SS211

SS211

Known Adware

by Robokid Technologies

What is SS211?

SS211 is software application developed by Robokid Technologies. It is most commonly found on computers running Windows 7 with nearly 44.44% of installations running this operating system. SS211's installer is typically 11.00 MB in size and installs around 30 files.

SS211 is most popular in the United States with 100.00% of installations residing in this country.

SS211 adds 1 scheduled task to the Windows Task Scheduler launching the program at randomly scheduled times.

About SS211?

smart-splus is an adware web browser application that injects banner ads and contextual link ads onto web pages. It functions as a web browser plugin for Internet Explorer, Firefox, and Chrome, and has the capability to display ads on any website, regardless of affiliation with the publisher. Users may encounter up to 10 in-text ads, 4 banner ads, and/or a transitional ad while browsing. Typically, the application is packaged by third-party download managers using deceptive advertising methods for installation. In addition to displaying ads, smart-splus can modify browser settings, including lowering security settings, changing the home page, and altering the default search provider (known as web browser hijacking). The extension also gathers user behavior data and reports it back to a controlling server, including URLs and domains visited, as well as information on displayed and clicked advertisements. This adware is commonly bundled with other potentially unwanted programs in third-party download managers.

Multiple virus scanners have detected malware in SS211.

SS211-nova.exe (MD5: 6af3296e00332503fe14d8c2ad0b00e7) has been flagged by 29 scanners:
Scanner Software Result
Lavasoft Ad-Aware Gen:Variant.Kazy.397338
Baidu-International Adware.Win32.CrossRider.bAE
Bitdefender Gen:Variant.Kazy.397338
Emsisoft Anti-Malware Gen:Variant.Kazy.397338 (B)
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AE
F-Secure Gen:Variant.Kazy.397338
G Data Gen:Variant.Kazy.397338
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
McAfee Artemis!6AF3296E0033
McAfee-GW-Edition Artemis!6AF3296E0033
MicroWorld-eScan Gen:Variant.Kazy.397338
Qihoo-360 Win32/Trojan.236
Symantec WS.Reputation.1
VIPRE Antivirus Crossrider (fs)
NANO AntiVirus Riskware.Win32.AdLoad.dbtcto
Rising Antivirus PE:Malware.Obscure!1.9C59
Sophos AppRider
Agnitum Outpost PUA.Toolbar.CrossRider!
Avira AntiVir ADWARE/CrossRider.Gen2
AVG Generic5.AYEO
AVware Crossrider (fs)
Comodo Security ApplicUnwnt
F-Prot W32/A-eb9ef301!Eldorado
IKARUS anti.virus AdWare.Plush
Fortinet FortiGate Riskware/Toolbar_CrossRider
TrendMicro-HouseCall Suspicious_GEN.F47V0701
Clam AntiVirus Win.Adware.Agent-7475
Zillya Adware.AdLoad.Win32.125
Panda Antivirus Trj/Genetic.gen
SS211-codedownloader.exe (MD5: 9c5b4f9e2dcab18d13b075f0d06e6707) has been flagged by 26 scanners:
Scanner Software Result
Lavasoft Ad-Aware Gen:Variant.Kazy.402573
Baidu-International Adware.Win32.CrossRider.bAJ
Bitdefender Gen:Variant.Kazy.402573
Emsisoft Anti-Malware Gen:Variant.Kazy.402573 (B)
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AJ
F-Secure Gen:Variant.Kazy.402573
G Data Gen:Variant.Kazy.402573
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
MicroWorld-eScan Gen:Variant.Kazy.402573
NANO AntiVirus Riskware.Win32.AdLoad.dbtcto
Rising Antivirus PE:Malware.Obscure!1.9C59
Sophos AppRider
VIPRE Antivirus Crossrider (fs)
Agnitum Outpost PUA.Toolbar.CrossRider!
Avira AntiVir ADWARE/CrossRider.Gen2
AVG Generic5.AYEO
AVware Crossrider (fs)
Comodo Security ApplicUnwnt
F-Prot W32/A-eb9ef301!Eldorado
IKARUS anti.virus AdWare.Plush
Symantec WS.Reputation.1
Fortinet FortiGate Riskware/Toolbar_CrossRider
TrendMicro-HouseCall Suspicious_GEN.F47V0701
Clam AntiVirus Win.Adware.Agent-7475
Zillya Adware.AdLoad.Win32.125
Panda Antivirus Trj/Genetic.gen
SS211-bho.dll (MD5: ce34993e288dbf3970f52942b51a675d) has been flagged by 19 scanners:
Scanner Software Result
Agnitum Outpost PUA.Toolbar.CrossRider!
Avira AntiVir ADWARE/CrossRider.Gen2
AVG Generic5.AYEO
AVware Crossrider (fs)
Baidu-International Adware.Win32.CrossRider.bAF
Comodo Security ApplicUnwnt
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AF
F-Prot W32/A-eb9ef301!Eldorado
IKARUS anti.virus AdWare.Plush
Rising Antivirus PE:Malware.Obscure!1.9C59
Sophos AppRider
Symantec WS.Reputation.1
VIPRE Antivirus Crossrider (fs)
Fortinet FortiGate Riskware/Toolbar_CrossRider
NANO AntiVirus Riskware.Win32.AdLoad.dbtctb
TrendMicro-HouseCall Suspicious_GEN.F47V0701
Clam AntiVirus Win.Adware.Agent-7475
Zillya Adware.AdLoad.Win32.125
Panda Antivirus Trj/Genetic.gen
cdb57a21-44db-4327-b163-91e500e22164-5.exe (MD5: 60b61162f7598f72eddfd90e89225713) has been flagged by 10 scanners:
Scanner Software Result
Baidu-International Adware.Win32.CrossRider.BAH
Clam AntiVirus Win.Adware.Agent-7475
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AH
IKARUS anti.virus AdWare.Adload
NANO AntiVirus Riskware.Win32.AdLoad.dbqwyf
Rising Antivirus PE:Malware.Obscure!1.9C59
VIPRE Antivirus Crossrider (fs)
Zillya Adware.AdLoad.Win32.125
Panda Antivirus Trj/Genetic.gen
Symantec Trojan.Gen.2
67300ee8-e28c-4f3d-bd62-265caf3ab494-5.exe (MD5: 525c3ad6517d4fd7455d67dc36a5a27c) has been flagged by 14 scanners:
Scanner Software Result
Avira AntiVir Adware/CrossRider.A.15579
Baidu-International Adware.Win32.CrossRider.bAH
Comodo Security ApplicUnwnt
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AH
Fortinet FortiGate Riskware/Toolbar_CrossRider
NANO AntiVirus Riskware.Win32.AdLoad.dbtctb
Rising Antivirus PE:Malware.Obscure!1.9C59
Symantec WS.Reputation.1
TrendMicro-HouseCall Suspicious_GEN.F47V0701
VIPRE Antivirus Crossrider (fs)
Clam AntiVirus Win.Adware.Agent-7475
IKARUS anti.virus AdWare.Adload
Zillya Adware.AdLoad.Win32.125
Panda Antivirus Trj/Genetic.gen

Software Behaviors

Scheduled tasks:
  • 8440f9df-2266-4191-b20b-1b5d5525140f-2.exe is scheduled as a task named 'temp_8440f9df-2266-4191-b20b-1b5d5525140f-2'.

Startup Entries

Startup tasks:
  • SS211-codedownloader.exe is automatically launched at startup through a scheduled task named db187c3d-dd2b-4ed4-a656-aff130599119-6.
  • SS211-nova.exe is automatically launched at startup through a scheduled task named db187c3d-dd2b-4ed4-a656-aff130599119-7.
  • db187c3d-dd2b-4ed4-a656-aff130599119-5.exe is automatically launched at startup through a scheduled task named db187c3d-dd2b-4ed4-a656-aff130599119-5_user.
  • db187c3d-dd2b-4ed4-a656-aff130599119-11.exe is automatically launched at startup through a scheduled task named db187c3d-dd2b-4ed4-a656-aff130599119-3.
  • db187c3d-dd2b-4ed4-a656-aff130599119-2.exe is automatically launched at startup through a scheduled task named db187c3d-dd2b-4ed4-a656-aff130599119-2.
  • f62f1ba4-a4c0-46f4-9eb7-f5ea445a98e1-5.exe is automatically launched at startup through a scheduled task named f62f1ba4-a4c0-46f4-9eb7-f5ea445a98e1-5_user.

Software Details

URL:
https://crossrider.com
Support:
–
Installation path:
C:\Program Files\ss211
Uninstaller:
C:\Program Files\SS211\Uninstall.exe /fcp=1
Size:
11.00 MB
Language:
English

SS211 Executable Details

Primary executable:
utils.exe
Name:
SS211
Path:
C:\Program Files\ss211\utils.exe
MD5:
–
SHA-1:
–
SHA-256:
–
Files installed by SS211
File Type Filename MD5
EXE
uninstall.exe
773b5915cad1835f3006d00043f79a82
EXE
utils.exe
a0bdc8051a740904d9e5f24d697f6875
DLL
SS211-nova.dll
40cea65d8fe9172bf56393ee480d97aa
EXE
SS211-nova.exe
Malware
6af3296e00332503fe14d8c2ad0b00e7
EXE
SS211-codedownloader.exe
Malware
9c5b4f9e2dcab18d13b075f0d06e6707
DLL
SS211-bho64.dll
27a6fc9a024dc71fc42b617e841adf77
DLL
SS211-bho.dll
Malware
ce34993e288dbf3970f52942b51a675d
EXE
SS211-bg.exe
46f158e2ccebdcf98b3afec5ef84ee7a
EXE
f62f1ba4-a4c0-46f4-9eb7-f5ea445a98e1-5.exe
9f3f239d8dded84d1414314e213d5b25
EXE
f62f1ba4-a4c0-46f4-9eb7-f5ea445a98e1-4.exe
2c4bb12348946016bb48593675028be7