Sophos

IMNames

Category
Type
What to do
  • If you've received an alert for a blocked PUA or adware and decide that the application is not suitable for your workplace, then follow the instructions for removing PUAs.

Summary

 
Affected operating systems Windows
Protection available since 15 September 2006 10:59:00 (GMT)
Detected by Sophos Anti-Virus for Windows, version 7, and PureMessage for Microsoft Exchange.

More Information

IMNames is an adware application that includes its adverts to instant messenger contacts on an affected computer.

IMNames offsets "More than a thousand Instant Messenger Names" and, when installed, opens the URL where the list is stored.

IMNames adds some of the following messages to outbound Yahoo Messenger, MSN Messenger and AIM messages:

got my AIM Names from http://www.IM-Names.com, they're free!
Get the greatest AIM nicknames on http://www.IM-Names.com
FYI, I get my AIM Names from http://www.IM-Names.com
I got my Yahoo Names from http://www.IM-Names.com, they're free!
Get the greatest Yahoo nicknames on http://www.IM-Names.com
FYI, I get my Yahoo Names from http://www.IM-Names.com
Get screen names that suit your mood on http://www.IM-Names.com (it's free)
Get the best screen names on http://www.IM-Names.com
I got my MSN Names from http://www.IM-Names.com, they're free!
Get the greatest MSN nicknames on http://www.IM-Names.com
FYI, I get my MSN Names from http://www.IM-Names.com#

The default installation folder for IMNames is <Program Files>\Instant Messenger Names.

IMNames also installs components of the 2Search or TopBrowsing adware applications.

When IMNames is installed the following files are typically created:

<Program Files>\BHO
<Program Files>\BHO\bho.dat
<Program Files>\BHO\er.dat
<Program Files>\BHO\plugin.dll
<Program Files>\BHO\plugin1.dll
<Program Files>\BHO\uninstall.exe
<Program Files>\Instant Messenger Names
<Program Files>\Instant Messenger Names\1.exe
<Program Files>\Instant Messenger Names\IM-svr.exe
<Program Files>\Instant Messenger Names\IMNames.exe
<Program Files>\Instant Messenger Names\main.exe
<Program Files>\2search
<Program Files>\2search\2search.dll
<Program Files>\2search\plugin.dll
<Program Files>\2search\get.exe
<Program Files>\2search\main.exe
<Program Files>\2search\uninstall.exe
<System>\2search.exe

Files in the <Program Files>\BHO folder are detected separately as TopBrowsing. The file <System>\2search.exe and files in the <Program Files>\2search folder are detected separately as 2Search. For details of TopBrowsing and 2Search please refer to their respective descriptions.

The following registry entry is created to run IM-svr.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMprocess
<Program Files>\Instant Messenger Names\IM-svr.EXE

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMNames
HKCU\Software\IMAdvertiser

IMNames, 2search and TopBrowsing provide uninstall options which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. They are listed as: "Instant Messenger Names", "Uninstall 2search" and "BHO".

RSS|Atom
Get reports about the latest adware and potentially unwanted applications (PUAs) delivered to your computer