Should I delete the Registry Entries & Folders that MalwareBytes found in Full Scan?

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Nuts4Mutts, Sep 7, 2013.

  1. Nuts4Mutts

    Nuts4Mutts Private E-2

    Hi Friends!
    I ran a Full Scan with MalwareBytes yesterday, & while it did NOT find any malware, it did list many Registry Entries & 2 Folders. Should I delete what was found? Here's the list:


    9/6/2013 12:07:34 PM
    MBAM-log-2013-09-06 (15-03-24).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 495650
    Time elapsed: 2 hour(s), 29 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 12
    HKCR\CrossriderApp0020900.BHO (PUP.Optional.CrossRider.A) -> No action taken.
    HKCR\CrossriderApp0020900.BHO.1 (PUP.Optional.CrossRider.A) -> No action taken.
    HKCR\CrossriderApp0020900.Sandbox (PUP.Optional.CrossRider.A) -> No action taken.
    HKCR\CrossriderApp0020900.Sandbox.1 (PUP.Optional.CrossRider.A) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider) -> No action taken.
    HKCR\CLSID\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider) -> No action taken.
    HKCR\TypeLib\{44444444-4444-4444-4444-440244094400} (PUP.Optional.CrossRider) -> No action taken.
    HKCR\Interface\{55555555-5555-5555-5555-550255095500} (PUP.Optional.CrossRider) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211091100} (PUP.Optional.CrossRider) -> No action taken.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\Donna\Downloads\SoftonicDownloader_for_acronymgenie.exe (PUP.Optional.Softonic) -> No action taken.
    C:\Program Files (x86)\Ghostery IE\Ghostery IE.dll (PUP.Optional.CrossRider) -> No action taken.

    (end)

    Thank you for your advice. I really appreciate it!!
    Gratefully,
    Nuts4Mutts :confused
     
    Nuts4Mutts, Sep 7, 2013
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Should I delete the Registry Entries & Folders that MalwareBytes found in Full Sc

    Please remember, log must be attachments.

    Uninstall the junkware that put this on the PC to begin with. That is >> Ghostery IE

    Then run MBAM and let it remove anything that remains. If having any problems afterwards, you need to run the below.


    READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Sep 7, 2013
    #2
  3. Nuts4Mutts

    Nuts4Mutts Private E-2

    Re: Should I delete the Registry Entries & Folders that MalwareBytes found in Full Sc

    Hi chasling!
    Thanks for your response. The "Ghostery IE" that's mentioned is something I downloaded & because it's an EXCELLENT add-on that prevents hundreds of trackers from following a users browsing habits. (You can checkout their site if you like...www.ghostery.com...so you can see what it does. I use it on my default browser, Firefox 23.0.1 and IE 10.0.9200.16660. I hate being followed in "real life" & when on-line. Is having it installed a real problem? What do the MalwareBytes entries mean? Would leaving "Ghostery" installed be wrong; it was NOT called "malware". Why does MalwareBytes single it out?
    Thanks for explaining why I need to get rid of an add-on I really like!!
    Gratefully,
    Nuts4Mutts :)
     
    Nuts4Mutts, Sep 7, 2013
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Should I delete the Registry Entries & Folders that MalwareBytes found in Full Sc

    Due to it being associated with Crossrider adware which also commonly installs many other junkware/aware programs and sometime search hijackers, it is considered to be something that most people would not want. It is not just Malwarebytes that signals this out. Most programs do. Even commerical antivirus programs. To list only a few of the hundreds of examples:

    http://www.symantec.com/security_response/writeup.jsp?docid=2012-060803-0143-99&tabid=2

    http://krebsonsecurity.com/tag/crossrider/

    http://www.spywareremove.com/adwarecrossid/alias/

    http://forums.anvisoft.com/viewtopic-45-1190-0.html

    http://www.anti-spyware-101.com/adware-crossid

    http://www.securitystronghold.com/gates/remove-adware-crossrider.html

    In the end, it is your PC and your decision on what to run on your PC. Just be aware that it is not considered desirable and then some scanners/tools will automatically delete things related to crossrider immediately. They will not give you the choice to ignore it. Also be aware that you may have also installed other junk with it.
     
    Last edited: Sep 8, 2013
    chaslang, Sep 8, 2013
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds