Demonbuddy is acting like a virus and renaming itself

[Sebastian1989101]

Nice. I got a strike for "Bad Language" because I create a Thread that descripse that DB is acting like a virus and renaming itself over and over again.

Here the original thread:

Why does my demonbuddy.exe rename itself all the time? With this implementation my virus scanner kicks in all the time and also my proxy wont work... What the hell is this and how can I stop demonbuddy itself from renaming?!

I think I will also create a Google report for that kind of action. Maybe you like it more to get down ranked in SEO and also got a charge back for the payment. Don't know wich kind of d***a** developer create such a "function".

 

[uljimah]

https://www.thebuddyforum.com/demon...ial-tripwire-event-19-feb-2016-02-23-utc.html

Status Update

We have blocked the usage of old Demonbuddy and Hearthbuddy builds and will be pushing new builds that
will be as safe as before soon.

You might notice that our bots will be renaming themselves after they have launched. This is done for security
measures and shouldn't affect your daily usage. Bots will be leaving an auto updating shortcut (symlink) in the
folder which you can use as there was no renaming like before. We tried our best for this security measure to
not affect any reloggers or provide a bad experience in any form. Manually renaming the symlink or the exe
will not provide any extra protection and should be avoided.

Thank you all for your support and happy botting.

Can't tell if troll or too stupid to look around a bit. That took me less then 2-3 minutes to find.

 

[ntina]

Dude.... db rename its self as a safety measure since the last tripewire event..... its intended behavior.

 

[Sebastian1989101]

And it is stupid. Many virus scanner will react now because the *.exe file is no longer excluded. Also proxy connections like proxifier don't work with something like this. And both are necessery for many users. Also all days before (even today in the morning) the bot works normal without renaming. So why now?! It make absolute no sense. Also blizzard don't need to scan for the application name. There are way better ways to detect the bot.

 

[uljimah]

Literally going to re-quote this for you.

https://www.thebuddyforum.com/demon...ial-tripwire-event-19-feb-2016-02-23-utc.html

Status Update

We have blocked the usage of old Demonbuddy and Hearthbuddy builds and will be pushing new builds that
will be as safe as before soon.

You might notice that our bots will be renaming themselves after they have launched. This is done for security
measures and shouldn't affect your daily usage. Bots will be leaving an auto updating shortcut (symlink) in the
folder which you can use as there was no renaming like before. We tried our best for this security measure to
not affect any reloggers or provide a bad experience in any form. Manually renaming the symlink or the exe
will not provide any extra protection and should be avoided.




Can't tell if troll or too stupid to look around a bit. That took me less then 2-3 minutes to find.

 

[Sebastian1989101]

Did you even know how a pc is working? Blizzard don't know the name of the executing file they only know the process name (and this has nothing todo with the filename). Renaming executable files and run it is how viruses work therefore virusscanner will kick in even if you exclude Demonbuddy.exe because this action is a pure virusaction. There is no way to exclude a action like that in a good virusscanner, yes you can exclude the whole folder but an action like this will still kicks in on a good scanner. Also proxy server configuration for single applications won't work with this kind of action.

For me renaming the executable is just the work of a stupid developer. A implementation like this only brings in problems and no solutions. If you wanna hide the process name from blizzard, just rename the process but not the executable file. Blizzard has no rights to scan your whole pc for files (nobody has the right except the owner). I just bought a life time license and a stupid implementation like this just makes the bot unusable for me. My virusscanner goes enrage for this action, my proxy won't work (without the proxy no application can access the internet in my configuration because I wanna control wich application can do this). You can qoute the post again and again this action from the developer is just stupid. But yea every forum needs a qoute hero who don't know anything.

 

[raphus]

Nice. I got a strike for "Bad Language" because I create a Thread that descripse that DB is acting like a virus and renaming itself over and over again.

Here the original thread:



I think I will also create a Google report for that kind of action. Maybe you like it more to get down ranked in SEO and also got a charge back for the payment. Don't know wich kind of d***a** developer create such a "function".

And it is stupid. Many virus scanner will react now because the *.exe file is no longer excluded. Also proxy connections like proxifier don't work with something like this. And both are necessery for many users. Also all days before (even today in the morning) the bot works normal without renaming. So why now?! It make absolute no sense. Also blizzard don't need to scan for the application name. There are way better ways to detect the bot.

We, the dumbass developers, care more about the security of your accounts more then the Google SEO ranking or your antivirus application. The change is made because it was required.

Please feel free to contact Blizzard to share your better ways to detect the bots, not us.

Most antivirus applications that are not developed by dumbass developers allows excluding folders nowadays. You can also always add rules for ports in proxy applications.

 

[Mr McGibblets]

And it is stupid. Many virus scanner will react now because the *.exe file is no longer excluded. Also proxy connections like proxifier don't work with something like this. And both are necessery for many users. Also all days before (even today in the morning) the bot works normal without renaming. So why now?! It make absolute no sense. Also blizzard don't need to scan for the application name. There are way better ways to detect the bot.

Add an exception for virus scanner to the db folder instead of the executable. Otherwise stop using it if you don't trust them to not give you a virus. Sorry to hear this affect's your proxy management, looks like you will need to find a new way to monitor the software when away from home. I would go the support@bossland route for asking for a refund as opposed to a charge back.

Anyone else feel reminded of the south park YELP review episode? "If you don't give me what I want, I'll give you a bad review!"

 

[Tony]

Nice. I got a strike for "Bad Language" because I create a Thread that descripse that DB is acting like a virus and renaming itself over and over again.

Here the original thread:



I think I will also create a Google report for that kind of action. Maybe you like it more to get down ranked in SEO and also got a charge back for the payment. Don't know wich kind of d***a** developer create such a "function".

for the records your post was


"Why the fuck does my demonbuddy.exe rename itself all the time? With this stupid implementation my virus scanner kicks in all the time and also my proxy wont work... What the hell is this shit and how can I stop demonbuddy itself from renaming"


your nose will grow next time...

 

[qztr]

Why are you even using an anti-virus program?

 

[Sebastian1989101]

We, the dumbass developers, care more about the security of your accounts more then the Google SEO ranking or your antivirus application. The change is made because it was required.

Please feel free to contact Blizzard to share your better ways to detect the bots, not us.

Most antivirus applications that are not developed by dumbass developers allows excluding folders nowadays. You can also always add rules for ports in proxy applications.

And it was required because you wanna hide the application from the user? The process handle as no termination to it's source (we are still in windows here and not in unix). The only "it was required" in combination of the executing assembly is to hide it from the user. The process name has absolut nothing todo with the name of the executable. And yea Blizzard is so dumb that they will not notice the attached hash-process to there application...

And how he can detect your bots? Simply. Just use the netstat-Ability of windows to see if any application tries to access your servers. Done. Or maybe they should watch for players that restarting games for A5 bounties, over and over again because there is an "bad bounty".

And yea my virus scanner supports folder excluding. But he is still watching for actions like this because no normal application will do it. But yea it is so hard to just rename the process name. It needs a whole line of code in C#.

 

[raphus]

And it was required because you wanna hide the application from the user? The process handle as no termination to it's source (we are still in windows here and not in unix). The only "it was required" in combination of the executing assembly is to hide it from the user. The process name has absolut nothing todo with the name of the executable. And yea Blizzard is so dumb that they will not notice the attached hash-process to there application...

And how he can detect your bots? Simply. Just use the netstat-Ability of windows to see if any application tries to access your servers. Done. Or maybe they should watch for players that restarting games for A5 bounties, over and over again because there is an "bad bounty".

And yea my virus scanner supports folder excluding. But he is still watching for actions like this because no normal application will do it. But yea it is so hard to just rename the process name. It needs a whole line of code in C#.

I will not give any details due to obvious reasons, but it is clear that you have no idea on how their *current* bot detections works and how we are protecting against them.

You are free to ask for a refund via [email protected] email and choose a bot with better (to you) protections if you do not like our mandatory methods.

 

[Sebastian1989101]

So your arguments end here? That was quick. Maybe you should read a book on how process handles in Windows works. Blizzard has no rights to scan my computer. If they do so I can strike on him even if I go agains there Eula. So the only thing that is scannable for them is the attaches process list. Therefore the only thing they can see is the Processname wich could be changed in C# by "Thread.CurrentThread.Name = "Some Thread Name";".

Also I don't care if you care for my account security. I trust my BitDefender because it is the most aggressive anti virus software. And even if I exclude the whole dictionary of Demonbuddy an action like renaming the executable will be detected anyway (and there is no way to avoid this detection in BitDefender). So with the new change, wich is still dumb, I can only use the bot in a VM without any protection.

Why is there no option in the app.config to disable the renaming? It is easy to implement and it will avoid problems with virus scanner. Sure you think Blizzard will detect me if the bot don't rename but in this case it is my own risk (same as it is my own risk to bot anyway). But thanks for the joke that the renaming of the application will protect me for the detection. The last time we could laugh so hard at work a "developer" candidate says that "development" is changeing configuration files.

 

[jezzzz]

>op is very smart
>cant tunnel a tool thru proxifier which changes its name every start up, it didnt get "more" work for you in any way

 

[Sebastian1989101]

>op is very smart
>cant tunnel a tool thru proxifier which changes its name every start up, it didnt get "more" work for you in any way

The tunnel with proxifier is just an inverted rule of my actual ones. But I can't avoid the BitDefender detection even with exclusion because renaming executables is a harm way of viruses and not of a legal application.

 

[MaiN]

Maybe you should read a book on how process handles in Windows works. -snip-. Therefore the only thing they can see is the Processname wich could be changed in C# by "Thread.CurrentThread.Name = "Some Thread Name";".

Hahaha, thanks for the laugh. At least try running the code you share before you share it, and see if it will have the effect you think. This does nothing to the process name.

Perhaps you should pick up a book on Windows. Maybe one that was about how process handles work.

 

[raphus]

So your arguments end here? That was quick. Maybe you should read a book on how process handles in Windows works. Blizzard has no rights to scan my computer. If they do so I can strike on him even if I go agains there Eula. So the only thing that is scannable for them is the attaches process list. Therefore the only thing they can see is the Processname wich could be changed in C# by "Thread.CurrentThread.Name = "Some Thread Name";".

Also I don't care if you care for my account security. I trust my BitDefender because it is the most aggressive anti virus software. And even if I exclude the whole dictionary of Demonbuddy an action like renaming the executable will be detected anyway (and there is no way to avoid this detection in BitDefender). So with the new change, wich is still dumb, I can only use the bot in a VM without any protection.

Why is there no option in the app.config to disable the renaming? It is easy to implement and it will avoid problems with virus scanner. Sure you think Blizzard will detect me if the bot don't rename but in this case it is my own risk (same as it is my own risk to bot anyway). But thanks for the joke that the renaming of the application will protect me for the detection. The last time we could laugh so hard at work a "developer" candidate says that "development" is changeing configuration files.

I do not want to insult you in public. Please stop talking about stuff that you have no idea about how it works.

We have enough experience in this field to write a book rather then reading them. You are making yourself look pathetic.

 

[Akuma]

OMG i love this thread, please do not close it!

 

[samsmug]

Why are you even using an anti-virus program?

^ This.

If you still get viruses in 2016 you're doing the internet wrong.

 

[byobodybag]

I rank this thread 5/7, would read again.