Page 5 of 5 FirstFirst ... 345
Showing results 41 to 45 of 45

Thread: Spyware in Daemon Tools Lite installer?

  1. #41
    Terramex's Avatar
    Join Date


    Please keep in mind that the "virus" (=Adware) doesn't come into play at all for paid licenses.
    The temp files extracted from the installer (=your Eset findings) will be deleted after the DT Pro/Ultra installation is completed.
    Last edited by Terramex : 11.12.2013 at 19:35
    I'm not employed by Disc Soft and my views do not necessarily reflect the ones of the company.

  2. #42


    So, is Sway saying that Conduit and Babylon are customers? These are known and aggressive malware that takes over your search. Please confirm this because no one will ever use Daemon again.

    Quote Originally Posted by bpz2 View Post
    Thanks for your reply Sway.

    Maybe I was not specific but after the alert I already ran Daemon Tools Lite installer in Wireshark and this list about my system is sending to -

    installer_data={"uid":"B43DE587EB164BCFB239BCDE74CD65D0","muid":"af80b63072ef4fa6b059bd38b2d723d0","affid":"daemontoolslite","sid":"daemontoolslitemdma","installerVersion":"2.0.0u","osVersion":"6.1.7601 64bit","ieVersion":"9.0.8112.16421","ff_installed":"0","ff_version":"","ff_default_homepage":"not_found","ff_is_default":"0","ie_installed":"1","ie_version":"9.0.8112.16421","ie_default_homepage":"","ie_is_default":"1","chrome_installed":"0","chrome_version":"","chrome_default_homepage":"not_found","chrome_is_default":"0","opera_installed":"0","opera_version":"","opera_default_homepage":"not_found","opera_is_default":"0","safari_installed":"0","safari_version":"","safari_default_homepage":"not_found","safari_is_default":"0","couponamazing":"false","couponamazing_check2":"false","couponamazing_check3":"false","default_browser_not_chrome":"null","default_browser_not_chrome_xp":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","addlyrics":"false","FiftyonRED_2":"false","FiftyonRED_3":"false","FiftyonRED_4":"false","FiftyonRED_5":"false","firefox_version_not_8_to_12_XP":"null","firefox_version_not_8_to_12_Win7":"null","default_browser_ff_1":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","default_browser_ff_2":"null","default_browser_not_ff_1":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","default_browser_not_ff_2":"null","CouponCaddy_1":"false","CouponCaddy_2":"false","CouponCaddy_3":"false","sdp":"false","iminent_32bit":"false","iminent_64bit":"false","dotnet_4":"1","conduit":"false","babylon":"false","claro":"false","incredibar_1":"false","incredimail":"false","incredimail_2":"false","fixie":"false","incredibar_post":"false","pcfixspeed":"false"}

    It is downloading the files bitool.dll from and bi_downloader.exe and with Riskware.Win32.Somoto.AMN without asking. I checked the signature like you said and one is not signed and one is signed by Somoto, so it is not a false positive.

    Is this riskware supposed to be there? It is not even mentioned.

  3. #43


    Quote Originally Posted by Sway View Post
    DAEMON Tools Lite is absolutely free for personal use. We have several legal partners to monetize our freeware. SOMOTO is one of these partners. Such services recommend users to install 3rd party software (toolbars, search engines or some useful software) during DAEMON Tools Lite installation. BUT it is absolutely optional. You can uncheck appropriate options in installation wizard, and nothing will be installed together with DAEMON Tools Lite. Also you can disable your Internet connection during installation to prevent any offers. And of course, paid version of DAEMON Tools Lite does not contain any partner offers.
    Well, maybe you all need to have a talk with your Somoto friends because I know I unchecked everything and clicked cancel when that window popped up, and MalwareBytes is detecting 3 PUPs in my Temp folder, and they're all from Somoto. I haven't scanned the rest of my system, but I expect Somoto found a way of installing more than just in the Temp folder. Perhaps they have your source code and are somehow inputting a line or two that tells it to install their software or in some other way introduce it to the machine installing your Daemon Tools Lite.

    If it's a simple matter of the install files are still copied to the Temp folder regardless of whether I choose to accept it, well, it's still fishy, and it doesn't provide a positive company image.

  4. #44

    Böse Disgusting Tactic

    Quote Originally Posted by MasterVal View Post
    F U Daemon Tools!!!!!

    I've read your lame excuse about not having control about what your partner SOMOTO or whoever else might be does with your install.
    As far as I'm concern, after downloading Daemon Tools Light from a link fro YOUR website and then installing YOUR software - THERE WAS ABSOLUTELY NO OPTIONS, WARNINGS, OR OTHER CHOICES for software installation - the setup simply went through and installed god damn "DO SEARCHES" hijack.

    I'm an IT professional with 25 years in the field and it freaking took me a good hour to get rid of the damn thing!

    As far as I can tell - DEAMON TOOLS LITE IS A VIRUS SPREADING outfit.

    Instead of pointing fingers, Deamon Tools, take control of your distribution, morons. Your suggestion to "temporary disable internet" for the installation is borderline moronic and idiotic as no self-respecting company or admin would do. How about YOU fix your software by making sure no spyware get packaged with it!!!!

    I'll spread the word, imbeciles.
    While he may be vulgar, I completely agree with MasterVal. This is a disgusting tactic used by unscrupulous software developers. I will not only NEVER use any product made by this company, but I will actively speak out about why everyone else should avoid them, as well. I am a part time college student, I own my own PC repair business, and am very active in social media. I will do everything in my power to spread the word to my fellow students, professors, employees, clients, friends, family, and anyone willing to listen. Everyone needs to know how shady you guys are.

    Like others have said, you need to stop pointing fingers and take responsibility for your own decisions. You've decided to partner with malicious software developers, not us. We will now decide to never do business with you, or any of your partners.

  5. #45
    New User
    Join Date


    Quote Originally Posted by southpointtech View Post
    So, is Sway saying that Conduit and Babylon are customers? These are known and aggressive malware that takes over your search. Please confirm this because no one will ever use Daemon again.
    Is this "issue" resolved?

Page 5 of 5 FirstFirst ... 345


Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts