• Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic
  • Beta DB and HB - infected.

    Discussion in 'Honorbuddy Support' started by Bugser, Dec 17, 2012.

    Thread Status:
    Not open for further replies.
    1. Bugser

      Bugser New Member

      Joined:
      Dec 6, 2012
      Messages:
      78
      Likes Received:
      3
      Trophy Points:
      0
      And don't say it's false positive. lol.

      http://www.thebuddyforum.com/demonb...-db-build-110-tony-your-pm-indbox-full-3.html

      decrypted Thumb.DB from beta demonbuddy:
      https://www.virustotal.com/file/3df...4fe154df6f11c71c97b8fbe1/analysis/1355742632/
      Behavioural information
      html_xor.jpg decrypted - https://www.virustotal.com/file/7db...54ef5a9239a261db2da8c065/analysis/1355746227/

      this shit is steal diablo/guild wars 2/wow passwords (game=%s&host=%s&user=%s&pass=%s) and xor'ed by 0xAA.

      Crypted program from Thumb.DB connecting to html_xor.jpg and this jpg is contains this stealer! what the fuck you doing, devs? you have rat in your team? or what? and don't say it's false positive because its NOT!
       
    2. Bugser

      Bugser New Member

      Joined:
      Dec 6, 2012
      Messages:
      78
      Likes Received:
      3
      Trophy Points:
      0
    3. Venus112

      Venus112 New Member

      Joined:
      Jun 17, 2010
      Messages:
      1,509
      Likes Received:
      13
      Trophy Points:
      0
      UUuh drama!
       
    4. xsilverdicex

      xsilverdicex New Member

      Joined:
      Jan 15, 2010
      Messages:
      1,389
      Likes Received:
      14
      Trophy Points:
      0
      you login to wow before you open HB, so how does it steal your passwords?
       
    5. Bugser

      Bugser New Member

      Joined:
      Dec 6, 2012
      Messages:
      78
      Likes Received:
      3
      Trophy Points:
      0
      who cares? WHY beta db/hb is doing that shit? what the fuck thumb.db file in beta version appear? all moders say - false positive, lol. and Nesox say - it's icon file, lolwut? icon file with CRYPTED trojan downloader inside?
       
    6. Violatio

      Violatio New Member

      Joined:
      Feb 13, 2012
      Messages:
      94
      Likes Received:
      2
      Trophy Points:
      0
      Ok I am going to say this simply to save the DEVS time and energy explaining something that they have already explained several times. This is not a keylogger, or password stealer, or anything of the sort. Do you honestly think that 1) The devs would ever jeopardize the entire project simply to steal a few botters' accounts, or 2) the community would not catch on if there really was a threat to account security? The simple truth is that the scans you posted ARE false positives and its easy to tell because it only showed up on a few of the scanners and none of the better scanners showed anything.

      This thread needs closed and to be honest you need to stop trying to spread panic with this nonsense. If you are truly worried about the security of your account then get an authenticator. But seeing as you bot you are obviously not overly worried about the account in the first place.
       
    7. Bugser

      Bugser New Member

      Joined:
      Dec 6, 2012
      Messages:
      78
      Likes Received:
      3
      Trophy Points:
      0
      IDA false positive too? LOL!
       
    8. xsilverdicex

      xsilverdicex New Member

      Joined:
      Jan 15, 2010
      Messages:
      1,389
      Likes Received:
      14
      Trophy Points:
      0
      The only way a .jpg extension "icon file" can actually contain a trojan/virus is if the machine has already been infected with the actual virus, then it could read an imprint so to speak from an external image to infect other image's. i thought the only virus of it's type was the W32/Perrun. Seems harmless if legit though probably should not be there.
       
    9. Bugser

      Bugser New Member

      Joined:
      Dec 6, 2012
      Messages:
      78
      Likes Received:
      3
      Trophy Points:
      0
      loool, just download beta http://updates.buddywing.com/GetNewest?filter=DemonbuddyBETA and scan it on virustotal
       
    10. Violatio

      Violatio New Member

      Joined:
      Feb 13, 2012
      Messages:
      94
      Likes Received:
      2
      Trophy Points:
      0
      Seriously...you are looking into the BETA releases. Why would you be using that instead of a tested public release? have you tested the public release or are you simply trying to scare people? from what i can see you are a complete noob to this entire project and have absolutely no idea of how any of this works. either use the program or dont, either way stop flaming the forums with stupidity.
       
    11. Bugser

      Bugser New Member

      Joined:
      Dec 6, 2012
      Messages:
      78
      Likes Received:
      3
      Trophy Points:
      0
      u are kidding? beta is infected already, so this thumb.db file come in next stable release. i already using 291 version and all is fine. this shitty file appear ONLY on last version of beta.

       
    12. wilbo007

      wilbo007 Member

      Joined:
      Dec 20, 2011
      Messages:
      656
      Likes Received:
      15
      Trophy Points:
      18
      You're an idiot.

      Edit: sorry you're not an idiot
       
      Last edited: Dec 17, 2012
    13. Bugser

      Bugser New Member

      Joined:
      Dec 6, 2012
      Messages:
      78
      Likes Received:
      3
      Trophy Points:
      0
      and see what this man say:
      virus scan of this archive with all shitty files from last beta:
      https://www.virustotal.com/file/40b...5e3dc8200344cc04ea5df31f4088e56b414/analysis/
      false positive? lol, then run beta now with live stream for us
       
      wilbo007 likes this.
    14. Violatio

      Violatio New Member

      Joined:
      Feb 13, 2012
      Messages:
      94
      Likes Received:
      2
      Trophy Points:
      0
      So you are under the impression that they dont edit or change anything from beta to release? You dont think they scan the entire thing before they release it? Get your head out of your *** and use it to think.
       
    15. Hawker

      Hawker Well-Known Member Buddy Core Dev

      Joined:
      Jan 15, 2010
      Messages:
      2,509
      Likes Received:
      70
      Trophy Points:
      48
      He's not an idiot. We are looking into this right now and will post back with update.
       
    16. Bugser

      Bugser New Member

      Joined:
      Dec 6, 2012
      Messages:
      78
      Likes Received:
      3
      Trophy Points:
      0
      then explain FOR WHAT this file - Thumb.db contains CRYPTED exe file and that exe file connecting to another crypted JPG file also infected and detected by many antiviruses like pass stealer? and see IDA screens again, if you so stupid or blind.
       
    17. wilbo007

      wilbo007 Member

      Joined:
      Dec 20, 2011
      Messages:
      656
      Likes Received:
      15
      Trophy Points:
      18
      they better not steal my passwords, good job for decompiling HB and letting us know
       
    18. buzzerbeater

      buzzerbeater Well-Known Member

      Joined:
      Mar 21, 2011
      Messages:
      5,419
      Likes Received:
      28
      Trophy Points:
      48
      Quick mind change?
       
    19. Violatio

      Violatio New Member

      Joined:
      Feb 13, 2012
      Messages:
      94
      Likes Received:
      2
      Trophy Points:
      0
      And you think it would have made it to live release? Seriously for someone as paranoid as you all I can do is give you this link...Blizzard Store
       
    20. Bugser

      Bugser New Member

      Joined:
      Dec 6, 2012
      Messages:
      78
      Likes Received:
      3
      Trophy Points:
      0
      what you say? again please

       
    Thread Status:
    Not open for further replies.

    Share This Page