• Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic

    • Norton putting HB 4265 .exe on quarantine and deleting it

    Discussion in 'Archives' started by swordofdawn, Mar 7, 2011.

    Page 1 of 4
    1. swordofdawn

      swordofdawn New Member

      Joined:
      Feb 14, 2011
      Messages:
      6
      Likes Received:
      0
      Trophy Points:
      0
      Below is the full log:

      Full Path: Not Available
      ____________________________
      ____________________________
      On computers as of:
      Not Available
      Last Used:
      at
      Startup Item:
      No
      Launched:
      Yes
      ____________________________
      ____________________________
      Unknown
      Number of users in the Norton Community that have used this file: Unknown
      ____________________________
      High
      This file risk is high.
      ____________________________
      Threat Details
      SONAR Protection monitors for suspicious program activity on your computer.
      ____________________________
      Origin
      Downloaded from URL Not Available

      ____________________________
      File Actions
      File: c:\Users\myUser\Desktop\HB4265\honorbuddy.exe
      No Action Required
      ____________________________
      System Settings Actions
      Event: Process start (Performed by c:\users\myUser\desktop\hb4265\honorbuddy.exe, PID:5156)
      No action taken
      ____________________________
      Suspicious Actions
      Event: Keystroke capture (Performed by c:\users\myUser\desktop\hb4265\honorbuddy.exe, PID:5156)
      No action taken
      Event: Attempt to start a remote thread in a process address space (Performed by c:\users\myUser\desktop\hb4265\honorbuddy.exe, PID:5156)
      No action taken
      ____________________________
      File Thumbprint - SHA:
      Not Available
      ____________________________
      File Thumbprint - MD5:
      Not Available
      ____________________________



      Any explanation/solution please?
       
      swordofdawn, Mar 7, 2011
      #1
    2. Apoc

      Apoc Moderator Staff Member Moderator

      Joined:
      Jan 16, 2010
      Messages:
      2,790
      Likes Received:
      94
      Trophy Points:
      48
      Norton is being overly anal about how we interact with WoW.

      Honorbuddy does setup a very small keyboard hook (well, we don't, but .NET does) to handle "fake" input if a developer needs it. (Note: we do not provide facilities to 'log' any keystrokes an end-user does. Only things the bot does itself.)

      We also start remote threads in WoW to handle injection, among other things.

      It's been doing both of these since the beginning. Not sure why Norton is just now picking it up. You can add Honorbuddy to your AV's ignore list (or just disable your AV), and get around the issue. Unfortunately; we can't do a whole lot about it.
       
      Apoc, Mar 7, 2011
      #2
    3. swordofdawn

      swordofdawn New Member

      Joined:
      Feb 14, 2011
      Messages:
      6
      Likes Received:
      0
      Trophy Points:
      0
      Thanks for your[Faster than the speed of light] response Apoc!
       
      swordofdawn, Mar 7, 2011
      #3
    4. gemetzel

      gemetzel New Member

      Joined:
      Feb 8, 2011
      Messages:
      76
      Likes Received:
      0
      Trophy Points:
      0
      lol.
       
      gemetzel, Mar 7, 2011
      #4
    5. manse2750

      manse2750 Member

      Joined:
      Apr 2, 2010
      Messages:
      58
      Likes Received:
      0
      Trophy Points:
      6
      rofl.. seriously dude... rofl
       
      manse2750, Mar 7, 2011
      #5
    6. mvog2v1z5

      mvog2v1z5 Guest

      newb
       
      mvog2v1z5, Mar 7, 2011
      #6
    7. eemuman

      eemuman New Member

      Joined:
      Nov 11, 2010
      Messages:
      116
      Likes Received:
      1
      Trophy Points:
      0
      rly how newb am i ...

      Bossland: last warning for this year
       
      eemuman, Mar 7, 2011
      #7
    8. fattony

      fattony New Member

      Joined:
      Feb 15, 2010
      Messages:
      56
      Likes Received:
      0
      Trophy Points:
      0
      I see that Amroks stupid post was removed.
       
      fattony, Mar 7, 2011
      #8
    9. Botanist

      Botanist Banned

      Joined:
      Oct 20, 2010
      Messages:
      1,376
      Likes Received:
      44
      Trophy Points:
      0
      For Norton users, just add the HB folder to the real time protection and scan exclusion list. It only takes about 30 seconds to it. Make sure to "tick" include subfolders.
       
      Botanist, Mar 7, 2011
      #9
    10. shuuk

      shuuk Member

      Joined:
      Apr 25, 2010
      Messages:
      736
      Likes Received:
      0
      Trophy Points:
      16
      hmm intressting... i think bossland has something to tell us about this
       
      shuuk, Mar 8, 2011
      #10
    11. bigmanx

      bigmanx New Member

      Joined:
      Nov 6, 2010
      Messages:
      12
      Likes Received:
      0
      Trophy Points:
      1
      Hmm , I get the same alert when trying to run the latest HB version. Weird thing is that at the previous version(4129) Norton doesn't detect a thing. I know av-s sometimes give false positives but why alert me at 4265 version and when I run the 4129 version nothing happens. I don't want to make crazy statements (like some people) but if someone could explain this alert I would be very pleased.

      PS: I'm really paranoid and stuff and I used the 4129 version after that alert:D
       
      bigmanx, Mar 8, 2011
      #11
    12. bigmanx

      bigmanx New Member

      Joined:
      Nov 6, 2010
      Messages:
      12
      Likes Received:
      0
      Trophy Points:
      1
      NVM i saw the second reply by apoc, guess that makes sense.
       
      bigmanx, Mar 8, 2011
      #12
    13. Croga

      Croga Well-Known Member

      Joined:
      Jun 7, 2010
      Messages:
      1,636
      Likes Received:
      27
      Trophy Points:
      48
      If you don't trust it:
      - Get an authenticator
      - Don't start HB until you're logged in (can't log in to HB before that anyway)

      Problem solved, now go take that tinfoil hat elsewhere.
       
      Croga, Mar 8, 2011
      #13
      tknm likes this.
    14. james12

      james12 Guest

      Because there is corruption going on here and a lot of "hiding". I made this account because of the fear of having my active, main life time account banned before I can ask for a refund. I too have had my accounts stolen in the last few hours. Now I get to spend hours on the phone with Blizzard attempting to get back whats mine.

      To all of the users who are saying "we will wait for a mod or admin to confirm" OPEN YOUR EYES! Who in their right mind would admit that there is malicious code in one of their plugins or bots? It would lose Bossland money and cause him to lose members. I've been MORE than faithful to this community over the last year. I've paid for lifetime, released several profiles and even a plugin on this board.

      Once I get my lifetime refund, I'll be leaving this community for good.
       
      james12, Mar 8, 2011
      #14
    15. Narayan

      Narayan Member

      Joined:
      Oct 26, 2010
      Messages:
      405
      Likes Received:
      2
      Trophy Points:
      18
      haha yer HB really steals your password information....... *sigh*
       
      Narayan, Mar 8, 2011
      #15
    16. BlackHer0

      BlackHer0 New Member

      Joined:
      Sep 16, 2010
      Messages:
      12
      Likes Received:
      0
      Trophy Points:
      0
      :-D ololol stealing our passwords and accounts you not really thought we wouldn't get it.... But this is one of the best trys since a long time lol
       
      BlackHer0, Mar 8, 2011
      #16
    17. bossland

      bossland Administrator

      Joined:
      Jan 15, 2010
      Messages:
      14,883
      Likes Received:
      259
      Trophy Points:
      146
      Next time anyone accuses me to steal anything -> lets meet before court.
       
      bossland, Mar 8, 2011
      #17
    18. MaiN

      MaiN Moderator Staff Member Moderator Buddy Core Dev

      Joined:
      Jan 15, 2010
      Messages:
      1,017
      Likes Received:
      35
      Trophy Points:
      48
      Stop being an idiot. If you have any proof show it, otherwise shut up. I can also make a picture of some code I wrote for the purpose of a screenshot. It doesn't automatically make it the truth or prove anything.
       
      MaiN, Mar 8, 2011
      #18
    19. Makelio

      Makelio New Member

      Joined:
      Jan 17, 2011
      Messages:
      526
      Likes Received:
      8
      Trophy Points:
      0
      have you ever think WHY on earth someone with 60wow acc's need more acc's??
      have you ever think WHY someone like bossland with earnings more then 1000euro per month wanna loose this for 5-6 wow acc's?
      have you ever think WHY PPL LIKE THIS TEAM DO SOMETHING LIKE THIS SINCE THEY KNOW OTHER PROGRAMMERS WILL FIND IT OUT?!!? :S
      i mean come on... if you wanna leave just leave... dont spread the fear with stupid thinks...
       
      Makelio, Mar 8, 2011
      #19
    20. moujoohoo

      moujoohoo New Member

      Joined:
      Apr 29, 2010
      Messages:
      448
      Likes Received:
      1
      Trophy Points:
      0
      This just a scam.... HB don't steal anything


      Love HB and the DEV team
       
      moujoohoo, Mar 8, 2011
      #20
    Page 1 of 4

    Share This Page