Jump to content

Removal instructions for Easy Interests Access

Recommended Posts

  • Staff
What is Easy Interests Access?

The Malwarebytes research team has determined that Easy Interests Access is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice.
Easy Interests Access is a member of the Spigot family as described in the blogpost Spigot browser hijackers.

How do I know if my computer is affected by Easy Interests Access?

You may see this entry in your list of installed software:


these warnings during install:




and this new startpage in the affected browser(s):


and this new default search provider:


How did Easy Interests Access get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was downloaded from their site.


How do I remove Easy Interests Access?

Our program Malwarebytes can detect and remove this potentially unwanted program.
  • Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
Is there anything else I need to do to get rid of Easy Interests Access?
  • If your browsers have been hijacked, you should read our Restore Browser page. You can read there how to fix additional browser redirect methods.
How would the full version of Malwarebytes help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes would have protected you against the Easy Interests Access hijacker. It would have warned you before the hijacker could install itself, giving you a chance to stop it before it became too late.


and it blocks traffic to their domain:


Technical details for experts

Possible signs in a FRST log:
 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.easyinterestsaccess.com/?source=tt&uid={uid1}&uc=20170223&ap=&i_id=interest__1.30
 HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.co.uk/?gws_rd=ssl
 SearchScopes: HKCU -> DefaultScope {8FCAF78A-539A-4882-B107-3BE2440D10F7} URL = hxxp://search.easyinterestsaccess.com/s?source=tt&uid={uid1}&uc=20170223&ap=&i_id=interest__1.30&query={searchTerms}
 SearchScopes: HKCU -> {8FCAF78A-539A-4882-B107-3BE2440D10F7} URL = hxxp://search.easyinterestsaccess.com/s?source=tt&uid={uid1}&uc=20170223&ap=&i_id=interest__1.30&query={searchTerms}

Easy Interests Access (HKCU\...\{28e56cfb-e30e-4f66-85d8-339885b726b8}) (Version: - Cloud Installer)
The changes made by the IE installer (this one failed on Firefox and Chrome):
File system details [View: All details] (Selection)
    Adds the folder C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}
       Adds the file Uninstall.exe"="2/23/2017 11:10 AM, 256000 bytes, A

Registry details [View: All details] (Selection)
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
       "Start Page" = REG_SZ, "http://search.easyinterestsaccess.com/?source=tt&uid={uid1}&uc=20170223&ap=&i_id=interest__1.30"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
       "DefaultScope" = REG_SZ, "{8FCAF78A-539A-4882-B107-3BE2440D10F7}"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8FCAF78A-539A-4882-B107-3BE2440D10F7}]
       "DisplayName"="REG_SZ", "Search"
       "SuggestionsURL"="REG_SZ", "https://ie.search.yahoo.com/os?appid=ie8&command={searchTerms}"
       "URL"="REG_SZ", "http://search.easyinterestsaccess.com/s?source=tt&uid={uid1}&uc=20170223&ap=&i_id=interest__1.30&query={searchTerms}"
       "DisplayName"="REG_SZ", "Easy Interests Access"
       "DisplayVersion"="REG_SZ", ""
       "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\"
       "Publisher"="REG_SZ", "Cloud Installer"
       "UninstallHomepage"="REG_SZ", "http://search.easyinterestsaccess.com/?source=tt&uid={uid1}&uc=20170223&ap=&i_id=interest__1.30"
       "UninstallImpression"="REG_SZ", "http://imp.easyinterestsaccess.com/impression.do?source=tt&sub_id=20170223&useragent=Mozilla%2F5.0+(Windows+NT+6.1%3B+WOW64%3B+Trident%2F7.0%3B+rv%3A11.0)+like+Gecko&traffic_source=&user_id={uid1}&implementation_id=interest__1.30&event={exEvent}"
       "UninstallString"="REG_SZ", ""C:\Users\{username}\AppData\Roaming\{28e56cfb-e30e-4f66-85d8-339885b726b8}\Uninstall.exe" /uninstall"
The Malwarebytes scan log:

-Log Details-
Scan Date: 2/23/17
Scan Time: 11:19 AM
Logfile: mbamEasyInterestsAccess.txt
Administrator: Yes

-Software Information-
Components Version: 1.0.43
Update Package Version: 1.0.1329
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {computername}\{username}

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361399
Time Elapsed: 3 min, 52 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8FCAF78A-539A-4882-B107-3BE2440D10F7}, Quarantined, [2364], [368913],1.0.1329

Registry Value: 2
PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{8FCAF78A-539A-4882-B107-3BE2440D10F7}|URL, Quarantined, [2364], [368913],1.0.1329
PUP.Optional.Spigot.Generic, HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replaced, [2364], [373048],1.0.1329

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

As mentioned before the full version of Malwarebytes could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.