Virusburst

[Lil' Abner]

http://mewnlite.com/vburst.gif
Shown are what SAS finds and the popup that points to virusburster.com
SAS seemed to fix it but customer says it reappeared after about an hour
after he got it home and got online. All he did online was email. He ran
SAS again but said it came back again after a short time.
Looking at his IE history, we have a pretty good idea where he picked it
up, but it's a little late for that to help now.
While the popup was present, I ran Process Explorer and didn't see any
abnormal processes running. Also I didn't see anything with HijackThis that
I didn't recognize as safe.
The media-codec was also a return item after being zapped once before, but
I don't think they're related. Or are they?
Any ideas, suggestions? Where is virusburst hiding?

--
--- A dyslexic man walks into a bra ---

[Nick Skrepetos]

Lil' Abner wrote:
> http://mewnlite.com/vburst.gif
> Shown are what SAS finds and the popup that points to virusburster.com
> SAS seemed to fix it but customer says it reappeared after about an hour
> after he got it home and got online. All he did online was email. He ran
> SAS again but said it came back again after a short time.
> Looking at his IE history, we have a pretty good idea where he picked it
> up, but it's a little late for that to help now.
> While the popup was present, I ran Process Explorer and didn't see any
> abnormal processes running. Also I didn't see anything with HijackThis that
> I didn't recognize as safe.
> The media-codec was also a return item after being zapped once before, but
> I don't think they're related. Or are they?
> Any ideas, suggestions? Where is virusburst hiding?
>
> --
> --- A dyslexic man walks into a bra ---

Did they update to our latest definitions before scanning? If they did,
and still have the problem, please have them submit a support ticket
here:
http://www.superantispyware.com/support.html

I will have them run a diagnostic and we can see what was missed.

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com

[Lil' Abner]

"Nick Skrepetos" <nskrepetos@yahoo.com> wrote in
news:1166242978.125222.4110@f1g2000cwa.googlegroup s.com:

>
> Lil' Abner wrote:
>> http://mewnlite.com/vburst.gif
>> Shown are what SAS finds and the popup that points to
>> virusburster.com SAS seemed to fix it but customer says it reappeared
>> after about an hour after he got it home and got online. All he did
>> online was email. He ran SAS again but said it came back again after
>> a short time. Looking at his IE history, we have a pretty good idea
>> where he picked it up, but it's a little late for that to help now.
>> While the popup was present, I ran Process Explorer and didn't see
>> any abnormal processes running. Also I didn't see anything with
>> HijackThis that I didn't recognize as safe.
>> The media-codec was also a return item after being zapped once
>> before, but I don't think they're related. Or are they?
>> Any ideas, suggestions? Where is virusburst hiding?
>>
>> --
>> --- A dyslexic man walks into a bra ---
>
> Did they update to our latest definitions before scanning? If they
> did, and still have the problem, please have them submit a support
> ticket here:
> http://www.superantispyware.com/support.html
>
> I will have them run a diagnostic and we can see what was missed.

I updated it Wednesday when I installed it. He was rerunning it with the
same update. However, I was over there this evening (Friday) and got new
updates and ran it again (where I got the screen shot). I ran it again
immediately and it found nothing, but tomorrow we'll know for sure. I
have found manual uninstallation instructions for it at
http://www.bleepingcomputer.com/forums/topic63896.html but that process
looks pretty time consuming. Here's hoping YOU got it for us... :-)
Thanks for your reply.

--
--- A dyslexic man walks into a bra ---

[Nick Skrepetos]

Lil' Abner wrote:
> "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in
> news:1166242978.125222.4110@f1g2000cwa.googlegroup s.com:
>
> >
> > Lil' Abner wrote:
> >> http://mewnlite.com/vburst.gif
> >> Shown are what SAS finds and the popup that points to
> >> virusburster.com SAS seemed to fix it but customer says it reappeared
> >> after about an hour after he got it home and got online. All he did
> >> online was email. He ran SAS again but said it came back again after
> >> a short time. Looking at his IE history, we have a pretty good idea
> >> where he picked it up, but it's a little late for that to help now.
> >> While the popup was present, I ran Process Explorer and didn't see
> >> any abnormal processes running. Also I didn't see anything with
> >> HijackThis that I didn't recognize as safe.
> >> The media-codec was also a return item after being zapped once
> >> before, but I don't think they're related. Or are they?
> >> Any ideas, suggestions? Where is virusburst hiding?
> >>
> >> --
> >> --- A dyslexic man walks into a bra ---
> >
> > Did they update to our latest definitions before scanning? If they
> > did, and still have the problem, please have them submit a support
> > ticket here:
> > http://www.superantispyware.com/support.html
> >
> > I will have them run a diagnostic and we can see what was missed.
>
> I updated it Wednesday when I installed it. He was rerunning it with the
> same update. However, I was over there this evening (Friday) and got new
> updates and ran it again (where I got the screen shot). I ran it again
> immediately and it found nothing, but tomorrow we'll know for sure. I
> have found manual uninstallation instructions for it at
> http://www.bleepingcomputer.com/forums/topic63896.html but that process
> looks pretty time consuming. Here's hoping YOU got it for us... :-)
> Thanks for your reply.
>
> --
> --- A dyslexic man walks into a bra ---

If we didn't, use this link (from his machine) and I'll diagnose what
we missed and update our definitions.
http://www.superantispyware.com/diag....html?id=nicks

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com

[Chief Scratchum]

"pcbutts1" <pcbutts1@****leythosthestalker.com> wrote in
Impressive - ^^^^^^^^^^^^^^^^^^^^^^^^^
news:05KdnXc9s4ywhxnYnZ2dnUVZ_silnZ2d@giganews.com :

> Use Spyerase, fast and free. It now has over 1500 signatures to remove
> all variants of Virusburst,Spysheriff and others.This tool is designed
> to specifically
> remove virusburst. Scan time is about 2 minutes.
> First read this page hppt://DONT!.com/downloads then download
> spyerase from here hppt://DONT!.com/downloads/spyerasesetup.zip

[Nick Skrepetos]

pcbutts1 wrote:
> Use Spyerase, fast and free. It now has over 1500 signatures to remove all
> variants of Virusburst,Spysheriff and others.This tool is designed to
> specifically
> remove virusburst. Scan time is about 2 minutes.
> First read this page http://www.pcbutts1.com/downloads then download
> spyerase from here http://www.pcbutts1.com/downloads/spyerasesetup.zip
>
PCButts1 - can you please stop hi-jacking every thread where someone
mentions SUPERAntiSpyware with your "spyerase" - no one wants a stolen
batch file. You turn every nice, polite and sincere thread into a big
garbage pile.

[Φ Kwatu Φ]

pcbutts1 wrote:
> Use Spyerase, fast and free. It now has over 1500 signatures to remove all
> variants of Virusburst,Spysheriff and others.This tool is designed to
> specifically
> remove virusburst. Scan time is about 2 minutes.
>

You are so stupid Butts that you don't even understand what you stole
form Stuart's code of RogueFix at ==
http://www.internetinspiration.co.uk/roguefix.htm

*_ There are NO signtures. _*

RogueFix and it plagiarised form SpyErase do NOT use signatures. Thet
are hard coded by file name a Registry entries and they both do not use
"signatures" in detection and removal.

[Φ Kwatu Φ]

@echo off

:intro
color 1F
@echo off
cls

echo.
echo.
echo ###################
echo # #
echo # Spyerase #
echo # Smitfraud Variant #
echo # Removal Tool #
echo # created #
echo # by #
echo # pcbutts1 #
echo # #
echo ###################
echo.
echo This tool will check your XP system for files and registry keys
echo belonging to rogue spyware applications and their installing
trojans
echo.
echo Files detected will be removed
echo.
echo.
echo If you do not wish to continue with the dectection/removal
process
echo.
echo Close this program by clicking on the 'x' top right hand corner
of this window
echo.
echo.
pause
echo.
echo.

@echo off
cls
echo.
echo.
echo pcbutts1 assumes no liability for
echo damage or loss as a result of running this tool
echo.
echo.
echo.
echo If you do not accept using spyerase is at your own risk
echo.
echo Close this program, click the 'x' in the top right hand corner.
echo.
echo.
echo.
echo.
echo.
echo.
pause



@echo off
cls

echo.>>spyerase.txt
echo
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~>>spyerase.txt
echo.>>spyerase.txt
echo logfile of scans by spyerase V7.2>>spyerase.txt
echo.>>spyerase.txt
echo.>>spyerase.txt
echo Scan performed on>>spyerase.txt
echo. |date |find "current">>spyerase.txt
echo. |time |find "current">>spyerase.txt
echo.>>spyerase.txt
echo
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~>>spyerase.txt
echo
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~>>spyerase.txt
echo.>>spyerase.txt
echo.>>spyerase.txt
echo.
echo spyerase is searching your system. Please wait .........
echo.
echo ~~~~~~~~~~~~~~~~~~Files found ~~~~~~~~~~~~~~~~~
echo ~~~~~ Files found ~~~~>>spyerase.txt

regsvr32 /u /s occache.dll

echo.>>spyerase.txt
echo.
IF EXIST "%SystemDrive%\124842.exe" echo "%SystemDrive%\124842.exe"
IF EXIST "%SystemDrive%\124842.exe" echo
"%SystemDrive%\124842.exe">>spyerase.txt
IF NOT EXIST "%SystemDrive%\124842.exe" GOTO S1
attrib -h -r -s "%SystemDrive%\124842.exe"
DEL /F /Q "%SystemDrive%\124842.exe"
IF NOT EXIST "%SystemDrive%\124842.exe" echo successfully deleted
124842.exe
IF NOT EXIST "%SystemDrive%\124842.exe" echo successfully deleted
124842.exe>>spyerase.txt
IF NOT EXIST "%SystemDrive%\124842.exe" GOTO S1
Tskill /a "%SystemDrive%\124842.exe"
DEL /F /Q "%SystemDrive%\124842.exe"
IF NOT EXIST "%SystemDrive%\124842.exe" echo successfully deleted
124842.exe
IF NOT EXIST "%SystemDrive%\124842.exe" echo successfully deleted
124842.exe>>spyerase.txt
IF NOT EXIST "%SystemDrive%\124842.exe" GOTO S1
IF EXIST "%SystemDrive%\124842.exe" echo unable to delete 124842.exe -
will delete on reboot
IF EXIST "%SystemDrive%\124842.exe" echo unable to delete 124842.exe -
will delete on reboot>>spyerase.txt
echo DEL /F /Q "%SystemDrive%\124842.exe">>%SystemDrive%\delrb.tx t

:S1
IF EXIST "%SystemDrive%\3.exe" echo "%SystemDrive%\3.exe"
IF EXIST "%SystemDrive%\3.exe" echo "%SystemDrive%\3.exe">>spyerase.txt
IF NOT EXIST "%SystemDrive%\3.exe" GOTO S1a
attrib -h -r -s "%SystemDrive%\3.exe"
DEL /F /Q "%SystemDrive%\3.exe"
IF NOT EXIST "%SystemDrive%\3.exe" echo successfully deleted 3.exe
IF NOT EXIST "%SystemDrive%\3.exe" echo successfully deleted
3.exe>>spyerase.txt
IF NOT EXIST "%SystemDrive%\3.exe" GOTO S1a
Tskill /a "%SystemDrive%\3.exe"
DEL /F /Q "%SystemDrive%\3.exe"
IF NOT EXIST "%SystemDrive%\3.exe" echo successfully 3.exe
IF NOT EXIST "%SystemDrive%\3.exe" echo successfully 3.exe>>spyerase.txt
IF NOT EXIST "%SystemDrive%\3.exe" GOTO S1a
IF EXIST "%SystemDrive%\3.exe" echo unable to delete 3.exe - will delete
on reboot
IF EXIST "%SystemDrive%\3.exe" echo unable to delete 3.exe - will delete
on reboot>>spyerase.txt
echo DEL /F /Q "%SystemDrive%\3.exe">>%SystemDrive%\delrb.txt
echo.>>spyerase.txt
echo.

:S1a
IF EXIST "%SystemDrive%\a.exe" echo "%SystemDrive%\a.exe"
IF EXIST "%SystemDrive%\a.exe" echo "%SystemDrive%\a.exe">>spyerase.txt
IF NOT EXIST "%SystemDrive%\a.exe" GOTO S1b
attrib -h -r -s "%SystemDrive%\a.exe"
DEL /F /Q "%SystemDrive%\a.exe"
IF NOT EXIST "%SystemDrive%\a.exe" echo successfully a.exe
IF NOT EXIST "%SystemDrive%\a.exe" echo successfully a.exe>>spyerase.txt
IF NOT EXIST "%SystemDrive%\a.exe" GOTO S1b
IF EXIST "%SystemDrive%\a.exe" echo unable to delete a.exe - will delete
on reboot
IF EXIST "%SystemDrive%\a.exe" echo unable to delete a.exe - will delete
on reboot>>spyerase.txt
echo DEL /F /Q "%SystemDrive%\a.exe">>%SystemDrive%\delrb.txt
echo.>>spyerase.txt
echo.

:S1b
IF EXIST "%SystemDrive%\ac3_0003.exe" echo "%SystemDrive%\ac3_0003.exe"
IF EXIST "%SystemDrive%\ac3_0003.exe" echo
"%SystemDrive%\ac3_0003.exe">>spyerase.txt
IF NOT EXIST "%SystemDrive%\ac3_0003.exe" GOTO S2
attrib -h -r -s "%SystemDrive%\ac3_0003.exe"
DEL /F /Q "%SystemDrive%\ac3_0003.exe"
IF NOT EXIST "%SystemDrive%\ac3_0003.exe" echo successfully ac3_0003.exe
IF NOT EXIST "%SystemDrive%\ac3_0003.exe" echo successfully
ac3_0003.exe>>spyerase.txt
IF NOT EXIST "%SystemDrive%\ac3_0003.exe" GOTO S2
Tskill /a "%SystemDrive%\ac3_0003.exe"
DEL /F /Q "%SystemDrive%\ac3_0003.exe"
IF NOT EXIST "%SystemDrive%\ac3_0003.exe" echo successfully ac3_0003.exe
IF NOT EXIST "%SystemDrive%\ac3_0003.exe" echo successfully
ac3_0003.exe>>spyerase.txt
IF NOT EXIST "%SystemDrive%\ac3_0003.exe" GOTO S2
IF EXIST "%SystemDrive%\ac3_0003.exe" echo unable to delete ac3_0003.exe
- will delete on reboot
IF EXIST "%SystemDrive%\ac3_0003.exe" echo unable to delete ac3_0003.exe
- will delete on reboot>>spyerase.txt
echo DEL /F /Q "%SystemDrive%\ac3_0003.exe">>%SystemDrive%\delrb. txt
echo.>>spyerase.txt
echo.

:S2
IF EXIST "%SystemDrive%\amewq32.exe" echo "%SystemDrive%\amewq32.exe"
IF EXIST "%SystemDrive%\amewq32.exe" echo
"%SystemDrive%\amewq32.exe">>spyerase.txt
IF NOT EXIST "%SystemDrive%\amewq32.exe" GOTO S3
attrib -h -r -s "%SystemDrive%\amewq32.exe"
DEL /F /Q "%SystemDrive%\amewq32.exe"
IF NOT EXIST "%SystemDrive%\amewq32.exe" echo successfully deleted
amewq32.exe
IF NOT EXIST "%SystemDrive%\amewq32.exe" echo successfully deleted
amewq32.exe>>spyerase.txt
IF NOT EXIST "%SystemDrive%\amewq32.exe" GOTO S3
Tskill /a "%SystemDrive%\amewq32.exe"
DEL /F /Q "%SystemDrive%\amewq32.exe"
IF NOT EXIST "%SystemDrive%\amewq32.exe" echo successfully amewq32.exe
IF NOT EXIST "%SystemDrive%\amewq32.exe" echo successfully
amewq32.exe>>spyerase.txt
IF NOT EXIST "%SystemDrive%\amewq32.exe" GOTO S3
IF EXIST "%SystemDrive%\amewq32.exe" echo unable to amewq32.exe - will
delete on reboot
IF EXIST "%SystemDrive%\amewq32.exe" echo unable to amewq32.exe - will
delete on reboot>>spyerase.txt
echo DEL /F /Q "%SystemDrive%\amewq32.exe">>%SystemDrive%\delrb.t xt
echo.>>spyerase.txt
echo.

:S3
IF EXIST "%SystemDrive%\ann.exe" echo "%SystemDrive%\ann.exe"
IF EXIST "%SystemDrive%\ann.exe" echo "%SystemDrive%\ann.exe">>spyerase.txt
IF NOT EXIST "%SystemDrive%\ann.exe" GOTO S4
attrib -h -r -s "%SystemDrive%\ann.exe"
DEL /F /Q "%SystemDrive%\ann.exe"
IF NOT EXIST "%SystemDrive%\ann.exe" echo successfully deleted ann.exe
IF NOT EXIST "%SystemDrive%\ann.exe" echo successfully deleted
ann.exe>>spyerase.txt
IF NOT EXIST "%SystemDrive%\ann.exe" GOTO S4
Tskill /a "%SystemDrive%\ann.exe"
DEL /F /Q "%SystemDrive%\ann.exe"
IF NOT EXIST "%SystemDrive%\ann.exe" echo successfully ann.exe
IF NOT EXIST "%SystemDrive%\ann.exe" echo successfully ann.exe>>spyerase.txt
IF NOT EXIST "%SystemDrive%\ann.exe" GOTO S4
IF EXIST "%SystemDrive%\ann.exe" echo unable to ann.exe - will delete on
reboot
IF EXIST "%SystemDrive%\ann.exe" echo unable to ann.exe - will delete on
reboot>>spyerase.txt
echo DEL /F /Q "%SystemDrive%\ann.exe">>%SystemDrive%\delrb.t xt
echo.>>spyerase.txt
echo.

[pcbutts1]

Why do you get mad at me when your SAS does not work and my Spyerase does?
Why is there more and more posts from people with problems with SAS?. There
has never been a post from anyone about any of my stuff that said it did not
work,or that it is slow, or that it crashed their system. Why is that?
because my stuff works. How many awards has SAS won? My retail version,
which has been out only 2 months has already won 4 times for best new
product. My removal tool Spyerase, which I'm sure you already tested has
already been downloaded over 1000 times and I only advertise that one in the
newsgroups. Spyerase has been hacked and probed and ripped apart by
everybody and nothing can be said about it because it works. Fix your
product Nick, grow up and stop crying and I won't have to post alternative
products to people who need help.


--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com



"Nick Skrepetos" <nskrepetos@yahoo.com> wrote in message
news:1166295282.582269.316300@l12g2000cwl.googlegr oups.com...
>
> pcbutts1 wrote:
>> Use Spyerase, fast and free. It now has over 1500 signatures to remove
>> all
>> variants of Virusburst,Spysheriff and others.This tool is designed to
>> specifically
>> remove virusburst. Scan time is about 2 minutes.
>> First read this page http://www.pcbutts1.com/downloads then download
>> spyerase from here http://www.pcbutts1.com/downloads/spyerasesetup.zip
>>
> PCButts1 - can you please stop hi-jacking every thread where someone
> mentions SUPERAntiSpyware with your "spyerase" - no one wants a stolen
> batch file. You turn every nice, polite and sincere thread into a big
> garbage pile.
>

[Andy Walker]

? Kwatu ? wrote:

>regsvr32 /u /s occache.dll
>DEL /F /Q "%SystemDrive%\124842.exe"
>DEL /F /Q "%SystemDrive%\3.exe"
>DEL /F /Q "%SystemDrive%\a.exe"
>DEL /F /Q "%SystemDrive%\ac3_0003.exe"
>DEL /F /Q "%SystemDrive%\amewq32.exe"
>DEL /F /Q "%SystemDrive%\ann.exe"

So much for butts' boast of "over 1500 detections" LMAO!