Virusburst

[pcbutts1]

Before those files are added to Spyerase they are checked and confirmed not
to be system files on 4 different systems Win2000, XP, server, both laptops
and desktops. We are now running tests with Vista. There have been zero
reports from anyone so far but we do keep backups just in case. We even fix
the damage caused by the real thief's roguefix file.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Dustin Cook" <spamfilterineffect.see.sig@nowhere.com> wrote in message
news:Xns98AE14779E725HHI2948AJD832@69.28.186.121.. .
> "pcbutts1" <pcbutts1@****leythosthestalker.com> wrote in
> news:UdidnTYAJKBF6RrYnZ2dnUVZ_rylnZ2d@giganews.com :
>
>> Yes I do. The Zlob variants that Spyerase targets only generates a
>> certain pattern of various file names and only in certain directories.
>> After adding all those file new names it is very easy to see the
>> pattern. It is the very basics of how the signature detections work
>> except it is more direct. It removes the files from the folders and
>> the registry. There are a lot it removes that others miss including
>> SAS. As much as I don't like Nick I still send him samples that I find
>> that SAS misses.
>>
>
> Sorry for the huge delay in a reply, I have been out of state...
>
> I've taken another look at your batch file, and it can easily delete
> innocent files should one or more of them happen to be named as in your
> script. Your batch file relies on file name and location only to determine
> if the file is malware or not. No further checking is done by you. This
> puts the user in a very bad situation, imho as you offer no way to undo
> the
> damage.
>
> --
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool -V2.0
> web: http://bughunter.it-mate.co.uk
> email: bughunter.dustin@gmail.com.removethis
> Last updated: January 4th, 2007

[Dustin Cook]

"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
news:5PSdnRSupPG5AADYnZ2dnUVZ_qWvnZ2d@giganews.com :

> Before those files are added to Spyerase they are checked and
> confirmed not to be system files on 4 different systems Win2000, XP,
> server, both laptops and desktops. We are now running tests with
> Vista. There have been zero reports from anyone so far but we do keep
> backups just in case. We even fix the damage caused by the real
> thief's roguefix

pcbutts,

The point I made was the fact your script is hard coded to look for
filenames, not content. A malicious program could easily (if one should be
so inclined) rename valid system files as something from your script; if
the user uses your script, his/her system would be at risk of harm. Not
only from whatever malicious software they've acquired, but your script's
attempt to remove it could have dire consequences.

While this would have to be a targetted attack, the fact remains it could
be done. You really, should not, rely on a filename to tell you what the
file actually is.



--
Dustin Cook
Author of BugHunter - MalWare Removal Tool -V2.0
web: http://bughunter.it-mate.co.uk
email: bughunter.dustin@gmail.com.removethis
Last updated: January 4th, 2007

[Chaz P. Klinder]

pcbutts1 wrote:
> Before those files are added to Spyerase they are checked and confirmed not
> to be system files on 4 different systems Win2000, XP, server, both laptops
> and desktops. We are now running tests with Vista. There have been zero
> reports from anyone so far but we do keep backups just in case. We even fix
> the damage caused by the real thief's roguefix file.
>


More lies from the habitual liar and more defamation.

There is no "we". There is only Christopher Butts.

There are NO backups made by SpyErase. It uses the DEL comamnd freely
w/o "quarantining", renaming or other False Positive prevention problem
prevention.


Stuart did not steal from you, you stole from Stuart and plagiarised the
code of RogueFix.

Christopher Butts you are a liar, a thief, a all around low-life.

It is bad enough that you plagiarised RogueFix to fisrt create SuperFix
and then rename SuperFix to SpyErase but to constantly defame the true
author, the one YOU stole from, will not be tolerated.

Your own actions will catch up with you. You will pay for your actions,
abuse, plagiarism, lies and other misdeeds. This is NOT a threat -
this is a promise as we know who you truly are and you will be held
accountable.

[pcbutts1]

You ****ing troll, If what you believe is true it would have already
happened. What I say IS true TOLERATE it fool.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Chaz P. Klinder" <dont-spam.me@charter.net.invalid> wrote in message
news:enk7g7$h48$1@aioe.org...
> pcbutts1 wrote:
>> Before those files are added to Spyerase they are checked and confirmed
>> not to be system files on 4 different systems Win2000, XP, server, both
>> laptops and desktops. We are now running tests with Vista. There have
>> been zero reports from anyone so far but we do keep backups just in case.
>> We even fix the damage caused by the real thief's roguefix file.
>>
>
>
> More lies from the habitual liar and more defamation.
>
> There is no "we". There is only Christopher Butts.
>
> There are NO backups made by SpyErase. It uses the DEL comamnd freely w/o
> "quarantining", renaming or other False Positive prevention problem
> prevention.
>
>
> Stuart did not steal from you, you stole from Stuart and plagiarised the
> code of RogueFix.
>
> Christopher Butts you are a liar, a thief, a all around low-life.
>
> It is bad enough that you plagiarised RogueFix to fisrt create SuperFix
> and then rename SuperFix to SpyErase but to constantly defame the true
> author, the one YOU stole from, will not be tolerated.
>
> Your own actions will catch up with you. You will pay for your actions,
> abuse, plagiarism, lies and other misdeeds. This is NOT a threat - this
> is a promise as we know who you truly are and you will be held
> accountable.

[pcbutts1]

You are forgetting that this is just a tool that targets only a certain kind
of spyware. Spyerase does automatically in 2 minutes what could be done
manually in a few hours. It only removes known verified spyware files. In
case of new variants most are not added until verified by others including
virus total. There a very few exceptions like the files you sent me. Any
damage done by spyerase can be repaired by us so far there have been none.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Dustin Cook" <spamfilterineffect.see.sig@nowhere.com> wrote in message
news:Xns98AEC92AE1B68HHI2948AJD832@69.28.186.121.. .
> "pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
> news:5PSdnRSupPG5AADYnZ2dnUVZ_qWvnZ2d@giganews.com :
>
>> Before those files are added to Spyerase they are checked and
>> confirmed not to be system files on 4 different systems Win2000, XP,
>> server, both laptops and desktops. We are now running tests with
>> Vista. There have been zero reports from anyone so far but we do keep
>> backups just in case. We even fix the damage caused by the real
>> thief's roguefix
>
> pcbutts,
>
> The point I made was the fact your script is hard coded to look for
> filenames, not content. A malicious program could easily (if one should be
> so inclined) rename valid system files as something from your script; if
> the user uses your script, his/her system would be at risk of harm. Not
> only from whatever malicious software they've acquired, but your script's
> attempt to remove it could have dire consequences.
>
> While this would have to be a targetted attack, the fact remains it could
> be done. You really, should not, rely on a filename to tell you what the
> file actually is.
>
>
>
> --
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool -V2.0
> web: http://bughunter.it-mate.co.uk
> email: bughunter.dustin@gmail.com.removethis
> Last updated: January 4th, 2007

[Chaz P. Klinder]

pcbutts1 wrote:
> You f**king troll, If what you believe is true it would have already
> happened. What I say IS true TOLERATE it fool.
>

Your are suffering from False Logic.

Just because you have gotten away with your abuse and crimes does NOT
make you innocent.

You are guilty on every count including, but not limited to, the fact
you are Christopher Butts and you are male and not female.

Almost everything you say is either just plain false from a lack of
knowledge or a clear lie !

[Dustin Cook]

"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
news:TeKdnbA-hsK1NQDYnZ2dnUVZ_qGjnZ2d@giganews.com:

> You are forgetting that this is just a tool that targets only a
> certain kind of spyware. Spyerase does automatically in 2 minutes what

Pcbutts,

It wouldn't matter if your tool targetted mspaint; As long as it did so
via content analysis, and not filename alone. That's the point i've tried
to make.

> could be done manually in a few hours. It only removes known verified
> spyware files. In case of new variants most are not added until

Verified how? Your script makes no effort to hash them, no comparison of
any sort is done. If any file with a matching name is in a folder you
specify, you delete it. You don't make backup copies before hand, you
don't rename it, you simply delete it.


> verified by others including virus total. There a very few exceptions
> like the files you sent me. Any damage done by spyerase can be
> repaired by us so far there have been none.

The files I sent you are malware, but they change their names when they
execute. However, the content stays the same. Your script doesn't
compensate for something like this because you don't check the file
contents.




--
Dustin Cook
Author of BugHunter - MalWare Removal Tool -V2.0
web: http://bughunter.it-mate.co.uk
email: bughunter.dustin@gmail.com.removethis
Last updated: January 4th, 2007

[Nick Skrepetos]

pcbutts1 wrote:
> Before those files are added to Spyerase they are checked and confirmed not
> to be system files on 4 different systems Win2000, XP, server, both laptops
> and desktops. We are now running tests with Vista. There have been zero
> reports from anyone so far but we do keep backups just in case. We even fix
> the damage caused by the real thief's roguefix file.
>
> --
>

Out of curiosity, on Vista how are you getting around the security
restrictions imposed by Vista when trying to delete files out of
certain folders? And the fact that certain folders and registry keys
are virtualized? Do you require your batch file to be run with
administrator privs? What if they have UAC on?

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com

[pcbutts1]

Dustin the files are analyzed and checked and verified here in my office
test lab. Our test boxes are infected for weeks at a time and then checked
for changes they are constantly monitored and not with just one infection
but two and three at a time. We know what these files are and what they do
and how they change. I understand what you are saying but you need to
understand what we do to prevent from happening what you say can happen. Yes
it can happen but we guard against it. For example. a few months ago we
found a file that is not a windows file but a legitimate file if it is
deleted it will break your system, however only if you have certain software
installed. We find these all the time. If the malware can be removed safely
without deleting that file then spyerase will not delete that file. If it
cannot then it will be deleted and replaced on reboot with a good clean file
or the file is replaced before scanning and it will not be included in the
detection database. We did however use this method to set traps for the
thieves who try to steal spyerase. I will send you one such file, you
analyze it and tell me if bug hunter detects it or if you know what the
file does and what program uses it. You can post your answer here but don't
name the file.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Dustin Cook" <spamfilterineffect.see.sig@nowhere.com> wrote in message
news:Xns98AED47D4E8D2HHI2948AJD832@69.28.186.121.. .
> "pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
> news:TeKdnbA-hsK1NQDYnZ2dnUVZ_qGjnZ2d@giganews.com:
>
>> You are forgetting that this is just a tool that targets only a
>> certain kind of spyware. Spyerase does automatically in 2 minutes what
>
> Pcbutts,
>
> It wouldn't matter if your tool targetted mspaint; As long as it did so
> via content analysis, and not filename alone. That's the point i've tried
> to make.
>
>> could be done manually in a few hours. It only removes known verified
>> spyware files. In case of new variants most are not added until
>
> Verified how? Your script makes no effort to hash them, no comparison of
> any sort is done. If any file with a matching name is in a folder you
> specify, you delete it. You don't make backup copies before hand, you
> don't rename it, you simply delete it.
>
>
>> verified by others including virus total. There a very few exceptions
>> like the files you sent me. Any damage done by spyerase can be
>> repaired by us so far there have been none.
>
> The files I sent you are malware, but they change their names when they
> execute. However, the content stays the same. Your script doesn't
> compensate for something like this because you don't check the file
> contents.
>
>
>
>
> --
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool -V2.0
> web: http://bughunter.it-mate.co.uk
> email: bughunter.dustin@gmail.com.removethis
> Last updated: January 4th, 2007

[pcbutts1]

Well we just started or Vista tests so far for the setup we found while
running the setup installer the "Run the program now" or "View the readme
file" etc... check boxes may be convenient for users, they present a
security problem on Vista. Any processes Setup spawns will inherit the same
privileges as Setup -- usually full administrative privileges. We will
either eliminate the [Run] entries, or add OnlyBelowVersion: 0,6 parameters
to prevent them from being displayed on Vista. During setup we can modify
permissions parameters for setting permissions on directories, files, and
registry keys respectively.

There is a program called SetACL. SetACL is a set of routines for managing
Windows permissions (ACLs) from the command line, from scripts and from
programs. These routines can be used from various container or interface
programs. Currently there exist a command line version to be used in batch
files or scripts and an ActiveX control which can be used from any
COM-enabled language (VB, WSH scripts, ...). SetACL works on all Windows NT
based operating systems from Windows 2000 onwards. The newer, the better. It
is open source.



--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
news:1167962986.217566.298840@11g2000cwr.googlegro ups.com...
>
> pcbutts1 wrote:
>> Before those files are added to Spyerase they are checked and confirmed
>> not
>> to be system files on 4 different systems Win2000, XP, server, both
>> laptops
>> and desktops. We are now running tests with Vista. There have been zero
>> reports from anyone so far but we do keep backups just in case. We even
>> fix
>> the damage caused by the real thief's roguefix file.
>>
>> --
>>
>
> Out of curiosity, on Vista how are you getting around the security
> restrictions imposed by Vista when trying to delete files out of
> certain folders? And the fact that certain folders and registry keys
> are virtualized? Do you require your batch file to be run with
> administrator privs? What if they have UAC on?
>
> Nick Skrepetos
> SUPERAntiSpyware.com
> http://www.superantispyware.com
>