Your
generous donations help keep this site online!
|
Software functions:
Various
Advertising functions:
displays a stream of flashing ad banners when certain software is installed,
including monstrous fullscreen (640x480) ads!
Network Connections:
Connections to adservers (*.adsoftware.com, ports unknown)
Backdoors:
Unknown
HD/Registry/Application
Snooping: Unknown
"Whether it's showing banner advertising to 10,000 female sports fans living in Ohio, or delivering thousands of full-screen animated commercials in an adventure game to brand a new apparel line to gen-xers." (as stated on aureate.com)
Still more advertising-supported shareware, much like the TSADBOT apps. The sad thing about these products is that, since there's seldom a registration "fee" of actual cash, many sites erroneously list them as Freeware. To "register" an AdSoftware app, you are forced to supply demographic details and personal information to the advertiser, who uses it to show flickering banners and popups at you while you (try to) work. In fact, you pay for the software every time you use it, and continue to pay indefinitely until you uninstall and cease using the software. Just think about it-- an eternal stream of cash at your expense! Also, like the TSADBOT, it remains installed on your machine and active even after you uninstall the program that uses it!
The Aureate trojan continues the tradition of the TSADBOT trojan by secretively installing itself as a Windows Service. In addition, it registers itself as a browser helper app so that it loads with your Web browser, and could in theory monitor every site you visit! It is nearly impossible to remove from the system, and runs fully cloaked--even if the end-user has enough advanced knowledge of computers to remove the software and its Windows hooks, you can't kill what you can't see. You may be infected with the Aureate trojan and not even know it!
If that's not enough, get
a load of some propaganda
from Aureate's Web site. A brief sampler: "<marketerspeak>Many of
our users have downloaded software with the purpose of purchasing it and
have done so for many years.</marketerspeak>" ...Aureate is a fairly
new startup, and has not even existed for "many years". In fact, the entire
paradigm of online software purchase is a fairly new concept in itself.
(Could they be in trouble for false advertising??) It will be evident to
any reader that every word has been passed through several marketdroids
before appearing on the site ;)
Aureate/Radiate's spyware
DLL has been verified to cause browser
instability and crashes.
(Note: This stuff may be even worse for software developers employing it... for having their hand in the pie, Aureate skims off 40% of the developers' revenue right off the top!)
Links
Don
McCuiston has done a write-up on Aureate ware focusing on the adware's
tracking features, server connections and how to deal with it.
Steve Gibson has an
informative page on the Aureate adware, particularly some issues relating
to the deception surrounding its installation.
This
page has a list of the Aureate spyware files below, and a detailed
description of what each does. One reportedly intercepts calls to the system
file oleaut32.dll and substitutes its own while a browser is active, silently
switching back when the browser closes. Another reportedly replaces a benign
Windows Media Player .dll with one coded to eavesdrop on your audio/movie
downloads. Scary stuff!
Solutions
N/A? Some applications won't
check for the advert DLL, others will. Find advert.dll and zap it (rename
or move). If the programs still work, congratulations! If not, the next
simplest solution is using the Hosts trick, or snagging
a firewall app (ZoneAlarm, PC Firewall) and blocking access to their servers...there
are probably some advanced methods of hacking the adware out of the program,
if you're good with a hex-editor :)
See also: Sebastien Sauvage's
freeware Aureate
Blocker.
Note: See the Adware
Neutering section.
File Listing
adimage.dll
advert.dll
amcis.dll
amcis2.dll
anadsc.ocx
anadscb.ocx
htmdeng.exe
ipcclient.dll
msipcsv.exe
tfde.dll
"All trademarks are hereby
acknowledged as the property of their respective owners." So don't even
THINK about suing me :)