Новини
Форум
Актуално
сървър
The following is a listing of all software known to install the Aureate
spy on your system. The Aureate spy keeps track of your Internet
activities and sends a report to Aureate every time you open your
browser. The Aureate spy places the following files on a Windows
machine. [It is not known, yet, to affect Macintosh or Linux machines.]
> The installed files are some or all of:
> adimage.dll
> advert.dll
> advpack.dll -------------------------- c:\windows\system
> amcis.dll
> amcis2.dll
> amcompat.tlb -------------------------- c:\windows\system
> amstream.dll -------------------------- c:\windows\system
> anadsc.ocx
> anadscb.ocx
> htmdeng.exe
> ipcclient.dll
> msipcsv.exe
> tfde.dll
>
> Here is a review of the contents and
> code contained in the DLL's that Aureate makes use of. Here are a
> few of my findings up to this point:
>
> advert.dll
> =======
>
> This DLL creates a hidden window every time you open your browser. It
> creates and sends 4 pages of information to the Aureate servers using
> port 1749 on your system, these pages include:
>
> 1. Your name as listed in the system registry ( not the name you
> installed one of the programs with )
> 2. Your IP address
> 3. The reverse DNS match of your address. ( tells them what ISP and
> area of country you are in )
> 4. A listing of ALL software that is shown in your registry as being
> installed. ( Not just the companies they work with )
> 5. This DLL sends the following information to their server on all
> URL's you visit:
> A.) ad banners you may click on
> B.) all downloads you do showing the filename/file
> size/date/time/type of file(image, zip,executable, etc)
> C.) full time and date stamps of all your actions while
> using your
> browser
> D.) the remote dialup number you are dialing in on (taken out of
> your dialer configuration)
> E.) dialup password if saved, does not "appear" at first glance
> to send this through to them.
> 6. Contains programmers note: "Show me the money! I want to
> be Mike!"
>
>
> advpack.dll
> =========
>
> Used during the installation only to check for other needed files.
> amcis.dll
> =======
>
> This DLL modifies the following registry keys:
> 1. HKEY_CURRENT_CONFIG
> 2. HKEY_DYN_DATA
> 3. HKEY_PERFORMANCE_DATA
> 4. HKEY_USERS
> 5. HKEY_LOCAL_MACHINE
> 6. HKEY_CURRENT_USER
> 7. HKEY_CLASSES_ROOT
>
> Unregisterss oleaut32.dll from memory as provided by M$oft and
> replaces with its own calls. Switches back to M$oft's when browser is
> closed. Creates stub processes to be started anytime your browser is
> opened.
>
>
> amcompat.tlb
> ===========
>
> This guy tracks any multimedia clips ( video/pictures/sound ) that
> you view It tracks the rating level on the video/picture/sound and
> title / location Contains references to DblClick ( still digging on
> this one! )
>
>
> amstream.dll
> ==========
>
> Setups TWO way communications between your system and theirs.
> Used to send info and receive update commands/files
> Open port 1749 for communications
>
> ==================================================
>
> The programs that are known to install the Aureate spy are:
>
> 123Search
> 3d Anarchy
> 3D-FTP
> 3rd block
> Abe's FTP Client
> Abe's Image Viewer
> Abe's MP3 Finder
> Abe's Picture Finder
> Abe's SMB Client
> Access Diver III
> Acorn Email
> AcqURL
> ActionOutline Light 1.6
> Active 'Net
> Add URL
> Add/Remove Plus!
> Address Rover 98
> Admiral VirusScanner
> Advanced Call Center
> Advanced Maillist Verify
> AdWizard
> Alive and Kicking
> alphaScape QuickPaste
> ASP1-A3
> Auction Explorer
> Aureate Group Mail
> Aureate SpamKiller
> AutoFTP PRO
> AutoWeb
> AxelCD
> Beatle
> Binary Boy
> BinaryVortex
> Blue Engine
> BookSmith : Original
> buddyPhone 2
> Calypso E-mail
> CamGrab
> Capture Express 2000
> Cascoly Screensaver
> CDDB-Reader
> CDMaster32
> ChanStat
> Charity Banner
> Cheat Machine
> Check4New
> ChinMail
> Clabra clipboard viewer
> Classic Peg Solitaire
> ComTry Music Downloader
> Crystal FTP
> CSE HTML Validator Lite
> CuteFTP 3.0
> CuteFTP 3.0
> CuteFTP/Tripod
> CuteMX
> CutePage
> Danzig Pref Engine
> DateTime
> Delphi Component Test
> Delphi Tester
> Dialer 2000
> DigiBand NewsWatch
> DigiCams - The WebCam Viewer
> Digital Postman
> DirectUpdate
> DL-Mail Pro 2000
> DNScape
> Doorbell 1.18
> Download Minder 1.5
> Download Wonder
> DownLoader v.1.1
> Dwyco Video Conferencing
> EasySeeker
> EmmaSoft ChatCat
> EmmaSoft dBrow
> EmmaSoft KeepLan
> EmmaSoft Soundz
> EnvoyMail
> EZ-Forms FREE
> File Mag-Net
> FileSplit
> Folder Guard Jr.
> FourTimes
> Free Picture Harvester
> Free Solitaire
> Free Spades
> Free Submitter Pro
> FreeImageEditor
> FreeIRC
> FreeNotePad
> FreeSite
> FreeWebBrowser
> FreeWebMail
> FreeZip!
> FTPEditor
> GetRight
> Go!Zilla
> Go!Zilla WebAttack
> GovernMail
> Grafula
> Gunther's PasswordSentry
> HangWeb
> hesci Private Label
> HTML Translator
> HTTP Proxy-Spy
> Huey v1.8 Color Picker
> Iban Technologies IP Tools 3.1
> Idyle GimmIP
> Idyle GimmIP
> iFind Graphics
> imageN
> Infinite Patience
> InfoBlast
> InnovaClub
> InstallZIP
> Internet Tree
> Internetrix
> InterWebWord Companion
> JetCar
> JFK Research
> jIRC
> JOC Email Checker
> JOC Web Finder
> JOC Web Spider
> KVT Diplom
> LapLink FTP
> LineSoft Download
> LOL Chat
> LOL Chat
> Mail Them
> Meracl FontMap
> Meracl ImageMap Generator
> Midnight Oil Solitaire
> MirNik Internet Finder
> More Space 99
> MouseAssist
> MP3 Album Finder
> MP3 Fiend
> MP3 Grouppie
> MP3 Mag-Net
> MP3 Renamer
> Mp3 Stream Recorder
> MP3INFO-Editor
> MultiSender
> Music Genie
> MX Inspector BIG AD
> My Genie Patriots
> My Genie SE
> My GetRight
> NeatFTP
> Net CB
> Net Scan 2000
> Net Vampire
> Net-A-Car Feature Car Screensaver
> NetAnts
> NetBoard
> Netbus Pro 2.10
> NetCaptor 5.0
> Netman Downloader
> NetNak
> NetSuck 3.10.5
> NetTime Thingy
> Network Assistant
> NeuroStock
> NewsBin
> NewsShark
> NewsWire
> NfoNak
> NotePads+
> Notificator 1.0b
> Octopus
> Pattern Book
> People Seek 98
> Personal Search Agent
> Photocopier
> PicPluck
> Pictures In News
> Ping Thingy
> PingMaster
> Planet.Billboard
> Planet.MP3Find
> PMS
> ProtectX 3
> ProxyChecker
> QuadSucker/Web
> Quadzle Puzzles
> QuikLink Autobot
> QuikLink Explorer
> QuikLink Explorer Gold Edition
> QuoteWatch
> QWallet
> Real Estate Web Site Creator
> Recipe Review
> ReGet 1.6
> Resume Detective
> RingSurf
> RoboCam 1.10
> Rosemary's Weird Web World
> SaberQuest Page Burner
> SBJV
> SBWcc
> Scout's Game
> ScreenFIRE
> ScreenFIRE - FileKing
> ScreenFlavors
> Sea Battle
> Shizzam
> Simple Submit
> SimpleFind
> SimpleSubmit v1.0
> SK-111
> Smart 'n Sticky
> SmartBoard 200 FREE Edition
> SmartSum calculator
> SonicMail
> Sound Agent
> Space Central Screen Saver
> Splash! Siterave
> StartDrive
> Static FTP
> StockBrowser
> Subscriber
> SunEdit 2K
> SuperIDE
> Sweep
> SweepsWinner
> Text Transmogrifier
> The Mapper
> TheNet
> TI-FindMail
> TIFNY
> Total Finger
> Total Whois
> Tracking The Eye
> Trade Site Creator
> TWinExplorer Standard
> TypeWriter 1.0
> UK Phone Codes
> Vagabond's Realm
> VeriMP3
> Vertigo QSearch
> Virtual Access
> Visual Cyberadio
> Visual Surfer
> VOG Backgammon Main
> VOG Backgammon Table
> VOG Chess Main
> VOG Chess Table
> VOG Reversi Main
> VOG Reversi Table
> VOG Shell
> VOG Shell
> VOG Shell History
> W3Filer
> Web Coupon
> Web Page Authoring Software
> Web Registrant PRO
> Web Resume
> Web SurfACE
> WEB2SMS
> WebCamVCR
> WebCopier
> Web-N-Force
> WebSaver
> Website Manager
> WebStripper
> WebType
> WhoIs Thingy
> Win A Lotto
> WinEdit 2000
> Word+
> Wordwright
> WorldChat Client
> Worm
> www.devgames.com
> xBlock
> Your ESP Test
> Zion
> Zip Express 2000
sincerely
aCiD buRn
C++
))
