Spyware in Daemon Tools Lite installer?

[Terramex]

Please keep in mind that the "virus" (=Adware) doesn't come into play at all for paid licenses.
The temp files extracted from the installer (=your Eset findings) will be deleted after the DT Pro/Ultra installation is completed.

[southpointtech]

So, is Sway saying that Conduit and Babylon are customers? These are known and aggressive malware that takes over your search. Please confirm this because no one will ever use Daemon again.

Thanks for your reply Sway.



Maybe I was not specific but after the alert I already ran Daemon Tools Lite installer in Wireshark and this list about my system is sending to nsis.bisrv.com -

Code:

installer_data={"uid":"B43DE587EB164BCFB239BCDE74CD65D0","muid":"af80b63072ef4fa6b059bd38b2d723d0","affid":"daemontoolslite","sid":"daemontoolslitemdma","installerVersion":"2.0.0u","osVersion":"6.1.7601 64bit","ieVersion":"9.0.8112.16421","ff_installed":"0","ff_version":"","ff_default_homepage":"not_found","ff_is_default":"0","ie_installed":"1","ie_version":"9.0.8112.16421","ie_default_homepage":"","ie_is_default":"1","chrome_installed":"0","chrome_version":"","chrome_default_homepage":"not_found","chrome_is_default":"0","opera_installed":"0","opera_version":"","opera_default_homepage":"not_found","opera_is_default":"0","safari_installed":"0","safari_version":"","safari_default_homepage":"not_found","safari_is_default":"0","couponamazing":"false","couponamazing_check2":"false","couponamazing_check3":"false","default_browser_not_chrome":"null","default_browser_not_chrome_xp":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","addlyrics":"false","FiftyonRED_2":"false","FiftyonRED_3":"false","FiftyonRED_4":"false","FiftyonRED_5":"false","firefox_version_not_8_to_12_XP":"null","firefox_version_not_8_to_12_Win7":"null","default_browser_ff_1":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","default_browser_ff_2":"null","default_browser_not_ff_1":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","default_browser_not_ff_2":"null","CouponCaddy_1":"false","CouponCaddy_2":"false","CouponCaddy_3":"false","sdp":"false","iminent_32bit":"false","iminent_64bit":"false","dotnet_4":"1","conduit":"false","babylon":"false","claro":"false","incredibar_1":"false","incredimail":"false","incredimail_2":"false","fixie":"false","incredibar_post":"false","pcfixspeed":"false"}

It is downloading the files bitool.dll from nsis.bisrv.com and bi_downloader.exe and installercdn.filebulldog.com with Riskware.Win32.Somoto.AMN without asking. I checked the signature like you said and one is not signed and one is signed by Somoto, so it is not a false positive.

Is this riskware supposed to be there? It is not even mentioned.

[Newbuser]

DAEMON Tools Lite is absolutely free for personal use. We have several legal partners to monetize our freeware. SOMOTO is one of these partners. Such services recommend users to install 3rd party software (toolbars, search engines or some useful software) during DAEMON Tools Lite installation. BUT it is absolutely optional. You can uncheck appropriate options in installation wizard, and nothing will be installed together with DAEMON Tools Lite. Also you can disable your Internet connection during installation to prevent any offers. And of course, paid version of DAEMON Tools Lite does not contain any partner offers.

Well, maybe you all need to have a talk with your Somoto friends because I know I unchecked everything and clicked cancel when that window popped up, and MalwareBytes is detecting 3 PUPs in my Temp folder, and they're all from Somoto. I haven't scanned the rest of my system, but I expect Somoto found a way of installing more than just in the Temp folder. Perhaps they have your source code and are somehow inputting a line or two that tells it to install their software or in some other way introduce it to the machine installing your Daemon Tools Lite.

If it's a simple matter of the install files are still copied to the Temp folder regardless of whether I choose to accept it, well, it's still fishy, and it doesn't provide a positive company image.

[NeverUsingDTagain]

F U Daemon Tools!!!!!

I've read your lame excuse about not having control about what your partner SOMOTO or whoever else might be does with your install.
LAME.
LAME.
LAME.
As far as I'm concern, after downloading Daemon Tools Light from a link fro YOUR website and then installing YOUR software - THERE WAS ABSOLUTELY NO OPTIONS, WARNINGS, OR OTHER CHOICES for software installation - the setup simply went through and installed god damn "DO SEARCHES" hijack.

I'm an IT professional with 25 years in the field and it freaking took me a good hour to get rid of the damn thing!

As far as I can tell - DEAMON TOOLS LITE IS A VIRUS SPREADING outfit.

Instead of pointing fingers, Deamon Tools, take control of your distribution, morons. Your suggestion to "temporary disable internet" for the installation is borderline moronic and idiotic as no self-respecting company or admin would do. How about YOU fix your software by making sure no spyware get packaged with it!!!!


I'll spread the word, imbeciles.

While he may be vulgar, I completely agree with MasterVal. This is a disgusting tactic used by unscrupulous software developers. I will not only NEVER use any product made by this company, but I will actively speak out about why everyone else should avoid them, as well. I am a part time college student, I own my own PC repair business, and am very active in social media. I will do everything in my power to spread the word to my fellow students, professors, employees, clients, friends, family, and anyone willing to listen. Everyone needs to know how shady you guys are.

Like others have said, you need to stop pointing fingers and take responsibility for your own decisions. You've decided to partner with malicious software developers, not us. We will now decide to never do business with you, or any of your partners.

[halp1]

So, is Sway saying that Conduit and Babylon are customers? These are known and aggressive malware that takes over your search. Please confirm this because no one will ever use Daemon again.

Is this "issue" resolved?

[halp1]

I'm a newbie and program worked then stopped working after only making two ISO files of software DVDs that I own. Reading forum posts about extra programs being installed (sometimes seemingly without permission) it is very frustrating to sort our whether this program is worth the few dollars I paid for it. If you want people to have confidence in your software then make it very clear and easy to understand during installation what is being installed; allow people to choose - opt in; if not then give easy way to abort the installation. If this were clearly thecase then I'd be happy to recommend your software. You need to choose your business model and different companies approach things differently - so this is just a suggestion from one new user.

[appolon]

Let me share my experience with the latest versions of DT in the past few days. Two days ago I have installed your product to my laptop, full of work and sensitive data. After that, in the morning, I started working for the first time. It was a surprise when all my three browsers (IE, Chrome, Mozilla) were changed with new start page. Trying to understand what happened I found a new icon among the hidden on the task bar. There was no uninstall option and each time I reinstalled the browsers or cleaned their preferences, it restored it self again to "MYSEARCH" homepage, search provider and "SAFE BROWSING" hidden icon. Then I found that the new "adware" actually took administrator privileges and is making all these changes. With the help of another software I've tried to clean all of the registry keys for the past 24 hours. What a surprise - a restore point was created. The surprise is that the restore function was always turned off! Then the HDD indicator turned on and didn't stopped. I've checked and saw in the upload traffic that the new "gift" by DT was sending data. Immediately tried to delete the data, token from my office as a homework but here was the next surprise - "some of the files are in use or write protected". Obviously the new adware was reading the files with bank accounts of clients, passwords, offers, invoices etc.
Finally reconciled with it and pre-installed the laptop. Thinking that it's from something else I've downloaded again DT and very carefully installed only the program. Once again the MYSEARCH virus appeared with the "PRO SURF" hidden icon. All the tries to remove it would take more time than the pre-install but I'll never be sure 100%, so started a new installation of WINDOWS 7. This time I downloaded the DT PRO and wanted to use the trial version. Again "MESEARCH", "PRO SURF" administrator rights etc. Finally I pre-installed for third time and didn't used DT. There is no problem to the moment.

It cost me more than 8 hours efforts, lost my daily work, don't know how much data and for what purpose was sent to somewhere, lost my daily profit of at least 8 consultations etc. Daemon Tools are participating in criminal act. The man of law in the office is keeping a record of the event in case of fraud or leakage of personal data. DT lost me and all my colleagues as a clients and owe me more than 100$.

PS: I'm not an end user - not so long time ago ended my 10 years of enthusiastic participation in overclock tournaments, using Debian distribution in command line etc.