Attention to all users that have no AV installed and downloaded HB/DB past 24 hours

Given the circumstances I wouldn't be prepared to accept anything as a false positive. HB is an incredible product but like a lot of commercial sites it's now the victim of cyber attacks. Such a shame.

 

It must have installed something on pc... and the only reason I let down my AV is because someone made a forum post telling me that it was OK because its like a aimbot where it gives malware errors...

newho... my wow account has been locked again due to some random IP trying to access it while i was at work today...

 

557 https://www.virustotal.com/nl/file/...2b8ef2dcff6b85de44db0348/analysis/1368005803/ is that 1 detection a false one? Cause it doesnt seem to find it in 560: https://www.virustotal.com/nl/file/...cf8af3a1a0ad54fb528c1740/analysis/1368005833/

 

Okay, to get this straight:

The 557 version people are referring to (which was the clean and working version of hb that they rolled out yesterday after the infection) is now infected again?
Some guy was talking about a 558 version too - whats up?

 

Don't know if it's infected, Virustotal shows 1 infection of 44 scan engines. Maybe false positive. May not.

 

they didn't infect the .exe file itself but they added a file to the .rar file that you donwload from the site

 

Does anyone know what exactly this 558 file did? i installed it earlier today, but whiped my hd afterwards for security.

anything else i should do?

 

I just saw the thread which says that 557 was infected. I downloaded the new .557 yesterday just before I made the post "nvm i didnt know there's an update to HB". Am I still safe? Or is the infected part already there prior to that?

This is the post that I am talking about.

 

they didnt touch the beta versions ? .227 ?

 

Bossland's post updated.

 

Honorbuddy 2.5.7016.562 downloaded from Home 20 minutes ago STILL CONTAINS a trojan of some sorts. I believe it starts in "THUMB.DB", it then creates a file called AMDEx3.msi which is detected as a trojan, and has been stated many times that this file is NOT a part of Honorbuddy.

AVG detects both THUMB.DB and the AMDEx3.msi as malicious files..

Not completely sure what's so hard to remove about it - unless you guys have no idea which files the malicious code is in.

 

Interesting that you say that. The .562 version I downloaded from updates.buddywing.com does not create THUMBS.db nor AMDEx3.msi
Also, the .zip passes all virus scans.

 

All of the links on the website do not link to the new website with the updates. They seem to redirect to the old infected version of Honorbuddy.

 

then dont download anything and sit tight till we can shut everything down

tested build 562 from here http://updates.buddywing.com/GetNewest?filter=Honorbuddy
and it came out clean.
https://www.virustotal.com/en/file/...ecfc37415f95a3fe2300a2a9/analysis/1368075500/

you can try it, or you can wait.

 

EDIT: @MODS...


The FILE that I downloaded from Home about 40mins ago now was named "Honorbuddy 2.5.7016.562." which contains THUMB.DB.

The FILE I downloaded 2 minutes ago named "Honorbuddy 2.5.7016.562" contains NO THUMB.DB.


One version has a .

 

Either way, the releases have been cleaned and both update servers should be good to go for download.

 

As my father used to say "Sh*t happens". If your so concerned with the security in place for honorbuddy don't use it. Thanks for getting a clean version back up guys.

 

i just got word that all the releases from all build server
updates.buddywing.com
and
updates.buddyauth.com

are clean at this point.

 

Yup confirmed. Current release is now clean. As stated above - the infected file ended with a full stop. Barely noticeable. And contains THUMB.DB and Honoebuddy.bak.

If you download this file, do not extract it.

 

if you have old releases just delete them.
if your not sure if you've been infected then run a local virus scan with avast or comodo (if your using comodo just use the anti-virus not the entire suite, its full of bloat) unfortunately AVG and MSE wont pick it up. (at least according to virus total)