Announcement

Collapse
No announcement yet.

The disk-tools.com download site installed a virus on my computer

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The disk-tools.com download site installed a virus on my computer

    Hi guys, this is't a problem with damon-tools itself, it's with one of the file-hosting sites that the downloads page links to.

    I had an older version of firefox, and while downloading daemon tools, the site installed a program called "Antivirus XP 2008" that changed my desktop wallpaper, automatically started scanning my computer, and started poping up from the system tray telling me it found some number of viruses on my computer.

    There's absolutely no question as to where the virus came this is on my server and it's only visited 3 sites in the past month: firefox start, daemon-tools.cc, and disk-tools.com.

    If you guys need another host for the application, I have a hosting account with 1TB/month bandwidth that I'd be willing to share for free. (No advertising, just an ftp account)

  • #2
    DT has no relation AT ALL with: "Antivirus XP 2008".

    So how could DT be involved here?

    Please provide URL where you did download DT product with such problems?

    Comment


    • #3
      Antivirus XP 2008. That's been popping up a LOT lately at work. Also known as Antivirus Vista 2008, Antivirus XP 2009 and WinAntivirus Pro (and possibly others). Fake AV program that riddles your computer with tons of malware, trojans and viruses. Not horribly difficult to remove (others - like Virtumonde - are much harder), but still a big problem for our customers.

      As Alco said, there's no way you got that from DTools. I'm 100% certain you wouldn't have got it from any of their sites.

      Comment


      • #4
        No, I am 100% certain that it came from the download site for daemon tools, the one that's linked as "DOWNLOAD-MIRROR 1: CLICK HERE TO DOWNLOAD IF ABOVE LINK DOES NOT WORK " on this page: - THE DAEMONS HOME

        The site (or possibly one of the advertisers on the site) is infected with something that exploits security flaws in old versions of firefox and installs the "Antivirus XP 2008" program.

        Comment


        • #5
          we just checked the server, all files and looked for exploits,
          nada, nothing.

          Although we're thankfull if someone points out flaws here, this
          becomes more a witch-hunt with non-info.

          If you have anything valid to say, please support us with more
          info:

          browser-version, OS version

          also please store the site for deeper investigation that exploited
          you - please contact us at: support@daemon-tools.cc

          and then we give you instructions how you can submit
          the site-sourcecode so we can take a look to it.

          Please note that from the several thousand! of downloaders (daily!),
          NOONE reported anything. Of course we take every info
          serious, but I must point out that its very suspicious that
          noone except you detected such behaviour.

          So for now lets see what you can submit us - without further
          proper info, we're unable to help you

          Comment


          • #6
            I spent some time uninstalling and reinstalling old versions of firefox and java trying to get it to happen again and I couldn't, so maybe it's been fixed already. (I was on firefox 1.5.0.3, not sure which version of java, but I know I got java updates yesterday also.)

            I found a couple other reports that one of their advertisers, clicksor was installing malware through a java exploit: Malicious Advertising - B.I.S.S. Forums and Flash Mystery - B.I.S.S. Forums (it's way down the page, control+f for clicksor)

            also, if anybody else gets "antivirus xp 2008", this program gets rid of it: http://download.bleepingcomputer.com...mbam-setup.exe

            Comment


            • #7
              Originally Posted by nfriedly View Post
              .....

              The site (or possibly one of the advertisers on the site) is infected with something that exploits security flaws in old versions of firefox and installs the "Antivirus XP 2008" program.

              I found a couple other reports that one of their advertisers, clicksor was installing malware through a java exploit: Malicious Advertising - B.I.S.S. Forums and Flash Mystery - B.I.S.S. Forums (it's way down the page, control+f for clicksor)
              Well then we will take it VERY seriously and we would contact clicksor about this sh.t!!!

              Thanks a lot for bringing this issue to our attention!

              Comment


              • #8
                as you see, we already reacted and proof the whole issue, if
                this is true it WILL have consequences. In no way did we ever
                abused our users. As precaution, we already take that adsponsor
                down. As you see we play with open cards as we always did.
                Anyway, I still hope that you're wrong, it would be indeed sad.

                We are aware that every now and then adsponsors on very
                respected/serious sites were target of such kind of "attacks".

                Therefore our apologies and a big thank you to point us in the
                right direction!

                We will keep you informed about our results.

                Comment

                Working...
                X