Beta DB and HB - infected.

And don't say it's false positive. lol.

http://www.thebuddyforum.com/demonb...-db-build-110-tony-your-pm-indbox-full-3.html

decrypted Thumb.DB from beta demonbuddy:
https://www.virustotal.com/file/3df...4fe154df6f11c71c97b8fbe1/analysis/1355742632/
Behavioural information

html_xor.jpg decrypted - https://www.virustotal.com/file/7db...54ef5a9239a261db2da8c065/analysis/1355746227/

this shit is steal diablo/guild wars 2/wow passwords (game=%s&host=%s&user=%s&pass=%s) and xor'ed by 0xAA.

Crypted program from Thumb.DB connecting to html_xor.jpg and this jpg is contains this stealer! what the fuck you doing, devs? you have rat in your team? or what? and don't say it's false positive because its NOT!

 

UUuh drama!

 

you login to wow before you open HB, so how does it steal your passwords?

 

who cares? WHY beta db/hb is doing that shit? what the fuck thumb.db file in beta version appear? all moders say - false positive, lol. and Nesox say - it's icon file, lolwut? icon file with CRYPTED trojan downloader inside?

 

Ok I am going to say this simply to save the DEVS time and energy explaining something that they have already explained several times. This is not a keylogger, or password stealer, or anything of the sort. Do you honestly think that 1) The devs would ever jeopardize the entire project simply to steal a few botters' accounts, or 2) the community would not catch on if there really was a threat to account security? The simple truth is that the scans you posted ARE false positives and its easy to tell because it only showed up on a few of the scanners and none of the better scanners showed anything.

This thread needs closed and to be honest you need to stop trying to spread panic with this nonsense. If you are truly worried about the security of your account then get an authenticator. But seeing as you bot you are obviously not overly worried about the account in the first place.

 

IDA false positive too? LOL!

 

The only way a .jpg extension "icon file" can actually contain a trojan/virus is if the machine has already been infected with the actual virus, then it could read an imprint so to speak from an external image to infect other image's. i thought the only virus of it's type was the W32/Perrun. Seems harmless if legit though probably should not be there.

 

loool, just download beta http://updates.buddywing.com/GetNewest?filter=DemonbuddyBETA and scan it on virustotal

 

Seriously...you are looking into the BETA releases. Why would you be using that instead of a tested public release? have you tested the public release or are you simply trying to scare people? from what i can see you are a complete noob to this entire project and have absolutely no idea of how any of this works. either use the program or dont, either way stop flaming the forums with stupidity.

 

u are kidding? beta is infected already, so this thumb.db file come in next stable release. i already using 291 version and all is fine. this shitty file appear ONLY on last version of beta.

 

You're an idiot.

Edit: sorry you're not an idiot

 

and see what this man say:

virus scan of this archive with all shitty files from last beta:
https://www.virustotal.com/file/40b...5e3dc8200344cc04ea5df31f4088e56b414/analysis/
false positive? lol, then run beta now with live stream for us

 

So you are under the impression that they dont edit or change anything from beta to release? You dont think they scan the entire thing before they release it? Get your head out of your *** and use it to think.

 

He's not an idiot. We are looking into this right now and will post back with update.

 

then explain FOR WHAT this file - Thumb.db contains CRYPTED exe file and that exe file connecting to another crypted JPG file also infected and detected by many antiviruses like pass stealer? and see IDA screens again, if you so stupid or blind.

 

they better not steal my passwords, good job for decompiling HB and letting us know

 

Quick mind change?

 

And you think it would have made it to live release? Seriously for someone as paranoid as you all I can do is give you this link...Blizzard Store

 

what you say? again please