Overview
Summary:
Alias:
Category:
Dialer: Software that dials a phone number. Some dialers connect to local Internet Service Providers and are beneficial as configured. Others connect to toll numbers without user awareness or permission.
Downloader: A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site.
Variants:
Similar Pests:
Origins
Group:
Vendor:
By This Group:
Date of Origin:
Distribution
Distribution:
May be installed automatically, without prompting, on Internet Explorer versions earlier than IE6 Service Pack 1, thanks to a security hole. The installer pages exploit this to run an EXE which adds 'Electronic Group' to the list of trusted publishers whose software IE will install automatically without asking.
Electronic Group distributes other dialers as well.
Prevalence:
Clot Factor:
The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.
Growth:
Operation
Advertising:
Storage Required:
Risks
Privacy Issues:
Security Issues:
It is also suspected that it may be possible to use the IEAccess ActiveX control on any web page to cause arbitrary unsigned code to be executed.
Stability Issues:
Detection and Removal
Automatic Removal:
PestPatrol detects this.
PestPatrol removes this.
Manual Removal:
From 'Downloaded Program Files' in the Windows folder, right-click the 'IEDial class' entry and remove it. This does not actually get rid of the software, so open a DOS command prompt window (from Start->Programs->Accessories) and enter the following command, for Windows 95/98/Me:
"%WinDir%\System\regsvr32.exe" /u "%WinDir%\System\IEAccess2.dll"
Or, for Windows NT/2000/XP:
regsvr32 /u "%WinDir%\System32\IEAccess2.dll"
You can now delete the 'IEAccess2.dll' file in the Windows
System[32] folder. Next open the registry (Start->Run->regedit)
and delete the key 'HKEY_CURRENT_USER\Software\egroup'.
Finally, remove Electronic Group from your Trusted Publishers list. To do this, open the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0 and delete the entry with the value 'ELECTRONIC GROUP'. (It's probably a good idea to keep this key completely empty.)
You can also go to HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates and delete Electronic Group's key. It should begin '08F573...'.
IEAccess may have downloaded one or more unwanted diallers. Sometimes these may appear in an 'eGroup' folder in the Windows folder, as well as entries the more usual Program Files folder. Check and delete any diallers you find.
Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
If you find the value HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\livesrv, delete it and reboot the machine immediately.
If you find the value HKEY_USERS\s-1-5-21-1085031214-484061587-839522115-500\software\microsoft\windows\currentversion\run\livesrv, delete it and reboot the machine immediately.
Unregister these DLLs with Regsvr32, then reboot:
Remove these registry items (if present) with RegEdit:
Remove these files (if present) with Windows Explorer:
Research
File Analyses:
- IEAccess: dialframe.htm · ieaccess2.dll · ieaccess2.inf · inv_popup_test.php3 · invisibol_onload.php3 · regaditionstxt.txt