Virusburst

[pcbutts1]

Before those files are added to Spyerase they are checked and confirmed not
to be system files on 4 different systems Win2000, XP, server, both laptops
and desktops. We are now running tests with Vista. There have been zero
reports from anyone so far but we do keep backups just in case. We even fix
the damage caused by the real thief's roguefix file.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Dustin Cook" <spamfilterineffect.see.sig@nowhere.com> wrote in message
news:Xns98AE14779E725HHI2948AJD832@69.28.186.121.. .
> "pcbutts1" <pcbutts1@****leythosthestalker.com> wrote in
> news:UdidnTYAJKBF6RrYnZ2dnUVZ_rylnZ2d@giganews.com :
>
>> Yes I do. The Zlob variants that Spyerase targets only generates a
>> certain pattern of various file names and only in certain directories.
>> After adding all those file new names it is very easy to see the
>> pattern. It is the very basics of how the signature detections work
>> except it is more direct. It removes the files from the folders and
>> the registry. There are a lot it removes that others miss including
>> SAS. As much as I don't like Nick I still send him samples that I find
>> that SAS misses.
>>
>
> Sorry for the huge delay in a reply, I have been out of state...
>
> I've taken another look at your batch file, and it can easily delete
> innocent files should one or more of them happen to be named as in your
> script. Your batch file relies on file name and location only to determine
> if the file is malware or not. No further checking is done by you. This
> puts the user in a very bad situation, imho as you offer no way to undo
> the
> damage.
>
> --
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool -V2.0
> web: http://bughunter.it-mate.co.uk
> email: bughunter.dustin@gmail.com.removethis
> Last updated: January 4th, 2007

[Dustin Cook]

"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
news:5PSdnRSupPG5AADYnZ2dnUVZ_qWvnZ2d@giganews.com :

> Before those files are added to Spyerase they are checked and
> confirmed not to be system files on 4 different systems Win2000, XP,
> server, both laptops and desktops. We are now running tests with
> Vista. There have been zero reports from anyone so far but we do keep
> backups just in case. We even fix the damage caused by the real
> thief's roguefix

pcbutts,

The point I made was the fact your script is hard coded to look for
filenames, not content. A malicious program could easily (if one should be
so inclined) rename valid system files as something from your script; if
the user uses your script, his/her system would be at risk of harm. Not
only from whatever malicious software they've acquired, but your script's
attempt to remove it could have dire consequences.

While this would have to be a targetted attack, the fact remains it could
be done. You really, should not, rely on a filename to tell you what the
file actually is.



--
Dustin Cook
Author of BugHunter - MalWare Removal Tool -V2.0
web: http://bughunter.it-mate.co.uk
email: bughunter.dustin@gmail.com.removethis
Last updated: January 4th, 2007

[pcbutts1]

You are forgetting that this is just a tool that targets only a certain kind
of spyware. Spyerase does automatically in 2 minutes what could be done
manually in a few hours. It only removes known verified spyware files. In
case of new variants most are not added until verified by others including
virus total. There a very few exceptions like the files you sent me. Any
damage done by spyerase can be repaired by us so far there have been none.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Dustin Cook" <spamfilterineffect.see.sig@nowhere.com> wrote in message
news:Xns98AEC92AE1B68HHI2948AJD832@69.28.186.121.. .
> "pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
> news:5PSdnRSupPG5AADYnZ2dnUVZ_qWvnZ2d@giganews.com :
>
>> Before those files are added to Spyerase they are checked and
>> confirmed not to be system files on 4 different systems Win2000, XP,
>> server, both laptops and desktops. We are now running tests with
>> Vista. There have been zero reports from anyone so far but we do keep
>> backups just in case. We even fix the damage caused by the real
>> thief's roguefix
>
> pcbutts,
>
> The point I made was the fact your script is hard coded to look for
> filenames, not content. A malicious program could easily (if one should be
> so inclined) rename valid system files as something from your script; if
> the user uses your script, his/her system would be at risk of harm. Not
> only from whatever malicious software they've acquired, but your script's
> attempt to remove it could have dire consequences.
>
> While this would have to be a targetted attack, the fact remains it could
> be done. You really, should not, rely on a filename to tell you what the
> file actually is.
>
>
>
> --
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool -V2.0
> web: http://bughunter.it-mate.co.uk
> email: bughunter.dustin@gmail.com.removethis
> Last updated: January 4th, 2007

[Dustin Cook]

"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
news:TeKdnbA-hsK1NQDYnZ2dnUVZ_qGjnZ2d@giganews.com:

> You are forgetting that this is just a tool that targets only a
> certain kind of spyware. Spyerase does automatically in 2 minutes what

Pcbutts,

It wouldn't matter if your tool targetted mspaint; As long as it did so
via content analysis, and not filename alone. That's the point i've tried
to make.

> could be done manually in a few hours. It only removes known verified
> spyware files. In case of new variants most are not added until

Verified how? Your script makes no effort to hash them, no comparison of
any sort is done. If any file with a matching name is in a folder you
specify, you delete it. You don't make backup copies before hand, you
don't rename it, you simply delete it.


> verified by others including virus total. There a very few exceptions
> like the files you sent me. Any damage done by spyerase can be
> repaired by us so far there have been none.

The files I sent you are malware, but they change their names when they
execute. However, the content stays the same. Your script doesn't
compensate for something like this because you don't check the file
contents.




--
Dustin Cook
Author of BugHunter - MalWare Removal Tool -V2.0
web: http://bughunter.it-mate.co.uk
email: bughunter.dustin@gmail.com.removethis
Last updated: January 4th, 2007

[pcbutts1]

Dustin the files are analyzed and checked and verified here in my office
test lab. Our test boxes are infected for weeks at a time and then checked
for changes they are constantly monitored and not with just one infection
but two and three at a time. We know what these files are and what they do
and how they change. I understand what you are saying but you need to
understand what we do to prevent from happening what you say can happen. Yes
it can happen but we guard against it. For example. a few months ago we
found a file that is not a windows file but a legitimate file if it is
deleted it will break your system, however only if you have certain software
installed. We find these all the time. If the malware can be removed safely
without deleting that file then spyerase will not delete that file. If it
cannot then it will be deleted and replaced on reboot with a good clean file
or the file is replaced before scanning and it will not be included in the
detection database. We did however use this method to set traps for the
thieves who try to steal spyerase. I will send you one such file, you
analyze it and tell me if bug hunter detects it or if you know what the
file does and what program uses it. You can post your answer here but don't
name the file.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Dustin Cook" <spamfilterineffect.see.sig@nowhere.com> wrote in message
news:Xns98AED47D4E8D2HHI2948AJD832@69.28.186.121.. .
> "pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
> news:TeKdnbA-hsK1NQDYnZ2dnUVZ_qGjnZ2d@giganews.com:
>
>> You are forgetting that this is just a tool that targets only a
>> certain kind of spyware. Spyerase does automatically in 2 minutes what
>
> Pcbutts,
>
> It wouldn't matter if your tool targetted mspaint; As long as it did so
> via content analysis, and not filename alone. That's the point i've tried
> to make.
>
>> could be done manually in a few hours. It only removes known verified
>> spyware files. In case of new variants most are not added until
>
> Verified how? Your script makes no effort to hash them, no comparison of
> any sort is done. If any file with a matching name is in a folder you
> specify, you delete it. You don't make backup copies before hand, you
> don't rename it, you simply delete it.
>
>
>> verified by others including virus total. There a very few exceptions
>> like the files you sent me. Any damage done by spyerase can be
>> repaired by us so far there have been none.
>
> The files I sent you are malware, but they change their names when they
> execute. However, the content stays the same. Your script doesn't
> compensate for something like this because you don't check the file
> contents.
>
>
>
>
> --
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool -V2.0
> web: http://bughunter.it-mate.co.uk
> email: bughunter.dustin@gmail.com.removethis
> Last updated: January 4th, 2007

[Dustin Cook]

"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
news:VeOdnUfap6yAXADYnZ2dnUVZ_revnZ2d@giganews.com :

> Dustin the files are analyzed and checked and verified here in my
> office test lab.

Then why do you release a simple script file, instead of an actual
program which could do real content analysis, to be sure it's getting the
right file in it's crosshairs?

I don't know of any serious office test labs which release mass deletion
scripts.... What's the name of this office?

> Our test boxes are infected for weeks at a time and
> then checked for changes they are constantly monitored and not with
> just one infection but two and three at a time. We know what these
> files are and what they do and how they change. I understand what you
> are saying but you need to understand what we do to prevent from
> happening what you say can happen. Yes it can happen but we guard
> against it.

Monitored for what and how? And what are you infecting them with in the
first place? Virus's infect, trojans are not capable of infection. They'd
be viruses if they could....Trojans.. ehh, you know as adware, spyware,
riskware.. heh, etc... they're all trojans when it comes right down to
it.

> For example. a few months ago we found a file that is not
> a windows file but a legitimate file if it is deleted it will break
> your system, however only if you have certain software installed. We
> find these all the time.

This is normal in the study of malware and systems which may have some on
them. It's not something to brag about.

> If the malware can be removed safely without
> deleting that file then spyerase will not delete that file. If it
> cannot then it will be deleted and replaced on reboot with a good
> clean file or the file is replaced before scanning and it will not be
> included in the detection database. We did however use this method to

detection database? What detection database? Your file is a long batch
file that occasionally calls 3rd party programs (Strange, one would think
a lab would develop their own software for that)... to delete files and
stop processes which may be running in memory. I don't see any references
to any database of any kind in your script.... No file io calls to any
files of any kind, except for deletion...

Your script is incapable of deciding whether or not a file is malware
because it does not do any kind of analysis, it simply deletes any files
that match hard coded names... Any malware that's released that goes for
common names has the benefit of making sure your script trashes the host
in the process of removal...

It's one thing to have false alarms as all programs occasionally do, but
it's never okay to treat a file as bad simply because of it's name!


> set traps for the thieves who try to steal spyerase. I will send you
> one such file, you analyze it and tell me if bug hunter detects it or


Pcbutts, a question if you will...

You mentioned spyerase was developed in 2005, correct? If that's the
case, why do several roguefix versions I have at the shop predate it, and
practically match several lines for lines in your spyerase?

I've tried to be as civil with you as I possibly know how, but I'm
convinced you've stolen those routines and don't really understand what's
going on in the code; hence your need to release a script, and depend on
other programs to do everything for you.

> if you know what the file does and what program uses it. You can post
> your answer here but don't name the file.

The file is common with several programs, one of which is acs... It's a
library often mistaken for being malware.


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool -V2.0
web: http://bughunter.it-mate.co.uk
email: bughunter.dustin@gmail.com.removethis
Last updated: January 4th, 2007

[pcbutts1]

You asked when I started writing spyerase only. That was in June 2005 Zlob
was discovered in March of 2005, I've been around much longer then that. You
should know all my scripts are similar. You talk about databases and
software, I have all that but I work for the government and my programs are
used only on government systems it is not available to the public. The
government does not use COTS unless it is cheaper for specialized software.
We write our own software. 5 years ago I wrote a tech paper on Spyware and
submitted it to my boss. Although it was hard to believe at that time he
took my word for it and purchased Spysweeper. That did not last long because
it was ineffective and incompatible. I started writing my own removal
scripts and they have since been adopted by my job. Now if you get the same
spam email over and over again are you going to scan it or read it every
single time before you delete it just to make sure it is spam? or are you
going to just delete it. If you know a file is bad there is no reason to
have to waste time scanning it. For example if you download a file called
Leythosisastalking*******.jpg.pif you know by the name and extension that it
is bad. Why scan it? We scan it anyways just to verify then we add it to my
Spyerase for deletion. If we come across a file with the same name like
appwiz.cpl, which is a legitimate windows file we don't delete it we replace
it with a know good file. This is done before Spyerase is run during the
install process and that file is not added to the list in Spyerase.

As far as roguefix goes I did not know Stuart has stolen any of my scripts
until it was brought to my attention by a friend of mine. My scripts have
been out there for a long time and I never used to post them to the NG's
just in the forums. To this date there are 4 people who use my scripts as
their own with my permission simply because they asked first and did not
steal it. So you will find it out there. I have about 20 or so scripts that
do just about anything to a windows system. Don't ask what the name of the
program is that I wrote for my job because I won't tell you. I am under
contract and it has just been renewed for another 5 years so it will be a
while.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Dustin Cook" <spamfilterineffect.see.sig@nowhere.com> wrote in message
news:Xns98B0D022D498EHHI2948AJD832@69.28.186.121.. .
> "pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
> news:VeOdnUfap6yAXADYnZ2dnUVZ_revnZ2d@giganews.com :
>
>> Dustin the files are analyzed and checked and verified here in my
>> office test lab.
>
> Then why do you release a simple script file, instead of an actual
> program which could do real content analysis, to be sure it's getting the
> right file in it's crosshairs?
>
> I don't know of any serious office test labs which release mass deletion
> scripts.... What's the name of this office?
>
>> Our test boxes are infected for weeks at a time and
>> then checked for changes they are constantly monitored and not with
>> just one infection but two and three at a time. We know what these
>> files are and what they do and how they change. I understand what you
>> are saying but you need to understand what we do to prevent from
>> happening what you say can happen. Yes it can happen but we guard
>> against it.
>
> Monitored for what and how? And what are you infecting them with in the
> first place? Virus's infect, trojans are not capable of infection. They'd
> be viruses if they could....Trojans.. ehh, you know as adware, spyware,
> riskware.. heh, etc... they're all trojans when it comes right down to
> it.
>
>> For example. a few months ago we found a file that is not
>> a windows file but a legitimate file if it is deleted it will break
>> your system, however only if you have certain software installed. We
>> find these all the time.
>
> This is normal in the study of malware and systems which may have some on
> them. It's not something to brag about.
>
>> If the malware can be removed safely without
>> deleting that file then spyerase will not delete that file. If it
>> cannot then it will be deleted and replaced on reboot with a good
>> clean file or the file is replaced before scanning and it will not be
>> included in the detection database. We did however use this method to
>
> detection database? What detection database? Your file is a long batch
> file that occasionally calls 3rd party programs (Strange, one would think
> a lab would develop their own software for that)... to delete files and
> stop processes which may be running in memory. I don't see any references
> to any database of any kind in your script.... No file io calls to any
> files of any kind, except for deletion...
>
> Your script is incapable of deciding whether or not a file is malware
> because it does not do any kind of analysis, it simply deletes any files
> that match hard coded names... Any malware that's released that goes for
> common names has the benefit of making sure your script trashes the host
> in the process of removal...
>
> It's one thing to have false alarms as all programs occasionally do, but
> it's never okay to treat a file as bad simply because of it's name!
>
>
>> set traps for the thieves who try to steal spyerase. I will send you
>> one such file, you analyze it and tell me if bug hunter detects it or
>
>
> Pcbutts, a question if you will...
>
> You mentioned spyerase was developed in 2005, correct? If that's the
> case, why do several roguefix versions I have at the shop predate it, and
> practically match several lines for lines in your spyerase?
>
> I've tried to be as civil with you as I possibly know how, but I'm
> convinced you've stolen those routines and don't really understand what's
> going on in the code; hence your need to release a script, and depend on
> other programs to do everything for you.
>
>> if you know what the file does and what program uses it. You can post
>> your answer here but don't name the file.
>
> The file is common with several programs, one of which is acs... It's a
> library often mistaken for being malware.
>
>
> --
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool -V2.0
> web: http://bughunter.it-mate.co.uk
> email: bughunter.dustin@gmail.com.removethis
> Last updated: January 4th, 2007

[Chaz P. Klinder]

pcbutts1 wrote:
> Before those files are added to Spyerase they are checked and confirmed not
> to be system files on 4 different systems Win2000, XP, server, both laptops
> and desktops. We are now running tests with Vista. There have been zero
> reports from anyone so far but we do keep backups just in case. We even fix
> the damage caused by the real thief's roguefix file.
>


More lies from the habitual liar and more defamation.

There is no "we". There is only Christopher Butts.

There are NO backups made by SpyErase. It uses the DEL comamnd freely
w/o "quarantining", renaming or other False Positive prevention problem
prevention.


Stuart did not steal from you, you stole from Stuart and plagiarised the
code of RogueFix.

Christopher Butts you are a liar, a thief, a all around low-life.

It is bad enough that you plagiarised RogueFix to fisrt create SuperFix
and then rename SuperFix to SpyErase but to constantly defame the true
author, the one YOU stole from, will not be tolerated.

Your own actions will catch up with you. You will pay for your actions,
abuse, plagiarism, lies and other misdeeds. This is NOT a threat -
this is a promise as we know who you truly are and you will be held
accountable.

[pcbutts1]

You ****ing troll, If what you believe is true it would have already
happened. What I say IS true TOLERATE it fool.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Chaz P. Klinder" <dont-spam.me@charter.net.invalid> wrote in message
news:enk7g7$h48$1@aioe.org...
> pcbutts1 wrote:
>> Before those files are added to Spyerase they are checked and confirmed
>> not to be system files on 4 different systems Win2000, XP, server, both
>> laptops and desktops. We are now running tests with Vista. There have
>> been zero reports from anyone so far but we do keep backups just in case.
>> We even fix the damage caused by the real thief's roguefix file.
>>
>
>
> More lies from the habitual liar and more defamation.
>
> There is no "we". There is only Christopher Butts.
>
> There are NO backups made by SpyErase. It uses the DEL comamnd freely w/o
> "quarantining", renaming or other False Positive prevention problem
> prevention.
>
>
> Stuart did not steal from you, you stole from Stuart and plagiarised the
> code of RogueFix.
>
> Christopher Butts you are a liar, a thief, a all around low-life.
>
> It is bad enough that you plagiarised RogueFix to fisrt create SuperFix
> and then rename SuperFix to SpyErase but to constantly defame the true
> author, the one YOU stole from, will not be tolerated.
>
> Your own actions will catch up with you. You will pay for your actions,
> abuse, plagiarism, lies and other misdeeds. This is NOT a threat - this
> is a promise as we know who you truly are and you will be held
> accountable.

[Chaz P. Klinder]

pcbutts1 wrote:
> You f**king troll, If what you believe is true it would have already
> happened. What I say IS true TOLERATE it fool.
>

Your are suffering from False Logic.

Just because you have gotten away with your abuse and crimes does NOT
make you innocent.

You are guilty on every count including, but not limited to, the fact
you are Christopher Butts and you are male and not female.

Almost everything you say is either just plain false from a lack of
knowledge or a clear lie !