ShaneInFlorida

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 16 August 2013 - 01:41 PM

By chance have you installed Ghostery IE for internet explorer?  That seems like theirs.



#6 aztony

aztony

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arizona
  • Local time:02:05 AM

Posted 14 September 2013 - 01:09 PM

By chance have you installed Ghostery IE for internet explorer?  That seems like theirs.

 

It is Ghostery. I just ran a MB quick scan this morning which netted the same results as the OP. Since I downloaded Ghostery to mitigate online tracking activity i do not consider it unwanted.



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:05 AM

Posted 14 September 2013 - 02:17 PM

All scanning tools are susceptible to false positive detections from time to time, especially if the scanner uses heuristic analysis technology. Heuristics is the ability of a scanning program to detect possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If that is the case, then you can restore the detection and add it to Malwarebytes' exclusion or ignore list.

Then you should report them to Malwarebytes Anti-Malware Support > False Positives so the Research Team can investigate and make corrections.

Be sure to read the pinned topic at the top of that forum titled Please read before reporting a false positive
.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users