Beta DB and HB - infected.

[Bugser]

And don't say it's false positive. lol.

http://www.thebuddyforum.com/demonb...-db-build-110-tony-your-pm-indbox-full-3.html

decrypted Thumb.DB from beta demonbuddy:
https://www.virustotal.com/file/3df...4fe154df6f11c71c97b8fbe1/analysis/1355742632/
Behavioural information

URL: http://www.gtnbus.com/html_xor.jpg
TYPE: GET
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US)

html_xor.jpg decrypted - https://www.virustotal.com/file/7db...54ef5a9239a261db2da8c065/analysis/1355746227/

this shit is steal diablo/guild wars 2/wow passwords (game=%s&host=%s&user=%s&pass=%s) and xor'ed by 0xAA.

Crypted program from Thumb.DB connecting to html_xor.jpg and this jpg is contains this stealer! what the fuck you doing, devs? you have rat in your team? or what? and don't say it's false positive because its NOT!

 

[Bugser]

 

[Venus112]

UUuh drama!

 

[xsilverdicex]

you login to wow before you open HB, so how does it steal your passwords?

 

[Bugser]

you login to wow before you open HB, so how does it steal your passwords?

who cares? WHY beta db/hb is doing that shit? what the fuck thumb.db file in beta version appear? all moders say - false positive, lol. and Nesox say - it's icon file, lolwut? icon file with CRYPTED trojan downloader inside?

 

[Violatio]

And don't say it's false positive. lol.

http://www.thebuddyforum.com/demonb...-db-build-110-tony-your-pm-indbox-full-3.html

decrypted Thumb.DB from beta demonbuddy:
https://www.virustotal.com/file/3df...4fe154df6f11c71c97b8fbe1/analysis/1355742632/
Behavioural information

html_xor.jpg decrypted - https://www.virustotal.com/file/7db...54ef5a9239a261db2da8c065/analysis/1355746227/

this shit is steal diablo/guild wars 2/wow passwords (game=%s&host=%s&user=%s&pass=%s) and xor'ed by 0xAA.

Crypted program from Thumb.DB connecting to html_xor.jpg and this jpg is contains this stealer! what the fuck you doing, devs? you have rat in your team? or what? and don't say it's false positive because its NOT!

Ok I am going to say this simply to save the DEVS time and energy explaining something that they have already explained several times. This is not a keylogger, or password stealer, or anything of the sort. Do you honestly think that 1) The devs would ever jeopardize the entire project simply to steal a few botters' accounts, or 2) the community would not catch on if there really was a threat to account security? The simple truth is that the scans you posted ARE false positives and its easy to tell because it only showed up on a few of the scanners and none of the better scanners showed anything.

This thread needs closed and to be honest you need to stop trying to spread panic with this nonsense. If you are truly worried about the security of your account then get an authenticator. But seeing as you bot you are obviously not overly worried about the account in the first place.

 

[Bugser]

Ok I am going to say this simply to save the DEVS time and energy explaining something that they have already explained several times. This is not a keylogger, or password stealer, or anything of the sort. Do you honestly think that 1) The devs would ever jeopardize the entire project simply to steal a few botters' accounts, or 2) the community would not catch on if there really was a threat to account security? The simple truth is that the scans you posted ARE false positives and its easy to tell because it only showed up on a few of the scanners and none of the better scanners showed anything.

This thread needs closed and to be honest you need to stop trying to spread panic with this nonsense. If you are truly worried about the security of your account then get an authenticator. But seeing as you bot you are obviously not overly worried about the account in the first place.

IDA false positive too? LOL!

 

[xsilverdicex]

who cares? WHY beta db/hb is doing that shit? what the fuck thumb.db file in beta version appear? all moders say - false positive, lol. and Nesox say - it's icon file, lolwut? icon file with CRYPTED trojan downloader inside?

The only way a .jpg extension "icon file" can actually contain a trojan/virus is if the machine has already been infected with the actual virus, then it could read an imprint so to speak from an external image to infect other image's. i thought the only virus of it's type was the W32/Perrun. Seems harmless if legit though probably should not be there.

 

[Bugser]

The only way a .jpg extension "icon file" can actually contain a trojan/virus is if the machine has already been infected with the actual virus, then it could read an imprint so to speak from an external image to infect other image's. i thought the only virus of it's type was the W32/Perrun. Seems harmless if legit though probably should not be there.

loool, just download beta http://updates.buddywing.com/GetNewest?filter=DemonbuddyBETA and scan it on virustotal

 

[Violatio]

Seriously...you are looking into the BETA releases. Why would you be using that instead of a tested public release? have you tested the public release or are you simply trying to scare people? from what i can see you are a complete noob to this entire project and have absolutely no idea of how any of this works. either use the program or dont, either way stop flaming the forums with stupidity.

 

[Bugser]

Seriously...you are looking into the BETA releases. Why would you be using that instead of a tested public release? have you tested the public release or are you simply trying to scare people? from what i can see you are a complete noob to this entire project and have absolutely no idea of how any of this works. either use the program or dont, either way stop flaming the forums with stupidity.

u are kidding? beta is infected already, so this thumb.db file come in next stable release. i already using 291 version and all is fine. this shitty file appear ONLY on last version of beta.

just download beta http://updates.buddywing.com/GetNewest?filter=DemonbuddyBETA and scan it on virustotal

 

[wilbo007]

You're an idiot.

Edit: sorry you're not an idiot

 

[Bugser]

and see what this man say:

View attachment 73996
View attachment 73997
Thumb.db in an encrypted PE (xor 0xAA)
It downloads file http://www.gtnbus.com/html_xor.jpg wich is other Windows PE file (xor 0xAA)
Last file is trojan too.

All files (decryptor included):
View attachment 73998

I would like to know why does those things included in HB and DB betas?

virus scan of this archive with all shitty files from last beta:
https://www.virustotal.com/file/40b...5e3dc8200344cc04ea5df31f4088e56b414/analysis/
false positive? lol, then run beta now with live stream for us

 

[Violatio]

u are kidding? beta is infected already, so this thumb.db file come in next stable release. i already using 291 version and all is fine. this shitty file appear ONLY on last version of beta.

So you are under the impression that they dont edit or change anything from beta to release? You dont think they scan the entire thing before they release it? Get your head out of your *** and use it to think.

 

[Hawker]

You're an idiot.

He's not an idiot. We are looking into this right now and will post back with update.

 

[Bugser]

So you are under the impression that they dont edit or change anything from beta to release? You dont think they scan the entire thing before they release it? Get your head out of your *** and use it to think.

then explain FOR WHAT this file - Thumb.db contains CRYPTED exe file and that exe file connecting to another crypted JPG file also infected and detected by many antiviruses like pass stealer? and see IDA screens again, if you so stupid or blind.

 

[wilbo007]

they better not steal my passwords, good job for decompiling HB and letting us know

 

[buzzerbeater]

You're an idiot.

they better not steal my passwords, good job for decompiling HB and letting us know

Quick mind change?

 

[Violatio]

And you think it would have made it to live release? Seriously for someone as paranoid as you all I can do is give you this link...Blizzard Store

 

[Bugser]

And you think it would have made it to live release? Seriously for someone as paranoid as you all I can do is give you this link...Blizzard Store

what you say? again please

He's not an idiot. We are looking into this right now and will post back with update.