What's new
By:
  • Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic
  • Visit Resources
  • Visit Downloads
  • Visit Portal

Attention to all users that have no AV installed and downloaded HB/DB past 24 hours

Given the circumstances I wouldn't be prepared to accept anything as a false positive. HB is an incredible product but like a lot of commercial sites it's now the victim of cyber attacks. Such a shame.
 
It must have installed something on pc... and the only reason I let down my AV is because someone made a forum post telling me that it was OK because its like a aimbot where it gives malware errors...

newho... my wow account has been locked again due to some random IP trying to access it while i was at work today...
 
Okay, to get this straight:

The 557 version people are referring to (which was the clean and working version of hb that they rolled out yesterday after the infection) is now infected again?
Some guy was talking about a 558 version too - whats up?
 
TreeEskimo said:
Okay, to get this straight:

The 557 version people are referring to (which was the clean and working version of hb that they rolled out yesterday after the infection) is now infected again?
Some guy was talking about a 558 version too - whats up?
Click to expand...

Don't know if it's infected, Virustotal shows 1 infection of 44 scan engines. Maybe false positive. May not.
 
Does anyone know what exactly this 558 file did? i installed it earlier today, but whiped my hd afterwards for security.

anything else i should do?
 
I just saw the thread which says that 557 was infected. I downloaded the new .557 yesterday just before I made the post "nvm i didnt know there's an update to HB". Am I still safe? Or is the infected part already there prior to that?

This is the post that I am talking about.
Tompost said:
nvm i didnt know there's an update to HB
Click to expand...
 
Honorbuddy 2.5.7016.562 downloaded from Home 20 minutes ago STILL CONTAINS a trojan of some sorts. I believe it starts in "THUMB.DB", it then creates a file called AMDEx3.msi which is detected as a trojan, and has been stated many times that this file is NOT a part of Honorbuddy.

AVG detects both THUMB.DB and the AMDEx3.msi as malicious files..

Not completely sure what's so hard to remove about it - unless you guys have no idea which files the malicious code is in.
 
Lautaro said:
Honorbuddy 2.5.7016.562 downloaded from Home 20 minutes ago STILL CONTAINS a trojan of some sorts. I believe it starts in "THUMB.DB", it then creates a file called AMDEx3.msi which is detected as a trojan, and has been stated many times that this file is NOT a part of Honorbuddy.

AVG detects both THUMB.DB and the AMDEx3.msi as malicious files..

Not completely sure what's so hard to remove about it - unless you guys have no idea which files the malicious code is in.
Click to expand...

Interesting that you say that. The .562 version I downloaded from updates.buddywing.com does not create THUMBS.db nor AMDEx3.msi
Also, the .zip passes all virus scans.
 
All of the links on the website do not link to the new website with the updates. They seem to redirect to the old infected version of Honorbuddy.
 
Last edited:
EDIT: @MODS...


The FILE that I downloaded from Home about 40mins ago now was named "Honorbuddy 2.5.7016.562." which contains THUMB.DB.

The FILE I downloaded 2 minutes ago named "Honorbuddy 2.5.7016.562" contains NO THUMB.DB.


One version has a .
 
Last edited:
Lautaro said:
@BamBam

It is interesting. But I am sure of this.
Auto update - AVG Detected a virus, removed my hb.exe.

I deleted my entire HB folder except my custom profiles. downloaded it manually, was detected as virus which automatically remove the files (the two in question including HB.exe). It also removed the honorbuddy.exe for some reason.

Restarted my computer. Redownloaded the file and the same two items we're detected upon opening the honorbuddy.exe. This time it ONLY removed the two files, and not honorbuddy.exe.



EDIT: BTW, Thumb.DB is INSIDE THE ZIP.
Click to expand...

Either way, the releases have been cleaned and both update servers should be good to go for download.
 
As my father used to say "Sh*t happens". If your so concerned with the security in place for honorbuddy don't use it. Thanks for getting a clean version back up guys.
 
Lautaro said:
@BamBam

It is interesting. But I am sure of this.
Auto update - AVG Detected a virus, removed my hb.exe.

I deleted my entire HB folder except my custom profiles. downloaded it manually, was detected as virus which automatically remove the files (the two in question including HB.exe). It also removed the honorbuddy.exe for some reason.

Restarted my computer. Redownloaded the file and the same two items we're detected upon opening the honorbuddy.exe. This time it ONLY removed the two files, and not honorbuddy.exe.



EDIT: BTW, Thumb.DB is INSIDE THE ZIP.
Click to expand...

i just got word that all the releases from all build server
updates.buddywing.com
and
updates.buddyauth.com

are clean at this point.
 
CodenameG said:
i just got word that all the releases from all build server
updates.buddywing.com
and
updates.buddyauth.com

are clean at this point.
Click to expand...

Yup confirmed. Current release is now clean. As stated above - the infected file ended with a full stop. Barely noticeable. And contains THUMB.DB and Honoebuddy.bak.

If you download this file, do not extract it.
 
Lautaro said:
Yup confirmed. Current release is now clean. As stated above - the infected file ended with a full stop. Barely noticeable. And contains THUMB.DB and Honoebuddy.bak.

If you download this file, do not extract it.
Click to expand...
if you have old releases just delete them.
if your not sure if you've been infected then run a local virus scan with avast or comodo (if your using comodo just use the anti-virus not the entire suite, its full of bloat) unfortunately AVG and MSE wont pick it up. (at least according to virus total)
 
You must log in or register to reply here.
Back
Top