Jump to content

ADWARE in install of imgburn CD/DVD/BD burning tool delta-search.com - in SetupImgBurn_2.5.8.0.exe


arjaydavis

Recommended Posts

Just FYI - how to avoid these - as they are optional but sneakly presented in non-emphasised font face to make the click-happy installer overlook them. 

 

Also can you give me advise on how to properly ensure they are removed - I deleted the toolbar and the entry from startup pages and search engines in the browser settings for Chrome (similar may apply to firefox).

 

delta-search.com toolbar & search engine, "Goon" 
 
TIP: If you select express install then you wil get these installed. Choose custom install and uncheck the boxes to not install them - and the tool is fine. Bit of a shame that the program maker thinks that this is worth including.
 
kcmrnl.jpg

 

Link to post
Share on other sites

My mom accidentally got Delta... I think it is gone.. mse & mbam (pro but I disabled the IP blocker part of it) were clean, I changed IE's search to msn.com instead of the delta... I hope it's gone.  I did not really have time to comb over it more than that.  I think she got it by installing this Babylon translater program.

Link to post
Share on other sites

I had official removal articles for both BABYLON (written by Mozilla) and PRICE GONG (written by Price Gong) infestations written by experts with VT-cleared links that had over 3,000+ hits in the several months I had them pinned in GENERAL SOFTWARE - they worked. They were deleted under the "I'm NOT qualified to give advice" mandate (even though I didn't write them :)) as well the massive UN-pin hurricane that swept through here a few weeks ago.

 

It's interesting to note, DURING THE TIME PERIOD THEY WERE POSTED, the cries for help for those two ToolBars in the Malware Removal section dropped to almost ZERO.. I note the first cry for help for BABYLON in Malware Removal started again within 2 days of MY articles being deleted..

 

Just a comment on the rigidity of certain "Laws"..

 

Steve

On a totally unrelated side note, after the board upgrade/work Monday I now have a normal PM editor and can send PMs to multiple addresses at the same time like the rest of you have been able to do since forever. *wry grin*

Link to post
Share on other sites

  • Root Admin

That's because in a very high percentage rate of those with the Babylon are infected with ZeroAccess rootkit but as an untrained helper you don't know that and neither do these articles about cleaning it. Yeah it will remove the toolbar and junk but will now simply help to mask the ZA rootkit and the user now not being annoyed as much won't reach out for help until a little longer down the road.

Running these tools is not the recommended option if one has ZA

Link to post
Share on other sites

That's because in a very high percentage rate of those with the Babylon are infected with ZeroAccess rootkit

 

Where are the statistics that back this up? Evidence-based on data please.

 

Or, does Babylon contain the ZeroAccess rootkit? Or vice versa?

 

Running these tools is not the recommended option if one has ZA

 

What tools?

 

Will running MalwareBytesPro detect the ZeroAccess root kit?

 

 

 

I'd like to think that MalwareBytesPro can find all this unwanted stuff and clean it up. So, although I appreciate the advice just here and elsewhere on this forum, it does puzzle me why, when there is a paid for product like MalwareBytesPro, that there is advice for all these other tools. Makes me wonder what the value is in using MalwareBytes or paying for it, which I have (3 licenses), when there is advice on the other tools.

 

Let alone hours of my life that I won't get back sat in front of a screen reading all this stuff when there are more important things in life. When looking back on their life, no one is ever going to say they wished they'd watched more TV or read more forum posts about malware (useful ones as well as the anecdotal campfire-side stories of yore about your mate on IRC and other anorkay nerdy stuff)

Link to post
Share on other sites

  • Root Admin

No the legit toolbar does not. Drive by installs and other methods of invalid coding of the toolbar is the culprit that often helps to allow other infections onto the system.

Adwcleaner and JRT are by individual users and teams that are not a business and perhaps not bound by quite the same potential legal issues.

Many times these toolbars are installed by the user clicking through and not paying attention. We can't remove software that is abiding all legal means and good install practices. They have valid business information in their file attributes, they have an End User License Agreement, etc. So pretty much even if it said it was going to format your hard drive and gave you the opportunity to not install it then it really is the users fault for continuing with the install.

We attempt to detect and remove those that are known to be invalid or illegally used versions but often its not easy to detect the difference. These discussed other tools don't care if its good/bad/legal/illegal they blow them all out which could potentially put them at risk for a lawsuit but not being a business it would probably cost more to litigate than they could ever hope to recoup.

So yes other tools are suggested for clean up often because the user doesn't want the junk they provide even though in many cases they ignored the EULA and installed it themselves by clicking on Easy or Quick install instead of Custom or Advanced install.

Link to post
Share on other sites

  • Root Admin

User education actually can go a long way towards keeping ones computer safe. In over 20 years of working with computers I've only been "accidentally" infected one time. I've infected many computers hundreds of times on purpose for testing purposes though.

Link to post
Share on other sites

whoa whoa info overload! :)

 

Is this Babylon a malware?  The one she has claims to be from MS and it seems legit.. its a translating software.  Maybe the Babylon being mentioned here is different?  My mom is into learning different languages and has been for quite some time.  I also have MBAM pro on the machine in question so perhaps that nipped something in the bud.

Link to post
Share on other sites

Babylon doesn't quite classify as malicious, and that's why a lot of scanners overlook it. Technically it is crapware, and there are tools to deal with it. I'd give you links, but that didn't go over too well the first time. :P

Link to post
Share on other sites

  • Root Admin

Just to clarify - No not all toolbars or advertisement supported applications are malware otherwise yes we would try to detect and remove them.

Yes there are tools to remove junk and toolbar stuff but in many cases if its legit then you don't need a tool and it can be removed from the normal Add/Remove applet in Control Panel. For stubborn or failed removal there are tools and even the AdwCleaner or JRT but the reason not to use them right up front is that you don't even know what's going on and if perhaps your computer is infected with something. Often the toolbar alone is what annoys and prompts some users to seek help and then often (not always) they find out they do have a real infection that they need help to remove.

Just saying - these tools should not be used as a First Strike removal process. First find out what's really going on with your computer and then take the appropriate measures to fix it.

I like the tools and I do use or recommend them myself - but only after first running some tool (normally DDS) to get more information on what's going on and then if needed a Registry backup and set a new System Restore point before using them. These tools are good but they too can make mistakes but have very limited restore capabilities depending on what was removed.

Link to post
Share on other sites

Feel free to PM me GT.

 

Ron -- Thank you very much for the information!!  I wish they would ask me before downloading stuff... I have a pretty good setup on there, MSE & MBAM PRO (ip blocking turned off, only because I'm afraid if a block comes up it will confuse her and cause her to close out Mbam entirely, so I left the ip blocking off, although it's probably safe to turn it on... I don't think she really goes anywhere sketchy, but, they don't really know how to sort seach results and eyeball sketchy sites.  They're not really click happy, but don't really know what to do with installations, search resutls, etc..

Link to post
Share on other sites

Ron,

 

I know, thank you :)  What I meant is, if she can't get to a site that she usually goes to and its blocked, well, that won't be a fun scene.  I doubt that'll happen, but I could pretty easily tell them how to turn it off over the phone I suppose. :)

Link to post
Share on other sites

  • 1 month later...

I just got hit by this and had to spend the last hour cleaning out my system. This kind of underhanded inclusion crap needs to stop. By installing ImgBurn using the standard settings it also included Frostwire (filesharing program), some sort of a browser toolbar, and it hijacked all of my browsers' start screens including taking focus on their search bar rather than leaving the focus on the browser's address bar. Very annoying.

 

Attachments:

Got over 100 malware objects detected just on a quick scan (doing a full scan as I type this just to be sure). What's worse is that the author of ImgBurn has this to say about including all that crap:

 

"Pay more attention when you install programs. You had the chance to opt out of installing whatever the opencandy platform offered you during the installation of ImgBurn, you just missed it."

Source: http://forum.imgburn.com/index.php?showtopic=21854

 

That's right, 'pay attention', because the program author doesn't seem to care that what's included is full of adware/malware.

post-144024-0-45045100-1376434996_thumb.

post-144024-0-40712700-1376435000_thumb.

Link to post
Share on other sites

Babylon doesn't quite classify as malicious, and that's why a lot of scanners overlook it. Technically it is crapware, and there are tools to deal with it. I'd give you links, but that didn't go over too well the first time. :P

 

yeppers ... it is in my top 15 with a bullet for removal .

to be honest , i view 95% of all toolbars as pointless , needless and about as functional and worthy as a screen door on a submarine .

the only tool bars are the *real* types that are an integral part of programs such as M$ Office , photoshop and other similar software .

i am asked about *toolbars* , sometimes i go into a dissertation . on occasion , afterwards i am asked "yeah but what about (insert the name of some crap bar here) ?

i respond with : "what part about piece-of-junk (or other descriptive and colorful terminology/verbiage) didn't you understand ?" .

and you can bet that those same individuals will more than likely call me and say "hey , there's something wrong with my computer ..." .

Link to post
Share on other sites

  • 3 months later...

Installed Imgburn from their official site. In addition to several toolboars, and "tune-up" application, I was also loaded up with 100s of Malware.

 

After several hours, I think that I have cleaned up the system but who knows if I was able to get it all.

 

It is a shame because the application itself is not bad.

 

The author has gone off their rocker if they think that loading up their installer will pay off.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.