Welcome to Inkbunny...
Allowed ratings
To view member-only content, create an account. ( Hide )
Zarphus

DAEMON TOOLS USERS BEWARE!

i have many friends who use daemon tools and DTlite as their primary iso mounting and image burning program. i urge them all to stop immediately. and ESPECIALLY don't update to the newest release. daemontools installer now includes a multitude of toolbar, spyware, and adware installs, only 1 of the installs can be opted out of, the rest are forced.

i repeat, if you install the newest version of Daemon Tools, YOU WILL GET A VIRUS.

this is a disgusting betrayal on the part of the DT brand. they have opted to get paid by sponsors by loading their malware and toolbars instead of continuing the service they have offered users for years.


i removed it from my system with a system restore (back 2 checkpoints, first checkpoint was a fake, being created just after the adware was installed to fool users) as soon as i saw what it was trying to do to my browser, so i don't know all of the symptoms. forum posts suggest the worst of the packs installed is the "sweetpacks" toolbar and adware pack. it will behave like the old Alureon rootkits, changing your homepage, redirecting search results, etc. your browser may look like you got a new bing toolbar, and your homepage has changed to bing search.

http://forum.daemon-tools.cc/f33/disconnect-your-inter...

http://forum.daemon-tools.cc/f33/thanks-malware-30115/

http://forum.daemon-tools.cc/f33/
Viewed: 22 times
Added: 5 years, 6 months ago
 
KawaSeadrake
5 years, 6 months ago
I used to use DT, but they've bundled malware for a lot longer than this.  It didn't cross into flat-out trojan territory when I used it a year ago, but it DID throw a monkey wrench or 2 into my processing speed and such that took DAYS of registry-hunting to find and fix. >v>
Zarphus
5 years, 6 months ago
thats why i love a good system restore. i'd much rather 'rewind' my registry than pick it apart. i've had to pick it apart before, and it's a pain.
Teddy
5 years, 6 months ago
I just installed it yesterday.. it has 3 different prompts asking if it can install the extra payloads.  One of the prompts was especially trickster-ish (for some toolbar).. you have to click cancel to not install it.

If you're the person who clicks OK prompts by default, it's easy to miss unless you read it carefully.

That said, I haven't seen anything suspicious on my computer since installing it.  I used to use Virtual Clone Drive, but it doesn't work properly under Windows 8.
Zarphus
5 years, 6 months ago
i am *very* careful on installs, and i did opt out of all you could opt out of. i did notice the unusual one. but this malware got in there anyway. certain antiviruses may block the virus install, however. i did not have active protection turned on at the moment, because i thought that i would need it disabled to install daemontools, since i needed to in the past for a successful install of the program.

i am mostly worried about this because i am a computer technician who hasn't had a virus get close enough for an antivirus to even see the threat in over 4 years.
Teddy
5 years, 6 months ago
How did you detect it?  I just installed MalwareBytes and it came up empty.
Zarphus
5 years, 6 months ago
i run a very clean system, and can tell when something isnt right. firefox suddenly had the bing toolbar,  the homepage had changed from the firefox start page and google search, and there was a plugin i didnt authorize installed that looked like it would likely manipulate links and redirect search results. i didnt test this, however, and did a system restore. in my experience, if something changes your homepage, you are in for far, far worse. especially if you have passive protection in place against homepage changing.
Teddy
5 years, 6 months ago
Yeah, those are pretty obvious signs. :D I'll keep an eye open, but nothing obvious or detectable here yet thankfully.

Thanks for the heads up.
Zarphus
5 years, 6 months ago
Sinaqui
5 years, 6 months ago
I used to use DT, but on this system I've got Virtual CloneDrive installed from... I dunno how long ago. Thanks for the heads up, though.
axlegear
5 years, 6 months ago
You DO know that adware isn't the same thing as a virus, right?  Because if it was, in fact, a virus, it would be a felony to distribute.
Zarphus
5 years, 6 months ago
the malware in question hijacks your browser and redirects links and search results, monitors browsing, and likely a whole slew of other things similar to TDSS/alureon. i know the word virus is generally reserved for a bit of malware with its own redistribution method these days, but you know what i mean.
axlegear
5 years, 6 months ago
That's no excuse for improper grammatical hygiene!  =D
axlegear
5 years, 6 months ago
Also, doing a check, I see that antivirus net-guards have begun upgrading DT to red flagged.  XD
Noxy
5 years, 6 months ago
http://wincdemu.sysprogs.org/ I've had good luck with this. LGPL but still open source!
New Comment:
Move reply box to top
Log in or create an account to comment.