Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 Mals Included with Daemon Tools Install File from Disc-Soft Website


  • Please log in to reply
15 replies to this topic

#1 evanexempt

evanexempt

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 02 April 2015 - 06:02 PM

Well, this is disappointing. 
 
I was about to LEGITIMATELY PURCHASE some software until the supposed "official store" 's (www.disc-soft.com) Daemon Tools Pro Advanced install file greeted me with NOT ONE BUT TWO (2) mal attacks:
 
SAPE.Somoto.21
(and)
Iminent SearchTheWeb
(screenshots below)
 
Seriously? This is NOT GOOD.
 
 
OK, here's what happened:
 
Before downloaded anything, I scanned my Windows 8 machine using Norton Int Sec, Malware Bytes Pro, and SpyHunter4 (all of which I am using paid-legit versions of). 
 
**Clean results on all fronts.**
 
So, then I downloaded the install file for Daemon Tools Pro Advanced 6 from the Disc-Soft website (see link) which is SUPPOSED TO BE the ware's OFFICIAL STORE (and perhaps also the corporate underwriter and proprietor?) for all Daemon Tools products.
 
(i.e., they're supposed to be LEGIT. Am I missing something here?)
 
And AS SOON as I installed their file -- DTPro610-0484(.exe) --  (and yes, I opted out of any "special offers", though there was only one) I receive a notification from my Norton.
 
Somoto-Virus.png
At first I just figured Somoto was legit and that this Norton response was a false positive since Daemon Tools is a disc writer app that does a lot of system-level writing and encryption. So, this Somoto should be part of the Daemon package, right? 
WRONG!
 
Apparently SAPE.Somoto.## is a well-known infection that has apparently been around for years.
(The mal-maker even uses a number in the .suffix, so you can tell what version of the virus you have. There are support thread posts from eight years ago asking about how to remove Somoto.7    I got version 21  --- hahahaha! )
 
Luckily my Norton caught it on the way in so my machine was never infected. 
 
Next I ran SpyHunter 4 -- a California-based malware-detection app that has a shady history of its own, but is BETTER than ANYTHING else at catching mals that the others miss. 
 
And lo and behold!

Iminent.png
 
 
Alright, so I am officially annoyed  now because I did so much research to try to find a legit disc imaging tool that would meet my needs. I am always willing to put down money to avoid BS "freeware" (seriously, just F*CK that "freeware" term forever), and I was ready to put my money on Daemon by Disc-Soft.
Um, NOPE. Not going to send any money to those guys. I don't care how good their software is. This broke it for me.
 
So, I just want to close with two items:
 
1)  Be especially careful when downloading any software that *can* be used for miscreant purposes (such as Daemon Tools) -- chances are the ware's makers/sponsors are miscreants themselves.
 
2)  Since Daemon & Disc-Soft has been formally exiled to the "NEVER SPEAK TO ME AGAIN," pile, do any of you fine folks know where I could PURCHASE a (*not* faux-"free") DISC MANAGEMENT PROGRAM for basic burning, imaging, and VM applications?
 
Please let me know where I can get some legit software. I may be new but not a fool. Thank you in advance!
 
P.S. I am Evan. New to this forum. This is my first post.   Hey all! :)


Edited by Queen-Evie, 02 April 2015 - 09:44 PM.
Moved from Malware Logs due to no logs included. Language edit


BC AdBot (Login to Remove)

 


#2 Platypus

Platypus

  • Moderator
  • 10,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:04:49 PM

Posted 02 April 2015 - 07:27 PM

Discussion here:

 

http://forum.daemon-tools.cc/f16/spyware-daemon-tools-lite-installer-29962/

 

And welcome to Bleeping Computer!


Edited by Platypus, 02 April 2015 - 07:27 PM.

Top 5 things that never get done:

1.


#3 evanexempt

evanexempt
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 02 April 2015 - 08:00 PM

Thank you, @Platypus. Sorry for posting in the logs forum.  #newBproblems 

 

Update on my situation: 

Apparently that Iminent SearchTheWeb malware is pretty feisty. It replicated itself when I uninstalled the Daemon Tools program! 

 

So, now I have to go into my logs and see if the Daemon mals didn't leave behind any other surprises. These "things" seem very good about ducking Windows' Uninstall process. I wish Windows had some way of making their uninstalls check that ALL COMPONENTS of the removed program have indeed been removed. 

 

This is downright scary. But the worst thing is that it (malware) turns a stupid software download into an all-day project. (Provided: I did choose to spend all evening writing a long-ass blog about it. But still...) 

 

(And now I will rant briefly.) 

 

Dude, seriously....   To all the malmakers and bot-commanders...  *I can't even post what I am feeling.*

 

#SpecialPlaceInHell 

 

 

You know, this makes me want to learn to hack and build so I can develop counterwarez to attack these malwads. 

 

My first target?  Gee, let me think... How about the Disc-$oft website?  I would remote-nuke their servers if I knew how... but only after pulling the information of all their ad affiliates.

 

Luckily for them I'm just a code kitten... at least for now. 

 

grr  0_o  


Edited by Queen-Evie, 02 April 2015 - 09:46 PM.
language edit


#4 evanexempt

evanexempt
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 02 April 2015 - 08:09 PM

Discussion here:

 

http://forum.daemon-tools.cc/f16/spyware-daemon-tools-lite-installer-29962/

 

And welcome to Bleeping Computer!

 

I actually attempted to post on the Daemon forum (just created a profile with my junk email account), but they have it all locked down so that posts are by-approval-only -- probably because they have a dozen-people-per-week posting justified defamatory remarks in protest of their disgusting and unethical business practices.  (And, no, I do not think that they will approve any of my posts. I am probably banned already.)

 

SERIOUSLY, WHO MALS their PAYING CUSTOMERS??

 

Sorry...  I'm just appalled right now. 



#5 Platypus

Platypus

  • Moderator
  • 10,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:04:49 PM

Posted 02 April 2015 - 08:23 PM

http://blog.emsisoft.com/2015/04/02/how-downloading-one-program-can-give-you-six-pups/


Top 5 things that never get done:

1.


#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Malware Study Hall Senior
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:49 AM

Posted 03 April 2015 - 01:20 AM

Hello, and welcome!

PUPs (Potentially Unwanted Programs) are rather common nowadays - please see these:

Top 10 Ways PUPs Sneak Onto Your Computer, And How To Avoid Them - Emsisoft Blog

Encountering the Wild PUP - Malwarebytes Unpacked

Next, next, next - Panda Security
Member of the Bleeping Computer A.I.I. early response team!

#7 evanexempt

evanexempt
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 03 April 2015 - 01:39 AM


 Yeah, Enigma do have a shady record (and even a creepy name!).  But seriously -- their SpyHunter software was the ONLY THING I could find to get rid of the Taplika browser hijacker that was lodged in two of my machines for over a week (as I was spending an average of seven hours per night attempting to get rid of the bug. Nearly drove myself insane.) 
 
I still don't really like SpyHunter -- everything about their support service and permissions interface feels so malwarificent.  But... I gave them my $30 and deactivated all the auto-updates and bloat features. SpyHunter4 paid license ware has been pretty well behaved so far. (And no one has showed up to drain my bank account yet, so that's a plus.)

But yes, I was aware of their crap-tastic track record when I installed the software. I wanted to get rid of the Taplika virus and I was at the point I might have been willing to take the life of several unnamed people in order to be rid of it.
Again I am running Norton Internet Security and MalwareBytes premium, too. My hope is that this three-knights system of checks and balances will keep my system *relatively safe*, even if one of them decides to go rogue.   
 
I learn something new every day though...

#8 evanexempt

evanexempt
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 03 April 2015 - 01:47 AM

*added
 

Yeah, Enigma do have a shady record (and even a creepy name!).  But seriously -- their SpyHunter software was the ONLY THING I could find to get rid of the Taplika browser hijacker that was lodged in two of my machines for over a week...

 
Imagine living in a really bad neighborhood where you have to hire criminals to protect you from the other criminals.  heh.... And the whole city is run by a huge criminal organization that pays off the police and pretends it is a government -- we'll call it Microsoft.

#9 Sintharius

Sintharius

    Bleepin' Sniper


  • Malware Study Hall Senior
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:49 AM

Posted 03 April 2015 - 02:08 AM

There is a third option for AM software (and also my personal favorite) - Emsisoft Anti-Malware.

Both EAM and MBAM scan for and remove PUPs as well as certain other threats in the free version - you do not need to pay in order to get cleaned unlike SpyHunter.
Member of the Bleeping Computer A.I.I. early response team!

#10 evanexempt

evanexempt
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 03 April 2015 - 04:00 AM

There is a third option for AM software (and also my personal favorite) - Emsisoft Anti-Malware.

Both EAM and MBAM scan for and remove PUPs as well as certain other threats in the free version - you do not need to pay in order to get cleaned unlike SpyHunter.

IMHO anything that requires you to pay before it'll do anything for you is a scam. Proper vendors will never do that.

 
 
I trust your expertise in this matter, but I am curious...
 
You speak from an expert ethic that seems to say: "YOU SHOULDN'T HAVE TO SUFFER" and "YOU SHOULDN'T HAVE TO PAY TO BE RID OF YOUR SUFFERING (and if you do pay, you're wrong, and I will explain to you why)".  
 
OK, fine, I have no idea what I am doing. I am more than prepared to admit this.
 
Me. are. duhhmmb.
(Most honest thing I've typed all day.)
 
 
But can you imagine what it feels like when someone tells you that it's penny-day for sledghammers and dollar-day for shotguns after you just got finished braining fifty+ rage-zombies with a phillips screwdriver and the help of a loyal pitbull (the latter of whom you also had to decapitate because he became infected while biting said offending zombies?)
 
Like, "OK, THANKS for the expert advice after the fact. Are you gonna help me carry that out to what's left of  my car? Wait, I walked here on my stump of  a leg. SORRY."
 
(Yes, I will try Emsisoft, And I HUGELY APPRECIATE THE LINK AND ADVICE. THANK YOU! <3 ) 
 
But look, I don't mean to be a dramatist.  Please understand: Taplika was one of the worst experiences of my life (because I suffer from OCD and I seriously could not stop myself from trying to fix it for hours and hours and hours on end -- I almost lost my job after staying up two nights in a row trying to fix it).
 
I did fix it, but I apparently went about it the wrong way. It took forever. 
 
So, I have an idea -- a challenge in the interest of education and awareness.
 
I actually have the install file that gave me the Taplika virus. 
 
It was bundled in an Aomi freeware package that I downloaded from (what I was led to believe was) the maker's website. 
 
I quarantined the maladjusted .EXE file into a .RAR and uploded it to my Google Drive. 
 
I have a link for the file: 
 
hxps://drive.google.com/open?id=0Bw9y0scD0vYWflhaaWhyRV9vZk5leC00dHVpR05MUkxCemFLSTduMFlHenMxNnQ0YjhQOXM&authuser=0
 
If you can install this infected software on a Chrome-enabled Windows 7 or 8.1 machine and then demonstrate to me that your recommended security system is able to snake out the embedded Taplika browser malware, I will drink the EMSISOFT Kool-Aid and become a believer in all that is good and holy in internet geekdom.
 
So, I think you should demark a Taplika virus test machine and take a shot at some live attack training. 
 
Prove me wrong. I am just a tourist of the web, after all.  
 
If this is an inappropriate forum-reply, I hereby apologize. But... let me know if you are able to detect and attack the mal without interrupting your work flow. I will aplaud you and shake your hand... as soon as you can confirm that your hands are disease-free, that is. 
 
 
Sorry to take you to task, but... I... , Wait! You started it. LoL)

#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Malware Study Hall Senior
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:49 AM

Posted 03 April 2015 - 04:22 AM

I would honor you, but I'm currently not allowed to give malware removal advice.

Taplika is a PUP (Potentially Unwanted Program) as in the links I've posted above, so my *security system* would be able to avoid it from getting installed in the first place - after all, it's common sense (you might want to check out the link in my signature).

My apologies if you take my post the wrong way, but then I wouldn't change my stance on SpyHunter. It's just my opinion, after all.

And please do not post live malware links on Bleeping Computer - it is against forum rules.
Member of the Bleeping Computer A.I.I. early response team!

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:49 AM

Posted 03 April 2015 - 04:54 AM

Please let me know where I can get some legit software. I may be new but not a fool. Thank you in advance!

These are popular and generally safe third-party download hosting sites for software:
* MajorGeeks
* SnapFiles
* Softpedia
* TechSpot
* FilePuma
* Gizmos Freeware
* BleepingComputer Downloads
* Ninite
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 evanexempt

evanexempt
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 AM

Posted 03 April 2015 - 12:11 PM

I am the most obnoxious person. I seriously have OCD, ADD, Tourettes (seriously), and a runaway sense of humor. Nothing I do or say ever makes much sense. I apologize for my post-reply early this morning. Should have slept instead :/

Thank you, everyone, for the rich and detailed resource links, advice, etc.

I looked at some of the malware/virus tutorials and am impressed with the quality of information. This is a pretty bleeping awesome website.

Sorry I go awol on my hypothetical tangents sometimes. You folks are very kind to tolerate me.

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:49 AM

Posted 03 April 2015 - 02:09 PM

You're welcome on behalf of the Bleeping Computer community.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:06:49 PM

Posted 04 April 2015 - 06:49 PM

I am the most obnoxious person. I seriously have OCD, ADD, Tourettes (seriously), and a runaway sense of humor. Nothing I do or say ever makes much sense.

Thank you, everyone, for the rich and detailed resource links, advice, etc.
This is a pretty bleeping awesome website.
Sorry I go awol on my hypothetical tangents sometimes. You folks are very kind to tolerate me.

Quietman7 can tolerate anyone.

:crazy:depositphotos_7615178-Straitjacket.jpg:crazy:
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users