I tested this with Ninite yesterday. Installed the current version of IMGBURN with Ninite and Comodo flagged it for cleanup as it found Opencandy in it. The program did install fine, but there was still something Opencandy related even in the Ninite install method.
+ Reply to Thread
Results 91 to 114 of 114
There's no problem here. Baldrick has a link to version 220.127.116.11, and even a prominent bundleware alert for v.18.104.22.168.
If anyone goes ahead and gets v.22.214.171.124 anyway, and then merrily clicks okay right through all the express install options...
I won't feel much sympathy.Pull! Bang! Darn!
Just go through the installer and READ whats being installed. The option ARE there. Sometimes you might to to choose cancel to stop the installation of the adware or search bar but its easy if you READ the installers
This also applies to a LOT of software installer now, they sneakily try to install adware or search bars, some make it quite difficult to stop them installing, making you think you are cancelling the main installer but in fact you are cancelling the adware installer
You might also need to choose custom installation to get the extra options, if you choose default then it merrily installer the adware/search bars. Some are very aggressive and install stacks of the rubbish. Thats how I found out when an installer was taking ages to install and asking me constant questions so I forcibly stopped the installer through the task manager and went through it slowly trying various options working out what it was trying to install
I've also noticed some download sites now bundle their own adware downloader to download other crapoware as well as the main software. Its rife now and getting harder to work out what is and isn't adware
We have talked about extracting the components from the installer, in order to work around this. (By means of Universal Extractor, or other tools.) This does not always work, though often it does. I did this back when 126.96.36.199 was released, and tossed the Open Candy crap that way, ending up with a clean 188.8.131.52 IB. A bit disconcerting to learn belatedly -- if true -- that there may be no functional difference with 184.108.40.206 or earlier. Of course, there is that rather common thing about non-support (or help in the product's own forum), if you are not referring to the current version.When in Las Vegas, don't miss the Pinball Hall of Fame Museum http://www.pinballmuseum.org/ -- with over 150 tables from 6+ decades of this quintessentially American art form.
Just disconnect from the internet when installing adware software.
Or add Open Candy or other adware IPs to your Hosts file.
All good advice above!
I've edited the Wiki's for ImgBurn and OpenCandy to mention several such counter measures and included some new cross-references. So those who go searching & reading are a bit more likely to get a clean install of 220.127.116.11. Unfortunately most won't do so, and will end up with OpenCandy junk. Even so, if they'll run Malwarebytes of similar afterwards, chances are good for a cleanup...unless they got stuck with a toughie like Conduit. It's a can of worms.
Maybe Ninite run the installer like normal, just refusing all the bundled installation and not blocking or deleting OpenCandy. Good enough if undesirable installation is the only problem you're concerned of, but I wonder about the data sent to OpenCandy.....
Either modifying hosts file or using universal extractor, then.
Simply going through all those offer and turning each one down is good enough to ensure no extra software installed, however there are many tricks used to sometimes fool even the most careful. Very troublesome.
www.videohelp.com/software/imgburn ....even though it contain some uniblue desktop shortcuts(driverscanner, registrybooster, etc) but I don't think they are selected by default?
Try https://www.videohelp.com/download/SetupImgBurn_18.104.22.168.exe and see if any adware is selected in the installation process by default.
Can anyone try https://www.videohelp.com/download/SetupImgBurn_22.214.171.124.exe on a computer without imgburn previously installed ? And see if you get ASK toolbar on something else?
in 126.96.36.199 changelog there's this:
"Changed: Re-wrote the installer so the Ask Toolbar gets installed along with the rest of the files (if it's selected of course!) and not the second you click the 'Next/Install' button on the toolbar offer page. (No freeze when clicking 'Next' and looks nicer)"
which imply at least the one before this has ask toolbar too.
Then there's this: http://forum.imgburn.com/index.php?/topic/14352-lose-the-ask-toolbar/
so maybe 188.8.131.52 is the last clean one. I remember seeing someone mentioned which one is the truly last version to not include Ask and OpenCandy, but I don't remember where....
However we can rule out 184.108.40.206 and above.
Last edited by ticktock; 11th Jan 2016 at 03:54.
If it it's selected
I'm only sure that 220.127.116.11 has NO toolbar or crap.
The following URLs are accessed too...
http://apnmedia.ask.com/media/toolbar/stub/18.104.22.168/ApnIC.dll?tb=IMB&version=22.214.171.124 http://crl.verisign.com/ http://websearch.ask.com/ http://img.apnanalytics.com/
maybe your hosts file is good or something?
changelog for 126.96.36.199:
Changed: No longer bundling/offering the Ask.com toolbar in the setup program, OpenCandy now handles product offerings during installation.
from same URL as above.
and from 188.8.131.52:
Added: Optional installation of the Ask.com toolbar within the installer as part of a new partnership.
Added: Optional creation of desktop icons/shortcuts (web links) for free scans using Uniblue's DriverScanner, RegistryBooster and SpeedUpMyPC programs within the installer as part of an affiliate scheme.
I missed that before because of wrong search term, but I guess 184.108.40.206 is really the last safe one then.
crl.verisign is for certificate revocation list. doesn't seem safe to add to block list, and verisign is connected to SSL and web certificate.
Last edited by ticktock; 11th Jan 2016 at 04:42. Reason: adding response
Okey. Going back to 220.127.116.11 as adfree on www.videohelp.com/software/imgburn then.
Okey, I guess 18.104.22.168 is okey then.
I checked one file with unexposed opencandy dll and virustotal could detect it, so if virustotal doesn't detect anything there it's official, then.
How about the "more information" part?
More information and other downloads:
The last free version without adware is Imgburn 22.214.171.124.
Last edited by ticktock; 11th Jan 2016 at 04:49. Reason: adding things
Here's what happens on 126.96.36.199
When the Imgburn installer launches, it puts all the install files in your temp directory. The Ask Stub is put there too, but it's just the installer. For now, it's benign. It does almost nothing. It's waiting. It's just like any other stub, be it Firefox or Adobe Flash. Remember that the stub isn't the full program.
When the temp folder is emptied at some point, the never-did-anything installer (including all the Imgburn files) are wiped out.
Ask Stub does try to connect 4 IPs:
[Attachment 35192 - Click to enlarge]
However, this is likely for the purpose of connecting to Ask, as part of the prep for install. Again, a stub is not the full software. The stub downloads the current version of the full software. But if no install is made, it does little more than tell Ask that an install attempt was made.
I use Windows 10 Firewall Control from Sphinx (freeware version), which essentially turns the Windows firewall into Little Snitch (a popular Mac tool). It has nothing to do with Windows 10, so don't be fooled by the (stupid) name. HOSTS file adds are not as needed when running this, as you can wholesale deny a program any network access. For example, I tell my Adobe software to STFU and sit in the corner. All the constant network access was ridiculous.
So 188.8.131.52 is safe. It's version 184.108.40.206 that had all the auto-install shit.
In those earlier years, changes to Imgburn were more meaningful. So version 2.4.x is far too old, and even version 220.127.116.11 may be a bit lacking. But 18.104.22.168 was essentially the final version, with 22.214.171.124 only adding crapware. So if you only give download links to older version, you may need to warn others that features may be missing.
See also: http://www.imgburn.com/?act=changelog
I would not bother installing anything older than 126.96.36.199.
188.8.131.52 is the only version I will host. And I have a link to latest version also(with a warning). I'm not going to add another link to an ask-toolbar version....
If I remember correctly, version 184.108.40.206 includes very important bug fix - a bug when BH14NS40/BH16NS40 drives couldn't write BD-R media at 14x and 16x speed because of incorrect speed recognition due to bug in firmwares of these drives (LightningUK! talked about the details of this bug on his forum).