Ping: Dustin Cook - How would *you* find this rootkit?

[Dustin]

~BD~ <~BD~@nomail.afraid.com> wrote in
news:iulbv3$ord$1@dont-email.me:

>> Boot sector code can be lifted from the NT cdroms/dvds and dropped
>> right over the bad code. No real biggie here.

> "Reinstalling is definitely overkill for this malware problem," said
> Vikram Thakur, principal security response manager with Symantec, in
> an interview today. "It can be resolved simply by fixing the MBR via
> an external disk."

Depends on the dll issue. The TDL4 rootkit has a tendency to patch
various dlls, but I went over this before.

> Symantec offers a tool to help users do that.

As I said, it's not rocket science to fix an infected mbr. The fact you
had to post an article which states the same thing tells me one thing,
you really don't understand technical things because I already told you
what they just did.


--
(Hey) I keep on thinking that it's
(Hey) all done and all over now (whoa)
You keep on thinking you can save me save me
(Hey) My ship is sinking but it's
(Hey) all good and I can go down (whoa)
You've got me thinking that the party's all over

[Dave U. Random]

In article <Xns9F15B47ED180DHHI2948AJD832@no>
Dustin <bughunter.dustin@gmail.com> wrote:
>
The stalker/psycho/woman hating/virus writer/virus passer &
limpdicked faggot known as RAID/DUSTIN COOK/G.MORGAN is BACK.

Now he and his butt-bumping faggot buddys, like "fromtherafters" are
trying to destroy 24hoursupport.helpdesk using pseudonyms (nicks).

I guess everyone here needs a little updating on the faggot-woman
hating-virus writer/passer RAID.

I'm a bit busy right now, but here's some for starters.

=========================
Subject: The Ultimate Arrogance & Meaness Of A Virus Writer/Passer


Nowhere is the temperment of this sociopath shown more clearly
than here. He is utterly without conscience or empathy. Below,
since his Web page of viruses for download is temporarily down,
He offers to email viruses to anyone who asks for them.

------------
The evil one spake below:

"Offering them (viruses)on a www page is not irresponsible, he
says in one of the posts below."

"That's not my problem nor concern....what the people who
download them decides to do with them is there business."

"...identify yourself as one who wants the (virus) zip files,
and I will be happy to send them."

"It's like being a little god, who see his creatures spreading
all over the world."

"Those of you who think my viruses suck, Oh well. I really don't
care that you think. Those of you who think i'm an a**hole,
Good. I don't care who or how many scum sucking lamers i infect.
I'm doing the world a favor removing dipsh*ts like that."
- ------------

It's all below. No attribution errors. No Lies. No taking out of
context. No "character assassination". (That isn't needed. His own
words accomplish that beyond what I could think up.)

It is amazing how many educated and smart people try arguing
with this looney tunes sociopath. He has an extreme case of
diarrhea of the mouth. An endless stream of illogical,
nonsensical **** spews from him, illustrating his sick dementia.
It seems beyond the ken of ordinary sane persons to realize the
evil inside this person which twists every truth 180 degrees
from its true polarity. No wonder he snickers and sneers at
them. They are incredibly naive.

http://groups.google.com/group/alt.c...ead/thread/d42
fc252bdec427f/d70c73413bdbc007?hl=en&q=group:*.*+author:martin+a uthor:
overton#d70c73413bdbc007

or

http://preview.************/2ajsneo

RAiD [SLAM]
Newsgroups: alt.comp.virus
From: j...@raid.x (RAiD [SLAM])
Date: 1998/01/13
Subject: ChekMate author: Question?
Hello.
By now, I'm sure you have located the virus samples, Well, does
your checker pick them up?

Windows 95- Where do you wanna crash today?
Oh spam bots... heres some email addys:bri...@dlois.com
Enjoy pesky spambots...

=============================

Discussion subject changed to "ChekMate detects Krile virus
samples ( 1-1e) (was ChekMate author: Question?)" by Martin
Overton

Martin Overton
Newsgroups: alt.comp.virus
From: ChekW...@Cavalry.com (Martin Overton)
Date: 1998/01/16
Subject: ChekMate detects Krile virus samples ( 1-1e) (was ChekMate
author: Question?)

On Tue, 13 Jan 98 17:58:21 GMT, j...@raid.x (RAiD [SLAM]) wrote:
>Hello.

>By now, I'm sure you have located the virus samples, Well, does
>your checker pick them up?

I'm sure you don't want me to post my FULL results of testing your
viruses here and on my website?

So, I'll make this easy for you to understand.

1. YES!

2. All of them.

Martin Overton - Author of ChekMate - ChekW...@Cavalry.com
Detects Known & UNKNOWN Viruses for DOS,OS/2 & Win 3.x,95,NT.
Web site http://chekware.simplenet.com/cmindex.htm
*** I also keep Tarantulas & Snakes! ***

============================================

RAiD [SLAM]
View profile
More options Jan 16 1998, 3:00 am
Newsgroups: alt.comp.virus
From: j...@raid.x (RAiD [SLAM])
Date: 1998/01/16
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

In article <34bfbecb.8705...@news.demon.co.uk>,
ChekW...@Cavalry.com (Martin Overton) wrote:

>I'm sure you don't want me to post my FULL results of testing
>your viruses here and on my website?

Actually, as I've stated before, I do. So, post the results of
your testing here and on your www page. I will use the
information to further improve the krile family. I have an idea
as to how krile may have been nabbed, and thats only because
krile once it infected md5.exe would return to infect your
checker again. However, rest assured, this has been corrected.

Now, again, please post your results.

>So, I'll make this easy for you to understand.

By all means. However, a simple YES doesn't tell me the details,
of which I have asked you three times now to provide. So,
provide them.

Windows 95- Where do you wanna crash today?
Oh spam bots... heres some email addys:bri...@dlois.com
Enjoy pesky spambots...

====================================

David Harley
Newsgroups: alt.comp.virus
From: har...@europa.lif.icnet.uk (David Harley)
Date: 1998/01/17
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

RAiD [SLAM] (j...@raid.x) wrote:

: In article <34bfbecb.8705...@news.demon.co.uk>,
: ChekW...@Cavalry.com (Martin Overton) wrote:

: >I'm sure you don't want me to post my FULL results of
: >testing your viruses here and on my website?

:Actually, as I've stated before, I do. So, post the results of
:your testing here and on your www page. I will use the
:information to further improve the krile family. I have an idea
: as to how krile may have been nabbed, and thats only because
:krile once it infected md5.exe would return to infect your
:checker again. However, rest assured, this has been corrected.

You mean -your- test didn't demonstrate this? That would seem
to indicate that your test was as useless as we suspected.
That's what matters: no-one is interested in helping you with
your quality control......
- --
David Harley \ | /
alt.comp.virus FAQ
D.Har...@icrf.icnet.uk \ | / & Anti-Virus
Web Page
Support & Security Analyst \ | / Folk London On-Line
gig-list
Imperial Cancer Research Fund ____\|/____
http://webworlds.co.uk/dharley/

========================================

RAiD [SLAM]
View profile
Newsgroups: alt.comp.virus
From: j...@raid.x (RAiD [SLAM])
Date: 1998/01/17
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

In article <69p5ap$...@sjx-ixn11.ix.netcom.com>,
r_jos...@ix.netcom.comX (Rick Joseph) wrote:

>Martin is restricted by his personal and political motivations.
>He's here representing his own anti-virus product, and is doing
>a great job of being polite to everyone.

Did I say he wasn't?

>Since I don't have any of those sort of restrictions, I'll have
>to ask why anyone would want to present information that might
>help you "further improve" your silly virus? Do you think
>you're developing some sort of perfect, undetectable,
>reproductive malignancy? You've expended a lot of energy trying
>to get people to react to your krile ****, if you were any
>good at programming you'd write something worthwhile instead of
>wasting your time convincing yourself and trying to convince us
>that you're some sort of evil genius. Grow up.

Rick. I'm not trying nor interested in convincing anyone of
anything, I'm certainly not a Jehovas Witness. <G> As for being
an evil genius, Nah.. I don't see it that way. I choose to write
viruses, and I will continue to write them. If you don't like
this, There isn't really too much you can do about it.

As for growing up, I have been relatively friendly throughout
this newsgroup, Why start with personal statements now?

Windows 95- Where do you wanna crash today?
Oh spam bots... heres some email addys:bri...@dlois.com
Enjoy pesky spambots...

======================================

RAiD [SLAM]
View profile
Newsgroups: alt.comp.virus
From: j...@raid.x (RAiD [SLAM])
Date: 1998/01/17
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

In article <69psur$2n...@charlie.lif.icnet.uk>,
har...@europa.lif.icnet.uk (David Harley) wrote:

>You mean -your- test didn't demonstrate this? That would seem
>to indicate that your test was as useless as we suspected.
>That's what matters: no-one is interested in helping you with
>your quality control......

My test? When did I conduct any test? as for helping me, it's
not really a persons option. Once they become infected, they are
beta-testing, whether they wanted too or not. That's how it
works.

I'm not doren, so I'm not interested in promoting a shareware
virus to test the installation of antivirus programs.

I'd much rather develop viruses which don't alarm the user to
there presence at first.

Windows 95- Where do you wanna crash today?
Oh spam bots... heres some email addys:bri...@dlois.com
Enjoy pesky spambots...

===========================================

Martin Overton
View profile
Newsgroups: alt.comp.virus
From: ChekW...@Cavalry.com (Martin Overton)
Date: 1998/01/17
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

On Fri, 16 Jan 98 22:47:47 GMT, j...@raid.x (RAiD [SLAM]) wrote:
>Actually, as I've stated before, I do.

I have not seen a reply to my last posting in the "Re: Help! My
computer is infected with KRiLE v1.0e thread" On Thu, 15 Jan
1998 08:50:36 GMT, I posted:

"I'll let you decide if you want my test report posted here
publicly. Let me know ;-)"

Until now you had not responded, and you still haven't to that
thread.

>So, post the results of your testing here and on your www page.
>I will use the information to further improve the krile family.
>I have an idea as to how krile may have been nabbed, and thats
>only because krile once it infected md5.exe would return to
>infect your checker again. However, rest assured, this has been
>corrected.

On reflection: in that case as it would help you with your virus
writing, I withdraw my offer to post the results.

As I stated before I find it morally unacceptable to support
virus writers, or in any way help them to make the virus problem
worse than it is.

I now see that me posting a detailed review of your viruses
would be beneficial to you and help you write new viruses, so I
withdraw my offer.

Call me old fashioned, but I prefer not to help someone break
the law.

>Now, again, please post your results.

Sorry won't do as this would help you to write viruses.

>>So, I'll make this easy for you to understand.

>By all means. However, a simple YES doesn't tell me the
>details, of which I have asked you three times now to provide.
>So, provide them.

Three times? OK, I'll reply three times, NO, NO and thrice NO.

I think it is sufficient to say that my product detects the
changes made to files by your viruses. I won't help you any
further.

Maybe you should take the advice of your virus writing peers and
stop writing viruses?

Martin Overton - Author of ChekMate - ChekW...@Cavalry.com
Detects Known & UNKNOWN Viruses for DOS,OS/2 & Win 3.x,95,NT.
Web site http://chekware.simplenet.com/cmindex.htm
*** I also keep Tarantulas & Snakes! ***

==========================================

Martin Overton
View profile
Newsgroups: alt.comp.virus
From: ChekW...@Cavalry.com (Martin Overton)
Date: 1998/01/17
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

Hi Rick,

On Sat, 17 Jan 1998 02:33:54 GMT, r_jos...@ix.netcom.comX (Rick

Joseph) wrote:
>In article <69oo7v$je...@news.usit.net>,
>j...@raid.x (RAiD [SLAM]) wrote:

>>So, post the results of your testing here and on your www
>>page. I will use the information to further improve the krile
>>family. I have an idea as to

>Martin is restricted by his personal and political motivations.
> He's here representing his own anti-virus product, and is
>doing a great job of being polite to everyone.

There's nothing political about my motivations, they are purely
personal, nothing more, nothing less.

I try to treat people in the way I expect to be treated. As you
know I try to help people here, I'm not really cut out for
marketing as I can't bend the truth convincingly. ;-)

I have to really believe in a product, have documented
(independant) proof that it does what it says, or most often, I
take it and test it to death. Maybe that's why I do so much beta
testing, av, other software and hardware. I also have a nasty
habit of finding bugs in products, aome manufacturers like this
as I can help them improve their products, others take it as a
personal attack (which it's not).

>Since I don't have any of those sort of restrictions, I'll have
>to ask why anyone would want to present information that might
>help you "further improve" your silly virus?

That's why I have now withdrawn my offer, as I don't and won't
help virus writers to improve their creations. Again, this is
not politics, I personally feel that writing viruses is stupid
and childish, it's a shame that they don't channel their
'talents' into more useful outlets.

>Do you think you're developing some sort of perfect,
>undetectable, reproductive malignancy? You've expended a lot of
>energy trying to get people to react to your krile ****, if
>you were any good at programming you'd write something
>worthwhile instead of wasting your time convincing yourself and
>trying to convince us that you're some sort of evil genius.
>Grow up.

I think that's exactly what he thinks he is doing. The samples I
saw posed no challenges for ChekMate, or indeed most generic
systems that monitor file modifications (and that cry wolf when
the fingerprint or CRC database files are deleted). No
'patching' was required, no 'hand-holding' was needed for the
modifications that the viruses made to be detected. Hell, it
doesn't even have directory stealth or is even memory resident!

Thanks for your support, or am I taking things for granted? ;-)

Martin Overton - Author of ChekMate - ChekW...@Cavalry.com
Detects Known & UNKNOWN Viruses for DOS,OS/2 & Win 3.x,95,NT.
Web site http://chekware.simplenet.com/cmindex.htm
*** I also keep Tarantulas & Snakes! ***

=========================================

RAiD [SLAM]
View profile
More options Jan 17 1998, 3:00 am
Newsgroups: alt.comp.virus
From: j...@raid.x (RAiD [SLAM])
Date: 1998/01/17
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

In article <34c06a88.14410...@news.demon.co.uk>,
ChekW...@Cavalry.com (Martin Overton) wrote:

>On Fri, 16 Jan 98 22:47:47 GMT, j...@raid.x (RAiD [SLAM]) wrote:
>"I'll let you decide if you want my test report posted here
>publicly. Let me know ;-)"

and I have since posted 3 responses. This will be #4.

>Until now you had not responded, and you still haven't to that
>thread.

What would you like me to tell that person?

>On reflection: in that case as it would help you with your
>virus writing, I withdraw my offer to post the results.

Pity. You were so gung hoe about it before. What changed your mind?


>As I stated before I find it morally unacceptable to support virus
>writers, or in any way help them to make the virus problem worse
>than it is.

The problem as you put it, is not as bad as people like yourself
make it out to be. You seem to be forgetting something. If
people like my self didn't code these things, there would be no
market for your program nor anyone elses relating to virus
discovery. Are you sure AV people want to not make money? those
www servers aren't cheap, nor are there support staff.

>I now see that me posting a detailed review of your viruses would be
>beneficial to you and help you write new viruses, so I withdraw my
>offer.

I will write new viruses anyway. and I'll happily spend more time
with your
program. So that even if your not willing to provide details, I'll
have
them eventually.

>Call me old fashioned, but I prefer not to help someone break the
>law.

Where I reside, it's not illegal for me to write them.

>Sorry won't do as this would help you to write viruses.

again, I'm going to continue writing anyway. This stance of
yours doesn't help anyone avoid them.

>I think it is sufficient to say that my product detects the
>changes made to files by your viruses. I won't help you any
>further.

Yes, I'm sure it does. Your product shells to a 3rd party
utility for verification. Your programs internal check method
however will not report modification, since your file is
restored to it's original condition before it gets control.

>Maybe you should take the advice of your virus writing peers
>and stop writing viruses?

My virus writing peers? They encourage viruses, They don't
suggest quit writing. and if all virus writers did stop writing,
You wouldn't have a business. Nor would most AV
______________________________
KRiLE "Are we having fun yet?"
______________________________
[Email? j...@x.raid

======================================

RAiD [SLAM]
View profile
More options Jan 17 1998, 3:00 am
Newsgroups: alt.comp.virus
From: j...@raid.x (RAiD [SLAM])
Date: 1998/01/17
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

In article <34c0fa2d.1693...@news.demon.co.uk>,
ChekW...@Cavalry.com (Martin Overton) wrote:

>I think that's exactly what he thinks he is doing. The samples
>I saw posed no challenges for ChekMate, or indeed most generic
>systems that monitor file modifications (and that cry wolf when
>the fingerprint or CRC database files are deleted). No
>'patching' was required, no 'hand-holding' was needed for the
>modifications that the viruses made to be detected. Hell, it
>doesn't even have directory stealth or is even memory resident!

Are you claiming your programs self check is better then DSAV,
fprot, AVP? And no, its not memory resident. nor does it employ
directory stealth, of course, this is all explained in the
documentation file which comes with the binary. The only reason
KRiLE didn't get past your self check is because you choose to
shell to another application, which krile then immediatly
infects your file. However, I've noticed you didn't bother to
mention your program doesn't see any changes to itself before it
shells to md5.exe.
______________________________
KRiLE "Are we having fun yet?"
______________________________
[Email? j...@x.raid

=======================================

RAiD [SLAM]
View profile
More options Jan 17 1998, 3:00 am
Newsgroups: alt.comp.virus
From: j...@raid.x (RAiD [SLAM])
Date: 1998/01/17
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

In article <69r1mr$...@dfw-ixnews10.ix.netcom.com>,
r_jos...@ix.netcom.comX (Rick Joseph) wrote:

>OK, I'll give you that. Answer a question, then? Why spend time
>and energy writing a virus?

They are a hobby of mine. I've always been fascinated with self
replicating code. Not destructive code mind you, Just code which
replicates on it's own, and still allows it's host to function.
______________________________
KRiLE "Are we having fun yet?"
______________________________
[Email? j...@x.raid

=======================================.

RAiD [SLAM]
View profile
Newsgroups: alt.comp.virus
From: j...@raid.x (RAiD [SLAM])
Date: 1998/01/18
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

In article <69r7gr$...@dfw-ixnews10.ix.netcom.com>,
r_jos...@ix.netcom.comX (Rick Joseph) wrote:

>Hopefully you'll grow out of it. Do you consider releasing your
>viruses to the public at all irresponsible?

Define releasing. Offering them on a www page is not
irresponsible. The zip files contain a documentation file, and
several other identifiers, no effort is made to decieve the
user.
______________________________
KRiLE "Are we having fun yet?"
______________________________
[Email? j...@x.raid

============================================

RAiD [SLAM]
View profile
Newsgroups: alt.comp.virus
From: j...@raid.x (RAiD [SLAM])
Date: 1998/01/18
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

In article <69riq6$...@bgtnsc02.worldnet.att.net>,
B020961052659101084010...@worldnet.att.net wrote:

>he has a point. Where is the page? Does any of the other AV
>programs detect Krile family yet?

AVP detects and cleans krile varient 1c (I've tested this for
myself) I am unsure whether or not it detects any of the rest,
at the time, it didn't. As for DSAV, I heard they are coming out
with a driver (likely to be detection only) for krile 1e (v1)
______________________________
KRiLE "Are we having fun yet?"
______________________________
[Email? j...@x.raid

==========================================

RAiD [SLAM]
View profile
Newsgroups: alt.comp.virus
From: j...@raid.x (RAiD [SLAM])
Date: 1998/01/18
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

In article <69rl02$jb...@news.usit.net>, j...@raid.x (RAiD [SLAM])
wrote:

>AVP detects and cleans krile varient 1c (I've tested this for
>myself) I am unsure whether or not it detects any of the rest,
>at the time, it didn't. As for DSAV, I heard they are coming
>out with a driver (likely to be detection only) for krile 1e
>(v1)

I forgot to answer your second question. The page is offline,
due to server upgrading. However, if you don't feel like waiting
that long for them. You do have the option of going on IRC
(undernet) and joining #virus. Simply identify yourself as one
who wants the zip files, and I will be happy to send them.

rockhill.sc.us.undernet.org ports: 6660-6669
newbrunswick.nj.us.undernet.org ports: 6660-6669

Email requests will not be answered.
______________________________
KRiLE "Are we having fun yet?"
______________________________
[Email? j...@x.raid]

==========================================

Newsgroups: alt.comp.virus
From: LDH...@concentric.net (L DeHaan)
Date: 1998/01/18
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

On Sat, 17 Jan 1998 19:52:52 -0500, Spanska

<Use-Author-Address-Header@[127.1]> wrote:

>You're right. Coding some self-replicative program is a
>metaphysical experiment. It's like being a little god, who see
>his creatures spreading all over the world.
>
>We don't want to destruct anything. Just want to see our
>creations live their own life outside the laboratory (our own
>computer). Can't you understand it's fascinating, you all?

"We don't want to destruct anything."(!)

Once you release your darling little creatures into the world,
they cause damage in many ways.

They hang computers, damage files, and at the very least tie up
system resources.

They force corporations to spend substantial sums of money for
anti-virus software and additional staffing to prevent virus
attacks on their computer systems, and even more in terms of
lost productivity and virus cleanup should their efforts fail.

And they force John Q Public to spend money on AV software -
money which could better be used for some other purpose.

If you were so concerned about not "destructing" anything, you
wouldn't have released the viruses into the wild in the first
place. Your attitude is very selfish - you revel in being little
"gods" watching your creatures proliferate without any concern
for the consequences to others.

May God have mercy on your souls.

LDH

=======================================

Newsgroups: alt.comp.virus
From: j...@raid.x (RAiD [SLAM])
Date: 1998/01/18
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

In article <69rsnn$...@dfw-ixnews7.ix.netcom.com>,
r_jos...@ix.netcom.comX (Rick Joseph) wrote:

>If you let anyone other than a reputable AV company get ahold
>of your virus, or if you infect any machine other than your own
>(directly or indirectly), you've released it.

Now why would I want to deliberatly send them to AV? They can
get them from infected users, or users who wish to send them
samples, They certainly don't need my help.

>Define "user."

One who visits my page for whatever reason.


______________________________
KRiLE "Are we having fun yet?"
______________________________
[Email? j...@x.raid]

===================================

RAiD [SLAM]
View profile
Newsgroups: alt.comp.virus
From: j...@raid.x (RAiD [SLAM])
Date: 1998/01/18
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

In article <34c15d9a.23688...@nntp.concentric.net>,
LDH...@concentric.net (L DeHaan) wrote:

>Once you release your darling little creatures into the world,
>they cause damage in many ways.

That's not my problem nor concern. I merely offer them on a www
page, what the people who download them decides to do with them
is there business.

>And they force John Q Public to spend money on AV software -
>money which could better be used for some other purpose.

again, not my concern.

>If you were so concerned about not "destructing" anything, you
>wouldn't have released the viruses into the wild in the first
>place. Your attitude is very selfish - you revel in being
>little "gods" watching your creatures proliferate without any
>concern for the consequences to others.

My attitude isn't selfish.

>May God have mercy on your souls.

Perhaps if he actually existed that statement might have some
meaning. But, let's not turn this into a religious discussion
______________________________
KRiLE "Are we having fun yet?"
______________________________
[Email? j...@x.raid]

========================================

RAiD [SLAM]
View profile
More options Jan 18 1998, 3:00 am
Newsgroups: alt.comp.virus
From: j...@raid.x (RAiD [SLAM])
Date: 1998/01/18
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

In article <69s47h$...@dfw-ixnews9.ix.netcom.com>,
r_jos...@ix.netcom.comX (Rick Joseph) wrote:

>So you are irresponsible, antisocial, and have little or no
>regard for other's property - just like most other virus
>writers.

Ahh, here we go again with the character assinations..
Shrug.
______________________________
KRiLE "Are we having fun yet?"
______________________________
[Email? j...@x.raid]

===========================================

RAiD [SLAM]
View profile
Newsgroups: alt.comp.virus
From: j...@raid.x (RAiD [SLAM])
Date: 1998/01/18
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

In article <34c1a3e3.1070...@nntp.a001.sprintmail.com>,
larrydeh...@sprintmail.com (Larry DeHaan) wrote:

>I don't suppose Spanska could answer for himself. Perhaps you
>are now his official spokesperson.

Spanska is quiet able to answer for him self. I chose to respond
to your comments. This is UseNet after all.

>Nevertheless, "I find your lack of concern disturbing". The
>fact that you "merely" offer viruses on a web page doesn't
>absolve you of all responsibility. You created the virus, you
>put it on your web page for any Tom, Dick or Harry to download,
>knowing full well the problems it could cause when released
>into the wild. That being true, you are an agent and
>contributing factor to the damage it causes.

What other people choose to do with those viruses is there
business, Not mine. I'm only offering them for people who are
interested in such things (like myself).
______________________________
KRiLE "Are we having fun yet?"
______________________________
[Email? j...@x.raid]

========================================

RAiD [SLAM]
View profile
More options Jan 18 1998, 3:00 am
Newsgroups: alt.comp.virus
From: j...@raid.x (RAiD [SLAM])
Date: 1998/01/18
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

In article <MPG.f2ac8ca6d3e82e2989...@news.srv.ualberta.ca> ,
gwen...@gpu.srv.ualberta.ca (George Wenzel) wrote:

>Hogwash. If every virus writer on the planet stopped writing
>viruses this second, and no viruses were written in the future,
>there would still be a market for anti-virus software.
>Justifying your virus writing by claiming your efforts make a
>market for anti-virus programs simply doesn't make sense.

George, I made no attempt to justify anything. The market would
dry up without a need for it. I and many others provide that
market's need, Not on purpose, it just happens that way. We code
the creatures, and others make money removing them.
assbackwards, but that's how it works.

>Would you go out into the ocean, spill as much oil there as you
>could, with the benevolent purpose of making a market for 3M
>and their "oil- sucking foam"?

Since I'm not interested in making this planets ecosystem
anyworse then it already is, No.

>Sure, AV people want to make money, that's why they're in the
>business. They won't make more money if there are more virus
>writers, though. Nor will they make less money if you stop
>writing viruses.

George, If we all stopped. There would be no new viruses to add
to the market. the available viruses would die off with nothing
to replace them. In that case, ones the market dries up, there
would be no further profit for Antiviral software. Who needs it
if viruses cease to exist?

>Why don't you supply technical support to those that get
>infected with your viruses? There have already been people in
>this newsgroup complaining. They don't care what your purpose
>was for writing the virus - they just want the thing off of
>their systems.

That's not my job George. I'm not an Antivirus person. I do not
get paid for "technical support" Antivirus people do, Let them
deal with it.

>Writing viruses isn't the problem. I don't think that anybody
>would have a problem with you writing all the viruses you like.
>Problems result when you SPREAD those viruses. And yes, it is
>quite likely that infecting systems with viruses is illegal in
>your area. Infecting a system with a virus usually falls under
>"unauthorized modification" or "electronic trespass" laws.

George, I'm not violating ANY laws by offering them on a www
page or an anon ftp server. I make no attempt to hide the fact
that what the user is downloading is a virus, and is potentially
harmful.

>See above. You're making a false assumption here. Most
>anti-virus products have trouble just trying to detect all the
>known viruses, let alone the new ones. If you and all your
>virus-writing peers stopped writing viruses right now, there
>would still be a market for AV products.

See my reply above George. It wouldn't take years. Don't you
have any faith in the AV products and people?
______________________________
KRiLE "Are we having fun yet?"
______________________________
[Email? j...@x.raid]

==========================================

Bruce P. Burrell
View profile
More options Jan 18 1998, 3:00 am
Newsgroups: alt.comp.virus
From: Bruce P. Burrell <b...@ren.us.itd.umich.edu>
Date: 1998/01/18
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

RAiD [SLAM] <j...@raid.x> wrote:
> In article <69r7gr$...@dfw-ixnews10.ix.netcom.com>,
> r_jos...@ix.netcom.comX (Rick Joseph) wrote:

>>Hopefully you'll grow out of it. Do you consider releasing
>>your viruses to the public at all irresponsible? Define
>>releasing. Offering them on a www page is not irresponsible.

Sure it is.

>The zip files contain a documentation file, and several other
>identifiers, no effort is made to decieve the user.

How do you guarantee that the docs and identifiers are included
when passed on to another by someone who obtained it from you?

How do you prevent someone from getting it and using it
maliciously?

The point is that with viruses, once they've escaped, they're
"out there" and there is no way to guarantee that all copies are
destroyed. Hence it's fine to write a virus and keep it
quarantined on your machine, but not to allow ANYONE else to
have it, since they might not maintain the quarantine.


But then again, of course you knew that already.

-BPB

==========================================

Martin Overton
View profile
More options Jan 18 1998, 3:00 am
Newsgroups: alt.comp.virus
From: ChekW...@Cavalry.com (Martin Overton)
Date: 1998/01/18
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

On Sat, 17 Jan 1998 20:58:59 GMT, r_jos...@ix.netcom.comX (Rick

Joseph) wrote:
>As a representative of CheckMate, you have to be somewhat of a
>diplomat when you post publically. That's all I meant.

I know you didn't mean anything sinister or nefarious. I post
and behave the same as I do in any other groups, even on the
alt.pets.arachnid usenet group which has nothing to do with
computers or viruses.

As ChekWARE is my company, I set the standards I work to ;-)

>>>Since I don't have any of those sort of restrictions, I'll
>>>have to ask why anyone would want to present information that
>>>might help you "further improve" your silly virus?

>>That's why I have now withdrawn my offer, as I don't and won't
>>help virus writers to improve their creations. Again, this is
>>not politics,

>I think that's a good decision.

Thanks.

Martin Overton - Author of ChekMate - ChekW...@Cavalry.com
Detects Known & UNKNOWN Viruses for DOS,OS/2 & Win 3.x,95,NT.
Web site http://chekware.simplenet.com/cmindex.htm
*** I also keep Tarantulas & Snakes! ***

===============================================

Martin Overton
Newsgroups: alt.comp.virus
From: ChekW...@Cavalry.com (Martin Overton)
Date: 1998/01/18
Subject: Re: ChekMate detects Krile virus samples ( 1-1e) (was
ChekMate author: Question?)

On Sat, 17 Jan 98 20:06:39 GMT, j...@raid.x (RAiD [SLAM]) wrote:

>and I have since posted 3 responses. This will be #4.

The answer is still NO.

>What would you like me to tell that person?

As I was the last person to respond to that thread, then that
person is moi!

>>On reflection: in that case as it would help you with your
>>virus writing, I withdraw my offer to post the results.

>Pity. You were so gung hoe about it before. What changed your
>mind?

Realising that you just seem to want someone to justify your
purpose for writing viruses, and to point out the obvious errors
in your viruses.

>>As I stated before I find it morally unacceptable to support
>>virus writers, or in any way help them to make the virus
>>problem worse than it is.

>The problem as you put it, is not as bad as people like
>yourself make it out to be. You seem to be forgetting
>something. If people like my self didn't code these things,
>there would be no market for your program nor anyone elses
>relating to virus discovery. Are you sure AV people want to not
>make money? those www servers aren't cheap, nor are there
>support staff.

The problem is bad enough, and you and your ilk don't help. Why
don't you do something constructive instead?

As has been stated here many, many times, if viruses didn't
exist, we'd all be happier and doing something more exciting
with our time, rather than dissecting the 10,000th virus that
looks very similar to the other 9,999 of it's class.

If you didn't notice I write other software than just
anti-virus.

I can't and won't speak for all the other AV people, but I'm not
in it for the money. Does that surprise you?

The registration fee I get for ChekMate and my other programs
goes straight back into development and improving services to my
customers.

I've got plenty of other ideas for programs to write that have
nothing to do with AV. So personally I would be very happy if
the virus problem disappeared, my wife might actually see me
more often ;-)

The cost of my web server is peanuts, I rent space I need from a
service provider. I also use the space for my other hobbies -
keeping tarantulas and snakes (amongst the more conventional
pets). I help people with those too. You can find my other
non-av pages at http://chekware.simplenet.com/burrow

>>I now see that me posting a detailed review of your viruses
>>would be beneficial to you and help you write new viruses, so
>>I withdraw my offer.

>I will write new viruses anyway. and I'll happily spend more
>time with your program. So that even if your not willing to
>provide details, I'll have them eventually.

Fine, you'll do what you want and one day you'll realise that it
wasn't such a good idea to write viruses. Anyway, if you don't
care what others think why not use your real name and not hide
behind your 'handle' when you post, scared that the law may
knock on your door?

>>Call me old fashioned, but I prefer not to help someone break
>>the law.

>Where I reside, it's not illegal for me to write them.

So you are in the States, I'm surprised that you didn't quote
the relevant ammendment to justify your actions. Wherever you
are it IS illegal to infect another persons computer without
their consent.

>>Sorry won't do as this would help you to write viruses.

>again, I'm going to continue writing anyway. This stance of
>yours doesn't help anyone avoid them.

But I'll sleep at night with a clear conscience, how about you?

>>I think it is sufficient to say that my product detects the
>>changes made to files by your viruses. I won't help you any
>>further.

>Yes, I'm sure it does. Your product shells to a 3rd party
>utility for verification. Your programs internal check method
>however will not report modification, since your file is
>restored to it's original condition before it gets control.

I beg to differ. I'm not starting this all over again, enough is
enough. I'm not prepared to waste more of my time on this
so-called 'debate'.

If you want to continue this debate, let's take it over to
e-mail. I'm sure the rest of the readers here are as fed up as I
am with repeating themselves.

>>Maybe you should take the advice of your virus writing peers
>>and stop writing viruses?

>My virus writing peers? They encourage viruses, They don't
>suggest quit writing. and if all virus writers did stop
>writing, You wouldn't have a business. Nor would most AV

Is that why you're so polite about them in your NFO files that
you include with the viruses? I quote:

"To all VX related:
Those of you who think my viruses suck, Oh well. I really don't
care that you think. Those of you who think i'm an a**hole,
Good. I don't care who or how many scum sucking lamers i infect.
I'm doing the world a favor removing dipsh*ts like that."

I've replaced a few characters with *, I'm sure that you get the
gist.

<Ad snipped>

Martin Overton - Author of ChekMate - ChekW...@Cavalry.com
Detects Known & UNKNOWN Viruses for DOS,OS/2 & Win 3.x,95,NT.
Web site http://chekware.simplenet.com/cmindex.htm
*** I also keep Tarantulas & Snakes! ***

[Dustin]

Dave U. Random <anonymous@anonymitaet-im-inter.net> wrote in
news:eb3bb16298e3bb73e09664e95a3afdcd@anonymitaet-im-inter.net:

> The stalker/psycho/woman hating/virus writer/virus passer &
> limpdicked faggot known as RAID/DUSTIN COOK/G.MORGAN is BACK.

LOL! Many things you have the balls to say behind a remailer, but none
you'd ever say to my face, as you know you'd be tasting your own blood
for it..

G. Morgan and myself are two completely different people.

> Now he and his butt-bumping faggot buddys, like "fromtherafters" are
> trying to destroy 24hoursupport.helpdesk using pseudonyms (nicks).

I don't even post to that lameass newsgroup. Perhaps a little
crossposting replies, but I don't participate there.

> I guess everyone here needs a little updating on the faggot-woman
> hating-virus writer/passer RAID.

LOL. I haven't authored any malicious software in 11 years and
counting.

> I'm a bit busy right now, but here's some for starters.

Busy teaching Jenn how to use a remailer, or PGP Jim?

> since his Web page of viruses for download is temporarily down,
> He offers to email viruses to anyone who asks for them.

Temporarily down is it? Dude, it's been down since late 1999.
And no, I don't send viruses to anyone who isn't a known antimalware
researcher. The last time I saw an actual virus has been years tho.

> "That's not my problem nor concern....what the people who
> download them decides to do with them is there business."

Very true. it's akin to weapons. You can study them, or do something
nasty with them. At the end of the day tho, you can't hold me liable if
you go and shoot your wife. That's on you.

> It's all below. No attribution errors. No Lies. No taking out of
> context. No "character assassination". (That isn't needed. His own
> words accomplish that beyond what I could think up.)

The only problem tho, is the date... See here:

Date: 1998/01/13
Subject: ChekMate author: Question?



> Martin Overton - Author of ChekMate - ChekW...@Cavalry.com

Chekmate went belly up shortly after I exposed his trash for what it
was, a simplistic easily fooled checksummer of sorts.


--
(Hey) I keep on thinking that it's
(Hey) all done and all over now (whoa)
You keep on thinking you can save me save me
(Hey) My ship is sinking but it's
(Hey) all good and I can go down (whoa)
You've got me thinking that the party's all over

[G. Morgan]

Dave U. Random wrote:

>The stalker/psycho/woman hating/virus writer/virus passer &
>limpdicked faggot known as RAID/DUSTIN COOK/G.MORGAN is BACK.

I'm not the same person as Dustin, thank you very much.

[~BD~]

FromTheRafters wrote:
> "~BD~"<~BD~@nomail.afraid.com> wrote in message
> news:iuh7me$rvc$1@dont-email.me...
>> Mike Easter wrote:
>>> a.p.s only - no daft x-post to unrelated groups like a BD troll.
>>
>> Adding an additional 34 readers is hardly trolling!
>>
>> alt.politics.scorched-earth alt.politics.scorched-earth@googlegroups.com
>> Language: English
>> 34 subscribers, Messages per month: 4267, Usenet
>>
>> http://groups.google.com/groups/dir?...ched-earth%2C&
>>
>>>
>>> ~BD~ wrote:
>>>
>>>> The latest TDL-4 version of the rootkit,
>>>
>>> The problems are/ start with/ detection. If you can detect a boot sector
>>> problem/condition, then you have to 'get rid of' - zero or perhaps
>>> replace - the boot sector which is followed by creation of a new boot
>>> sector and operating system.
>>
>> The problem, surely, is knowing why one *should* look for a problem in the
>> first place! If all appears quite /normal/ to a computer user ...!!!
>
> That's true, but what's your point? Are you paving the way to slimey
> innuendo, or are you actually asking about detecting or identifying
> a rootkit?

The latter.

> You're probably not going to find such a rootkit unless you suspect one is
> present, or you routinely check the startup axis code. The thing is, a rootkit
> will likely be hiding something else, and that something else *does something*,
> more than likely using networking. When network activity is noticed, and an
> investigation is conducted, it will be noticed that tools on the computer doing
> the nefarious communicating are not giving a complete picture. It is *that*
> that will cause one to suspect a rootkit.

I suggest that the /average/ computer user would *not* notice any such
network activity whilst his/her computer is carrying out the tasks
demanded of it. (email, surfing etc)

> Detection can be a behavioral thing, but identification requires more. Once
> you suspect it is there, you inspect it from a clean environment to identify
> it and possibly repair/replace affected areas.

I agree.

> If a certain paranoid fantasy (Edit: are you *sure?!!!) about otherwise legitimate security software
> (antivirus/antimalware) installing rootkits were actually true, said rootkits
> would be discovered in short order by the behavior (activity) the programs
> that they hide engage in.

Would you please expand on that premise?

Who, exactly, will be looking for any unusual behaviour (activity)?

Dave

[FromTheRafters]

"~BD~" <~BD~@nomail.afraid.com> wrote in message
news:iup71h$q14$1@dont-email.me...
> FromTheRafters wrote:
>> "~BD~"<~BD~@nomail.afraid.com> wrote in message
>> news:iuh7me$rvc$1@dont-email.me...
>>> Mike Easter wrote:
>>>> a.p.s only - no daft x-post to unrelated groups like a BD troll.
>>>
>>> Adding an additional 34 readers is hardly trolling!
>>>
>>> alt.politics.scorched-earth alt.politics.scorched-earth@googlegroups.com
>>> Language: English
>>> 34 subscribers, Messages per month: 4267, Usenet
>>>
>>> http://groups.google.com/groups/dir?...ched-earth%2C&
>>>
>>>>
>>>> ~BD~ wrote:
>>>>
>>>>> The latest TDL-4 version of the rootkit,
>>>>
>>>> The problems are/ start with/ detection. If you can detect a boot sector
>>>> problem/condition, then you have to 'get rid of' - zero or perhaps
>>>> replace - the boot sector which is followed by creation of a new boot
>>>> sector and operating system.
>>>
>>> The problem, surely, is knowing why one *should* look for a problem in the
>>> first place! If all appears quite /normal/ to a computer user ...!!!
>>
>> That's true, but what's your point? Are you paving the way to slimey
>> innuendo, or are you actually asking about detecting or identifying
>> a rootkit?
>
> The latter.
>
>> You're probably not going to find such a rootkit unless you suspect one is
>> present, or you routinely check the startup axis code. The thing is, a
>> rootkit
>> will likely be hiding something else, and that something else *does
>> something*,
>> more than likely using networking. When network activity is noticed, and an
>> investigation is conducted, it will be noticed that tools on the computer
>> doing
>> the nefarious communicating are not giving a complete picture. It is *that*
>> that will cause one to suspect a rootkit.
>
> I suggest that the /average/ computer user would *not* notice any such network
> activity whilst his/her computer is carrying out the tasks demanded of it.
> (email, surfing etc)

That's true, and explains why they are so successful.

>> Detection can be a behavioral thing, but identification requires more. Once
>> you suspect it is there, you inspect it from a clean environment to identify
>> it and possibly repair/replace affected areas.
>
> I agree.
>
>> If a certain paranoid fantasy (Edit: are you *sure?!!!) about otherwise
>> legitimate security software
>> (antivirus/antimalware) installing rootkits were actually true, said rootkits
>> would be discovered in short order by the behavior (activity) the programs
>> that they hide engage in.
>
> Would you please expand on that premise?

While an individual home user may miss such activity, there are
too many other users for one to assume that *none* will notice.

> Who, exactly, will be looking for any unusual behaviour (activity)?

Network administrators.

[~BD~]

FromTheRafters wrote:
> "~BD~"<~BD~@nomail.afraid.com> wrote in message
> news:iup71h$q14$1@dont-email.me...
>> FromTheRafters wrote:
>>> "~BD~"<~BD~@nomail.afraid.com> wrote in message
>>> news:iuh7me$rvc$1@dont-email.me...
>>>> Mike Easter wrote:
>>>>> a.p.s only - no daft x-post to unrelated groups like a BD troll.
>>>>
>>>> Adding an additional 34 readers is hardly trolling!
>>>>
>>>> alt.politics.scorched-earth alt.politics.scorched-earth@googlegroups.com
>>>> Language: English
>>>> 34 subscribers, Messages per month: 4267, Usenet
>>>>
>>>> http://groups.google.com/groups/dir?...ched-earth%2C&
>>>>
>>>>>
>>>>> ~BD~ wrote:
>>>>>
>>>>>> The latest TDL-4 version of the rootkit,
>>>>>
>>>>> The problems are/ start with/ detection. If you can detect a boot sector
>>>>> problem/condition, then you have to 'get rid of' - zero or perhaps
>>>>> replace - the boot sector which is followed by creation of a new boot
>>>>> sector and operating system.
>>>>
>>>> The problem, surely, is knowing why one *should* look for a problem in the
>>>> first place! If all appears quite /normal/ to a computer user ...!!!
>>>
>>> That's true, but what's your point? Are you paving the way to slimey
>>> innuendo, or are you actually asking about detecting or identifying
>>> a rootkit?
>>
>> The latter.
>>
>>> You're probably not going to find such a rootkit unless you suspect one is
>>> present, or you routinely check the startup axis code. The thing is, a
>>> rootkit
>>> will likely be hiding something else, and that something else *does
>>> something*,
>>> more than likely using networking. When network activity is noticed, and an
>>> investigation is conducted, it will be noticed that tools on the computer
>>> doing
>>> the nefarious communicating are not giving a complete picture. It is *that*
>>> that will cause one to suspect a rootkit.
>>
>> I suggest that the /average/ computer user would *not* notice any such network
>> activity whilst his/her computer is carrying out the tasks demanded of it.
>> (email, surfing etc)
>
> That's true, and explains why they are so successful.

I'm pleased that you agree! ;-)

>>> Detection can be a behavioral thing, but identification requires more. Once
>>> you suspect it is there, you inspect it from a clean environment to identify
>>> it and possibly repair/replace affected areas.
>>
>> I agree.
>>
>>> If a certain paranoid fantasy (Edit: are you *sure?!!!) about otherwise
>>> legitimate security software
>>> (antivirus/antimalware) installing rootkits were actually true, said rootkits
>>> would be discovered in short order by the behavior (activity) the programs
>>> that they hide engage in.
>>
>> Would you please expand on that premise?
>
> While an individual home user may miss such activity, there are
> too many other users for one to assume that *none* will notice.
>
>> Who, exactly, will be looking for any unusual behaviour (activity)?
>
> Network administrators.

I have no knowledge of the duties of 'Network administrators'. Will they
be using tools such as Malwarebytes and/or SuperAntispyware?

Will they use the 'services' of an organisation such as Aumha.net -
downloading all manner of 'unknown' cleaning 'tools' until the
helper/adviser deems their network 'clean'? Somehow I doubt that!

--
Dave - tired today, after doing many, many locks! ;-)

[Dustin]

~BD~ <~BD~@nomail.afraid.com> wrote in
news:iuq5op$1f9$1@dont-email.me:


> I have no knowledge of the duties of 'Network administrators'. Will
> they be using tools such as Malwarebytes and/or SuperAntispyware?

Ask Morgan. Perhaps he can enlighten you. He like you, has to use other
peoples tools because, like you, he's unable to write his own.

> Will they use the 'services' of an organisation such as Aumha.net -
> downloading all manner of 'unknown' cleaning 'tools' until the
> helper/adviser deems their network 'clean'? Somehow I doubt that!

Do you have any specific tools in mind which might not work properly BD?
or should this be dismissed as more slime?


--
(Hey) I keep on thinking that it's
(Hey) all done and all over now (whoa)
You keep on thinking you can save me save me
(Hey) My ship is sinking but it's
(Hey) all good and I can go down (whoa)
You've got me thinking that the party's all over

[Dustin]

G. Morgan <G_Morgan@easy.com> wrote in
news:bglv071lgl79guk40ckkb6t1pgsc1fe4vk@Osama-is-dead.net:

> Dave U. Random wrote:
>
>>The stalker/psycho/woman hating/virus writer/virus passer &
>>limpdicked faggot known as RAID/DUSTIN COOK/G.MORGAN is BACK.
>
> I'm not the same person as Dustin, thank you very much.

Nope. We aren't the same person, at all. I look before I leap.
This idiot will be back soon. Feel free to copy words from his playbook,
you already are anyway. Sociopath, funny ****.

Tell me again, How a VB app without the vbruntimes is in any way, stand
alone or portable? LOL!


--
(Hey) I keep on thinking that it's
(Hey) all done and all over now (whoa)
You keep on thinking you can save me save me
(Hey) My ship is sinking but it's
(Hey) all good and I can go down (whoa)
You've got me thinking that the party's all over

[~BD~]

Dustin wrote:
> ~BD~<~BD~@nomail.afraid.com> wrote in
> news:iuq5op$1f9$1@dont-email.me:
>
>
>> I have no knowledge of the duties of 'Network administrators'. Will
>> they be using tools such as Malwarebytes and/or SuperAntispyware?
>
> Ask Morgan. Perhaps he can enlighten you. He like you, has to use other
> peoples tools because, like you, he's unable to write his own.

Maybe he'll simply 'pop in' to this thread. I respect his views.

>> Will they use the 'services' of an organisation such as Aumha.net -
>> downloading all manner of 'unknown' cleaning 'tools' until the
>> helper/adviser deems their network 'clean'? Somehow I doubt that!
>
> Do you have any specific tools in mind which might not work properly BD?
> or should this be dismissed as more slime?

It's good to have a dialogue with you Dustin. Thank you for responding.

No, I am *not* suggesting that any particular 'tool' is suspect.

I suppose it is possible that someone like you, Dustin, has never,
actually, signed up to a 'help' forum and gone through the due process
of having a 'volunteer' check and clean your computer.

You have the ability to determine if all recommendations/advice given is
'sound'. Perhaps you could find the time to put those folk at Aumha to
the test. Conjure up a 'fault' and ask the experts at Aumha for help.
Then you will see for yourself exactly which 'tools' are used to 'clean'
your machine - and be able to determine if, perhaps, something nasty has
been *added* to your computer, rather than simply having had it 'cleaned'.

If the computer appears to 'work' OK after such 'cleaning', nobody else
is ever going to delve any deeper, are they?

Please have a think about this before you simply dismiss my conjecture.

Thanks.

--
Dave - tired today. It's warm and humid! :-)