Just installed DAEMON Tools… in the process of installing it there were two options quick (recommended) and advanced. I choose quick and it was for a toolbar called Delta (something to do with listening to music)… now I don’t see a toolbar. As you can see in the attachment it blocked a malicious url and at the end it says Delta. When the installation process was finished it, avast showed the malicious url blocked pop-up message. Updated MBAM and did a custom scan with MBAM (clean) and did a custom scan with avast (clean)
Windows 7 SP1 (fully updated)
Avast 7.0.1474
Definition version 130212-0
Is this a false positive or legit? Should I be worried about this? Did anyone experienced this? Should I send this message to virus@avast.com?
Installer window from Download.com during the controversy with Nmap. Clicking the green button will install the Babylon Toolbar which will hijack the user’s web browser.[23]
On 7 August 2010, Microsoft antivirus products identified the software application as adware (identified as “Adware: Win32/Babylon”) due to potentially intrusive behavior.[24] Sixteen days later, on 23 August 2010, Microsoft announced that Babylon Ltd. had modified the program and that it was no longer categorized as adware.[25]
In 2011, the Cnet site Download.com started bundling the Babylon Toolbar with open-source packages such as Nmap. Gordon Lyon, the developer of Nmap, vented his anger online over the way the toolbar was tricked on users.[26][27] The vice-president of Download.com, Sean Murphy, released an apology: The bundling of this software was a mistake on our part and we apologize to the user and developer communities for the unrest it caused.[28]
In 2012 the Babylon search toolbar was identified as a browser hijacker that, while very easy to install inadvertently, is unnecessarily difficult to remove afterwards.[5] The toolbar is listed as an unwanted application by anti-spyware software such as SpyHunter, Stopzilla, and Spybot – Search & Destroy.[29][30] Many users, trying desperately to get rid of Babylon, have searched for help on different support forums.[31] The toolbar tends to sneak itself onto computers as add-ons with other software, and it changes users’ home page to the Babylon search engine, adds the search engine to the computer and sets itself as the default.[6]
Same detection from ESET NOD 32 detected as OpenCandy… Remember my previous post about a file that ESET NOD 32 detected the same detection, but for a different file.
So what is it???
Is this a false positive or legit? Should I be worried about this? Did anyone experienced this? Should I send this message to virus@avast.com? Am I safe from this threat?
Summary
Adware:Win32/OpenCandy is an adware program that may be bundled with certain third-party software installation programs. Some versions of this program may send user-specific information, including a unique machine code, operating system information, locale (country), and certain other information to a remote server without obtaining adequate user consent. These versions are detected by Microsoft’s anti-malware products.
Oh didn’t see that post of yours. Thanks. I hate when legit files that you know off has malicious items >:(
Okay regarding about the malicious url blocked from avast is it a false positive or legit from avast… shall i report to virus@avast.com? Yesturday i did a online scan with ESET NOD32 and it found files that were detected as OpenCandy and i deleted them all? Mind as well do it again just to be on the safe side?
Thanks for the two links… 1st one i don’t want to do it, coz I am not xpert on tech lol
2nd link very helpful
Bottom line based on the 2nd link do i need to email virus@avast.com to let them know about this. I (myself) don’t know if this is a false or legit warning from Avast?
Thank you for raising the issue here and informing our community about this abuse. Unfortunately more and more nice software comes “contaminated” with bundled “crapware”…
Reporting back to virus AT avast dot com always helps. Do not expect a personal answer from the analysts, but it will certainly help towards fine tuning their detection implementation,
I already sent an email to virus At avast dot com regarding about this
Update: I am now doing a full system scan with NOD32 online scanner.
Update 2: Full scan is still in progress, so far found only 1 threat W32/Somoto. A application
Update 3: Full scan completed found the threat that I mentioned above and one more W32/Somoto.A application. 1 cleaned by deleting another one is on quarantine. Deleted both! So is now my laptop safe? Is this adware harmful?
I know that this link has been posted by Polonus here, but the one that I posted above is the most up-to-date! I forgot to put that link while sending a email to virus at avast dot com. So my suggestion is this, since I forgot to post it to the email can someone reading this moderator or any user with Avast Team look into this issue and investigate further! Abusing popular legitimate program i.e. DAEMON Tools and etc with inserting crap-ware is a big NO NO and can cause inconvenience. Please it will be very highly appreciated. Thanks.
Just now I got a reply back from virus at avast dot com… This is what he said
Hello,
“it’s not DAEMON Tools that’s being blocked. It’s just Babylon toolbar, which is malicious and intrusive.
The toolbar installation file was blocked by avast!. It’s the file’s URL that’s blocked, not the file itself,
thus you didn’t find any virus detection after downloading the file. If you insist on using the toolbar,
you can install it and add it to avast! exceptions, but I strongly recommend you not to use this toolbar.
It will give you annoying pop-ups and more ads on webpages.”
Now it’s very clear to me, prior to installation of DAEMON Tools there were two options quick (recommended) and advanced. I clicked quick this is only for the toolbar. After clicking next, it didn’t do the installation o thef toolbar, because avast blocked it so therefore it went straight to the installation of DAEMON Tools. Installation of DAEMON Tools is clean, it’s just only for the toolbar. Way to go avast! ;D
Thanks again to him for the reply back for clarification and to Polonus and Pondus for giving me valuable information and assistance ;D.
