-=PCTechTalk=- Re: tsadbot, it is a nasty thing

Phew... guess who went to do a search??? <bg> I had so much trouble getting
rid of nasties last week that I was terrified.  Thanks for the info, Bob,
stored it just in case!

Lil


----- Original Message -----
From: "Bashful Bob" <Bashfulbob@xxxxxxx>
To: "PCTT" <pctechtalk@xxxxxxxxxxxxx>
Sent: Saturday, February 26, 2005 2:23 AM
Subject: -=PCTechTalk=- tsadbot, it is a nasty thing


Hi
The little woman picked up this adware reporting program on her puter. Below
is partial information about it from the web site about it. It is kind of
nasty. I got it deleted in a different way then is post on the web site.
Norton's found it and could not remove it or quarantine it. So I did a
search (tsad.dll and tsadbot.exe) and found it and tried to delete it to no
avail, as the message dialog box said it was in use. I then ran the program
"end it all" and sure enough it was running. I click on the kill feature in
"end it all" and it killed it. I then was able to delete it. I then ran a
program called "RegCleaner" (NOT RegClean) and removed it where the program
found it. I then did a search for "adgateway" and was able to just delete
it. I then ran scandisk and did a disk frag on the puter.

Anyway, read below if your interested, check your puter, and visit the web
site. I did a search on Google to find this particular web page about it.
*********************************

TSADBOT is installed as a Windows Service when certain software is
installed, most notably new versions of PKzip.
Several sources actually list this program under "Viruses", and it's not
difficult to see why. It is secretly loaded onto your system when you
install completely unrelated software (or even if you don't!), makes
clandestine network connections behind the user's back, persists even after
the software it came with has been uninstalled, and is very difficult to
remove. An advertising-supported Trojan Horse, I am very happy to see this
one bite the dust.
Once installed, the TSADBOT program is loaded every time Windows starts and
runs invisibly in the background until the computer is shut down. It
connects to the Internet and downloads ads, whether the
advertising-supported application is running or not, and implements an
unauthorized proxy server on the user's system which disguises the adware's
network connections. AdGateway (demographic/behavioral?) "profiles" are
stored in encrypted files on the user's system, and may be transmitted to
Conducent by the TSADBOT software. The TSADBOT software accesses the user's
browser cache and History (list of sites you've visited) for purposes
unknown, and may use this information in the creation of behavioral profiles
or transmit this information to Conducent

http://cexx.org/tsadbot.htm


Life is what happens in between plans.

Virus free email by Norton's
This message is intended for the sole use of the individual and/or entity to
which it is addressed, and may contain information that is privileged,
confidential, and exempt from disclosure under applicable law. If you are
not the addressee, or authorized to receive this on behalf of the addressee,
you are hereby notified that you may not use, copy, disclose, or distribute
to anyone this message or any part thereof. If you have received this in
error, please immediately advise the sender by e-mail and delete this
information. Thank you


--
<Please delete this line and everything below.>

To unsub or change your email settings:
http://www.freelists.org/webpage/pctechtalk

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
http://www.freelists.org/archives/pctechtalk/

For more info:
http://www.freelists.org/cgi-bin/list?list_id=pctechtalk

--
<Please delete this line and everything below.>

To unsub or change your email settings:
http://www.freelists.org/webpage/pctechtalk

To access our Archives:
http://groups.yahoo.com/group/PCTechTalk/messages/
http://www.freelists.org/archives/pctechtalk/

For more info:
http://www.freelists.org/cgi-bin/list?list_id=pctechtalk

Other related posts: