Download Agave Adware for yourself

    You download a file for yourself, and it is in a self-extracting archive. Run exe'shnik, it opens like WinRar (a very similar window to the view), unpack the file and forget it. But over time, an advertisement begins to climb from all holes, which is not clear how to turn it off because it is not clear where it came from.
    It would seem that the classical scheme of pairing Advari has been living for many years and is unremarkable. But in Russia they decided to do it differently. Advar is now approved by local antiviruses; the distribution is almost officially carried out by a fairly large and well-known company.


    A little over a year ago, one of my partners knocked on me and said that someone there wants to put viruses in me and pay money for it. Only the fact that he called himself a representative of Agave and that their virus seems to be approved by Kaspersky and will not be caught by him, kept it off the proposal to send such a merchant into the forest. I was wondering how this could be and I allowed to give my contacts in order to communicate directly.

    A certain Avaks knocked on ICQ, who called himself Mikhail Ilyin, the director for something there in Agave. Briefly talked about what is proposed:
    I pack all the files on the site with their archiver, it turns out exe'shniki, which when unpacking are similar to WinRar so that the user does not notice the difference. When unpacking, a window pops up, where among the heap of text there is a small paragraph indicating that the user, clicking “continue”, agrees to put himself some kind of advertising module, which he can then delete. After clicking "continue", the user is put this module, which somewhere in a day begins to show ads. They say that money will go to me for clicks, over time, users who have downloaded the virus with my refka will become a lot, clicks will go a lot and in general you can earn a million very quickly and without straining. And since advertising will be only a day after the installation of the advertising module, no one will admit where it came from.

    To my questions, such as, why should I voluntarily ruin my resource, why Agava doesn’t use my ifolder.ru, and how a public company can infect viruses, they told me that I won’t kill the resource because the ads are terribly relevant and the user will only pleased that she will be shown. Ifolder is not used because the type is not yet ready for integration (as far as I know, it is not ready yet :), and then they will offer users to compress their files with this miracle archiver, but about viruses, it’s not a virus at all, it’s like there is an uninstaller and in general all this stuff is approved by Kaspersky Lab and their antivirus does not respond to the ad module.

    At the same time, the question of whether they just want to set up competitors (in my face) or whether they were simply impressed by how they beat beat them in a couple of months and decided to try to develop by the same methods, caused an angry tirade. It’s even insulting to compare with flying beat, they say we have an uninstaller here and in general it’s not at all an adware, just an advertising module that the user himself agrees to install. And they don’t want to substitute competitors, and in general they are not very interesting for them and it is planned to work with mp3 sites, here I just turned up arm by arm, etc.

    In total, the conversation lasted about an hour, they convinced me (users - shit, what difference does it make, money is paid here, etc.), threatened (we will go to your competitors, they will earn a lot of money and will survive you from the market), hollowed out with phrases that it they don’t have a lawyer, that they are completely legal and generally carry the good and the eternal. It ended up that I promised to automatically detect the presence of their adware in the files and delete the files along with the users, that they were uploaded and the dialogue stopped.

    I was imbued with the Russian style of na-business, I even came across sites with their advocacy, but the crisis came and in general this story was somehow forgotten (apparently, they decided not to be active during the crisis). After all, it was quite possible for someone left to be called Mikhail Ilyin, to conduct a dialogue in his style (after reading his posts on roem.ru several times) and generally hang noodles.

    She got a continuation now, when they sent suggestions to earn a lot of money in the feedback form, but this time there were referral links and judging by the style of writing, the work was clearly some kind of schoolchildren. The links led to the site tmaproject.ru , by going and reading a few paragraphs, I immediately remembered last year’s dialogue, made sure that the representative of Agave really wrote to me and the adware really had them:






    This time, however, the module is openly called adware, the list of antiviruses that do not catch this has been expanded module: “So, at Kaspersky Lab, TMAgent is classified as AdTool - a secure program that displays ads. The security of TMAgent is also confirmed by its absence in the databases of such well-known antiviruses as DrWeb, NOD32, Panda Antivirus, AVG, Avira, Ad-Aware and many others. ”

    Probably, in honor of the crisis, antiviruses reduced the price of ignoring viruses, Agave decided to expand the list =)

    Two points are surprising:

    1. Is it possible to legally add a legacy adware in Russia? It is clear that a user of the type sets it up himself, and that, it’s kind of like, you can delete it, but this is obvious fraud. The same as in SMS scam, in fact.

    2. Why use antivirus software that skips such a software plan?
    Below is an addition on this subject.

    It would be interesting to look at the advertisers who are buying ads in this adware. It is quite realistic that they are selling some kind of clicks there on a completely legal teaser, but in fact, they generate transitions in this way.

    It would also be very interesting to listen to official comments from Agave herself and from Kaspersky Lab, which seems to be supposed to make software that protects against such programs.

    Z.Y. People working at Kaspersky Lab say that there was no ignoring this module, that their antivirus did not catch it solely because of the lack of a sample. At the moment, the adware module is caught by the latest software versions and there is nothing to be afraid of.
    Apparently, Agave invented about Kaspersky herself, taking advantage of the fact that their module was not in the database for some time.

    Also popular now: