News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Warning re: IMGBURN 2.5.8.0

    Posted on Rick Corbett Comment on the AskWoody Lounge

    Home Forums Code Red – Security/Privacy advisories Warning re: IMGBURN 2.5.8.0

    Tagged: ,

    This topic contains 14 replies, has 9 voices, and was last updated by  anonymous 5 days, 4 hours ago.

    • Author
      Posts
    • #1904058 Reply

      Rick Corbett
      AskWoody_MVP

      It’s been a while since I had to copy a DVD but yesterday I was given a case of 30 DVDs and asked to copy them all as a rush job.

      As per usual I downloaded/installed ImgBurn from its parent website and began copying. I’ve used ImgBurn for years and have always rated it as a great utility.

      This morning I found that Malwarebytes Premium had flagged the installer as malware (Windows Defender didn’t raise any warning):

      imgburn01

      I forwarded the installer to VirusTotal and it lit up like a Christmas tree:

      imgburn02

      I’ve registered with ImgBurn to alert its developer and will post back with any reply.

      Hope this helps…

       

      Attachments:
      6 users thanked author for this post.
    • #1904104 Reply

      satrow
      AskWoody MVP

      Clean version here in case you want it, Rick: https://www.techspot.com/downloads/3285-imgburn.html

      VT result: https://www.virustotal.com/gui/file/49aa06eaffe431f05687109fee25f66781abbe1108f3f8ca78c79bdec8753420/detection 1 detection of ‘unsafe’ from Cylance (whatever product that is, added in the last ~14 hours).

      2 users thanked author for this post.
      • #1905554 Reply

        Rick Corbett
        AskWoody_MVP

        Thanks, mate. It’s too late for current installation but appreciated anyway. Sorry for late reply… getting car ready for sudden drive to Munich day after tomorrow.

        1 user thanked author for this post.
    • #1904126 Reply

      zero2dash
      AskWoody Lounger

      It’s been bundled with PUP’s for as long as I can remember.
      Just have to be careful of what you’re clicking on when installing it but otherwise you should be fine.

      The one off MajorGeeks is also clean, with no OpenCandy. https://www.majorgeeks.com/files/details/imgburn.html

      Editor’s Note:
      This is a clean, no OpenCandy version.

      2 users thanked author for this post.
      • #1905555 Reply

        Rick Corbett
        AskWoody_MVP

        The installation shows no indication of PUPs either during the install nor afterwards. No ‘opt-outs/ins’ of additional software, no pre-ticked checkboxes, nada, zilch.

    • #1904127 Reply

      tonyl
      AskWoody Lounger

      Many installers trigger Malmarebytes. Axcrypt is another.

    • #1904193 Reply

      EP
      AskWoody_MVP

      ImgBurn does work with Windows 10, even though Imgburn’s logs “mis-identify” Win10 as Windows 8, 6.2 build 9200

    • #1904261 Reply

      AJNorth
      AskWoody Plus

      Yes, I abandoned ImgBurn some time ago after the vendor began to incorporate various PUPs.

      FWIW, I have been quite pleased with CDBurner XP; a few days or so after each new version is released, they provide a “clean” executable for installation (I use the portable version, which is always clean) — https://cdburnerxp.se/en/download (click on “More download options”).  Perhaps this will meet your needs.

      Cheers,

      AJN

      1 user thanked author for this post.
    • #1905583 Reply

      Carl D
      AskWoody Lounger

      ImgBurn is a great program and I’ve been using it for years.

      But, I’ve always been amused (from reading the ImgBurn forums) by the author’s attempts to deny that people were having issues with PUP’s being installed with version 2.5.8.0 (caused by the allegedly defunct OpenCandy, although rumour has it that OpenCandy just changed their name and they’re still in business. Not too sure?).

      Someone was still having an issue as recently as July this year:

      http://forum.imgburn.com/index.php?/topic/25617-direct-link-still-installs-unwanted-software-despite-unchecked-offers/

      And again, denial from the author – the issue in fact appeared right from the first release of 2.5.8.0 back in 2013. His forum is literally littered with complaints since then.

      Anyway, another good way to get a clean install of ImgBurn (and other programs) is Ninite:

      https://ninite.com/

      ImgBurn is under ‘Utilities’.

       

      1 user thanked author for this post.
    • #1905592 Reply

      Carl D
      AskWoody Lounger

      Rick,

      you’ll probably get the same denial about PUP’s from the developer as everyone else has been getting since 2013 (if you get a reply at all).

      (I was going to edit my first post to add this but the Edit option has gone. How long does the Edit option remain available for now? Used to be an hour or several hours from memory but it was just under half an hour when I came back to add this and I’m too late?).

      • #1905593 Reply

        geekdom
        AskWoody Plus

        You now have 15 minutes to edit a post.

        Group G{ot backup} Win7Pro · x64 · SP1 · i3-3220 · TestBeta · Microsoft Security Essentials
        1 user thanked author for this post.
    • #1907870 Reply

      Rick Corbett
      AskWoody_MVP

      OK, I’m back from 1600+ miles round-trip and can now deal with the Malwarebytes Premium (MBAM) warning re: the IMGBURN 2.5.8.0 installer.

      My previous post showed no detection of add-ons.

      I was wrong.

      The IMGBURN 2.5.8.0 installer from the IMGBURN parent site dropped the following 3 registry keys:

      HKU\S-1-5-21-3599076297-1431849526-2150086412-1000\SOFTWARE\WebDiscoverBrowser
      HKLM\SOFTWARE\WebDiscoverBrowser
      HKLM\SOFTWARE\WOW6432NODE\WebDiscoverBrowser
      

      Examination of those 3 registry keys show no end of apparently obfuscated data gathering but no links that I could see to any executables.

      Whatever… I deleted them all.

      • #1907879 Reply

        Rick Corbett
        AskWoody_MVP

        HKU = HKEY_CURRENT_USER

        HKLM = HKEY_LOCAL_MACHINE

        • #1907896 Reply

          Rick Corbett
          AskWoody_MVP

          My mistake…

          HKU = HKEY_USERS

          HKLM = HKEY_LOCAL_MACHINE

          Sorry I couldn’t correct earlier but, unlike many other sites, AskWoody only allows a 15 minute edit window in order to fix your mistakes.

    • #1908059 Reply

      anonymous

      You can turn on Defender scanning for PUPs (or PUAs, as MS calls them) using group policy or powershell.  This howtogeek article elaborates the powershell method.  Note, it’s not enough to simply enable the group policy, you also have to select ‘block’ in the pulldown.

       

       

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Warning re: IMGBURN 2.5.8.0

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.