HDtubeV1.6

HDtubeV1.6

Known Adware

by Robokid Technologies

What is HDtubeV1.6?

HDtubeV1.6 is software application developed by Robokid Technologies. It is most commonly found on computers running Windows 7 with nearly 76.64% of installations running this operating system. HDtubeV1.6's installer is typically 11.00 MB in size and installs around 375 files. The most common release is 1.34.7.1 with 51.40% of all installations currently using this version.

HDtubeV1.6 is most popular in the United States with 14.7% of installations residing in this country.

HDtubeV1.6 adds 6 scheduled tasks to the Windows Task Scheduler launching the program at randomly scheduled times.

About HDtubeV1.6?

HDTube is a web browser application that features adware functionality, presenting users with banner ads and contextual link ads that are integrated into web pages. These ads are injected by the web browser plugin, available for Internet Explorer, Firefox, and Chrome, and will appear on any website, including those unrelated to the publisher. Users may encounter up to 10 in-text ads, 4 banner ads, and/or a transitional ad while browsing the web.

Multiple virus scanners have detected malware in HDtubeV1.6.

utils.exe (MD5: c35ff3f8ddc6e0063e3173abbf263602) has been flagged by 48 scanners:
Scanner Software Result
AhnLab-V3 PUP/Win32.Solimba
Antiy-AVL Trojan[Downloader:not-a-virus]/Win32.Solimba.a
Bkav FE HW32.CDB
Malwarebytes PUP.Optional.CrossRider.A
Qihoo-360 HEUR/Malware.QVM20.Gen
Rising Antivirus PE:Malware.Obscure!1.9C59
Symantec WS.Reputation
TrendMicro-HouseCall Suspicious_GEN.F47V0712
Lavasoft Ad-Aware Gen:Application.Heur.3v1@maWhk7hO
avast! Win32:Crossrider-AP [PUP]
AVG Generic.727
Avira Adware/CrossRider.gr
AVware Crossrider (fs)
Baidu-International PUA.Win32.CrossRider.bAV
Bitdefender Gen:Application.Heur.3v1@maWhk7hO
CAT-QuickHeal Trojan.NSIS.g5
Clam AntiVirus Win.Trojan.Agent-771526
Comodo Security ApplicUnwnt
Cyren W32/A-6583813c!Eldorado
Dr.Web Trojan.Crossrider.31665
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AV potentially unwanted
Fortinet FortiGate W32/GoogUpdate.AK!tr
F-Prot W32/A-6583813c!Eldorado
F-Secure Gen:Application.Heur.3v1@maWhk7hO
G Data Gen:Application.Heur.3v1@maWhk7hO
IKARUS anti.virus Trojan.GoogUpdate
Jiangmin AdWare/NSIS.aok
K7 AntiVirus Unwanted-Program ( 004a9d0c1 )
K7GW Unwanted-Program ( 004a9d0c1 )
Kaspersky Trojan.NSIS.GoogUpdate.ck
McAfee CrossRider-FSG
McAfee-GW-Edition CrossRider-FSG
MicroWorld-eScan Gen:Application.Heur.3v1@maWhk7hO
NANO AntiVirus Trojan.Win32.Crossrider.delzup
nProtect Trojan/W32.Agent.1957744
Panda Antivirus Trj/Genetic.gen
Sophos Generic PUA GK
Tencent Nsis.Trojan.Googupdate.Alsv
Trend Micro TROJ_GEN.R002C0EJP14
VIPRE Antivirus Crossrider (fs)
Zillya Trojan.GoogUpdate.Win32.2075
Microsoft Security Essentials BrowserModifier:Win32/IeEnablerCby
Vba32 AntiVirus AdWare.Adwapper
Kingsoft AntiVirus Win32.Troj.NSIS.cq.(kcloud)
Emsisoft Anti-Malware Gen:Variant.Adware.Plush.1 (B)
Agnitum Outpost Trojan.GoogUpdate!
Avira AntiVir ADWARE/CrossRider.Gen2
AegisLab Troj.W32.Vilsel
51d7c853-ce3a-4e47-b255-7baca34c0fae-2.exe (MD5: 1748c30210b4a7d15839127618a24965) has been flagged by 16 scanners:
Scanner Software Result
AVG Generic.332
Baidu-International Adware.Win32.CrossRider.BAJ
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AJ
F-Prot W32/A-eb9ef301!Eldorado
Malwarebytes PUP.Optional.HDPlus.A
Rising Antivirus PE:Malware.Obscure!1.9C59
Sophos AppRider
VIPRE Antivirus Crossrider (fs)
NANO AntiVirus Riskware.Win32.AdLoad.dbtctb
Panda Antivirus Trj/Genetic.gen
AVware Crossrider (fs)
Kaspersky Trojan.NSIS.GoogUpdate.ck
Kingsoft AntiVirus Win32.Troj.NSIS.ck.(kcloud)
Avira AntiVir Adware/CrossRider.A.15920
Symantec Trojan.ADH.2
Comodo Security ApplicUnwnt
483fcef4-6300-436a-a2ca-cf9b6f52e122-4.exe (MD5: 87479daf04ea5ed607ae62ea139d6078) has been flagged by 21 scanners:
Scanner Software Result
Avira AntiVir Adware/CrossRider.A.17150
AVG Generic.332
Baidu-International Adware.Win32.CrossRider.bAK
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AK
Malwarebytes PUP.Optional.HDPlus.A
NANO AntiVirus Riskware.Win32.AdLoad.dcasts
Panda Antivirus Trj/Genetic.gen
Qihoo-360 Win32/Virus.Adware.94e
VIPRE Antivirus Crossrider (fs)
F-Prot W32/A-eb9ef301!Eldorado
Rising Antivirus PE:Malware.Obscure!1.9C59
Sophos AppRider
avast! Win32:Crossrider-M [PUP]
AVware Crossrider (fs)
IKARUS anti.virus Trojan.GoogUpdate
Kaspersky Trojan.NSIS.GoogUpdate.ck
G Data Win32.Application.Plush.A
Symantec WS.Reputation.1
Avira ADWARE/CrossRider.Gen2
Kingsoft AntiVirus Win32.Troj.NSIS.ck.(kcloud)
Comodo Security ApplicUnwnt
483fcef4-6300-436a-a2ca-cf9b6f52e122-2.exe (MD5: 00d20aa52ce948d733e9e63ecb5e1467) has been flagged by 24 scanners:
Scanner Software Result
AVG Generic.332
Baidu-International Adware.Win32.CrossRider.bAJ
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AJ
F-Prot W32/A-eb9ef301!Eldorado
Malwarebytes PUP.Optional.HDPlus.A
NANO AntiVirus Riskware.Win32.AdLoad.dcbpqz
Panda Antivirus Trj/Genetic.gen
Rising Antivirus PE:Malware.Obscure!1.9C59
Sophos AppRider
VIPRE Antivirus Crossrider (fs)
avast! Win32:Crossrider-M [PUP]
Avira ADWARE/CrossRider.Gen2
G Data Win32.Adware.Crossrider.L
IKARUS anti.virus Trojan.GoogUpdate
Kaspersky Trojan.NSIS.GoogUpdate.ck
Avira AntiVir Adware/CrossRider.A.17566
Symantec WS.Reputation.1
Comodo Security ApplicUnwnt
Qihoo-360 Win32/Virus.Adware.b63
AhnLab-V3 PUP/Win32.CrossRider
AVware Crossrider (fs)
Clam AntiVirus Win.Adware.Agent-7722
Dr.Web Trojan.Crossrider.27936
Kingsoft AntiVirus Win32.Troj.NSIS.ck.(kcloud)
483fcef4-6300-436a-a2ca-cf9b6f52e122-11.exe (MD5: 301fe29ca2e9a6e73dd642b7f43fd8a9) has been flagged by 30 scanners:
Scanner Software Result
Avira AntiVir Adware/CrossRider.A.17139
AVG Generic.332
Baidu-International Adware.Win32.CrossRider.BAK
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AK
Malwarebytes PUP.Optional.HDPlus.A
McAfee Artemis!301FE29CA2E9
McAfee-GW-Edition Artemis!301FE29CA2E9
NANO AntiVirus Riskware.Win32.AdLoad.dcasvk
Panda Antivirus Trj/Genetic.gen
Qihoo-360 Win32/Virus.Adware.6f2
Symantec Trojan.ADH.2
VIPRE Antivirus Crossrider (fs)
avast! Win32:Crossrider-M [PUP]
Avira ADWARE/CrossRider.Gen2
AVware Crossrider (fs)
G Data Win32.Adware.Crossrider.L
IKARUS anti.virus Trojan.GoogUpdate
Kaspersky Trojan.NSIS.GoogUpdate.ck
Rising Antivirus PE:Malware.Obscure!1.9C59
Kingsoft AntiVirus Win32.Troj.NSIS.cq.(kcloud)
Sophos Generic PUA HG
F-Prot W32/A-eb9ef301!Eldorado
Dr.Web Trojan.Crossrider.27772
Clam AntiVirus Win.Adware.Agent-7572
AhnLab-V3 PUP/Win32.CrossRider
Fortinet FortiGate Riskware/CrossRider
TrendMicro-HouseCall Suspicious_GEN.F47V0803
Comodo Security ApplicUnwnt
K7 AntiVirus Adware ( 004a970a1 )
K7GW Adware ( 004a970a1 )

Software Behaviors

Scheduled tasks:
  • cf7e6c1c-06fe-4d72-bb57-d2254a9b1f27-7.exe is scheduled as a task named 'cf7e6c1c-06fe-4d72-bb57-d2254a9b1f27-1'.
  • cf7e6c1c-06fe-4d72-bb57-d2254a9b1f27-4.exe is scheduled as a task named '6abf7f58-722e-4af2-85bd-e80c6b8df6c4'.
  • af2a94ed-2e45-45dd-98d7-a3ebbd55eaef-6.exe is scheduled as a task named 'temp_af2a94ed-2e45-45dd-98d7-a3ebbd55eaef-6'.
  • 9df88e99-d47e-48b0-9cb6-932ddc830169-7.exe is scheduled as a task named '9df88e99-d47e-48b0-9cb6-932ddc830169-1'.
  • 9df88e99-d47e-48b0-9cb6-932ddc830169-6.exe is scheduled as a task named 'temp_9df88e99-d47e-48b0-9cb6-932ddc830169-6'.
  • 9df88e99-d47e-48b0-9cb6-932ddc830169-4.exe is scheduled as a task named '9df88e99-d47e-48b0-9cb6-932ddc830169-4'.

Startup Entries

Startup tasks:
  • HDtubeV1.6-codedownloader.exe is automatically launched at startup through a scheduled task named 9bd9e674-5334-482b-b20a-68c67256a440-1.
  • 9bd9e674-5334-482b-b20a-68c67256a440-5.exe is automatically launched at startup through a scheduled task named 9bd9e674-5334-482b-b20a-68c67256a440-5_user.
  • 0947536b-9faa-4f2b-a418-2ecedc44d0a9-7.exe is automatically launched at startup through a scheduled task named 0947536b-9faa-4f2b-a418-2ecedc44d0a9-1.
  • 0947536b-9faa-4f2b-a418-2ecedc44d0a9-6.exe is automatically launched at startup through a scheduled task named 0947536b-9faa-4f2b-a418-2ecedc44d0a9-6.
  • 0947536b-9faa-4f2b-a418-2ecedc44d0a9-5.exe is automatically launched at startup through a scheduled task named 0947536b-9faa-4f2b-a418-2ecedc44d0a9-5_user.
  • 0947536b-9faa-4f2b-a418-2ecedc44d0a9-4.exe is automatically launched at startup through a scheduled task named 0947536b-9faa-4f2b-a418-2ecedc44d0a9-4.

Software Details

URL:
https://crossrider.com
Support:
–
Installation path:
C:\Program Files\hdtubev1.6
Uninstaller:
C:\Program Files\HDtubeV1.6\Uninstall.exe /fcp=1
Size:
11.00 MB
Language:
English

HDtubeV1.6 Executable Details

Primary executable:
utils.exe
Name:
HDtubeV1.6
Path:
C:\Program Files\hdtubev1.6\utils.exe
MD5:
c35ff3f8ddc6e0063e3173abbf263602
SHA-1:
–
SHA-256:
–
Files installed by HDtubeV1.6
File Type Filename MD5
DLL
newtonsoft.json.dll
0900b6c72905788aca613f89fe739bd3
EXE
uninstall.exe
ab91a7350a5fddcdf0a7b0c60e8e4e71
DLL
Interop.IWshRuntimeLibrary.dll
5e8e81170731f5521bf540e5e374b011
DLL
WebSocket4Net.dll
06bef001533cc9b2aee78e0315432f94
EXE
utils.exe
Malware
c35ff3f8ddc6e0063e3173abbf263602
DLL
SuperSocket.ClientEngine.Protocol.dll
054eb97126c57f5476abc3c6f8586eab
DLL
SuperSocket.ClientEngine.Core.dll
55bbde7f48a5ef7a8254bfeb3a5a39d7
DLL
SuperSocket.ClientEngine.Common.dll
9161b2db6facc5aa59f5eae689ec05af
EXE
51d7c853-ce3a-4e47-b255-7baca34c0fae-5.exe
91f14f3c1c826c9828cd5605805f176c
EXE
51d7c853-ce3a-4e47-b255-7baca34c0fae-4.exe
2b37138b39bfefc2837438a53173a71d