Aureate

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·

Overview

Alias:

 Adware/Aureate-Radiate [Panda], Aureate Spy, Aureate/Radiate

Category:

Spyware: Any product that employs a user's Internet connection in the background without their knowledge, and gathers/transmits info on the user or their behavior. Many spyware products will collect referrer info (information from your web browser which reveals what URL you linked from), your IP address (a number that is used by computers on the network to identify your computer), system information (such as time of visit, type of browser used, the operating system and platform, and CPU speed.) Spyware products sometimes wrap other commercial products, and are introduced to machines when those commercial products are installed. See also Adware.

Adware: Software that displays popup/popunder ads when the primary user interface is not visible or which do not appear to be assocaited with the product.

Browser Helper Object: (BHO). A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. Some exploits of this technology search all pages you view in IE and replace banner advertisements with other ads. Some monitor and report on your actions. Some change your home page.

Variants:
  • Aureate/Radiate
    		•

    Similar Pests:

    		 Spyware · Adware · Browser Helper Object

    Origins

    Author:

    		 Aureate

    Date of Origin:

    		 Variants from March, 2002 to February, 2004

    Distribution

    Distribution:

    		 Ships with the following: 123Search 3d Anarchy 3D-FTP 3rd block Abe's FTP Client Abe's Image Viewer Abe's MP3 Finder Abe's Picture Finder Abe's SMB Client Access Diver III Acorn Email AcqURL ActionOutline Light 1.6 Active 'Net Add URL Add/Remove Plus! Address Rover 98 Admiral VirusScanner Advanced Call Center Advanced Maillist Verify AdWizard Alive and Kicking alphaScape QuickPaste ASP1-A3 Auction Explorer Aureate Group Mail Aureate SpamKiller AutoFTP PRO AutoWeb AxelCD Beatle Binary Boy BinaryVortex Blue Engine BookSmith : Original buddyPhone 2 Calypso E-mail CamGrab Capture Express 2000 Cascoly Screensaver CDDB-Reader CDMaster32 ChanStat Charity Banner Cheat Machine Check4New ChinMail Clabra clipboard viewer Classic Peg Solitaire ComTry Music Downloader Crystal FTP CSE HTML Validator Lite CuteFTP 3.0 CuteFTP 3.0 CuteFTP/Tripod CuteMX CutePage Danzig Pref Engine DateTime Delphi Component Test Delphi Tester Dialer 2000 DigiBand NewsWatch DigiCams - The WebCam Viewer Digital Postman DirectUpdate DL-Mail Pro 2000 DNScape Doorbell 1.18 Download Minder 1.5 Download Wonder DownLoader v.1.1 Dwyco Video Conferencing EasySeeker EmmaSoft ChatCat EmmaSoft dBrow EmmaSoft KeepLan EmmaSoft Soundz EnvoyMail EZ-Forms FREE File Mag-Net FileSplit Folder Guard Jr. FourTimes Free Picture Harvester Free Solitaire Free Spades Free Submitter Pro FreeImageEditor FreeIRC FreeNotePad FreeSite FreeWebBrowser FreeWebMail FreeZip! FTPEditor GetRight Go!Zilla Go!Zilla WebAttack GovernMail Grafula Gunther's PasswordSentry HangWeb hesci Private Label HTML Translator HTTP Proxy-Spy Huey v1.8 Color Picker Iban Technologies IP Tools 3.1 Idyle GimmIP Idyle GimmIP iFind Graphics imageN Infinite Patience InfoBlast InnovaClub InstallZIP Internet Tree Internetrix InterWebWord Companion JetCar JFK Research jIRC JOC Email Checker JOC Web Finder JOC Web Spider KVT Diplom LapLink FTP LineSoft Download LOL Chat LOL Chat Mail Them Meracl FontMap Meracl ImageMap Generator Midnight Oil Solitaire MirNik Internet Finder More Space 99 MouseAssist MP3 Album Finder MP3 Fiend MP3 Grouppie MP3 Mag-Net MP3 Renamer Mp3 Stream Recorder MP3INFO-Editor MultiSender Music Genie MX Inspector BIG AD My Genie Patriots My Genie SE My GetRight NeatFTP Net CB Net Scan 2000 Net Vampire Net-A-Car Feature Car Screensaver NetAnts NetBoard Netbus Pro 2.10 NetCaptor 5.0 Netman Downloader NetNak NetSuck 3.10.5 NetTime Thingy Network Assistant NeuroStock NewsBin NewsShark NewsWire NfoNak NotePads+ Notificator 1.0b Octopus Pattern Book People Seek 98 Personal Search Agent Photocopier PicPluck Pictures In News Ping Thingy PingMaster Planet.Billboard Planet.MP3Find PMS ProtectX 3 ProxyChecker QuadSucker/Web Quadzle Puzzles QuikLink Autobot QuikLink Explorer QuikLink Explorer Gold Edition QuoteWatch QWallet Real Estate Web Site Creator Recipe Review ReGet 1.6 Resume Detective RingSurf RoboCam 1.10 Rosemary's Weird Web World SaberQuest Page Burner SBJV SBWcc Scout's Game ScreenFIRE ScreenFIRE - FileKing ScreenFlavors Sea Battle Shizzam Simple Submit SimpleFind SimpleSubmit v1.0 SK-111 Smart 'n Sticky SmartBoard 200 FREE Edition SmartSum calculator SonicMail Sound Agent Space Central Screen Saver Splash! Siterave StartDrive Static FTP StockBrowser Subscriber SunEdit 2K SuperIDE Sweep SweepsWinner Text Transmogrifier The Mapper TheNet TI-FindMail TIFNY Total Finger Total Whois Tracking The Eye Trade Site Creator TWinExplorer Standard TypeWriter 1.0 UK Phone Codes Vagabond's Realm VeriMP3 Vertigo QSearch Virtual Access Visual Cyberadio Visual Surfer VOG Backgammon Main VOG Backgammon Table VOG Chess Main VOG Chess Table VOG Reversi Main VOG Reversi Table VOG Shell VOG Shell VOG Shell History W3Filer Web Coupon Web Page Authoring Software Web Registrant PRO Web Resume Web SurfACE WEB2SMS WebCamVCR WebCopier Web-N-Force WebSaver Website Manager WebStripper WebType WhoIs Thingy Win A Lotto WinEdit 2000 Word+ Wordwright WorldChat Client Worm www.devgames.com xBlock Your ESP Test Zion Zip Express 2000

    Prevalence:
  • Aureate/Radiate: 0.0%
    • More Info

    Clot Factor:
  • Aureate/Radiate: 36

    • The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.

    Growth:
  • Aureate/Radiate: Insufficient data to report growth
    		•

    Operation

    General:

    The Aureate spy may place some or all of the following files on a Windows machine: adimage.dll advert.dll advpack.dll amcis.dll amcis2.dll amcompat.tlb amstream.dll anadsc.ocx anadscb.ocx htmdeng.exe ipcclient.dll msipcsv.exe tfde.dll

    advert.dll

    This DLL creates a hidden window every time you open your browser. It creates and sends 4 pages of information to the Aureate servers using port 1749 on your system, these pages include:

    1. Your name as listed in the system registry (not the name you installed one of the programs with)
    2. Your IP address
    3. The reverse DNS match of your address. (ells them what ISP and area of country you are in
    4. A listing of ALL software that is shown in your registry as being installed. (Not just the companies they work with)
    5. This DLL sends the following information to their server on all URL's you visit: A.) ad banners you may click on B.) all downloads you do showing the filename/file size/date/time/type of file(image, zip,executable, etc) C.) full time and date stamps of all your actions while using your browser D.) the remote dialup number you are dialing in on (taken out of your dialer configuration) E.) dialup password if saved, does not "appear" at first glance to send this through to them.
    6. Contains programmers note: "Show me the money! I want to be Mike!"

    amcis.dll

    This DLL modifies the following registry keys:

    1. HKEY_CURRENT_CONFIG
    2. HKEY_DYN_DATA
    3. HKEY_PERFORMANCE_DATA
    4. HKEY_USERS
    5. HKEY_LOCAL_MACHINE
    6. HKEY_CURRENT_USER
    7. HKEY_CLASSES_ROOT

    Unregisters oleaut32.dll from memory as provided by Microsoft and replaces with its own calls. Switches back to Microsoft's when browser is closed. Creates stub processes to be started anytime your browser is opened.

    Storage Required:
  • Aureate: at least 49 KB
  • Aureate/Radiate: at least 577 KB
    		•

    Browser Performance:

    		 Likely to slow performance of Internet Explorer.

    Risks

    Risk:

    		 Grave threat to privacy and confidentiality. Runs without permission, and continues to run after its carrier has been uninstalled.

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:

    		 Follow these steps to remove Aureate from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Stop Running Processes:

    Kill these running processes with Task Manager:

    Unregister DLLs:

    Unregister these DLLs with Regsvr32, then reboot:

    Clean Registry:

    Remove these registry items (if present) with RegEdit:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Remove Directories:

    Remove these directories (if present) with Windows Explorer:

    Research

    File Analyses:

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 April 25, 2005