Drive by Malware Install

[Rook Zimbabwe]

I never installed this crap but all the sudden it shows up on my new Windows 7/32 bit Home Premium.

I have written the morons at the company for 5 days requesting actual instructions on how to uninstall as the instructions on their pages are complete BS!!!

No reply.

I cannot locate the program in the Windows Directory or in the Program Files or just on C:\

I am going out of my mind!!! I want this crap GONE!!!

Has anyone had experience with this stuff. I NEVER installed it nor did I authorize its install and aside from Libre Office the only programs I installed on this computer are PB 4.51 and Torchlight...

[Inf0Byt3]

You should search for "File Type Assistant" in the Add/Remove programs section, maybe it's there. If not, you can find its files in C:\Program Files\File Type Assistant. To uninstall it run "unins000.exe" from that folder.

Alternatively try to kill the process called "tsassist.exe", then remove the folder and use CCleaner to remove the remaining registry entries pointing to the removed files.

Also are you sure you didn't install anything from Uniblue (like their registry booster)? It seems that FTA comes bundled with it :/.

[c4s]

I never installed this crap but all the sudden it shows up on my new Windows 7/32 bit Home Premium

Maybe your wife again?

I have written the morons at the company for 5 days requesting actual instructions on how to uninstall as the instructions on their pages are complete BS!!!

No reply.

I wouldn't write them. That way they just get another valid email they can spam.
Anyway, I think going to the Add/remove software section and then uninstalling it - as Inf0Byt3 says - should do the trick.

[Rook Zimbabwe]

Nope... she does not have a password to access this computer and I gave her a new one to mess up all she wants!

It was NOT listed in ANY uninstall listing... in fact the folder it was located in was HIDDEN in the program files section.

When I ran PFM (which I helped my father write back in the day!) I could see it. I opened it and saw there WAS an uninstall program inside.

When I typed that address into the filebar in Win7 it went there even though the folder did not show up...

I ran the uninstall from that loaction and used PFM to delete the directory after.

Works now. Very weird.

Also cannot seem to access the morons software site...

looked in:

C:\program files\fta\

[blueznl]

Some time ago my wife also was a victim of a drive by install. And this in spite of her computer running anti virus, anti mallware, spybot immunized, firefox latest version, all windows (xp) patches installed, and running as a 'limited' account without installation rights...

Seems nothing is safe anymore...

[MachineCode]

in spite of [the] computer running anti virus, anti mallware, spybot immunized, firefox latest version, all windows (xp) patches installed, and running as a 'limited' account without installation rights

All those means nothing if the someone simply clicks "Yes" at an installation prompt. And virus scanners can only protect that which they already know about: just like regular cops.

[blueznl]

All those means nothing if the someone simply clicks "Yes" at an installation prompt.

Limited rights, no installation rights...

[MachineCode]

Limited rights don't stop all installations. It only stops "official" setup apps. And, some apps are not installed as such but just unzipped to "install". Limited rights is not the be-all, end-all protection that it pretends to be.

[moogle]

Limited rights don't stop all installations. It only stops "official" setup apps. And, some apps are not installed as such but just unzipped to "install". Limited rights is not the be-all, end-all protection that it pretends to be.

But no install rights doesn't give it access to system directories or registry, so how can it mess up the system that way? Or act as a service, or start on boot up? If it can't do any of those it's just some files laying around the drive.

[blueznl]

Yup, and appearently it's able to, as it managed to mess up registry as wall as (IIRC) boot.ini.

Oh well, fixed it, but that fake anti-malware thing was rather annoying (and scary it was able to install itself, pfew).

[MachineCode]

I want this crap GONE!!!

Since nobody else has mentioned it: wouldn't System Restore have fixed the problem? This is precisely what it's designed for.

I fixed a PC at work that had a similar problem a while ago. Got all those fake anti-virus windows popping up, pretending to do scans and such. Even if you typed "iexplore.exe" in the "Run" menu, it would launch the fake anti-virus app instead of Internet Explorer. And IE's home page was set to the web site of the fake app and couldn't be changed.

There was no "System Restore" Start menu option anymore (I guess it deleted it) so I just opened the "C:\WINDOWS\system32\Restore" folder, double-clicked "rstrui.exe", and selected the 1st of April as the restore point (just over two weeks ago). The PC was fine after that. No fake app popping up, iexplore.exe worked, Google was IE's home page again, all good.

[moogle]

Well it seems that the only way this could have been installed was through another elevated process. Some installers have this like Nero secretly installing the Ask Toolbar when you click "I agree". I installed it and uninstalled it fine and it's now gone from the system.

Did you go to "C:\Program Files\Trusted Software Assistant" and delete whats in there?

Also when you have the dialogue open, goto TaskManager and find the "tsassist.exe" and right click on it and choose "Open File Location" so it shows you where it is located, and delete it from there.

[IdeasVacuum]

A good uninstall util that I use instead of Add-Remove programs is Revo:

http://www.revouninstaller.com/

[blueznl]

A good uninstall util that I use instead of Add-Remove programs is Revo:

http://www.revouninstaller.com/

Actually, Windows includes a free utility to fix these kind of problems...

FORMAT C: /U /Q

[buddymatkona]

Very scary. If System Restore works that is great but I make a weekly system disk image so I can go back to when things seemed to work and replace everything down to bare metal.