Daemon Tools Lite riddled with spyware/virii

L31mr0d

Has anyone installed the most recent "lite" version of Daemon Tools?

The version I downloaded is this one: http://www.disc-tools.com/download/daemon (i.e. v 4.30.1)

I installed it first on my HTPC, then after a restart I started getting fake AntiVirus popups that where installing files to my C:\Windows and system32 folder, numerous registry values where entered also. When I would open up MSN messenger automated messages started being posted to people I was talking to linking them to a site which downloaded more virii and spyware onto their PC.

To test this, I have a new recently built PC so I installed a vanilla version of Vista, and then installed Daemon Tools Lite ONLY, low and behold, after a few restarts I had the same toolbars and virus programs (i.e. peltodgx, Micro Antivirus 2009... etc) popping up. Opening up IE 7 would cause the files to start being downloaded automatically.

I formatted the drive, installed Vista again and am now a previous version of their software, 4.09HE, which I have previously had no issues with.

If people don't believe me, install the current release of Daemon Tools Lite, do a few restarts then try opening IE7 and see what happens.

Just wondering has anyone else experienced this? What's odd is that I can't find any concrete information out there telling people to avoid Daemon Tools Lite. I know there is an optional toolbar bundled with it but I definitely chose to not install it.

aidan_walsh

Its had that adware toolbar in the installer for some time now, certainly since well into last year. Perhaps there is now something else in there as well.

L31mr0d

aidan_walsh wrote: »

Its had that adware toolbar in the installer for some time now, certainly since well into last year. Perhaps there is now something else in there as well.

This is not just the toolbar, I already knew about that and told it not to install it. However it installed it anyway. If you take a look at the Daemon Tools forums you will see a lot of other people are also having this problem.

Plus the toolbar that installs is not the same as the one that they have advertised will be installed.

I had this problem with a previous version of Daemon Tools Lite, I believe v4.20, but I thought they had cleaned up their act since, clearly not :mad:

Anti

I stopped using it a long time ago. But this is a shambles if this is whats happened.

charlesD

Manties wrote: »

I stopped using it a long time ago. But this is a shambles if this is whats happened.

I also haven't used it in a while, but it used to be a very solid program. This is disappointing.

Is the malware also packed from the officaial page? I know that Kazza and Limewire are like that. There are a lot of sites that offer the programs and ones like it, but they are packed with malware. Usually if you goto the official page or a trustworthy one you don't run into problems.

Before switching to Linux, I had used Nero's Image Drive, which wasn't anywhere near as robust as Daemon Tools, but was very reliable. I think it only works on bin, iso, and nrg files.

Sherifu

Damn, it was a nice program. Last time I installed it I unchecked the toolbar 'cause i'd read about it being included. Adware/Spyware is taking things too far. Won't be installing it again if this is the case.

IamMetaldave

I nearly certain I have an old (1 yr+) version of it knocking round if you want I could mail it to you?

Overheal

Ive never considered daemon tools a clean program. i just use magic disc.

yoyo

Overheal wrote: »

Ive never considered daemon tools a clean program. i just use magic disc.

Only since V.4 has it had "optional" adware, it is rediculous that its installing malware w/out consent now,

Nick

L31mr0d

Like I said I used to use the 4.09HE version of Daemon Tools but I wanted to just get the newer version... serves me right for not leaving well enough alone. I intend to test it thoroughly tomorrow on a vanilla install of XP and show that it is definitely infected with hidden spyware.

zilog_jones

I installed 4.30.1 last week, unchecked the optional toolbar crap, and have had nothing unusual happen to me.
Using XP though, not Vista

Have you tried downloading it from the Daemon Tools website, i.e. not the mirrors on Disc-Tools.com? Maybe that place has been hacked or something.

Also, ProTip: The plural of "virus" is "viruses"

L31mr0d

zilog_jones wrote: »

I installed 4.30.1 last week, unchecked the optional toolbar crap, and have had nothing unusual happen to me.
Using XP though, not Vista

Have you tried downloading it from the Daemon Tools website, i.e. not the mirrors on Disc-Tools.com? Maybe that place has been hacked or something.

Also, ProTip: The plural of "virus" is "viruses"

ProTip: Virii is commonly used to refer to multiple computer viruses, trojans, worms... etc to differentiate it from the organic form

Also, I downloaded it from here, where exactly is the link that isn't pointing to disc-tools.com or disk-tools.com?

http://www.daemon-tools.cc/dtcc/download.php?mode=ViewCategory&catid=5

EDIT: Can you also do me a favour, can you open regedit, and see if there are any entries for "microav"?

AlmightyCushion

Seems like you've made a new friend over on their forums.

http://www.daemon-tools.cc/dtcc/f33/daemon-tools-lite-riddled-spyware-22182/#post106974

L31mr0d

AlmightyCushion wrote: »

Seems like you've made a new friend over on their forums.

http://www.daemon-tools.cc/dtcc/f33/daemon-tools-lite-riddled-spyware-22182/#post106974

Yeah well having to reinstall the OS on my 2 PC's has royally pissed me off. There is nothing these 2 PC's have in common apart from the fact that I updated to the latest version of Daemon Tools shortly before all this spyware started messing up my PC's.

I've got a spare PC in work that I'm going to install Daemon Tools Lite onto tomorrow to see what results I get.

zilog_jones

Also, I downloaded it from here, where exactly is the link that isn't pointing to disc-tools.com or disk-tools.com?

I thought the one at the top (not listed as a mirror) was a link to a download on www.daemon-tools.cc but on closer inspection I am wrong.

EDIT: Can you also do me a favour, can you open regedit, and see if there are any entries for "microav"?

Didn't find anything.

L31mr0d wrote: »

ProTip: Virii is commonly used to refer to multiple computer viruses, trojans, worms... etc to differentiate it from the organic form

Why is there a need to differentiate? And how does using "virii" differentiate it from the organic form? It's not specific to computer viruses, it's just people talkling about computer viruses are more likely to use the wrong plural because they're more likely to be in a situation where they are talking about multiple viruses and people with a medical background are more likely to have an understanding of latin.

Overheal

my doctor told me I got herpes from kissing my computer...

dulpit

I installed the latest version of Daemon tools the other day (like a week ago) and haven't had any problems at all, and i am running vista...

Odd one...

Anti

Overheal wrote: »

my doctor told me I got herpes from kissing my computer...

Way to keep on topic there...

L31mr0d. Now im not saying you are lying, or wrong in anyway. But i just installed it on 3 machines here and nothing, no spyware or anything. Are your htpc and main pc at home networked? Could there have been a posibility that your htpc became infected from something else? Like an email attachment that was infected and spread over the network. Also, do you still have the original installer package? If so send it my way and ill test it on a machine here in work off the network and see what the buzz is.

Khannie

Overheal wrote: »

my doctor told me I got herpes from kissing my computer...

I lol'd.

L31mr0d

Manties wrote: »

Way to keep on topic there...

L31mr0d. Now im not saying you are lying, or wrong in anyway. But i just installed it on 3 machines here and nothing, no spyware or anything. Are your htpc and main pc at home networked? Could there have been a posibility that your htpc became infected from something else? Like an email attachment that was infected and spread over the network. Also, do you still have the original installer package? If so send it my way and ill test it on a machine here in work off the network and see what the buzz is.

I've went over in my head everything it could of been. One of them was a fresh install so there was nothing on it. Have you mounted an image yet with it? I noticed that the issues only started shortly after I mounted an image and turned on the protection settings. Thing is I mounted different image files on each PC so the images aren't the cause.

Currently on my home PC I'm going through all the steps again and trying to see if I can generate the virus without using the latest version of Daemon Tools. I've installed the same images I used before again without incident.

I do have the original version. I'll RDC into my home PC and upload it to some FTP location.

Anti

Yeah i mounted a few iso's and no hassle so far. Ill let them reboot a few times. Also no sign of the toolbar either. But then again we have e-trust AV on the machines in here which are built into the build. So maybe its live scan function has pulled the virii out ? IT dosent give a console display even in admin mode so i cant check. Ill try with your install later on to see if its that that was infected. Or could it be the images you tried to mount that were infected ?

L31mr0d

Manties wrote: »

Yeah i mounted a few iso's and no hassle so far. Ill let them reboot a few times. Also no sign of the toolbar either. But then again we have e-trust AV on the machines in here which are built into the build. So maybe its live scan function has pulled the virii out ? IT dosent give a console display even in admin mode so i cant check. Ill try with your install later on to see if its that that was infected. Or could it be the images you tried to mount that were infected ?

Are the machines Vista? If so what version and have you tried opening up IE7 yet? I found the problems started after I opened up IE7. There was a toolbar that locked up the browser and started installing the malware.

Funnily enough, Firefox was left unaffected. I guess they where only after MS products.

Anti

Yeah all vista corporate with sp2, tried one still using sp1 too. Tried ie7 and ie8 beta and ie8 prelauch. This is a really strange one

L31mr0d

Ok here is the copy of the version I downloaded. I zipped it myself, I didn't download it like that. I got it direct from the Daemon Tools site

http://files.opendrive.com/files/3648963_Dpt66/

vibe666

downloaded it myself, double checked the MD5 and uploaded it to virustotal and it came up empty.

http://www.virustotal.com/analisis/309c6429011376fc25638b4b5572bbe2

I've also installed it in vmware on a fresh system and done afew reboots and browsed the net a bit and then run virus and spyware scans and can find nothing in the install other than what's supposed to be there.

I think you might have gone off half cocked mate.

L31mr0d

crap... I'm going to continue to test it myself anyway. But if it isn't daemon tools then I'm at a complete loss as to what would of caused it.

Anti

Installed it here on my own machine, and nothing has happened so far. Have you been downloading copious ammounts of porn recently ?

L31mr0d

Manties wrote: »

Installed it here on my own machine, and nothing has happened so far. Have you been downloading copious ammounts of porn recently ?

no :rolleyes: nothing like your hardcore... sorry I mean hard "candy" the only other option has to be some virus that installed itself then somehow propagated itself across the network onto my other pc. I'm at a loss as to what caused both my machines to get so heavily infected.

Anti

haha

Do you let your missus use it ? As the msn virus thing is usually from you or her clicking a link from one of your contacts. That could be how it started ?

Sherifu

Hooray for Daemon Tools. \o/