ACXInstall was first discovered in December of 2002.  It is distributed by a company called Electronic Group Interactive, S.L., also known as BRENT, PHILLIPS & CO. INC.  They are a known creator of Dialers.  Its server is   http://nocreditcard.net, formerly known as ispdialer.com.

ACXInstall is installed on your computer by an ActiveX drive-by download.  It is a Rogue ActiveX control, which means that it is programmed to download malware, similar to a Trojan Downloader.  In this case, it downloads Dialers.

The Dialers that it downloads attack and hijack your computer’s dial-up modem.  Invisibly, they then exploit the modem to call premium or tolled long-distance phone numbers instead of your usual ISP, racking up charges at huge “900” rates and international telephone rates.  The server is a purveyor of pornography, and ACXInstall will start downloading pornographic content onto your computer.  You will find yourself with enormous phone bills.

ACXInstall can also be a part of other Internet parasites.  Worms and Trojans such as Backdoors and Downloaders commonly use Dialers as part of their package.  It serves the purpose of providing the connection to the server for them, typically by Internet Relay Chat technology.  It is also bundled with other Dialers.

If you discover that you are infected with ACXInstall, you should remove it with SpyZooka to avoid racking up a huge phone bill.

Also Known As:
httpload

Spyware Type:
Rogue ActiveX Control

Associated Files:
%systemdir%\acx_install.ocx
httpload.cab
%windir%\Downloaded Program Files\httpload.dll
%windir%\Downloaded Program Files\acx_install.ocx
ispdialer
nocreditcard
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ acx_install
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ acx_install.1
HKEY_CLASSES_ROOT\acx_install
HKEY_CLASSES_ROOT\acx_install.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID {A4A435CF-3583-11D4-91BD-0048546A1450}
HKEY_CLASSES_ROOT\clsid\{A4A435CF-3583-11D4-91BD-0048546A1450}
%windir%/Downloaded Program Files/httpload.dll