Announcement

Collapse
No announcement yet.

Spyware in Daemon Tools Lite installer?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    @Monz
    If you want to play it entirely safe run a silent installation: Installation command line parameters | daemon-help.com
    e.g. D:\Downloads\DTLite4461-0328.exe /S /nogadget /D="C:\Program Files (x86)"
    I'm not employed by Disc Soft and my views do not necessarily reflect the ones of the company.

    Comment


    • #17
      Originally Posted by Terramex View Post
      @Monz
      If you want to play it entirely safe run a silent installation: Installation command line parameters | daemon-help.com
      e.g. D:\Downloads\DTLite4461-0328.exe /S /nogadget /D="C:\Program Files (x86)"
      I'll need a explanation what does that mean

      Comment


      • #18
        spywares are very common in softwares nowadays, but we are in the childhood of the internet era and most people are way too stupid to realize that, in a couple of centuries from now people will say "wow they were really that stupid to let the whole world inspect their house like that?"

        anyway remember this golden rule, never grant internet access to a software which isn't 100% open source, only grant that access to a select few softwares which need it (like your web browser) and which are fully open source (including every plugin) and when you're not 100% sure if you can trust, simply choose the safer path and do not trust it

        digital sigs don't mean anything in regards to whether you can trust or not, it's just a way to verify the editor, but in no way means that editor can be trusted, has never been the point of it

        Comment


        • #19
          surprised you didnt mention only using an open source os there too jasondcc... oh yeh... windows isnt open source...
          my views are 100% personal views..

          Comment


          • #20
            Im confused, only this appears during installation, no other toolbar installation's or anything.


            Comment


            • #21
              It will only appear when selecting 'Free license' and only when you're online.
              I'm not employed by Disc Soft and my views do not necessarily reflect the ones of the company.

              Comment


              • #22
                I did select 'Free license' and it didn't appear.

                Comment


                • #23
                  Then you were either offline, or your firewall automatically blocked the OpenCandy library.
                  I'm not employed by Disc Soft and my views do not necessarily reflect the ones of the company.

                  Comment


                  • #24
                    Originally Posted by Sway View Post
                    It's not a spyware.
                    True, It's actually Malware. And it's not a false positive.

                    Comment


                    • #25
                      Originally Posted by bpz2 View Post
                      Thanks for your reply Sway.



                      Maybe I was not specific but after the alert I already ran Daemon Tools Lite installer in Wireshark and this list about my system is sending to nsis.bisrv.com -

                      Code:
                      installer_data={"uid":"B43DE587EB164BCFB239BCDE74CD65D0","muid":"af80b63072ef4fa6b059bd38b2d723d0","affid":"daemontoolslite","sid":"daemontoolslitemdma","installerVersion":"2.0.0u","osVersion":"6.1.7601 64bit","ieVersion":"9.0.8112.16421","ff_installed":"0","ff_version":"","ff_default_homepage":"not_found","ff_is_default":"0","ie_installed":"1","ie_version":"9.0.8112.16421","ie_default_homepage":"","ie_is_default":"1","chrome_installed":"0","chrome_version":"","chrome_default_homepage":"not_found","chrome_is_default":"0","opera_installed":"0","opera_version":"","opera_default_homepage":"not_found","opera_is_default":"0","safari_installed":"0","safari_version":"","safari_default_homepage":"not_found","safari_is_default":"0","couponamazing":"false","couponamazing_check2":"false","couponamazing_check3":"false","default_browser_not_chrome":"null","default_browser_not_chrome_xp":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","addlyrics":"false","FiftyonRED_2":"false","FiftyonRED_3":"false","FiftyonRED_4":"false","FiftyonRED_5":"false","firefox_version_not_8_to_12_XP":"null","firefox_version_not_8_to_12_Win7":"null","default_browser_ff_1":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","default_browser_ff_2":"null","default_browser_not_ff_1":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","default_browser_not_ff_2":"null","CouponCaddy_1":"false","CouponCaddy_2":"false","CouponCaddy_3":"false","sdp":"false","iminent_32bit":"false","iminent_64bit":"false","dotnet_4":"1","conduit":"false","babylon":"false","claro":"false","incredibar_1":"false","incredimail":"false","incredimail_2":"false","fixie":"false","incredibar_post":"false","pcfixspeed":"false"}


                      It is downloading the files bitool.dll from nsis.bisrv.com and bi_downloader.exe and installercdn.filebulldog.com with Riskware.Win32.Somoto.AMN without asking. I checked the signature like you said and one is not signed and one is signed by Somoto, so it is not a false positive.

                      Is this riskware supposed to be there? It is not even mentioned.
                      I have the same problem with my machine. I carefully un-checked everything, and on the popup message that Terramex posted, I clicked the "Cancel" prompt so it would not install any of the adware/malware.

                      My Anti virus software still picked up malware after installing Daemon Tools Lite v4.47.1.0335. I've installed Daemon tools many times, so I'm quite familiar with the tricks involved in making sure you don't install anything else.

                      7/25/2013 8:07:15 AM
                      Real-time file system protection
                      file
                      C:\Users\Merlin\AppData\Local\Temp\bitool.dll
                      Win32/Somoto.C
                      potentially unwanted application
                      cleaned by deleting - quarantined
                      NT AUTHORITY\SYSTEM
                      Event occurred during an attempt to access the file by the application:
                      C:\Windows\System32\rundll32.exe.

                      Comment


                      • #26
                        Please tell us only one thing: Why you force us to install this trash additional "software". When we click Next button (you know very well what about I am talking now) - we not only accept the terms of Babylon, but also install it! The fact that we don't check the options for default home page, doesn't change the fact that you force us to install this files if we want to install the Daemon Tools itself!

                        Behave like adults and just answer to your users to this one simple question - Why? Why did you do that? Is it some legal agreement with this Somoto partner?
                        If this is it - Thank you Somoto that you f***ed and this free software in such a brutal way!

                        Comment


                        • #27
                          Dear g836847,

                          According to the agreement with Somoto, we are not able to make an impact on which offer is shown for a certain user and how it behaves. We just show the offer page in our DT installation wizard. During our tests, we didn't meet any harmful software or software which can be installed in spite of user's rejection. Please be attentive during installation.

                          We appreciate your awareness!

                          Comment


                          • #28
                            Dear Sway and Terramex,
                            Note that in the past I have already used your software who is really amazing, the problem comes from Somoto.
                            I have Sophos Network Security Professional on my computer.
                            I just double click on your software "DTLite4471-0337.exe" and nothing else.
                            On my screen i can see the first step of your installer who ask me to choose the setup language.
                            Note that I don't click on the next button at this step (so i didn't install anything at the moment).
                            And what a surprise, Sophos (one of the better anti spyware in the world) says :
                            Adware or PUA detected from Somoto BetterInstaller
                            Components:
                            - C:\Users\Administrateur\AppData\Local\Microsoft\Wi ndows\Temporary Internet Files\Content.IE5\JS4C9GED\bi_downloader[1].exe\FILE:0001
                            - C:\Users\Administrateur\AppData\Local\Microsoft\Wi ndows\Temporary Internet Files\Content.IE5\LI0PJH67\bi_downloader[1].exe\FILE:0001
                            - C:\Users\Administrateur\AppData\Local\Temp\nsn4ED9 .tmp\FILE:0001
                            - C:\Users\Administrateur\AppData\Local\Temp\nsrB6DF .tmp\FILE:0001

                            I'm curious to know how you can justify that to us?
                            You said:
                            During our tests, we didn't meet any harmful software or software which can be installed in spite of user's rejection
                            But this Somoto software is on my hard disk before starting the installation (ahahah ^_^).
                            I finished the installation on an other computer (i have uncheck the free trash Tools of course) and i can tell you what your software does (because it seems you are not able to see it):
                            It add some advertising on Google main page for exemple and i suppose it replaces many Google advertising on many web pages in order to hijack money of advertising.
                            I'm curious to know what google will say about that? or what Microsoft will think of a third party software that modify internet explorer?

                            I strongly advise you to reconsider your answer "you're just idiots who do not know uncheck radio buttons"
                            Respectfully, Gosu User, a beginner with 20 years experience in IT
                            nb:sorry for my broken English

                            Comment


                            • #29
                              Dear Gosu User,

                              We appreciate your feedback!

                              Originally Posted by Gosu_User View Post
                              But this Somoto software is on my hard disk before starting the installation (ahahah ^_^).
                              When you just launch installation wizard, installation package must be temporarily extracted to your hard disk drive. But it does not mean that all extracted files are used during installation. Normally, BetterInstaller downloader should not be run if all appropriate option are unchecked. BUT there can be some issues on BetterInstaller's side. We have already met such problem with SweetPacks Toolbar and SearchProtect installation (http://forum.daemon-tools.cc/f16/spy...51/#post140557) and reported this issue to BetterInstaller team.

                              Originally Posted by Gosu_User View Post
                              I finished the installation on an other computer (i have uncheck the free trash Tools of course) and i can tell you what your software does (because it seems you are not able to see it):
                              It add some advertising on Google main page for exemple and i suppose it replaces many Google advertising on many web pages in order to hijack money of advertising.
                              I'm curious to know what google will say about that? or what Microsoft will think of a third party software that modify internet explorer?
                              Please specify software or browser extension which was installed together with DT product. I'll try to reproduce this issue.
                              Thank you in advance!

                              Comment


                              • #30
                                Dear Sway
                                First, let me thank you for publishing my message in full and uncensored, it is very rare nowadays on forums to be noted!
                                And thank you for answering so fast.
                                I tested it with Internet Explorer 10.
                                Unfortunately, I can not say exactly which version because it was there a few months
                                (I try to install again your software few days ago but when I see "Adware or PUA detected" by Sophos, I just stop the setup because I thank that the problem I have met a few months earlier is still not resolved).
                                I'm sorry, I did'nt think to take screenshots to show you the changes made ​​to my browser by the software "Somoto better installer" at the time.
                                I did not really want to try again today because the problem is hard to properly fix and i like to have a clean computer.
                                If you'll update your software in a near future to make Somoto better installer not appear on hard disk when we launch the setup, thank you to inform us.
                                I think the community will be very grateful if you fix this.
                                Respectfully, Gosu User.

                                Comment

                                Working...
                                X