Advertising functions: displays a stream of flashing ad banners when certain software is installed, including monstrous fullscreen (640x480) ads!
Network Connections: Connections to adservers (*.adsoftware.com, ports unknown)
HD/Registry/Application Snooping: Unknown
"Whether it's showing banner advertising to 10,000 female sports fans living in Ohio, or delivering thousands of full-screen animated commercials in an adventure game to brand a new apparel line to gen-xers." (as stated on aureate.com)
Still more advertising-supported shareware, much like the TSADBOT apps. The sad thing about these products is that, since there's seldom a registration "fee" of actual cash, many sites erroneously list them as Freeware. To "register" an AdSoftware app, you are forced to supply demographic details and personal information to the advertiser, who uses it to show flickering banners and popups at you while you (try to) work. In fact, you pay for the software every time you use it, and continue to pay indefinitely until you uninstall and cease using the software. Just think about it-- an eternal stream of cash at your expense! Also, like the TSADBOT, it remains installed on your machine and active even after you uninstall the program that uses it!
The Aureate trojan continues the tradition of the TSADBOT trojan by secretively installing itself as a Windows Service. In addition, it registers itself as a browser helper app so that it loads with your Web browser, and could in theory monitor every site you visit! It is nearly impossible to remove from the system, and runs fully cloaked--even if the end-user has enough advanced knowledge of computers to remove the software and its Windows hooks, you can't kill what you can't see. You may be infected with the Aureate trojan and not even know it!
If that's not enough, get
a load of
from Aureate's Web site. A brief sampler: "<marketerspeak>Many of
our users have downloaded software with the purpose of purchasing it and
have done so for many years.</marketerspeak>" ...Aureate is a fairly
new startup, and has not even existed for "many years". In fact, the entire
paradigm of online software purchase is a fairly new concept in itself.
(Could they be in trouble for false advertising??) It will be evident to
any reader that every word has been passed through several marketdroids
before appearing on the site ;)
DLL has been verified to cause
instability and crashes.
(Note: This stuff may be even worse for software developers employing it... for having their hand in the pie, Aureate skims off 40% of the developers' revenue right off the top!)
McCuiston has done a write-up on Aureate ware focusing on the adware's
tracking features, server connections and how to deal with it.
Steve Gibson has
informative page on the Aureate adware, particularly some issues relating
to the deception surrounding its installation.
page has a list of the Aureate spyware files below, and a detailed
description of what each does. One reportedly intercepts calls to the system
file oleaut32.dll and substitutes its own while a browser is active, silently
switching back when the browser closes. Another reportedly replaces a benign
Windows Media Player .dll with one coded to eavesdrop on your audio/movie
downloads. Scary stuff!
N/A? Some applications won't check for the advert DLL, others will. Find advert.dll and zap it (rename or move). If the programs still work, congratulations! If not, the next simplest solution is using the Hosts trick, or snagging a firewall app (ZoneAlarm, PC Firewall) and blocking access to their servers...there are probably some advanced methods of hacking the adware out of the program, if you're good with a hex-editor :)
See also: Sebastien Sauvage's
Note: See the Adware
"All trademarks are hereby
acknowledged as the property of their respective owners." So don't even
THINK about suing me :)