Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Defender detects spyware in C:\Program Files (x86)\timesink


  • This topic is locked This topic is locked
1 reply to this topic

#1 chrisarnt

chrisarnt

  • Members
  • 100 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:54 PM

Posted 22 May 2014 - 08:49 AM

Defender noted spyware called Conducent-Timesinkor something.  I don't remember the name and defender doesn't have the record anymore.

I do have some spyware but hitman pro, malware bytes pro, combofix windows defender does not find or fix it. Not even in safe mode or kickstart.

Defender showed it once and said access was blocked to delete the file.

When I looked at the reporting it said it was located in C:\Program Files (x86)\timesink.... but that folder does not exist under any user or safemode.

I get redirect popups that I can decline.  Task manager shows multiple IExplorer task logs running and when I reboot I get a flash from malware bytes of a blocked internet access attempt.

94.242.233.162 (Type: outgoing, Port: 49401, Process: iexplore.exe)
 

Here is the defender record of it:

Error encountered:
Code 0x80070005. Access is denied.

Category:
Spyware

Description:
This program has potentially unwanted behavior.

Advice:
Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.

Resources:
file:
C:\Program Files (x86)\timesink\AdGateway\Profiles\ba100350\CDA valuations\egames-fullcd\Done.cdb

file:
C:\Program Files (x86)\timesink\AdGateway\Profiles\ba100350\CDA valuations\egames-fullcd\Done.idx

file:
C:\Program Files (x86)\timesink\AdGateway\Profiles\ba100350\CDA valuations\egames-fullcd\Done1.cdb

file:
C:\Program Files (x86)\timesink\AdGateway\Profiles\ba100350\CDA valuations\egames-fullcd\Done1.idx

file:
C:\Program Files (x86)\timesink\AdGateway\Profiles\ba100350\CDA valuations\egames-fullcd\Pending.cdb

file:
C:\Program Files (x86)\timesink\AdGateway\Profiles\ba100350\CDA valuations\egames-fullcd\Pending.idx

file:
C:\Program Files (x86)\timesink\AdGateway\Profiles\ba100350\CDA valuations\egames-fullcd\Pending1.cdb

file:
C:\Program Files (x86)\timesink\AdGateway\Profiles\ba100350\CDA valuations\egames-fullcd\Pending1.idx

file:
C:\Program Files (x86)\timesink\AdGateway\Users\CDA valuations\Sched.cdb

file:
C:\Program Files (x86)\timesink\AdGateway\Users\CDA valuations\Sched.idx

file:
C:\Program Files (x86)\timesink\AdGateway\Users\CDA valuations\Sched1.cdb

file:
C:\Program Files (x86)\timesink\AdGateway\Users\CDA valuations\Sched1.idx

file:
C:\Windows\VcpDLL.dll

file:
D:\STUB1.EXE

folder:
C:\Program Files (x86)\timesink\

folder:
C:\Program Files (x86)\timesink\AdGateway\

folder:
C:\Program Files (x86)\timesink\AdGateway\Ads\

folder:
C:\Program Files (x86)\timesink\AdGateway\Profiles\

folder:
C:\Program Files (x86)\timesink\AdGateway\Profiles\ba100350\

folder:
C:\Program Files (x86)\timesink\AdGateway\Profiles\ba100350\CDA valuations\

folder:
C:\Program Files (x86)\timesink\AdGateway\Profiles\ba100350\CDA valuations\egames-fullcd\

folder:
C:\Program Files (x86)\timesink\AdGateway\Users\

folder:
C:\Program Files (x86)\timesink\AdGateway\Users\CDA valuations\

regkey:
HKCU@S-1-5-21-3749219747-3782410932-2284419198-1000\software\TimeSink, Inc.

View more information about this item online


Edited by chrisarnt, 22 May 2014 - 08:54 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,681 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:54 AM

Posted 22 May 2014 - 07:36 PM

Please re-read dc3 reply: http://www.bleepingcomputer.com/forums/t/535183/trying-to-remove-connective-timesink-delete-reg-key/#entry3375809

This is not the forum you were supposed to create new topic.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users