Virusburst

pcbutts1 · 01-04-2007, 10:08 PM

Dustin the files are analyzed and checked and verified here in my office
test lab. Our test boxes are infected for weeks at a time and then checked
for changes they are constantly monitored and not with just one infection
but two and three at a time. We know what these files are and what they do
and how they change. I understand what you are saying but you need to
understand what we do to prevent from happening what you say can happen. Yes
it can happen but we guard against it. For example. a few months ago we
found a file that is not a windows file but a legitimate file if it is
deleted it will break your system, however only if you have certain software
installed. We find these all the time. If the malware can be removed safely
without deleting that file then spyerase will not delete that file. If it
cannot then it will be deleted and replaced on reboot with a good clean file
or the file is replaced before scanning and it will not be included in the
detection database. We did however use this method to set traps for the
thieves who try to steal spyerase. I will send you one such file, you
analyze it and tell me if bug hunter detects it or if you know what the
file does and what program uses it. You can post your answer here but don't
name the file.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell

"Dustin Cook" <spamfilterineffect.see.sig@nowhere.com> wrote in message
news:Xns98AED47D4E8D2HHI2948AJD832@69.28.186.121.. .
> "pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
> news:TeKdnbA-hsK1NQDYnZ2dnUVZ_qGjnZ2d@giganews.com:
>
>> You are forgetting that this is just a tool that targets only a
>> certain kind of spyware. Spyerase does automatically in 2 minutes what
>
> Pcbutts,
>
> It wouldn't matter if your tool targetted mspaint; As long as it did so
> via content analysis, and not filename alone. That's the point i've tried
> to make.
>
>> could be done manually in a few hours. It only removes known verified
>> spyware files. In case of new variants most are not added until
>
> Verified how? Your script makes no effort to hash them, no comparison of
> any sort is done. If any file with a matching name is in a folder you
> specify, you delete it. You don't make backup copies before hand, you
> don't rename it, you simply delete it.
>
>
>> verified by others including virus total. There a very few exceptions
>> like the files you sent me. Any damage done by spyerase can be
>> repaired by us so far there have been none.
>
> The files I sent you are malware, but they change their names when they
> execute. However, the content stays the same. Your script doesn't
> compensate for something like this because you don't check the file
> contents.
>
>
>
>
> --
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool -V2.0
> web: http://bughunter.it-mate.co.uk
> email: bughunter.dustin@gmail.com.removethis
> Last updated: January 4th, 2007

Thread: Virusburst

Thread Tools

Display

Threaded View

Re: Virusburst

Thread Information

Users Browsing this Thread

Posting Permissions