We checked up the file CROSSRIDERMANIFEST.JSON and found it hazardous.
The file CROSSRIDERMANIFEST.JSON must be deleted from the system immediately.
Kill the process CROSSRIDERMANIFEST.JSON and remove CROSSRIDERMANIFEST.JSON from the Windows startup.
Malware Analysis of CROSSRIDERMANIFEST.JSON
Full path on a computer: %LOCAL APPDATA%\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIEKONLJBEIPFKLHCHHDJDDEJAENNFNL\1.25.85_0\CROSSRIDERMANIFEST.JSON
Detected by UnHackMe:
CROSSRIDERMANIFEST.JSON
Default location: %LOCAL APPDATA%\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIEKONLJBEIPFKLHCHHDJDDEJAENNFNL\1.25.85_0\CROSSRIDERMANIFEST.JSON
Removal Results: Success
Number of reboot: 1
CROSSRIDERMANIFEST.JSON is known as:
Trojan.Crossrider
How to quickly detect CROSSRIDERMANIFEST.JSON presence?
Files:
- %APPDATA%\MOZILLA\FIREFOX\PROFILES\CWDGT0Y8.DEFAULT\EXTENSIONS\CROSSRIDERAPP12555@CROSSRIDER.COM\CHROME\CONTENT\CORE\XHR.JS
- %APPDATA%\MOZILLA\FIREFOX\PROFILES\CWDGT0Y8.DEFAULT\EXTENSIONS\CROSSRIDERAPP12555@CROSSRIDER.COM\CHROME\CONTENT\BROWSER.XUL
- %APPDATA%\MOZILLA\FIREFOX\PROFILES\CWDGT0Y8.DEFAULT\EXTENSIONS\CROSSRIDERAPP12555@CROSSRIDER.COM\CHROME\CONTENT\CORE\SEARCHSETTINGS.JS
- %APPDATA%\MOZILLA\FIREFOX\PROFILES\CWDGT0Y8.DEFAULT\EXTENSIONS\CROSSRIDERAPP12555@CROSSRIDER.COM\CHROME\CONTENT\CORE\LOGFILE.JS
- %LOCAL APPDATA%\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JIEKONLJBEIPFKLHCHHDJDDEJAENNFNL\1.25.85_0\CROSSRIDERMANIFEST.JSON