Adware crossid which is a newly found Trojan virus that constantly displays pop up advertisements in social networking websites or web browsers. It brings malicious content to the computer and serves as a high risk to the security. It was exploited by scammer for the promotion of malicious website as well as some highly risky commercial websites. Adware crossid is a persistent infection and it is hard to remove once the PC is affected with it. Some of the security programs can identify the malicious tool but are unable to completely remove it from the computer.

Remove Adware crossid processes

  1. Press CTRL+ALT+ DEL and find the following processes in the processes tab.

%ProgramFiles%[NAME OF SECURITY RISK][NAME OF SECURITY RISK].ico

%ProgramFiles%[NAME OF SECURITY RISK][NAME OF SECURITY RISK].ini

%Temp%[NAME OF SECURITY RISK]Installer_[RANDOM NUMBER].log

%ProgramFiles%[NAME OF SECURITY RISK][NAME OF SECURITY RISK]Installer.log

%UserProfile%Application Data[NAME OF SECURITY RISK]Chrome[NAME OF SECURITY RISK].crx

%UserProfile%Application DataGoogleChromeUser DataDefaultdatabaseschrome-extension_[RANDOM CHARACTERS]_03

%ProgramFiles%[NAME OF SECURITY RISK]Uninstall.exe

%ProgramFiles%[NAME OF SECURITY RISK][NAME OF SECURITY RISK].exe

%ProgramFiles%[NAME OF SECURITY RISK][NAME OF SECURITY RISK]Gui.exe

%ProgramFiles%[NAME OF SECURITY RISK][NAME OF SECURITY RISK].dll

%UserProfile%Application DataGoogleChromeUser DataDefaultdatabaseschrome-extension_[RANDOM CHARACTERS]_03

Remove Adware crossid registry entry values

  1. Click on Start > Run > Type regedit > Ok.
  2. In the left pane, click on Edit > Find > write registry values > Ok.
  3. Right click on the values and press Delete.
  4. The registry values are:

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Installer”BundledFirefox” = “1”

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{11111111-1111-1111-1111-110011221158}”NoExplorer” = “1”

HKEY_CURRENT_USERSoftwareCr_Installer2258″InstallationThankYouPage” = “1”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Plugins20″Version” = “1”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Plugins17″Version” = “1”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Plugins15″Version” = “1”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Plugins14″Version” = “1”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Plugins13″Version” = “1”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Installer”BundledChrome” = “1”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Log”WriteHelperLogFile” = “0”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”GroupId” = “0” =

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”Version” = “0”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Plugins”PluginsManifestVersion” = “2”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Installer”PlatformVersion” = “1”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Code”NewTabJavaScript” = “”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Installer”SetNewTab” = “False”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Installer”SetHomepage” = “False”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Installer”UserConfirmation” = “False”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”SetNewTab” = “False”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”RunInFrame” = “False”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”EnableSearchIE” = “False”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”ChangePrevious” = “False”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Installer”SetSearch” = “False”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”BgVersion” = “10”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”DisableIe” = “TRUE”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Installer”ThankYouPage” = “TRUE”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Installer”ScriptVersion” = “18”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Installer”subid” = “default”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Log”LogFilesFolder” = “%UserProfile%My Documents”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]”HelperRunningVersion” = “149”

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall[NAME OF SECURITY RISK]”CrPublisherId” = “390”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”Version” = “57”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”UpdateInterval” = 0x00000168

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]OpenSearch”SearchShortName” = “Search The Web”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”SettingsUrl” = “na”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”TrustedDomain” = “na”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”AddressbarURL” = “na”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”CertifiedInstall” = “na”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”HomePageUrl” = “na”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”Manifest” = “na”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”RemoteFbApiUrl” = “na”

HKEY_CURRENT_USERSoftwareCr_Installer2258″InstallationUserSettings” =

“{“searchUserConifrmation”: false, “setSearch”: false, “setHomepage”: false, “setNewTab”: false}”

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall[NAME OF SECURITY RISK]”CrAppId” = “2258”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]”ActiveAppId” = “2258”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”Description” = “[NAME OF SECURITY RISK]!”

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall[NAME OF SECURITY RISK]”DisplayName” = “[NAME OF SECURITY RISK]”

HKEY_CURRENT_USERSoftwareInstalledBrowserExtensions215 Apps”2258″ = “[NAME OF SECURITY RISK]”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”Name” = “[NAME OF SECURITY RISK]”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”PublisherName” = “215 Apps”

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall[NAME OF SECURITY RISK]”Publisher” = “215 Apps”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]OpenSearch”SearchIcon” = “[http://]crossrider.com/plugin/images/opensea[REMOVED]”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]OpenSearch”SearchUrl” = “[http://]search.crossrider.com/goo[REMOVED]”

HKEY_CURRENT_USERSoftware[NAME OF SECURITY RISK]Manifest”ThanksUrl” = “[http://]iw.antthis.com/thanky[REMOVED]”

HKEY_CLASSES_ROOTCLSID{11111111-1111-1111-1111-110011221158}InprocServer32″(Default)” = “%ProgramFiles%[NAME OF SECURITY RISK][NAME OF SECURITY RISK].dll”

HKEY_CLASSES_ROOTCLSID{22222222-2222-2222-2222-220022222258}InprocServer32″(Default)” = “%ProgramFiles%[NAME OF SECURITY RISK][NAME OF SECURITY RISK].dll”

HKEY_CLASSES_ROOTCLSID{33333333-3333-3333-3333-330033223358}InprocServer32″(Default)” = “%ProgramFiles%[NAME OF SECURITY RISK][NAME OF SECURITY RISK].dll”

 

 

How to remove adware.crossid?
Tagged on:             

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>