Page 3 of 5 FirstFirst 12345 LastLast
Showing results 21 to 30 of 45

Thread: Spyware in Daemon Tools Lite installer?

  1. #21
    Customer
    Terramex's Avatar
    Join Date
    06.09.2004
    Posts
    2,572

    Default

    It will only appear when selecting 'Free license' and only when you're online.
    I'm not employed by Disc Soft and my views do not necessarily reflect the ones of the company.

  2. #22
    New User
    Join Date
    23.02.2013
    Posts
    5

    Default

    I did select 'Free license' and it didn't appear.

  3. #23
    Customer
    Terramex's Avatar
    Join Date
    06.09.2004
    Posts
    2,572

    Default

    Then you were either offline, or your firewall automatically blocked the OpenCandy library.
    I'm not employed by Disc Soft and my views do not necessarily reflect the ones of the company.

  4. #24

    Default

    Quote Originally Posted by Sway View Post
    It's not a spyware.
    True, It's actually Malware. And it's not a false positive.

  5. #25

    Default

    Quote Originally Posted by bpz2 View Post
    Thanks for your reply Sway.



    Maybe I was not specific but after the alert I already ran Daemon Tools Lite installer in Wireshark and this list about my system is sending to nsis.bisrv.com -

    Code:
    installer_data={"uid":"B43DE587EB164BCFB239BCDE74CD65D0","muid":"af80b63072ef4fa6b059bd38b2d723d0","affid":"daemontoolslite","sid":"daemontoolslitemdma","installerVersion":"2.0.0u","osVersion":"6.1.7601 64bit","ieVersion":"9.0.8112.16421","ff_installed":"0","ff_version":"","ff_default_homepage":"not_found","ff_is_default":"0","ie_installed":"1","ie_version":"9.0.8112.16421","ie_default_homepage":"","ie_is_default":"1","chrome_installed":"0","chrome_version":"","chrome_default_homepage":"not_found","chrome_is_default":"0","opera_installed":"0","opera_version":"","opera_default_homepage":"not_found","opera_is_default":"0","safari_installed":"0","safari_version":"","safari_default_homepage":"not_found","safari_is_default":"0","couponamazing":"false","couponamazing_check2":"false","couponamazing_check3":"false","default_browser_not_chrome":"null","default_browser_not_chrome_xp":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","addlyrics":"false","FiftyonRED_2":"false","FiftyonRED_3":"false","FiftyonRED_4":"false","FiftyonRED_5":"false","firefox_version_not_8_to_12_XP":"null","firefox_version_not_8_to_12_Win7":"null","default_browser_ff_1":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","default_browser_ff_2":"null","default_browser_not_ff_1":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","default_browser_not_ff_2":"null","CouponCaddy_1":"false","CouponCaddy_2":"false","CouponCaddy_3":"false","sdp":"false","iminent_32bit":"false","iminent_64bit":"false","dotnet_4":"1","conduit":"false","babylon":"false","claro":"false","incredibar_1":"false","incredimail":"false","incredimail_2":"false","fixie":"false","incredibar_post":"false","pcfixspeed":"false"}


    It is downloading the files bitool.dll from nsis.bisrv.com and bi_downloader.exe and installercdn.filebulldog.com with Riskware.Win32.Somoto.AMN without asking. I checked the signature like you said and one is not signed and one is signed by Somoto, so it is not a false positive.

    Is this riskware supposed to be there? It is not even mentioned.
    I have the same problem with my machine. I carefully un-checked everything, and on the popup message that Terramex posted, I clicked the "Cancel" prompt so it would not install any of the adware/malware.

    My Anti virus software still picked up malware after installing Daemon Tools Lite v4.47.1.0335. I've installed Daemon tools many times, so I'm quite familiar with the tricks involved in making sure you don't install anything else.

    7/25/2013 8:07:15 AM
    Real-time file system protection
    file
    C:\Users\Merlin\AppData\Local\Temp\bitool.dll
    Win32/Somoto.C
    potentially unwanted application
    cleaned by deleting - quarantined
    NT AUTHORITY\SYSTEM
    Event occurred during an attempt to access the file by the application:
    C:\Windows\System32\rundll32.exe.

  6. #26

    Default

    Please tell us only one thing: Why you force us to install this trash additional "software". When we click Next button (you know very well what about I am talking now) - we not only accept the terms of Babylon, but also install it! The fact that we don't check the options for default home page, doesn't change the fact that you force us to install this files if we want to install the Daemon Tools itself!

    Behave like adults and just answer to your users to this one simple question - Why? Why did you do that? Is it some legal agreement with this Somoto partner?
    If this is it - Thank you Somoto that you f***ed and this free software in such a brutal way!

  7. #27
    Moderator


    Sway's Avatar
    Join Date
    09.07.2009
    Posts
    1,966

    Default

    Dear g836847,

    According to the agreement with Somoto, we are not able to make an impact on which offer is shown for a certain user and how it behaves. We just show the offer page in our DT installation wizard. During our tests, we didn't meet any harmful software or software which can be installed in spite of user's rejection. Please be attentive during installation.

    We appreciate your awareness!

  8. #28

    Default

    Dear Sway and Terramex,
    Note that in the past I have already used your software who is really amazing, the problem comes from Somoto.
    I have Sophos Network Security Professional on my computer.
    I just double click on your software "DTLite4471-0337.exe" and nothing else.
    On my screen i can see the first step of your installer who ask me to choose the setup language.
    Note that I don't click on the next button at this step (so i didn't install anything at the moment).
    And what a surprise, Sophos (one of the better anti spyware in the world) says :
    Adware or PUA detected from Somoto BetterInstaller
    Components:
    - C:\Users\Administrateur\AppData\Local\Microsoft\Wi ndows\Temporary Internet Files\Content.IE5\JS4C9GED\bi_downloader[1].exe\FILE:0001
    - C:\Users\Administrateur\AppData\Local\Microsoft\Wi ndows\Temporary Internet Files\Content.IE5\LI0PJH67\bi_downloader[1].exe\FILE:0001
    - C:\Users\Administrateur\AppData\Local\Temp\nsn4ED9 .tmp\FILE:0001
    - C:\Users\Administrateur\AppData\Local\Temp\nsrB6DF .tmp\FILE:0001

    I'm curious to know how you can justify that to us?
    You said:
    During our tests, we didn't meet any harmful software or software which can be installed in spite of user's rejection
    But this Somoto software is on my hard disk before starting the installation (ahahah ^_^).
    I finished the installation on an other computer (i have uncheck the free trash Tools of course) and i can tell you what your software does (because it seems you are not able to see it):
    It add some advertising on Google main page for exemple and i suppose it replaces many Google advertising on many web pages in order to hijack money of advertising.
    I'm curious to know what google will say about that? or what Microsoft will think of a third party software that modify internet explorer?

    I strongly advise you to reconsider your answer "you're just idiots who do not know uncheck radio buttons"
    Respectfully, Gosu User, a beginner with 20 years experience in IT
    nb:sorry for my broken English

  9. #29
    Moderator


    Sway's Avatar
    Join Date
    09.07.2009
    Posts
    1,966

    Default

    Dear Gosu User,

    We appreciate your feedback!

    Quote Originally Posted by Gosu_User View Post
    But this Somoto software is on my hard disk before starting the installation (ahahah ^_^).
    When you just launch installation wizard, installation package must be temporarily extracted to your hard disk drive. But it does not mean that all extracted files are used during installation. Normally, BetterInstaller downloader should not be run if all appropriate option are unchecked. BUT there can be some issues on BetterInstaller's side. We have already met such problem with SweetPacks Toolbar and SearchProtect installation (http://forum.daemon-tools.cc/f16/spy...51/#post140557) and reported this issue to BetterInstaller team.

    Quote Originally Posted by Gosu_User View Post
    I finished the installation on an other computer (i have uncheck the free trash Tools of course) and i can tell you what your software does (because it seems you are not able to see it):
    It add some advertising on Google main page for exemple and i suppose it replaces many Google advertising on many web pages in order to hijack money of advertising.
    I'm curious to know what google will say about that? or what Microsoft will think of a third party software that modify internet explorer?
    Please specify software or browser extension which was installed together with DT product. I'll try to reproduce this issue.
    Thank you in advance!

  10. #30

    Default

    Dear Sway
    First, let me thank you for publishing my message in full and uncensored, it is very rare nowadays on forums to be noted!
    And thank you for answering so fast.
    I tested it with Internet Explorer 10.
    Unfortunately, I can not say exactly which version because it was there a few months
    (I try to install again your software few days ago but when I see "Adware or PUA detected" by Sophos, I just stop the setup because I thank that the problem I have met a few months earlier is still not resolved).
    I'm sorry, I did'nt think to take screenshots to show you the changes made ​​to my browser by the software "Somoto better installer" at the time.
    I did not really want to try again today because the problem is hard to properly fix and i like to have a clean computer.
    If you'll update your software in a near future to make Somoto better installer not appear on hard disk when we launch the setup, thank you to inform us.
    I think the community will be very grateful if you fix this.
    Respectfully, Gosu User.

Page 3 of 5 FirstFirst 12345 LastLast

Bookmarks

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •