Aureate Spyware Information
Elevated threats are usually threats that fall into the range of adware in which data about a user's habits are tracked and sent back to a server for analysis without your consent or knowledge.
||Aureate, also known as Radiate is ad supposrted software that sends personall information to its servers over the Internet without user consent.
Aureate deliberately slips into the user's system secretly, uses the user's Internet backchannel without the user's knowledge or permission, masks its presence by deliberately suspending its use of the backchannel in the absence of keyboard or mouse activity and fails to disclose any of this to the typical user who is never fully informed about what's going on.
Aureate is does not informing their users of the installation, presence, and operation of the system within their machines. I have been told by several developers that Aureate never told them to include the Aureate EULA (End User License Agreement) within their own product EULA's. That has changed now, but there are now 22 million people who have no idea that Aureate's system is installed in their machines.
Also, the Aureate programmer API specifically provides for the deliberate deferral of the presentation of the somewhat intimidating and quite intrusive multi-page demographics profiling dialog. Of all the Aureate hosting programs I've encountered, only CuteFTP presents this dialog at the time of the program's first use.
Aureate secretively installs itself as a Windows Service. In addition, it registers itself as a browser helper app so that it loads with your Web browser, and could in theory monitor every site you visit. It is nearly impossible to manually remove from the system, and runs fully cloaked--even if the end-user has enough advanced knowledge of computers to remove the software and its Windows hooks, you can't kill what you can't see.
The servers it uses to connected to are adsoftware.com.
This DLL creates a hidden window every time you open your browser. It creates and sends 4 pages of information to the Aureate servers using port 1749 on your system, these pages include:
1. Your name as listed in the system registry ( not the name you installed one of the programs with )
2. Your IP address
3. The reverse DNS match of your address. ( tells them what ISP and area of country you are in )
4. A listing of ALL software that is shown in your registry as being installed. ( Not just the companies they work with )
5. This DLL sends the following information to their server on all URL's you visit:
A.) ad banners you may click on
B.) all downloads you do showing the filename/file size/date/time/type of file(image, zip,executable, etc)
C.) full time and date stamps of all your actions while using your browser
D.) the remote dialup number you are dialing in on (taken out of your dialer configuration)
E.) dialup password if saved, does not "appear" at first glance to send this through to them.
6. Contains programmers note: "Show me the money! I want to be Mike!"
||process: advert.exe: MD5 Hash: 5583b9ed7504c2aa6f0...
process: htmdeng.exe: MD5 Hash: ...
process: msipcsv.exe: MD5 Hash: ...
process: msipcsv.exe: MD5 Hash: 0768392260e52017d16...
process: htmdeng.exe: MD5 Hash: b8b2071ff3663e96b9d..
||Spyware - Spyware's primary purpose is to collect demographic and usage information from your computer, usually for advertising purposes. Spyware usually that 'sneaks' onto a system or performs other activities hidden to the user. Spyware programs are usually bundled as a hidden component and downloaded from the Internet. These modules are almost always installed on the system secretively and try to run secretively as well.
Top Spyware Visited Pages:
IEPlugin - Alias: IMIServer IEPlugin, Webplugin, BHO3Lib, ExplWWW, IExpl, MimarSinan, Win Server, winobject, TrojanDow - 126 visits
Spyware.SearchAssistant - Alias: Troj/StartPa-EI - 96 visits
webHancer - Alias: Customer Companion, Webhancer Customer Companion, SpeedRank - 90 visits
PowerReg Scheduler - 90 visits
CWS.Cassandra - 84 visits
Conducent - Alias: Timesink - 79 visits
C2.Lop - Alias: C2 Media, Lop, LopAdvert, MP3Search, MpAdvert, TrojanClicker.Win32.Rotarran - 78 visits
007.msnnames - Alias: access.ocx, jokes.ocx, StopLiteCtrl, StopLite, 007installer - 77 visits
VX2.LocalNRD - Alias: LocalNRD - 77 visits
Aureate - Alias: Aureate Spy, Radiate - 76 visits
Random Spyware Pages:
Banker.TU - Alias: TrojanSpy:Win32/Banker.TU
SearchForFree - Alias: icasServ
007.msnnames - Alias: access.ocx, jokes.ocx, StopLiteCtrl, StopLite, 007installer