Page 1 of 5 123 ... LastLast
Showing results 1 to 10 of 47

Thread: Spyware in Daemon Tools Lite installer?

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    New User
    Join Date
    10.01.2013
    Posts
    2

    Böse Spyware in Daemon Tools Lite installer?

    When I run the Daemon Tools Lite installer I get an alert for Riskware.Win32.Somoto.AMN. I ran the installer and it is immediately sending out a long list of what is installed on my system without asking and downloading dll and exe files that have virus warnings before I even click on anything. This is spyware! How can I get a spyware free installer??

  2. #2
    Master

    Sway's Avatar
    Join Date
    09.07.2009
    Posts
    1,966

    Default

    It's not a spyware. It's a "false-positive" reaction of your antivirus.

    In case digital signature of DAEMON Tools setup file is valid, we guarantee you that our software does not contain any harmful code. All binary and executable files of installed DAEMON Tools are also signed with our official digital certificate.

  3. #3
    New User
    Join Date
    10.01.2013
    Posts
    2

    Default

    Thanks for your reply Sway.

    Quote Originally Posted by Sway View Post
    It's not a spyware. It's a "false-positive" reaction of your antivirus.
    Maybe I was not specific but after the alert I already ran Daemon Tools Lite installer in Wireshark and this list about my system is sending to nsis.bisrv.com -

    Code:
    installer_data={"uid":"B43DE587EB164BCFB239BCDE74CD65D0","muid":"af80b63072ef4fa6b059bd38b2d723d0","affid":"daemontoolslite","sid":"daemontoolslitemdma","installerVersion":"2.0.0u","osVersion":"6.1.7601 64bit","ieVersion":"9.0.8112.16421","ff_installed":"0","ff_version":"","ff_default_homepage":"not_found","ff_is_default":"0","ie_installed":"1","ie_version":"9.0.8112.16421","ie_default_homepage":"","ie_is_default":"1","chrome_installed":"0","chrome_version":"","chrome_default_homepage":"not_found","chrome_is_default":"0","opera_installed":"0","opera_version":"","opera_default_homepage":"not_found","opera_is_default":"0","safari_installed":"0","safari_version":"","safari_default_homepage":"not_found","safari_is_default":"0","couponamazing":"false","couponamazing_check2":"false","couponamazing_check3":"false","default_browser_not_chrome":"null","default_browser_not_chrome_xp":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","addlyrics":"false","FiftyonRED_2":"false","FiftyonRED_3":"false","FiftyonRED_4":"false","FiftyonRED_5":"false","firefox_version_not_8_to_12_XP":"null","firefox_version_not_8_to_12_Win7":"null","default_browser_ff_1":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","default_browser_ff_2":"null","default_browser_not_ff_1":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","default_browser_not_ff_2":"null","CouponCaddy_1":"false","CouponCaddy_2":"false","CouponCaddy_3":"false","sdp":"false","iminent_32bit":"false","iminent_64bit":"false","dotnet_4":"1","conduit":"false","babylon":"false","claro":"false","incredibar_1":"false","incredimail":"false","incredimail_2":"false","fixie":"false","incredibar_post":"false","pcfixspeed":"false"}
    Quote Originally Posted by Sway View Post
    All binary and executable files of installed DAEMON Tools are also signed with our official digital certificate.
    It is downloading the files bitool.dll from nsis.bisrv.com and bi_downloader.exe and installercdn.filebulldog.com with Riskware.Win32.Somoto.AMN without asking. I checked the signature like you said and one is not signed and one is signed by Somoto, so it is not a false positive.

    Is this riskware supposed to be there? It is not even mentioned.

  4. #4

    Default

    Quote Originally Posted by bpz2 View Post
    Thanks for your reply Sway.



    Maybe I was not specific but after the alert I already ran Daemon Tools Lite installer in Wireshark and this list about my system is sending to nsis.bisrv.com -

    Code:
    installer_data={"uid":"B43DE587EB164BCFB239BCDE74CD65D0","muid":"af80b63072ef4fa6b059bd38b2d723d0","affid":"daemontoolslite","sid":"daemontoolslitemdma","installerVersion":"2.0.0u","osVersion":"6.1.7601 64bit","ieVersion":"9.0.8112.16421","ff_installed":"0","ff_version":"","ff_default_homepage":"not_found","ff_is_default":"0","ie_installed":"1","ie_version":"9.0.8112.16421","ie_default_homepage":"","ie_is_default":"1","chrome_installed":"0","chrome_version":"","chrome_default_homepage":"not_found","chrome_is_default":"0","opera_installed":"0","opera_version":"","opera_default_homepage":"not_found","opera_is_default":"0","safari_installed":"0","safari_version":"","safari_default_homepage":"not_found","safari_is_default":"0","couponamazing":"false","couponamazing_check2":"false","couponamazing_check3":"false","default_browser_not_chrome":"null","default_browser_not_chrome_xp":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","addlyrics":"false","FiftyonRED_2":"false","FiftyonRED_3":"false","FiftyonRED_4":"false","FiftyonRED_5":"false","firefox_version_not_8_to_12_XP":"null","firefox_version_not_8_to_12_Win7":"null","default_browser_ff_1":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","default_browser_ff_2":"null","default_browser_not_ff_1":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","default_browser_not_ff_2":"null","CouponCaddy_1":"false","CouponCaddy_2":"false","CouponCaddy_3":"false","sdp":"false","iminent_32bit":"false","iminent_64bit":"false","dotnet_4":"1","conduit":"false","babylon":"false","claro":"false","incredibar_1":"false","incredimail":"false","incredimail_2":"false","fixie":"false","incredibar_post":"false","pcfixspeed":"false"}


    It is downloading the files bitool.dll from nsis.bisrv.com and bi_downloader.exe and installercdn.filebulldog.com with Riskware.Win32.Somoto.AMN without asking. I checked the signature like you said and one is not signed and one is signed by Somoto, so it is not a false positive.

    Is this riskware supposed to be there? It is not even mentioned.
    I have the same problem with my machine. I carefully un-checked everything, and on the popup message that Terramex posted, I clicked the "Cancel" prompt so it would not install any of the adware/malware.

    My Anti virus software still picked up malware after installing Daemon Tools Lite v4.47.1.0335. I've installed Daemon tools many times, so I'm quite familiar with the tricks involved in making sure you don't install anything else.

    7/25/2013 8:07:15 AM
    Real-time file system protection
    file
    C:\Users\Merlin\AppData\Local\Temp\bitool.dll
    Win32/Somoto.C
    potentially unwanted application
    cleaned by deleting - quarantined
    NT AUTHORITY\SYSTEM
    Event occurred during an attempt to access the file by the application:
    C:\Windows\System32\rundll32.exe.

  5. #5

    Default

    So, is Sway saying that Conduit and Babylon are customers? These are known and aggressive malware that takes over your search. Please confirm this because no one will ever use Daemon again.



    Quote Originally Posted by bpz2 View Post
    Thanks for your reply Sway.



    Maybe I was not specific but after the alert I already ran Daemon Tools Lite installer in Wireshark and this list about my system is sending to nsis.bisrv.com -

    Code:
    installer_data={"uid":"B43DE587EB164BCFB239BCDE74CD65D0","muid":"af80b63072ef4fa6b059bd38b2d723d0","affid":"daemontoolslite","sid":"daemontoolslitemdma","installerVersion":"2.0.0u","osVersion":"6.1.7601 64bit","ieVersion":"9.0.8112.16421","ff_installed":"0","ff_version":"","ff_default_homepage":"not_found","ff_is_default":"0","ie_installed":"1","ie_version":"9.0.8112.16421","ie_default_homepage":"","ie_is_default":"1","chrome_installed":"0","chrome_version":"","chrome_default_homepage":"not_found","chrome_is_default":"0","opera_installed":"0","opera_version":"","opera_default_homepage":"not_found","opera_is_default":"0","safari_installed":"0","safari_version":"","safari_default_homepage":"not_found","safari_is_default":"0","couponamazing":"false","couponamazing_check2":"false","couponamazing_check3":"false","default_browser_not_chrome":"null","default_browser_not_chrome_xp":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","addlyrics":"false","FiftyonRED_2":"false","FiftyonRED_3":"false","FiftyonRED_4":"false","FiftyonRED_5":"false","firefox_version_not_8_to_12_XP":"null","firefox_version_not_8_to_12_Win7":"null","default_browser_ff_1":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","default_browser_ff_2":"null","default_browser_not_ff_1":""C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome","default_browser_not_ff_2":"null","CouponCaddy_1":"false","CouponCaddy_2":"false","CouponCaddy_3":"false","sdp":"false","iminent_32bit":"false","iminent_64bit":"false","dotnet_4":"1","conduit":"false","babylon":"false","claro":"false","incredibar_1":"false","incredimail":"false","incredimail_2":"false","fixie":"false","incredibar_post":"false","pcfixspeed":"false"}


    It is downloading the files bitool.dll from nsis.bisrv.com and bi_downloader.exe and installercdn.filebulldog.com with Riskware.Win32.Somoto.AMN without asking. I checked the signature like you said and one is not signed and one is signed by Somoto, so it is not a false positive.

    Is this riskware supposed to be there? It is not even mentioned.

  6. #6
    New User
    Join Date
    08.12.2014
    Posts
    7

    Default

    Quote Originally Posted by southpointtech View Post
    So, is Sway saying that Conduit and Babylon are customers? These are known and aggressive malware that takes over your search. Please confirm this because no one will ever use Daemon again.
    Is this "issue" resolved?

  7. #7

    Default

    Quote Originally Posted by Sway View Post
    It's not a spyware.
    True, It's actually Malware. And it's not a false positive.

  8. #8
    Master

    Sway's Avatar
    Join Date
    09.07.2009
    Posts
    1,966

    Default

    DAEMON Tools Lite is absolutely free for personal use. We have several legal partners to monetize our freeware. SOMOTO is one of these partners. Such services recommend users to install 3rd party software (toolbars, search engines or some useful software) during DAEMON Tools Lite installation. BUT it is absolutely optional. You can uncheck appropriate options in installation wizard, and nothing will be installed together with DAEMON Tools Lite. Also you can disable your Internet connection during installation to prevent any offers. And of course, paid version of DAEMON Tools Lite does not contain any partner offers.

  9. #9
    New User
    Join Date
    14.01.2013
    Posts
    1

    Böse

    Quote Originally Posted by Sway View Post
    DAEMON Tools Lite is absolutely free for personal use. We have several legal partners to monetize our freeware. SOMOTO is one of these partners. Such services recommend users to install 3rd party software (toolbars, search engines or some useful software) during DAEMON Tools Lite installation. BUT it is absolutely optional. You can uncheck appropriate options in installation wizard, and nothing will be installed together with DAEMON Tools Lite. Also you can disable your Internet connection during installation to prevent any offers. And of course, paid version of DAEMON Tools Lite does not contain any partner offers.
    You are wrong on 2 points:

    - I unchecked everything that is related to toolbars and such obviously malware software during installation, and it managed to install itself! The "useful software" I found is incredibar, I remembered UNCHECKING the options to install it (there were 3 of them), and it still altered my browsers search engines/default pages. I reverted back to the originals but continued the search and found 3(!) different applications (incredibar toolbar for IE, IB updater, and the third is called sth similar, IB...), even though I did not want them on my computer, and you said those were optionals. No, those were not.
    - These toolbars are very-very far from useful. All of those are malwares altering the default options/installing themselves without questions. I know it's not easy to make high quality free software, but letting these ***** infections into the users computers is a really bad habit in my opinion!

  10. #10
    New User
    Join Date
    30.01.2013
    Posts
    1

    Default

    Quote Originally Posted by Sway View Post
    DAEMON Tools Lite is absolutely free for personal use. We have several legal partners to monetize our freeware. SOMOTO is one of these partners. Such services recommend users to install 3rd party software (toolbars, search engines or some useful software) during DAEMON Tools Lite installation. BUT it is absolutely optional. You can uncheck appropriate options in installation wizard, and nothing will be installed together with DAEMON Tools Lite. Also you can disable your Internet connection during installation to prevent any offers. And of course, paid version of DAEMON Tools Lite does not contain any partner offers.
    I am new user and have just tried to use your lite version of your software for the very first time downloaded from your site, while installing the installer asked me to install the toolbar, I unticked all the options but the installer still installed this parasite on my newly formatted machine with fresh copy of Windows 8, not only that home pages in both firefox and ie have been changed to mysearch and it was a pain in the butt to remove. This type of behavior verge on spyware/malware and you need to keep a tighter grip on who you deal with, I will be telling all my friends to avoid using your program for this very reason.

Page 1 of 5 123 ... LastLast

Bookmarks

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •