1. /
  2. Security Response/
  3. Adware.FreeAccessBar

Adware.FreeAccessBar

Updated:
February 13, 2007 11:48:47 AM
Type:
Adware
Risk Impact:
Low
File Names:
%ProgramFiles%\FreeAccessBar\FreeAccessBar\FreeAccessBar.dll %ProgramFiles%\FreeAccessBar\FreeAcc
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

When Adware.FreeAcessBar is executed, it performs the following actions:
  1. Creates the following files:

    • %ProgramFiles%\FreeAccessBar\FreeAccessBar\FreeAccessBar.dll
    • %ProgramFiles%\FreeAccessBar\FreeAccessBar\Uninstall.exe
    • C:\fab.log

      Note: %ProgramFiles% is a variable that refers to the program files folder. By default, this is C:\Program Files.

  2. Adds the value:

    "@" = "%ProgramFiles%\FreeAccessBar\FreeAccessBar\FreeAccessBar.dll"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27685FBE-5745-4C09-8FB8-CD16269C58EE}\InprocServer32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A202B62-4218-4978-99B3-C5562175A0D7}\InprocServer32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79EE2FD0-4637-481e-B4EB-50FE9E79267F}\InprocServer32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{664AB1BA-BC40-4ecb-A9A1-60852EEDE4ED}\1.0\0\win32

  3. Adds the value:

    "@" = "%ProgramFiles%\FreeAccessBar\FreeAccessBar"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{664AB1BA-BC40-4ecb-A9A1-60852EEDE4ED}\1.0\HELPDIR

  4. Adds the value:

    "ThreadingModel" = "Apartment"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27685FBE-5745-4C09-8FB8-CD16269C58EE}\InprocServer32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A202B62-4218-4978-99B3-C5562175A0D7}\InprocServer32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79EE2FD0-4637-481e-B4EB-50FE9E79267F}\InprocServer32

  5. Adds the value:

    "@" = "SearchPanel"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27685FBE-5745-4C09-8FB8-CD16269C58EE}

  6. Adds the value:

    "@" = "FreeAccessBar.FreeAccessBar"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A202B62-4218-4978-99B3-C5562175A0D7}\VersionIndependentProgID

  7. Adds the value:

    "@" = "{664AB1BA-BC40-4ecb-A9A1-60852EEDE4ED}"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A202B62-4218-4978-99B3-C5562175A0D7}\TypeLib
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79EE2FD0-4637-481e-B4EB-50FE9E79267F}\TypeLib
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79EE2FD0-4637-481e-B4EB-50FE9E79267F}\TypeLib
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CFBD7FDA-60EF-41c6-A598-A0BF7842D996}\TypeLib

  8. Adds the value:

    "@" = "FreeAccessBar.FreeAccessBar.1"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A202B62-4218-4978-99B3-C5562175A0D7}\ProgID
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FreeAccessBar.FreeAccessBar\CurVer

  9. Adds the value:

    "@" = "FreeAccessBar"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A202B62-4218-4978-99B3-C5562175A0D7}

  10. Adds the value:

    "@" = "FreeAccessBar.ActiveX"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79EE2FD0-4637-481e-B4EB-50FE9E79267F}\VersionIndependentProgID

  11. Adds the value:

    "@" = "FreeAccessBar.ActiveX.1"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79EE2FD0-4637-481e-B4EB-50FE9E79267F}\ProgID
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FreeAccessBar.ActiveX\CurVer

  12. Adds the value:

    "Version" = "1.0"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CFBD7FDA-60EF-41c6-A598-A0BF7842D996}\TypeLib

  13. Adds the value:

    "@" = "{00020424-0000-0000-C000-000000000046}"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CFBD7FDA-60EF-41c6-A598-A0BF7842D996}\ProxyStubClsid32
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CFBD7FDA-60EF-41c6-A598-A0BF7842D996}\ProxyStubClsid

  14. Adds the value:

    "@" = "ActiveX"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79EE2FD0-4637-481e-B4EB-50FE9E79267F}
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CFBD7FDA-60EF-41c6-A598-A0BF7842D996}


  15. Adds the value:

    "@" = "0"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{664AB1BA-BC40-4ecb-A9A1-60852EEDE4ED}\1.0\FLAGS

  16. Adds the value:

    "@" = "FreeAccessBar 1.0 Type Library"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{664AB1BA-BC40-4ecb-A9A1-60852EEDE4ED}\1.0

  17. Adds the value:

    "@" = "ActiveX Class"

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FreeAccessBar.ActiveX

  18. Adds the value:

    "@" = "{79EE2FD0-4637-481e-B4EB-50FE9E79267F}"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FreeAccessBar.ActiveX\CLSID
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FreeAccessBar.ActiveX.1\CLSID

  19. Adds the value:

    "@" = "{5A202B62-4218-4978-99B3-C5562175A0D7}"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FreeAccessBar.FreeAccessBar\CLSID
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FreeAccessBar.FreeAccessBar.1\CLSID

  20. Adds the value:

    "@" = "FreeAccessBar Class"

    to the registry subkeys:

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FreeAccessBar.FreeAccessBar
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FreeAccessBar.FreeAccessBar.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FreeAccessBar.ActiveX.1
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    \{5A202B62-4218-4978-99B3-C5562175A0D7}

  21. Adds the value:

    "{5A202B62-4218-4978-99B3-C5562175A0D7}" = ""

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar

  22. Adds the values:

    "DisplayName" = "FreeAccessBar"
    "UninstallString" = ""%ProgramFiles%\FreeAccessBar\FreeAccessBar\Uninstall.exe""

    to the registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FreeAccessBar

  23. Adds the values:

    "ReportTime" = [RANDOM VALUE]
    "Date" = [RANDOM VALUE]
    "Life" = [RANDOM VALUE]
    "UninstallerPath" = ""%ProgramFiles%\FreeAccessBar\FreeAccessBar\Uninstall.exe""
    "NewInstall" = 0x00000001
    "Key" = "ffffff"
    "CheckUpdate" = [RANDOM VALUE]
    "Install" = 0x00000001
    "UID" = = [RANDOM VALUE]
    "Link" = [RANDOM VALUE]
    "LinkCount" = [RANDOM VALUE]
    "XXnameXX" = "XXvalueXX"

    to the registry subkey:

    HKEY_CURRENT_USER\Software\FreeAccessBar\FreeAccessBar

  24. The security risk displays pop-up ads based on the user's web surfing activity.


Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver