Malwarebytes

[~BD~]

Dustin wrote:
> ~BD~<~BD~@nomail.afraid.com> wrote in
> news:isvcpg$o1o$1@dont-email.me:
>
>> I'm not alleging anything.

> Yes you are. In a slimy fashion.

In your opinion - that doesn't make it a fact!

> I'm asking straight-forward questions!

Read post #19 here http://www.wilderssecurity.com/showthread.php?t=299502

"Carberp also installs a plug-in that removes other malware from the
infected machine. That's brilliant."

Do you recognise the similarity, Dustin?

You of course, albeit that you are an ex-employee, may have no knowledge
of some underlying activity which just *might* be taking place by
running MBAM. If you are (were) so good at what you say you did, Malware
research, why did Malwarebytes dispense with your services?

I'm just curious, but that fact might seem odd to other readers too!

Dave

[Dustin]

~BD~ <~BD~@nomail.afraid.com> wrote in
news:it3e51$3np$1@dont-email.me:

> In your opinion - that doesn't make it a fact!

Then why not just be straight forward?


> "Carberp also installs a plug-in that removes other malware from the
> infected machine. That's brilliant."
>
> Do you recognise the similarity, Dustin?

One uninstall for a very specific sample and you compare that to a
program which doesn't do a silent sneaky driveby install, and has a
real uninstaller for itself and detects thousands of other malware
programs? Give me a break. Paranoid isn't extreme in your case, eh?

> You of course, albeit that you are an ex-employee, may have no
> knowledge of some underlying activity which just *might* be taking
> place by running MBAM. If you are (were) so good at what you say you
> did, Malware research, why did Malwarebytes dispense with your
> services?

As you have already been told, I won't discuss specifics of my
departure with the company. It wasn't on bad terms if that's what your
trying to imply here via your usual slimeball ways. There is no way
MBAM did anything nefarious without one of us catching onto it. You're
simply making accusations because they tossed your ass on the forum.
Don't think people don't see you and this for what you and it is.

> I'm just curious, but that fact might seem odd to other readers too!

I don't care how curious you are. Fact is, you will *never* know.

--
Why drink the water from my hand?
Contagious as you think I am
Just tilt my sun towards your domain
Your cup runneth over again

[Dustin]

~BD~ <~BD~@nomail.afraid.com> wrote in
news:it38gh$vg2$1@dont-email.me:

> OK! You went to a great deal of trouble, for which I thank you.

And turn around and smack him right in the face..

> It appears, though, that you did *not* then proceed with a forensic
> examination of said machine. Is this correct?

For what purpose? The machine was clean before and after running MBAM.
Period. You simply display more profound stupidity concerning your
understanding of software and computers in general.

> I've bought and paid for (and tested) a number of Kaspersky
> products.

You don't have the skills to properly test anything.

> I've also tested the corporate version of Symantec AV - which caused
> me to be banned by Aumha.net! What were they concerned about?!!

You were blantantly advertising the usage of warez.

--
Why drink the water from my hand?
Contagious as you think I am
Just tilt my sun towards your domain
Your cup runneth over again

[~BD~]

Dustin wrote:
> ~BD~<~BD~@nomail.afraid.com> wrote in
> news:it38gh$vg2$1@dont-email.me:
>
>> OK! You went to a great deal of trouble, for which I thank you.
>
> And turn around and smack him right in the face..

WTF???? I've no idea what you mean by this.

>> It appears, though, that you did *not* then proceed with a forensic
>> examination of said machine. Is this correct?
>
> For what purpose? The machine was clean before and after running MBAM.
> Period. You simply display more profound stupidity concerning your
> understanding of software and computers in general.

The purpose of asking questions here is to *better* understand such
matters. Yes the machine started out clean. Software was downloaded,
updated and run. The software /declared/ the machine to be clean (as
would be expected).

Unless the machine is immediately subjected to a forensic examination
one cannot be *certain* - as far as I'm aware - that nothing untoward
has occurred.

My understanding to date is that efficient Malware can reside inside a
computer without the knowledge of a user (even if he's a techie!). Do
you dispute this?

>> I've bought and paid for (and tested) a number of Kaspersky
>> products.
>
> You don't have the skills to properly test anything.

Do *you* have the skill to carry out a forensic test on a computer just
as I've described?

Have you ever done so? Perhaps you should, even if only to come back
here and /then/ say BD's theory is disproved.

>> I've also tested the corporate version of Symantec AV - which caused
>> me to be banned by Aumha.net! What were they concerned about?!!
>
> You were blantantly advertising the usage of warez.

Again, that's your opinion. I certainly had the permission of the
licensee of the Symantec corporate product and it was used only for test
purposes over a few weeks. It was never used on any computer for the
day-to-day protection of a personal computer. As far as I'm concerned,
no harm was done (even though, perhaps, not strictly in accord with the
Symantec license).

[~BD~]

Dustin wrote:
> ~BD~<~BD~@nomail.afraid.com> wrote in
> news:it3e51$3np$1@dont-email.me:
>
>> In your opinion - that doesn't make it a fact!
>
> Then why not just be straight forward?

I'll strive to improve. It will help if folk give honest answers.

>> "Carberp also installs a plug-in that removes other malware from the
>> infected machine. That's brilliant."
>>
>> Do you recognise the similarity, Dustin?
>
> One uninstall for a very specific sample and you compare that to a
> program which doesn't do a silent sneaky driveby install, and has a
> real uninstaller for itself and detects thousands of other malware
> programs? Give me a break. Paranoid isn't extreme in your case, eh?

I'm not paranoid, Dustin. Despite many thousands of minds working to
combat Malware, cybercrime continues to increase exponentially. I'm
simply looking at things from outside the box.

>> You of course, albeit that you are an ex-employee, may have no
>> knowledge of some underlying activity which just *might* be taking
>> place by running MBAM. If you are (were) so good at what you say you
>> did, Malware research, why did Malwarebytes dispense with your
>> services?
>
> As you have already been told, I won't discuss specifics of my
> departure with the company. It wasn't on bad terms if that's what your
> trying to imply here via your usual slimeball ways.

I'm implying nothing. I suggest that *you* carefully consider exactly
why your services were declared to be no longer necessary. The Malware
is still out there and still needs good researchers - doesn't it?!!

> There is no way MBAM did anything nefarious without one of us catching onto it.

Your opinion, Dustin. That may not be true.

> You're simply making accusations because they tossed your ass on the forum.

No accusations have been made. I've asked searching questions which I
guess some folk don't like! Too close to the mark, maybe?

> Don't think people don't see you and this for what you and it is.

Trumped-up charges. Why was my open apology not accepted?

>> I'm just curious, but that fact might seem odd to other readers too!
>
> I don't care how curious you are. Fact is, you will *never* know.

The truth *will* out!

[Bullwinkle.]

It will help if you give honest answers

Here is a straight forward question for you:

Are you the father of your daughters recent baby?

Your word is no good you will need to provide proof, either way.

Remembering there is a 50-50 chance she is not your daughter.

So you may be ok if you are the dad of the baby.






"~BD~" <~BD~@nomail.afraid.com> wrote in message
news:it4ef8$vo9$1@dont-email.me...


It will help if folk give honest answers.

[G. Morgan]

Dustin wrote:

>Here's whats going on.. You were close tho.
>
>It actually sets all files from root down to hidden. You lose your
>desktop icons and your programs menu has no entries. It's also
>redirecting (via registry edit) executables to be launched thru it, so
>if you do remove the executable you get the infamous open with box when
>you try to run something. You edit the registry to fix this... It's one
>line. ;p

I wish I took pictures now. That's not what happened. My desktop icons
were present, all files were visible. When I checked the security
attributes "System and Admin" had no control. Here is a pic to explain
a little better:
http://img148.imageshack.us/img148/5871/unledus.jpg


>
>Reset your file attributes with attrib.
>
>> Oh yeah, it also eventually led to a DNS poisoning on that machine.
>> But it may be unrelated to the one that I was focused on. The
>
>I haven't seen DNS poisioning, You likely had the rootkit TDL4 as well.
>It's a ***** too, man. Patches key windows files.

I ran TDSS killer, nothing. Sas and MBAM, nothing.

What's next for rootkit detection and removal, GMER?

[G. Morgan]

~BD~ wrote:

>OK! You went to a great deal of trouble, for which I thank you.

YW. But I did it for myself, trying to figure out how these scanners
work (or don't work) on a low-level. I'm pretty sure there is some
..dll(s) that are hooking into the memory I/O, filesystem, and disk I/O.
Somehow doing it without Windows letting the user know. It's possible
they have a trust agreement with MS, like any program that can be
submitted for 'vetting'. Some programs have permission from M$ to alter
the Windows Firewall w/o any user notification or confirmation. There
are key loggers that get by MBAM, SaS, and Windows Defender.

Spector Pro Keylogger is one such program. Why do companies like MBAM,
SaS, and M$, ignore this very serious threat? Are they in bed with the
manufacturer to buy their way out of being on the detection list?

Or are the malware companies too scared to include commercial products
in the list for fear of legal reasons?

Maybe they are not able to figure out how to detect and remove it?

What's the deal Dustin and David? Why won't MBAM detect Spector Pro?

>It appears, though, that you did *not* then proceed with a forensic
>examination of said machine. Is this correct?

No, the machine still had another OS on it, and personal files on other
partitions.

I'm not sure my forensic investigation would be very thorough. I'm not
trained for that. I'm having to start from -zero- and hope these guys
here will help me along my learning journey.

>Full report with questions are likely pending. But I'd
>> like to make it re-producible for the researchers, since I 'm not 100%
>> sure that was the 'only' badware I got.
>
>Will you share here, too?

This is where I'll post it.

>I completely understand that 99% of techies just "fix it and go" - but
>BD has *never* professed to be a techie! ;-)

Nor have I. My business card has my title as "Computer Wizard"!

>I've had a number of email 'chats' with Bill Pytlovany and IIRC did once
>contribute too! http://www.winpatrol.com/

Oh really? Was he the really nice guy I have the impression he is?


>I've bought and paid for (and tested) a number of Kaspersky products.

Ok.

>I've bought and paid for (and tested) Norton Internet Security.

Ok.

>That's
>what first caught a rogue site recommended by Makara@Starfleet on the UK
>Annexcafe User2User newsgroup.

Oh ****. Come on David, please don't ruin this thread by bring up
Annexcafe.

>I've also tested the corporate version of Symantec AV - which caused me
>to be banned by Aumha.net! What were they concerned about?!!

Oh ****. Come on David, please don't ruin this thread by bring up
Aumha.net.

[Dustin]

~BD~ <~BD~@nomail.afraid.com> wrote in
news:it4ef8$vo9$1@dont-email.me:

> I'll strive to improve. It will help if folk give honest answers.

LOL. Why do you think you deserve any answers? Why do you feel so
entitled?

> I'm not paranoid, Dustin. Despite many thousands of minds working to
> combat Malware, cybercrime continues to increase exponentially. I'm
> simply looking at things from outside the box.

If you think MBAM and SAS are "bad guys", or have hinky feelings about
them, you are being paranoid. Both programs have been peer reviewed
dude, nothing malicious has ever cropped up. Same with BugHunter.
Believe you me, if somebody could find something wrong with any of
those they'd be bragging about it until hell froze over.

> I'm implying nothing. I suggest that *you* carefully consider
> exactly why your services were declared to be no longer necessary.

LOL! I was there, You're just a banned forum user. I owe you no
explanation. I will provide you no explanation.

> The Malware is still out there and still needs good researchers -
> doesn't it?!!

Continue to dazzle us with more of your stupidity, really. It's funny.
Malware is automagically created these days live, so that users get a
different one each time they download. It wouldn't matter if you had
100,000 researchers working on this fulltime 24/7/365, you still
COULDN'T STOP IT ALL.

You implied I was fired or something, newsflash, I wasn't.

>> There is no way MBAM did anything nefarious without one of us
>> catching onto it.
>
> Your opinion, Dustin. That may not be true.

It's not an opinion, moron. I'm a former employee, I had access to a
lot more than you. ;p That fact is based on information I have that you
do not. One of the perks of the job. lol. You however have nothing more
than an opinion and it's a shady one. With nothing to support it
whatsoever. It's time you learnt your place, BD. lol.

>> You're simply making accusations because they tossed your ass on
>> the forum.
>
> No accusations have been made. I've asked searching questions which
> I guess some folk don't like! Too close to the mark, maybe?

You implied I had been fired, I wasn't. You've implied malwarebytes may
install a rootkit when you think your clean because it said you were,
it doesn't. Those aren't searching questions, they're slimeball antics.

It's part of why you were removed from the forums. You're a slimeball,
and every day, more people learn that about you. Kudos for the good job
of pissing so many people off.

> Trumped-up charges. Why was my open apology not accepted?

What trumped up charges? This is just too funny.

> The truth *will* out!

Are you going to try and get dirt on me like you did with David? Are
you going to expose the poor ******* again, like you did last time? Go
ahead, you'll find nothing bad on me. Only good things and you won't
like having to repeat them. LOL!

I own you BD, I always will.


--
Why drink the water from my hand?
Contagious as you think I am
Just tilt my sun towards your domain
Your cup runneth over again

[Dustin]

G. Morgan <G_Morgan@easy.com> wrote in
news:eqqbv696rjq4scsm5k5jjean47fg08bdma@Osama-is-dead.net:

> Dustin wrote:
>
>>Here's whats going on.. You were close tho.
>>
>>It actually sets all files from root down to hidden. You lose your
>>desktop icons and your programs menu has no entries. It's also
>>redirecting (via registry edit) executables to be launched thru it,
>>so if you do remove the executable you get the infamous open with
>>box when you try to run something. You edit the registry to fix
>>this... It's one line. ;p
>
> I wish I took pictures now. That's not what happened. My desktop
> icons were present, all files were visible. When I checked the
> security attributes "System and Admin" had no control. Here is a
> pic to explain a little better:
> http://img148.imageshack.us/img148/5871/unledus.jpg

Hmm. I've yet to run across one quite like this that's just a main
executable on it's own. Likely something else present that set the
stage.

>>I haven't seen DNS poisioning, You likely had the rootkit TDL4 as
>>well. It's a ***** too, man. Patches key windows files.
>
> I ran TDSS killer, nothing. Sas and MBAM, nothing.

if tdl4 rootkit was active, you wouldn't have loaded tdsskiller
successfully. The programmers made it very easy to get itself marked
and killed when it loads in memory.

> What's next for rootkit detection and removal, GMER?

Doubtful rootkit is present...
Wish I could have seen that box man.


--
Why drink the water from my hand?
Contagious as you think I am
Just tilt my sun towards your domain
Your cup runneth over again