Summary
Summary
More Information
| Included in our products from | April 2008 (4.28) |
|---|---|
| Protection available since | 8 August 2006 22:30:42 (GMT) |
| Last updated | 26 February 2008 19:48:42 (GMT) |
| Detected by | Sophos Anti-Virus for Windows, versions 6 and 7 and PureMessage for Microsoft Exchange. |
More Information
- Summary
- More Information
InstantAccess is an adware application that usually contains dialer functionality.
InstantAccess is an adware application that usually contains dialer functionality.InstantAccess encompasses a number of related applications including some known as Electronic-Group, EGroup, IEAccess, Phone2Enter and P2E.
When InstantAccess is installed the following folders and files may be created:
<Desktop>\Instant Access.lnk
<Desktop>\FunFunFun.lnk
<Desktop>\NoCreditCard.url
<User>\Start Menu\Instant Access.lnk
<Program Files>\Instant Access
<Program Files>\Instant Access\instant access.exe
<Program Files>\Instant Access\Center
<Program Files>\Instant Access\Center\Exe
<Program Files>\Instant Access\Center\Exe\<date>
<Program Files>\Instant Access\Center\Exe\<date>\img
<Program Files>\Instant Access\Center\Icons
<Program Files>\Instant Access\Dialer
<Program Files>\Instant Access\Dialer\Exe
<Program Files>\Instant Access\Dialer\Exe\<date>\dialerexe.ini
<Program Files>\Instant Access\Dialer\Exe\<date>\Instant Access.exe
<Program Files>\Instant Access\Dialer\Exe\<date>\Common
<Program Files>\Instant Access\Dialer\Exe\<date>\img\ncc.ico
<Program Files>\Instant Access\Multi
<Windows>\DialPass
<Windows>\mc
<Windows>\mc\magiccontrol.dll
<Windows>\mslagent
<Windows>\mslagent\2_mslagent.dll
<Windows>\mslagent\3_mslagent.dll
<Windows>\mslagent\acknowledged.mc2
<Windows>\mslagent\CompManagerPersist.mc2
<Windows>\mslagent\mslagent.exe
<Windows>\mslagent\OrderPersist.mc2
<Windows>\mslagent\uninstall.exe
<Windows>\navmpc
<Windows>\navmpc\navpmc.exe
<Windows>\simcss
<Windows>\simcss\acknowledged.mc2
<Windows>\simcss\CompManagerPersist.mc2
<Windows>\simcss\except.mc2
<Windows>\simcss\OrderPersist.mc2
<Windows>\simcss\simcss.exe
<Windows>\simcss\TimePersist
<Windows>\simcss\uninstall.exe
<Windows>\wincomp
<Windows>\wincomp\acknowledged.mc2
<Windows>\wincomp\CompManagerPersist.mc2
<Windows>\wincomp\except.mc2
<Windows>\wincomp\OrderPersist.mc2
<Windows>\wincomp\TimePersist
<Windows>\wincomp\uninstall.exe
<Windows>\wincomp\wincomp.exe
<Windows>\winmgts
<Windows>\winmgts\acknowledged.mc2
<Windows>\winmgts\CompManagerPersist.mc2
<Windows>\winmgts\except.mc2
<Windows>\winmgts\OrderPersist.mc2
<Windows>\winmgts\TimePersist
<Windows>\winmgts\uninstall.exe
<Windows>\winmgts\winmgts.exe
<Windows>\wintrim
<Windows>\wintrim\acknowledged.mc2
<Windows>\wintrim\CompManagerPersist.mc2
<Windows>\wintrim\egping.dll
<Windows>\wintrim\except.mc2
<Windows>\wintrim\OrderPersist.mc2
<Windows>\wintrim\TimePersist
<Windows>\wintrim\uninstall.exe
<Windows>\wintrim\wintrim.exe
<System>\eg_auth.dll
<System>\egaccess.dll
<System>\EGAUTH<version>.dll
<System>\egcomlib_<version>.dll
<System>\egcomlib2.dll
<System>\egcomservice_<version>.dll
<System>\egcomservice2.dll
<System>\egdhtml_<version>.dll
<System>\eghtml2.dll
<System>\eghtmldialer.dll
<System>\egmchk.dll
<System>\ia.dll
<System>\ieaccess2.dll
<System>\liveservice.dll
<System>\msclock32.dll
<System>\msegcompid.dll
<System>\msplock32.dll
<System>\nethv32.dll
<System>\netslv32.dll
<System>\one2onesvc.dll
<System>\p2eclient.exe
<System>\p2esock<version>.dll
<System>\p2esocks.dll
<System>\sysnetsvc32.dll
where <date> is a date-based number and <version> is a version number.
The following registry entry is created to run mslagent.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
mslagent
<Windows>\mslagent\mslagent.exe
The following registry entry is created to run code exported by egcomservice_<version>.dll on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Instant Access
rundll32.exe EGCOMSERVICE_<version>.dll,InstantAccess
The files InstantAccess DLLs are registered as COM objects, creating registry entries under:
HKCR\mslagent.3
HKCR\mslagent.3.1
HKCR\MagicControl.MagicComponent
HKCR\MagicControl.MagicComponent.1
HKCR\IEAccess2.IEDial
HKCR\IEAccess2.IEDial.1
HKCR\EGPing.EGMagicPing
HKCR\EGPing.EGMagicPing.1
HKCR\EGHTMLDialer.HTMLDialer
HKCR\EGHTMLDialer.HTMLDialer.1
HKCR\EGDHTML.EGDialHTML
HKCR\EGDHTML.EGDialHTML.1
HKCR\EGCOMSERVICE2.EGComSvc2
HKCR\EGCOMSERVICE2.EGComSvc2.1
HKCR\EGCOMSERVICE.EGComSvc
HKCR\EGCOMSERVICE.EGComSvc.1
HKCR\EGCOMLIB2.EGComLibrary2
HKCR\EGCOMLIB2.EGComLibrary2.1
HKCR\EGCOMLIB.EGComLibrary
HKCR\EGCOMLIB.EGComLibrary.1
HKCR\EGAUTH.EGEGAUTH
HKCR\EGAUTH.EGEGAUTH.1
HKCR\Cltguider.Cltbuilder
HKCR\Cltguider.Cltbuilder.1
HKCR\CLSID\(F72BC3F0-6C20-4793-9DDA-258589D8A907)
HKCR\CLSID\(D7A82A12-05F5-42D8-B30D-6EF995075D2D)
HKCR\CLSID\(CF5F84EB-D3FC-4F98-BE3B-F5B56B962CED)
HKCR\CLSID\(C6760A07-A574-4705-B113-7856315922C3)
HKCR\CLSID\(BFC9677B-8006-4336-9D49-2C797AEFCB9E)
HKCR\CLSID\(B843DA96-2B2D-447E-90AB-B92929AA11AF)
HKCR\CLSID\(B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C)
HKCR\CLSID\(A02780C3-7F77-4E28-855B-28890F3CF37A)
HKCR\CLSID\(75A603E7-8BB7-4272-ABBE-9846FF1241C1)
HKCR\CLSID\(6AA93DF6-6757-4338-9087-F7601DE18402)
HKCR\CLSID\(50AD557E-3426-41FD-AFDD-2AF39BB1C387)
HKCR\CLSID\(505098FD-5D61-4BC2-9B82-F969D0E932A2)
HKCR\CLSID\(486E48B5-ABF2-42BB-A327-2679DF3FB822)
HKCR\CLSID\(469C7080-8EC8-43A6-AD97-45848113743C)
HKCR\CLSID\(2AEEAC34-FD74-4142-B891-4B05C0C03C87)
HKCR\CLSID\(2ABE804B-4D3A-41BF-A172-304627874B45)
HKCR\CLSID\(1D2DCA0D-B30F-40AD-9690-087105F214EC)
HKCR\CLSID\(0878F049-D33E-45E0-A157-C36A6683CF25)
HKCR\CLSID\(0594AF7E-573B-40DF-8165-E47AB2EAEFE8)
HKCR\TypeLib\(F3A257E6-FA04-4B30-A1B6-6B89EB814544)
HKCR\TypeLib\(BA49BD6A-039C-428E-AF33-8C1288D75A7B)
HKCR\TypeLib\(BA232BA2-12D3-47CD-AA05-5E8F85DBC650)
HKCR\TypeLib\(9D6ADDBF-8227-4D36-AE46-116AFBDAFCA0)
HKCR\TypeLib\(83F0D6AA-CD15-46B5-AA4E-BDB506B4AE53)
HKCR\TypeLib\(83B8F65D-96E3-4518-A40C-E0CA84FF09FC)
HKCR\TypeLib\(82C0673C-F1D1-47BA-B904-AB0DE82300BC)
HKCR\TypeLib\(7699AEF9-F83A-44FA-B374-AA02CEDF247D)
HKCR\TypeLib\(0E594D22-ACE6-43A2-BCDA-BB7C65D3FE8C)
HKCR\TypeLib\(06EC63CC-4823-4836-ABB8-AB5F3971FA5C)
Registry entries may be created under:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winmgts
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wincomp
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\simcss
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\navpmc
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent
HKCU\Software\mc
HKCU\Software\livesvc
HKLM\SOFTWARE\egroup
HKCU\Software\EGDHTML
HKCU\Software\O2OSvc
InstantAccess provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as: "winmgts", "wincomp", "simcss", "navpmc" and "mslagent".
|
