Automatic Removal:
PestPatrol detects this.
PestPatrol removes this.
|
· Overview ·
|
Overview |
|
Summary: |
Uses the Internet to dynamically deliver content to desktop software. Once the content is received, it can be displayed at any time in the application. Content activity information such as advertising impressions and click through data is recorded and sent back to Conducent for daily reporting. No installation disclosure. Displays ads. Causes browser pop-ups. Tracks usage. Collects personal info.Conducent does not provide users with an uninstall feature. Their software provides real-time ad targeting campaigns through the Timesink component TSadbot.exe. Conducent has formed strategic partnerships with most of the major Internet advertising networks. The company is now out of business, but its product lives on. |
Alias: |
archive: Embedded EXE |
Category: |
Spyware: Any product that employs a user's Internet connection in the background without their knowledge, and gathers/transmits info on the user or their behavior. Many spyware products will collect referrer info (information from your web browser which reveals what URL you linked from), your IP address (a number that is used by computers on the network to identify your computer), system information (such as time of visit, type of browser used, the operating system and platform, and CPU speed.) Spyware products sometimes wrap other commercial products, and are introduced to machines when those commercial products are installed. See also Adware. |
Similar Pests: |
Spyware |
Origins |
|
Group: |
Conducent Technologies, Inc. |
Vendor: |
Conducent Technologies, Inc. (now out of business) |
By This Group: |
|
Date of Origin: |
April, 1999 |
Distribution |
|
Prevalence: |
|
Clot Factor: |
The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone. |
Growth: |
|
Operation |
|
General: |
When installed, creates four registry keys
The following files are installed:
Multiple connections to Conducent ad-servers including adsdl.conducent.com, redirects.conducent.com (various ports). Proxy service prevents NETSTAT and similar network tools from disclosing actual addresses connected to (they appear in the form of ADS*:portnumber) |
Advertising: |
Displays a stream of flashing ad banners when certain software is installed, including monstrous fullscreen (640x480) ads! |
Storage Required: |
|
ScreenShot: |
|
TSADBOT is installed as a Windows Service when certain software is installed, most notably new versions of PKzip.
Several sources actually list this program under "Viruses", and it's not difficult to see why. It is secretly loaded onto your system when you install completely unrelated software (or even if you don't!), makes clandestine network connections behind the user's back, persists even after the software it came with has been uninstalled, and is very difficult to remove.
Once installed, the TSADBOT program is loaded every time Windows starts and runs invisibly in the background until the computer is shut down. It connects to the Internet and downloads ads, whether the advertising-supported application is running or not, and implements an unauthorized proxy server on the user's system which disguises the adware's network connections. AdGateway (demographic/behavioral?) "profiles" are stored in encrypted files on the user's system, and may be transmitted to Conducent by the TSADBOT software. The TSADBOT software accesses the user's browser cache and History (list of sites you've visited) for purposes unknown, and may use this information in the creation of behavioral profiles or transmit this information to Conducent.
PestPatrol detects this.
PestPatrol removes this.
tsadbot.exe (C:\Program Files\TimeSink\AdGateway)
tsad.dll (C:\Winnt or C:\Windows)
vcpdll.dll (C:\Winnt or C:\Windows)
FlexActv.dll (C:\Winnt or C:\Windows)
Addon2VB.dll (C:\Winnt\System or C:\Windows\System) (if found)