Firmaet Conducent (tidligere Timesink) producere TSAdBot.exe til software producenter der laver freeware programmer der indeholder reklamebaner. TSAdBot henter bl.a. nye reklamer til det aktuelle program. (TSAdBot bliver bl.a. brugt i mp3 afspilleren PCDJ og i komprimerings programmet PKZIP). Det lyder jo meget uskyldigt når man nu har accepteret et stykke freeware med reklamer.
Men men!! TSAdBot er faktisk et stykke spyware!! For at bestemme hvilken type reklamer der skal sendes til dig "snuser" TSAdBot bl.a. rundt i din browser history. Den sender også din brugerprofil!!!
Det er s.. at gå over stregen!!
Jeg bør lige nævne at man ikke kan lukke TSAdBot nogle steder! Den optræder ikke engang i "Lukke programmet" menuen! (Ctrl+Alt+Del) TSAdBot køre helt usynlig i baggrunden!
Jeg opdagede TSAdBot en dag, da jeg så mit kabel modem indikerede aktivitet og min harddisk spant, lige efter jeg havde tændt min computer. Jeg åbnede straks min connecter og mit firewall program. Med det samme spurgte min firewall om jeg ville give TSAdBot lov til af få forbindelse!
Ved en søgning på internettet fandt jeg følgende site:
http://cexx.org/tsadbot.htm
Her kan du læse mere om TSAdBot.
Her er en vejledning til manuel af installering:
Press CTRL-ALT-DEL once to bring up the End Task dialogue. You may or may not see TSADBOT on the list. Older versions will appear, however, newer incantations of the trojan are stealth and will actually hide from you, not appearing on the End Task list even if they are running. End Task TSADBOT if you can.
Change into your Windows directory (C:\Windows or C:\Winnt). Delete the following files:
tsad.dll
FlexActv.dll
vcpdll.dll
Addon2VB.dll (if found)*
If any of these files will NOT delete (access denied / in use / sharing violation), you will have to restart in MS-DOS mode to delete them using the appropriate DOS commands. If running, TSADBOT may hold a lock on its files preventing them from being deleted.
Now, change into C:\Program Files\. There will be a directory named TimeSink. Delete the entire directory and anything in it. Again, if files won't delete, you will have to do it from DOS (use DELTREE).
Finally, run Registry Editor and use it to remove the following registry keys:
HKEY_LOCAL_MACHINE/Software/TimeSink
HKEY_CURRENT_USER/Software/TimeSink
any Conducent entries (incl. TSADBOT) from HKEY_CURRENT_USER/Software/Microsoft/CurrentVersion/Run
anything in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Shareddlls containing:
FlexAct, tsad.dll, vcpdll.dll, tsadbot.exe, Addon2VB.dll *
And you're done. This should remove all the adware's files, and MOST of its registry junk (I may indeed have missed some!). But at least it won't load and chew up your system resources (& violate your privacy!) as long as your computer is on.
Mvh.
--
Erik Graversen.
Pitstop VG-8:
http://www.vg-8.subnet.dk