Re: Avast Doesn't Block XP Defender malware (ave.exe)

Dustin Cook · 04-05-2010, 09:07 PM

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:hpe4g802lq7@news3.newsguy.com:

> From: "Beauregard T. Shagnasty" <a.nony.mous@example.invalid>
>
>| Dustin Cook wrote:
>
>>> Did you check the pcbutts and rot13 search query yet?
>
>| Wasn't it rot1 ?
>
>
>
>
>
> Public Marker #1
> ---------------------
>
>:S949n
> IF EXIST "%UserProfile%\application data\seilhturtlaereht.inf"
>
> seilhturtlaereht.inf ==> Drop the .INF
>
> seilhturtlaereht ==> theealtruthlies
>
>
>
>
> Public Marker #2
> ---------------------
>
>
>
> IF EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe" echo
> "%UserProfile%\local settings\temp\obatssrsghde.exe"
> IF EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe" echo
> "%UserProfile%\local settings\temp\obatssrsghde.exe">>remove-it.txt
>
>
> The file; "%UserProfile%\local settings\temp\obatssrsghde.exe" is a
> fabrication. It does not exist.
>
> It, obatssrsghde.exe, is actually a file name in code.
>
> obatssrsghde.exe ==> drop .EXE
>
> obatssrsghde
>
> increase character by 1 ==> pcbuttsthief
>
> ( ROT1 Right )
>
>

Woops. Sorry. Rot1 it was.

--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior

Dustin Cook · 04-05-2010, 09:07 PM

"Beauregard T. Shagnasty" <a.nony.mous@example.invalid> wrote in
news:hpe3k7$95a$1@news.eternal-september.org:

> Dustin Cook wrote:
>
>> Did you check the pcbutts and rot13 search query yet?
>
> Wasn't it rot1 ?
>

Yep, my bad.

--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior

David H. Lipman · 04-05-2010, 09:24 PM

From: "Dustin Cook" <bughunter.dustin@gmail.com>

| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
| news:hpe4g802lq7@news3.newsguy.com:

>> From: "Beauregard T. Shagnasty" <a.nony.mous@example.invalid>

>>| Dustin Cook wrote:

>>>> Did you check the pcbutts and rot13 search query yet?

>>| Wasn't it rot1 ?

>> Public Marker #1
>> ---------------------

>>:S949n
>> IF EXIST "%UserProfile%\application data\seilhturtlaereht.inf"

>> seilhturtlaereht.inf ==> Drop the .INF

>> seilhturtlaereht ==> theealtruthlies

>> Public Marker #2
>> ---------------------

>> IF EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe" echo
>> "%UserProfile%\local settings\temp\obatssrsghde.exe"
>> IF EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe" echo
>> "%UserProfile%\local settings\temp\obatssrsghde.exe">>remove-it.txt

>> The file; "%UserProfile%\local settings\temp\obatssrsghde.exe" is a
>> fabrication. It does not exist.

>> It, obatssrsghde.exe, is actually a file name in code.

>> obatssrsghde.exe ==> drop .EXE

>> obatssrsghde

>> increase character by 1 ==> pcbuttsthief

>> ( ROT1 Right )

| Woops. Sorry. Rot1 it was.

The important factor, and for the record...

Stuart placed the above and OTHER makers in the RogueFix utility. Within a short perioid
of time AFTER the RogueFix batch file was posted, Butts had a new version of Remove-It out
and those markers were CLEARLY found in whatever package he subsequently posted.

The markers were created in such a way that there should be NO hesitation in recognizing
the plagiarism. The chance of the strings naturaly occuring, encoded as they were, is
astronomically large. Yet, obviously so simple once you knew the key. As always,
"trusted" people knew in advance what the resultant string was, the key used and the maker
in general was going to be.

The public taunting of Butts and obatssrsghde.exe was then final clincher for many.

What was REALLY "interesting" was Butts trying to weasel his way out.

He said he sent obatssrsghde.exe with a MD5 = 3eb436f91454923f2d7f1d8dda41f681 to Virus
Total and gave us a Virus Total report.

That made me laugh as I have access to an administrator of Virus Total and i told him it
was about catching Butts in a lie. Since he knew the whole story he was happy to assist
and he provided me the following information...

"MD5 = 3eb436f91454923f2d7f1d8dda41f681

it arrived twice, sent by the same person:

file name: obatssrsghde.exe
date.....: 2009/07/21 03:40
source...: US, Anonymous, id 1340019

file name: roxio_downloaded_from_Demonoid.co
date.....: 2009/07/21 03:34
source...: US, Anonymous, id 1340019"

Thus Butts found something to the effect of "roxio_downloaded_from_Demonoid.co" and
submitted it to Virus Total. He then reanmed it to "obatssrsghde.exe" and re-submitted it
to Virus Total as "obatssrsghde.exe" and that was the report he provided. Too f'n phunny
!

Butts gets caught in lies, and gets called out on them. He covers them with more lies,
etc, infinitum.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

David H. Lipman · 04-05-2010, 09:30 PM

http://forums.techarena.in/security-.../1210804-2.htm

http://groups.google.com/group/alt.c...e83b7a3ad24cfe

http://forums.techarena.in/security-systems/1210804.htm

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

The Real Truth MVP · 04-05-2010, 10:50 PM

Oh grow up! you ****ing crybabies cried bloody hell when I passworded my
website. David lipman's ass actually complained to my ISP because he
couldn't get to my files. Now you are *****ing because you have no access to
my MySpace page. Cry your little heart out you wimp because you will never
have access to it.
Sissy boy.

--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.

"Dustin Cook" <bughunter.dustin@gmail.com> wrote in message
news:Xns9D517314232E4HHI2948AJD832@69.16.185.250.. .
> ~BD~ <BoaterDave@hotmail.co.uk> wrote in
> news:lrqdnWenNpa7TiTWnZ2dnUVZ7sidnZ2d@bt.com:
>
>>> Would you knowingly buy and use an operating system called "Butts
>>> Windows" if you knew it was actually Microsoft Windows with all the
>>> logos changed?
>>
>> No
>
> Then, why would you use pcbutts stolen tools? Same thing applies here.
> The little weasel didn't write them.
>
>> Not satisfactorily though. As you chose *not* to post what you say are
>> genuine pictures, readers are left in doubt as to whether you really
>> have same. You would also, of course, have had to divulge exactly how
>> you acquired them.
>
> Geeze. This is downright stupid now. PcButts (Christopher) has a myspace
> page; at one point, it wasn't private. He has pictures of his family on
> it; that's where they came from. In one of the pictures, he's celebrating
> a birthday? or something and is sitting right in the middle of the big
> table in the restaurant. Nobody stole or played a fast one on
> Christopher, he's volunteered almost all of the information people have
> collected on him.
>
> He has since made the page private and you have to be his friend to get
> access, but.. hell, it's myspace; not hard to get on someones friends
> list if you really wanted to waste the time.
>
>>> Blatant violation of copyright law should be enough.
>>>
>>
>> If you are quite certain of your facts then I believe you have a public
>> *duty* - maybe in conjunction with all those who are in agreement with
>> you - to bring about a prosecution of the offending individual.
>
> Have you been following along in the RIAA lawsuits? even the RIAA has a
> hard time proving copyright infringement; even when the suspect admits
> doing it.
>
>> I cannot believe that help in not available to you in Obama's USA.
>
> Heh.
>
>> "Put your money where your mouth is" comes to mind.
>
> Very cost prohibitive to bring any legal action towards Christopher. And
> he knows this.
>
>
>
>
>
> --
> "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
> this boulder right down a cliff." - Goblin Warrior
>

~BD~ · 04-06-2010, 01:57 AM

Dustin Cook wrote:
> ~BD~<BoaterDave@hotmail.co.uk> wrote in news:YqGdnco-
> IZNfyyfWnZ2dnUVZ8kdi4p2d@bt.com:
>
>> David H. Lipman wrote:
>>> From: "FromTheRafters"<erratic@nomail.afraid.org>
>>>
>>> | "~BD~"<BoaterDave@hotmail.co.uk> wrote in message
>>> | news:v9adnYvt7piHOiTWnZ2dnUVZ7tudnZ2d@bt.com...
>>>
>>>>> I do not believe he/she is involved in Cybercrime in any way. /Those/
>>>>> are the 'bad guys' in which I am interested.
>>>
>>> | Software piracy isn't cybercrime?
>>>
>>>
>>> Bindo !!
>>>
>>> IP theft of the Internet is indeed a "cybercrime".
>>>
>>
>> It is exactly what TRT accused Malwarebytes of doing - and they did!
>
> Excuse me? Please explain exactly what you mean by this...
>
>
>
>
I'll simply quote David Lipman who said in this thread .........

"They blocked access to an IP and had signature detection for his
plagiarized utility."

~BD~ · 04-06-2010, 02:14 AM

The Real Truth MVP wrote:
> Oh grow up! you ****ing crybabies cried bloody hell when I passworded my
> website. David lipman's ass actually complained to my ISP because he
> couldn't get to my files. Now you are *****ing because you have no
> access to my MySpace page. Cry your little heart out you wimp because
> you will never have access to it.
> Sissy boy.
>

You do yourself no favours writing like that TRT (sorry Bts!) and it
seems to me, as an 'outsider', that it might simply be best for you to
*admit* "borrowing" the work of others in order to use your (as yet
unchallenged) skills to help people overcome their malware problems.

I suggested to you long ago that you should completely re-invent
yourself and put this phase behind you, but you chose not to do so. If
you guys *are* all on the side of fighting malware you'd all be better
off pulling in the same direction instead of fighting one another.

Perhaps you really did suffer injuries in a nasty accident and this has
knocked you slightly off course, TRT. If so, perhaps the knowledgeable
and experienced computer folk here could/would help you get back on
track - if only you would come clean and actually *ask* them to help you.

It's your call.

--
Dave

Leythos · 04-06-2010, 05:23 AM

In article <hpeb1f$kmj$1@leythos.motzarella.org>, trt@void.com says...
> Oh grow up! you ****ing crybabies cried bloody hell when I passworded my
> website. David lipman's ass actually complained to my ISP because he
> couldn't get to my files. Now you are *****ing because you have no access to
> my MySpace page. Cry your little heart out you wimp because you will never
> have access to it.
> Sissy boy.
>

LOL, we've been able to get your pirated files even when you passworded
it. All we had to do was ask and you sent the password.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

Dustin Cook · 04-06-2010, 12:16 PM

"The Real Truth MVP" <trt@void.com> wrote in
news:hpeb1f$kmj$1@leythos.motzarella.org:

> Oh grow up! you ****ing crybabies cried bloody hell when I passworded
> my website. David lipman's ass actually complained to my ISP because
> he couldn't get to my files. Now you are *****ing because you have no
> access to my MySpace page. Cry your little heart out you wimp because
> you will never have access to it.
> Sissy boy.

*hahah*. What makes you so sure I don't have access? *hahahahaha*

--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior

Dustin Cook · 04-06-2010, 12:17 PM

Leythos <spam999free@rrohio.com> wrote in
news:MPG.2624d59bc21c142098a27e@us.news.astraweb.c om:

> In article <hpeb1f$kmj$1@leythos.motzarella.org>, trt@void.com says...
>> Oh grow up! you ****ing crybabies cried bloody hell when I passworded
>> my website. David lipman's ass actually complained to my ISP because
>> he couldn't get to my files. Now you are *****ing because you have no
>> access to my MySpace page. Cry your little heart out you wimp because
>> you will never have access to it.
>> Sissy boy.
>>
>
> LOL, we've been able to get your pirated files even when you
> passworded it. All we had to do was ask and you sent the password.
>

hahahahahahaahahaha

--
"Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge
this boulder right down a cliff." - Goblin Warrior

Thread: Re: Avast Doesn't Block XP Defender malware (ave.exe)

Thread Tools

Display