SS211

SS211

Known Adware

by Robokid Technologies

What is SS211?

SS211 is software application developed by Robokid Technologies. It is most commonly found on computers running Windows 7 with nearly 44.44% of installations running this operating system. SS211's installer is typically 11.00 MB in size and installs around 30 files.

SS211 is most popular in the United States with 100.00% of installations residing in this country.

SS211 adds 1 scheduled task to the Windows Task Scheduler launching the program at randomly scheduled times.

About SS211?

smart-splus is an adware web browser application that injects banner ads and contextual link ads onto web pages. It functions as a web browser plugin for Internet Explorer, Firefox, and Chrome, and has the capability to display ads on any website, regardless of affiliation with the publisher. Users may encounter up to 10 in-text ads, 4 banner ads, and/or a transitional ad while browsing. Typically, the application is packaged by third-party download managers using deceptive advertising methods for installation. In addition to displaying ads, smart-splus can modify browser settings, including lowering security settings, changing the home page, and altering the default search provider (known as web browser hijacking). The extension also gathers user behavior data and reports it back to a controlling server, including URLs and domains visited, as well as information on displayed and clicked advertisements. This adware is commonly bundled with other potentially unwanted programs in third-party download managers.

Multiple virus scanners have detected malware in SS211.

SS211-nova.exe (MD5: 6af3296e00332503fe14d8c2ad0b00e7) has been flagged by 29 scanners:
Scanner Software Result
Lavasoft Ad-Aware Gen:Variant.Kazy.397338
Baidu-International Adware.Win32.CrossRider.bAE
Bitdefender Gen:Variant.Kazy.397338
Emsisoft Anti-Malware Gen:Variant.Kazy.397338 (B)
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AE
F-Secure Gen:Variant.Kazy.397338
G Data Gen:Variant.Kazy.397338
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
McAfee Artemis!6AF3296E0033
McAfee-GW-Edition Artemis!6AF3296E0033
MicroWorld-eScan Gen:Variant.Kazy.397338
Qihoo-360 Win32/Trojan.236
Symantec WS.Reputation.1
VIPRE Antivirus Crossrider (fs)
NANO AntiVirus Riskware.Win32.AdLoad.dbtcto
Rising Antivirus PE:Malware.Obscure!1.9C59
Sophos AppRider
Agnitum Outpost PUA.Toolbar.CrossRider!
Avira AntiVir ADWARE/CrossRider.Gen2
AVG Generic5.AYEO
AVware Crossrider (fs)
Comodo Security ApplicUnwnt
F-Prot W32/A-eb9ef301!Eldorado
IKARUS anti.virus AdWare.Plush
Fortinet FortiGate Riskware/Toolbar_CrossRider
TrendMicro-HouseCall Suspicious_GEN.F47V0701
Clam AntiVirus Win.Adware.Agent-7475
Zillya Adware.AdLoad.Win32.125
Panda Antivirus Trj/Genetic.gen
SS211-codedownloader.exe (MD5: 9c5b4f9e2dcab18d13b075f0d06e6707) has been flagged by 26 scanners:
Scanner Software Result
Lavasoft Ad-Aware Gen:Variant.Kazy.402573
Baidu-International Adware.Win32.CrossRider.bAJ
Bitdefender Gen:Variant.Kazy.402573
Emsisoft Anti-Malware Gen:Variant.Kazy.402573 (B)
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AJ
F-Secure Gen:Variant.Kazy.402573
G Data Gen:Variant.Kazy.402573
Kingsoft AntiVirus Win32.Troj.Generic.a.(kcloud)
MicroWorld-eScan Gen:Variant.Kazy.402573
NANO AntiVirus Riskware.Win32.AdLoad.dbtcto
Rising Antivirus PE:Malware.Obscure!1.9C59
Sophos AppRider
VIPRE Antivirus Crossrider (fs)
Agnitum Outpost PUA.Toolbar.CrossRider!
Avira AntiVir ADWARE/CrossRider.Gen2
AVG Generic5.AYEO
AVware Crossrider (fs)
Comodo Security ApplicUnwnt
F-Prot W32/A-eb9ef301!Eldorado
IKARUS anti.virus AdWare.Plush
Symantec WS.Reputation.1
Fortinet FortiGate Riskware/Toolbar_CrossRider
TrendMicro-HouseCall Suspicious_GEN.F47V0701
Clam AntiVirus Win.Adware.Agent-7475
Zillya Adware.AdLoad.Win32.125
Panda Antivirus Trj/Genetic.gen
SS211-bho.dll (MD5: ce34993e288dbf3970f52942b51a675d) has been flagged by 19 scanners:
Scanner Software Result
Agnitum Outpost PUA.Toolbar.CrossRider!
Avira AntiVir ADWARE/CrossRider.Gen2
AVG Generic5.AYEO
AVware Crossrider (fs)
Baidu-International Adware.Win32.CrossRider.bAF
Comodo Security ApplicUnwnt
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AF
F-Prot W32/A-eb9ef301!Eldorado
IKARUS anti.virus AdWare.Plush
Rising Antivirus PE:Malware.Obscure!1.9C59
Sophos AppRider
Symantec WS.Reputation.1
VIPRE Antivirus Crossrider (fs)
Fortinet FortiGate Riskware/Toolbar_CrossRider
NANO AntiVirus Riskware.Win32.AdLoad.dbtctb
TrendMicro-HouseCall Suspicious_GEN.F47V0701
Clam AntiVirus Win.Adware.Agent-7475
Zillya Adware.AdLoad.Win32.125
Panda Antivirus Trj/Genetic.gen
cdb57a21-44db-4327-b163-91e500e22164-5.exe (MD5: 60b61162f7598f72eddfd90e89225713) has been flagged by 10 scanners:
Scanner Software Result
Baidu-International Adware.Win32.CrossRider.BAH
Clam AntiVirus Win.Adware.Agent-7475
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AH
IKARUS anti.virus AdWare.Adload
NANO AntiVirus Riskware.Win32.AdLoad.dbqwyf
Rising Antivirus PE:Malware.Obscure!1.9C59
VIPRE Antivirus Crossrider (fs)
Zillya Adware.AdLoad.Win32.125
Panda Antivirus Trj/Genetic.gen
Symantec Trojan.Gen.2
67300ee8-e28c-4f3d-bd62-265caf3ab494-5.exe (MD5: 525c3ad6517d4fd7455d67dc36a5a27c) has been flagged by 14 scanners:
Scanner Software Result
Avira AntiVir Adware/CrossRider.A.15579
Baidu-International Adware.Win32.CrossRider.bAH
Comodo Security ApplicUnwnt
ESET-NOD32 a variant of Win32/Toolbar.CrossRider.AH
Fortinet FortiGate Riskware/Toolbar_CrossRider
NANO AntiVirus Riskware.Win32.AdLoad.dbtctb
Rising Antivirus PE:Malware.Obscure!1.9C59
Symantec WS.Reputation.1
TrendMicro-HouseCall Suspicious_GEN.F47V0701
VIPRE Antivirus Crossrider (fs)
Clam AntiVirus Win.Adware.Agent-7475
IKARUS anti.virus AdWare.Adload
Zillya Adware.AdLoad.Win32.125
Panda Antivirus Trj/Genetic.gen

Software Behaviors

Scheduled tasks:
  • 8440f9df-2266-4191-b20b-1b5d5525140f-2.exe is scheduled as a task named 'temp_8440f9df-2266-4191-b20b-1b5d5525140f-2'.

Startup Entries

Startup tasks:
  • SS211-codedownloader.exe is automatically launched at startup through a scheduled task named db187c3d-dd2b-4ed4-a656-aff130599119-6.
  • SS211-nova.exe is automatically launched at startup through a scheduled task named db187c3d-dd2b-4ed4-a656-aff130599119-7.
  • db187c3d-dd2b-4ed4-a656-aff130599119-5.exe is automatically launched at startup through a scheduled task named db187c3d-dd2b-4ed4-a656-aff130599119-5_user.
  • db187c3d-dd2b-4ed4-a656-aff130599119-11.exe is automatically launched at startup through a scheduled task named db187c3d-dd2b-4ed4-a656-aff130599119-3.
  • db187c3d-dd2b-4ed4-a656-aff130599119-2.exe is automatically launched at startup through a scheduled task named db187c3d-dd2b-4ed4-a656-aff130599119-2.
  • f62f1ba4-a4c0-46f4-9eb7-f5ea445a98e1-5.exe is automatically launched at startup through a scheduled task named f62f1ba4-a4c0-46f4-9eb7-f5ea445a98e1-5_user.

Software Details

URL:
https://crossrider.com
Support:
–
Installation path:
C:\Program Files\ss211
Uninstaller:
C:\Program Files\SS211\Uninstall.exe /fcp=1
Size:
11.00 MB
Language:
English

SS211 Executable Details

Primary executable:
utils.exe
Name:
SS211
Path:
C:\Program Files\ss211\utils.exe
MD5:
–
SHA-1:
–
SHA-256:
–
Files installed by SS211
File Type Filename MD5
EXE
8440f9df-2266-4191-b20b-1b5d5525140f-4.exe
4af6f9703f32c2d674a2babc44f49e63
EXE
8440f9df-2266-4191-b20b-1b5d5525140f-2.exe
b0ed3286a59bf466bac79bac02311757
EXE
8440f9df-2266-4191-b20b-1b5d5525140f-11.exe
c7ff73e56126f43d15fd0212a54cc5fe
EXE
67300ee8-e28c-4f3d-bd62-265caf3ab494-5.exe
Malware
525c3ad6517d4fd7455d67dc36a5a27c
EXE
67300ee8-e28c-4f3d-bd62-265caf3ab494-4.exe
Malware
7035d9e9327c6e9439c84fe46eed3f39
EXE
67300ee8-e28c-4f3d-bd62-265caf3ab494-2.exe
Malware
7f30e88dce8496fdc8702f354da39fdf
EXE
67300ee8-e28c-4f3d-bd62-265caf3ab494-11.exe
Adware
4c145d29ea65cf8156014700ed3eb378
CRX
360-48918.crx
0f20baebcc1e167b25cf2bf490df231a
CRX
48918.crx
58f87dde0c8f2f1a456f356179ab20dd
XPI
48918.xpi
cc80a254acf24a42cd531b666572b1ce