DONT UPDATE AMDex3.msi Bound To Honorbuddy.exe

[kravitz]

No, no it's not. I cannot believe how you guys behave toward your customers. You have infected them several times, the fact you guys even call your releases "safe" is hilarious. Each and every time, a community member needs to come here to tell YOU that your software is infected, and at times it even takes several attempts because threads are just closed with "nah we safe"

Seriously, you were compromised, a compromised build was delivered through your update server, this is not just a "simple" task, the fact you guys can continue to get compromised is just so damn sad.

Quite bitching and provide Tony with suggestions if you know "everything" about security. It's sad that you spend the majority of your time just writing ineffective posts that do nothing. Lol at you being infected! Also, if you're so damn good, you'd be running a sandbox, whatever.

Tony u are getting us all wrong.
Fact is the product is infected. How it came to be and why is not user's concern. I for one saw my Panda AV going nuts and went straight to HB forums to see what is going on. Found like 7-8 threads of people asking about it and no official statement/release
Then you come here and enter immature arguments with users:

This was FIRST OFFICIAL POST i could find on the subject. No announcement of what is going on, not even warning to other people not to update (other than warnings from random people that i would ignore if it didn't happen to myself aswell)...
Not professional at all. I for one don't have problem with whatever happened that led to the issue. I am having problem how you are handling it. If users (including me) are being dicks on forums it is because they are users, it is not their JOB to be professional and helpful. Yours on the other hand, is

Actually, no. Tony hadn't posted anything immature and was professional about it. Though a sticky on the first page and RELEASE section, would have been helpful. The problem is neanderthals posting flames and self proclaimed "Professionals" not providing him support when issues like this come up, and issues like this come up with EVERY large scale and despised businesses. Tony doesn't have the resources like Microsoft or Blizzard to catch these obscure threats 100% of the time, sure his system was compromised, now he has to deal with the internal problem.

I agree that it sucks downloading a file infected with a Trojan, but to me or any real professional, it's SIMPLE to remove without having to wipe a drive and re-image a machine. If your anti-virus flagged it as infected, yet you continued to install it, then who's problem is it anyway? Surely not Tonys or his staff. An infected .exe file just, sitting on your machine, can't do anything at all until YOU execute it!

ok sir tell me what youer antiviurs cause some failed to finde the trojan check this analysis out from today

https://www.virustotal.com/de/file/...74776f166a3095c2c357a786963493f0505/analysis/

Secure Erase and re-image literally takes less than 5-10 minutes, if you're running SSD. Standard mechanical drive, well... you ought to have backups.

Suggestions for users:
Sandbox
SecureErase
Acronis

It's your job to keep your machine and network safe. True story.

If you're worried about your passwords being compromised or stolen, then you ought to be using an encrypted vault (lastpass, etc...), or just use your brain to save that information. Common sense security.

Here is a link I use for security software (just DO NOT download from this site, go to the developers site to download!!!):
Download categories - download spyware removal and Internet privacy tools

 

[ski]

how come none of you nerds can explain what amdex does, why is it honorbuddy.exe is gone and no virus scanner found any infected files.. did it get passwords and delete itself.. wtf is going on

Amdex3.msi is just a generic container. The malware contained within is HeurEngine.Vmpbad (also goes by a bunch of other names). It's a downloader. Basically, once running, it reaches out to other command and control sites to download malware/spyware/trojan packages and install them on the host machine. Even if you get rid of the downloader, the other stuff will remain. I can't really tell you what negative effects it will have in regards to passwords or data as it depends what packages it downloads and installs.

As for why the .exe was gone and you found no infected files - your AV probably deleted or quarantined it during a real time search.

Here are the hashes for the clean exe, btw:

MD5: d78d2c15a65e1fd5f31c3f3da8627c96
SHA1: 22afcfe334507c60db258867e2100300d8743552

 

[Jacan]

Amdex3.msi is just a generic container. The malware contained within is HeurEngine.Vmpbad (also goes by a bunch of other names). It's a downloader. Basically, once running, it reaches out to other command and control sites to download malware/spyware/trojan packages and install them on the host machine. Even if you get rid of the downloader, the other stuff will remain. I can't really tell you what negative effects it will have in regards to passwords or data as it depends what packages it downloads and installs.

As for why the .exe was gone and you found no infected files - your AV probably deleted or quarantined it during a real time search.

Thank you!!! but I have absolutely no virus scanner, even windows defender and essentials is disabled, was not even a log. Since this is "targeting HB/DB specifically" does that mean the crap it downloads might not be detected? The weird thing is only one computer runs malwarebytes, but it got turned off by the virus apparently.. when I turned it back on and ran the scan it found amdex. I did not find the amdex file anywhere else.

 

[ski]

Thank you!!! but I have absolutely no virus scanner, even windows defender and essentials is disabled, was not even a log. Since this is "targeting HB/DB specifically" does that mean the crap it downloads might not be detected? The weird thing is only one computer runs malwarebytes, but it got turned off by the virus apparently.. when I turned it back on and ran the scan it found amdex. I did not find the amdex file anywhere else.

Depending on your firewall scenario (if you have one), it may not have been able to reach out to the C&C sites and thus didn't really do anything. I would recommend running a full MSE scan in addition to your MB scan just to be sure. Amdex is pretty old, so the C&C servers might not even be around anymore. I don't have a sandbox VM handy to look into it further atm.

 

[andric1]

>people complain about infected updates
>2013

If you're stupid enough to not have any protection when HB has been compromised several times now, it's your own fault. What do you guys expect? Someone to hold your hand and do everything for you? Nothing is 100% safe, even the government can get hacked. Just grow a pair and stop whining. Fact is that Honorbuddy has grown to be one of the biggest and most popular bots in the scene and thus hackers can get the biggest profits from hacking HB.

 

[mastercheem]

Obviously, you don't understand networking at all. I could sit here and "try" to auth on honorbuddy with a fake key for 50 years, and i still would fail, why? Because access is only granted to keys stored in DB. I would then require access to said DB. Which should be protected by unique encrypted keys given to each dev. Hell, you could even whitelist access to IPs or domains, but of course, you aren't a dev and you don't work in this field, so you wouldn't know, you just felt like poking me because, sure, why not right?

It is obviously not impossible for them to be compromised, but it should be impossible for BINARY to be released WHILE INFECTED. Because said binary should be tested, scanned and analysed before being deployed on a system which has been compromised 4 times already.

I don't know what system they use, or how they protect their stuff. But it baffles me how they can be comrpomised this many times, and how it always ends in the hands of the users. And it definatly don't help with the devs being silent about all of it

I see where your coming from, I thought you was just some scrub spouting off random garbage lol. At least you backed up the method to your madness. I'm sure they have all kinds of attacks from many places though, so it's probably fairly easy for something to sneak by.

That's why people need to take into consideration and make sure that their computer is always safe cause you never know, especially in this case where I would consider this to be some what unethical of software/forums.

 

[Hat 1]

Hi, Wizper,

You should always answer this question for yourself. You can upload any questionable file to VirusTotal to make an informed decision from its report.


Imho, not running some form of virus protection on a Windoze box is very dangerous. There are a number of free and effective AV packages available. Here is a good place to start conducting your research if you decide you're in the market for AV:

AV-TEST - The Independent IT-Security Institute: Home User​

cheers,
chinajade

Also hit the rescan button if it is found as virus scanners are updated regular on that site

Just a little note as well window base scanners will find more over the scanners on www.virustotal.com as this is how the makers of the virus scanners want it also windows base scanners work different as well as some viruses will only be picked up when run inside windows itself as Chinajade said it is bad not to run something and to use www.virustotal.com to judge the file yourself before running it

 

[ski]

Also hit the rescan button if it is found as virus scanners are updated regular on that site

Just a little note as well window base scanners will find more over the scanners on www.virustotal.com as this is how the makers of the virus scanners want it also windows base scanners work different as well as some viruses will only be picked up when run inside windows itself as Chinajade said it is bad not to run something and to use www.virustotal.com to judge the file yourself before running it

Jotti as well: Jotti's malware scan

 

[Rhainland]

Quite bitching and provide Tony with suggestions if you know "everything" about security. It's sad that you spend the majority of your time just writing ineffective posts that do nothing. Lol at you being infected! Also, if you're so damn good, you'd be running a sandbox, whatever.




Actually, no. Tony hadn't posted anything immature and was professional about it. Though a sticky on the first page and RELEASE section, would have been helpful. The problem is neanderthals posting flames and self proclaimed "Professionals" not providing him support when issues like this come up, and issues like this come up with EVERY large scale and despised businesses. Tony doesn't have the resources like Microsoft or Blizzard to catch these obscure threats 100% of the time, sure his system was compromised, now he has to deal with the internal problem.

I agree that it sucks downloading a file infected with a Trojan, but to me or any real professional, it's SIMPLE to remove without having to wipe a drive and re-image a machine. If your anti-virus flagged it as infected, yet you continued to install it, then who's problem is it anyway? Surely not Tonys or his staff. An infected .exe file just, sitting on your machine, can't do anything at all until YOU execute it!




Secure Erase and re-image literally takes less than 5-10 minutes, if you're running SSD. Standard mechanical drive, well... you ought to have backups.

Suggestions for users:
Sandbox
SecureErase
Acronis

It's your job to keep your machine and network safe. True story.

If you're worried about your passwords being compromised or stolen, then you ought to be using an encrypted vault (lastpass, etc...), or just use your brain to save that information. Common sense security.

Here is a link I use for security software (just DO NOT download from this site, go to the developers site to download!!!):
Download categories - download spyware removal and Internet privacy tools

I never said i was infected, but thanks for readin my post. If you did, you might actually find that i did put SOME useful information in there

 

[bambam922]

Annnnd this thread is going nowhere so I'm going to close it.
The current download for HB is safe.

Keep in mind that we have a giant target on our back.