Showing results 1 to 8 of 8

Thread: The disk-tools.com download site installed a virus on my computer

  1. #1

    Default The disk-tools.com download site installed a virus on my computer

    Hi guys, this is't a problem with damon-tools itself, it's with one of the file-hosting sites that the downloads page links to.

    I had an older version of firefox, and while downloading daemon tools, the site installed a program called "Antivirus XP 2008" that changed my desktop wallpaper, automatically started scanning my computer, and started poping up from the system tray telling me it found some number of viruses on my computer.

    There's absolutely no question as to where the virus came this is on my server and it's only visited 3 sites in the past month: firefox start, daemon-tools.cc, and disk-tools.com.

    If you guys need another host for the application, I have a hosting account with 1TB/month bandwidth that I'd be willing to share for free. (No advertising, just an ftp account)

  2. #2
    Experienced User
    Alco's Avatar
    Join Date
    03.07.2006
    Posts
    216

    Default

    DT has no relation AT ALL with: "Antivirus XP 2008".

    So how could DT be involved here?

    Please provide URL where you did download DT product with such problems?

  3. #3
    Master
    Jito463's Avatar
    Join Date
    24.05.2005
    Posts
    1,626

    Default

    Antivirus XP 2008. That's been popping up a LOT lately at work. Also known as Antivirus Vista 2008, Antivirus XP 2009 and WinAntivirus Pro (and possibly others). Fake AV program that riddles your computer with tons of malware, trojans and viruses. Not horribly difficult to remove (others - like Virtumonde - are much harder), but still a big problem for our customers.

    As Alco said, there's no way you got that from DTools. I'm 100% certain you wouldn't have got it from any of their sites.

  4. #4

    Default

    No, I am 100% certain that it came from the download site for daemon tools, the one that's linked as "DOWNLOAD-MIRROR 1: CLICK HERE TO DOWNLOAD IF ABOVE LINK DOES NOT WORK " on this page: - THE DAEMONS HOME

    The site (or possibly one of the advertisers on the site) is infected with something that exploits security flaws in old versions of firefox and installs the "Antivirus XP 2008" program.

  5. #5

    Default

    we just checked the server, all files and looked for exploits,
    nada, nothing.

    Although we're thankfull if someone points out flaws here, this
    becomes more a witch-hunt with non-info.

    If you have anything valid to say, please support us with more
    info:

    browser-version, OS version

    also please store the site for deeper investigation that exploited
    you - please contact us at: support@daemon-tools.cc

    and then we give you instructions how you can submit
    the site-sourcecode so we can take a look to it.

    Please note that from the several thousand! of downloaders (daily!),
    NOONE reported anything. Of course we take every info
    serious, but I must point out that its very suspicious that
    noone except you detected such behaviour.

    So for now lets see what you can submit us - without further
    proper info, we're unable to help you

  6. #6

    Default

    I spent some time uninstalling and reinstalling old versions of firefox and java trying to get it to happen again and I couldn't, so maybe it's been fixed already. (I was on firefox 1.5.0.3, not sure which version of java, but I know I got java updates yesterday also.)

    I found a couple other reports that one of their advertisers, clicksor was installing malware through a java exploit: Malicious Advertising - B.I.S.S. Forums and Flash Mystery - B.I.S.S. Forums (it's way down the page, control+f for clicksor)

    also, if anybody else gets "antivirus xp 2008", this program gets rid of it: http://download.bleepingcomputer.com...mbam-setup.exe

  7. #7
    Experienced User
    Alco's Avatar
    Join Date
    03.07.2006
    Posts
    216

    Default

    Quote Originally Posted by nfriedly View Post
    .....

    The site (or possibly one of the advertisers on the site) is infected with something that exploits security flaws in old versions of firefox and installs the "Antivirus XP 2008" program.

    I found a couple other reports that one of their advertisers, clicksor was installing malware through a java exploit: Malicious Advertising - B.I.S.S. Forums and Flash Mystery - B.I.S.S. Forums (it's way down the page, control+f for clicksor)
    Well then we will take it VERY seriously and we would contact clicksor about this sh.t!!!

    Thanks a lot for bringing this issue to our attention!

  8. #8

    Default

    as you see, we already reacted and proof the whole issue, if
    this is true it WILL have consequences. In no way did we ever
    abused our users. As precaution, we already take that adsponsor
    down. As you see we play with open cards as we always did.
    Anyway, I still hope that you're wrong, it would be indeed sad.

    We are aware that every now and then adsponsors on very
    respected/serious sites were target of such kind of "attacks".

    Therefore our apologies and a big thank you to point us in the
    right direction!

    We will keep you informed about our results.

Bookmarks

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •