What's new
By:
  • Visit Rebornbuddy
  • Visit Panda Profiles
  • Visit LLamamMagic
  • Visit Resources
  • Visit Downloads
  • Visit Portal

Thumb.db DB build 110, tony your PM indbox is full

Status
Not open for further replies.
R

Rhainland

New Member
Joined
Nov 17, 2010
Messages
75
Reaction score
0
Tony, can you empty your inbox so i can PM you. You closed my thread, without explaining why theres an EXE in a db file used to store image data. Theres really no reason for it to be there, and i dont feel comfortable taking your "word" for something thats very unorthodox. No offense btw, but security is a very important concern.
 
Last edited:
Tinnvec said:
There's no Thumbs.db file. and .db is not an exe....
Click to expand...
Look at the latest build (110) and no, thumb.db is not an exe file. Theres an EXECUTABLE WITHIN the file, which theres no need for. On top of that, its encrypted which is rather odd, when a standard thumb.db file only holds information for image data

Just want tony to close this when he sees it, and open up for more PMs so i can possibly get some answers lol
 
Last edited:
Well you are going about this the entirely wrong way. You pretty much come across as a whiny troll. Simply my opinion
 
I don't see such a file in my HB folder. Enabled the view of hidden files too.

I think your making something out of nothing :(

Edit: Sorry, I'm a nub. Did not see it was in Demonbuddy section :D
 
Tinnvec said:
Well you are going about this the entirely wrong way. You pretty much come across as a whiny troll. Simply my opinion
Click to expand...

My first post had proof and was more structured, he closed that but i cant get in touch with him. Im just asking him to delete some pms, hows that the wrong way?

Smoogel said:
I don't see such a file in my HB folder. Enabled the view of hidden files too.

I think your making something out of nothing :(
Click to expand...

Its not in HB, its in DB. It might be nothing, thats why i am asking. Its unusual to put an executable in a .db file used to store image data.
 
Tony said:
i cant see where is the problem
Click to expand...
Thats why i would like Nesox to comment.

In the newest beta build for DB(110) a new file was added named thumb.db, now this in itself is not "odd" thumb.db usually handles some data for pictures within the same folder, which since DB uses custom logos in the program, and tray, is completely natural.

What makes me wonder, is why the thumb.db is encrypted(its a windows extension holding NO sensitive data) on top of that, the file in demonbuddy contains an executable(exe) which is really really weird for a file thats not supposed to execute anything.

h8fHS.png


Its totally fine if you dont have the knowledge to see what this is Tony, thats why i wanted nesox to respond to this and clear all this up.
 
Sent this thread to Nesox.
I think you will get response soon.
 
heres a description of what some of the ATI stuff does
-- ccc.exe just preloads the applet for display settings, you can always get to ccc thru windows display options (assuming you installed it)
-- fuel.exe is used for the power options manager through ccc - you don't need FUEL unless you use want to change power options/plans thru ccc
-- atiesrxx.exe (or other similar) is for External Events Monitor used for user defined keyboard shortcuts through the ccc
Click to expand...

so its probably some kind of work around to insure compatibility if its installed. so its nothing to worry about. if you want another answer from nesox, it wont come as hes a sleep for the night and wont be able to get back to this thread for a while.

 
https://www.virustotal.com/file/3df...4fe154df6f11c71c97b8fbe1/analysis/1355742632/

See Behavioural information tab:
File system activity
Opened files...
C:\WINDOWS\installer\AMDEx3.msi (successful)
C:\WINDOWS\temp\temp0.bat (failed)
C:\WINDOWS\temp\temp0.bat (successful)
\\.\PIPE\wkssvc (successful)
\\.\PIPE\lsarpc (successful)
\\.\MountPointManager (successful)
C:\WINDOWS\Registration\R000000000007.clb (successful)
C:\WINDOWS\system32\rsaenh.dll (successful)
C:\WINDOWS\Temp\temp0.bat (successful)
Click to expand...

Network activity
HTTP requests...
URL: http://www.gtnbus.com/html_xor.jpg
TYPE: GET
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)
Click to expand...

this all need for work with icon? :D
 
Tony said:
as you can read its already answered
Click to expand...
it's can not be false positive. because it's connecting to another site, not to buddy auth or updates, and why this file only in BETA? HB/DB?

1st time you say - it's for icon, then you say - it's for ATI


and why EXE file hidden as DB? this file need for bot work?
 
Last edited:
Status
Not open for further replies.
Back
Top