Presence of a c:\[number]\ folder, where [number] is a string that might look like “103892”. This folder contains actibrow.dll, bulk_exe.html and some other files.

The following keys may appear in the registry:

• HKCU\Software\phoneaccessexe2\[number]\  (where [number] is the same string as above)
• HKLM\Software\Microsoft\CurrentVersion\Uninstall\[number]
• HKCR\phoneaccessexe.phoneaccessexe  set to “phoneaccessexe Class”

Presence of a new shortcut on desktop, pointing to the executable file from c:\[number]\ folder.