Trojan found after update

[honors]

Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free anti-malware download

Database version: v2012.11.26.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
dustin :: A-COMPUTER [administrator]

11/26/2012 12:34:02 AM
mbam-log-2012-11-26 (00-34-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222332
Time elapsed: 2 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Windows\Installer\AMDEx3.msi (Malware.Generic) -> Quarantined and deleted successfully.
C:\Users\dustin\AppData\Local\Temp\buddyupdater14598437.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Users\dustin\AppData\Local\Temp\buddyupdater3250937.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Users\dustin\AppData\Local\Temp\buddyupdater48511625.exe (Trojan.MSIL) -> Quarantined and deleted successfully.
C:\Users\dustin\AppData\Local\Temp\buddyupdater49189765.exe (Trojan.MSIL) -> Quarantined and deleted successfully.

(end)


Please don't give me that false positive reply. I want to know exactly what it is/does, specifically AMDEx3.msi.

 

[Aroxan]

I'd say false positive, I don't think honorbuddy would really intend on putting viruses on their paying customer's computers.

 

[bambam922]

False positive.
As always

 

[Hybritian]

Make a new installation if your not happy with the flase positive. because like stated above thats exactly what it is.

 

[honors]

I don't care if it is a false positive I want to know what it is. Also I'm more concerned now because of this post http://www.thebuddyforum.com/honorbuddy-forum/support-issues/84781-trojan-2.html#post878321

CodenameG says it's not from honorbuddy when it clearly is.


@Aroxan

I'm not suggesting they would but to assume honorbuddy could not be compromised is rather naive.

 

[Gaz]

The bot is designed to "mess" with wow executable of course some AV will warn you, it is not a standard behavior for a program.

 

[lallezor]

HB injects to wow (like malicious programs do) its intented, nothing to worry

 

[honors]

The bot is designed to "mess" with wow executable of course some AV will warn you, it is not a standard behavior for a program.

HB injects to wow (like malicious programs do) its intented, nothing to worry

Thank you both for explaining that without being condescending, I really mean that.

 

[bambam922]

Since you want a more in-depth explanation..

Honorbuddy files are packed with something that is similiar to Themidia (If you know what that is).
Packing the honorbuddy files prevents them from being easily decoded and copied.
The files being packed alone could set off an anti virus, because said AV will not be able to read honorbuddy code to know what it does.

Your antivirus is probably detecting the buddy auto updater as a trojan because it automatically will download files without requesting permission to do so, even though you must run it as admin to work correctly.

As for AMDEx3.msi
It is a windows installer file.

 

[Tony]

as its already stated and explained many times,its a false positive

thread closed