BugHunter Signature Update 01.27.2007

[Dustin Cook]

Whats new in this signature database update?
January 27th, 2007

Additions:
Backdoor.Agent.AKQ
Backdoor.Perl.Shellbot.B (+2)
Backdoor.Small.MW
Backdoor.YUK
Malicious HTML Script (+7)
Malicious Mirc script (+2)
Proxy.KHP
Proxy.KHQ
PSW.Delf.FH
Trojan.Agent.Aet.1
Trojan.Agent.Jpb
Trojan.Downloader.Agent.ARI
Trojan.Downloader.Agent.Ber
Trojan.Downloader.Agent.GZ.1
Trojan.Downloader.Small.Ju
Trojan.Downloader.Zlob.ALT (+2)
Trojan.Downloader.Zlob.gen (+2)
Trojan.Dropper.DB
Trojan.Hupigon.UM
Trojan.Obfus.Gen
Trojan.Pakes.c
Trojan.Perl.Shellbot.Ad (+3)
Trojan.Php.Rst.N
Trojan.Rbot.Bjp
Trojan.Runas.H
Trojan.Sdbot.Bdq
Trojan.Startpage.Amz
Trojan.Win32.Obfuscated.ca
Trojan.Zlob.2.Gen
Trojan.Zlob.IN
Unclassified.Trojan.UPX (+3)
Win32/Kibik.A
Worm/Sdbot.58390
Worm/Sdbot.58463


Total now stands at 4,949 signatures for malware.

BugHunter now includes an informative file regarding Christoper Butts,
AKA, PcButts. This file is available in the BUGHUNXX.ZIP archive as
PCBUTTS.TXT and is viewable on the site. Thanks for your time!


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - V2.1
web: http://bughunter.it-mate.co.uk
email: bughunter.dustin@gmail.com.removethis
Last updated: January 25th, 2007

[pcbutts1]

Spyerase has been updated as follows

New detection files added
LOCATE C: BUGHUNT.EXE /K /Y
LOCATE C: BUGHUNT.INI /K /Y
LOCATE C: BUGINFO.DAT /K /Y

Updated hosts file to include
127.0.0.1 bughunter.it-mate.co.uk




--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Dustin Cook" <spamfilterineffect.see.sig@nowhere.com> wrote in message
news:Xns98C5B64E1A7BDHHI2948AJD832@69.28.186.121.. .
> Whats new in this signature database update?
> January 27th, 2007
>
> Additions:
> Backdoor.Agent.AKQ
> Backdoor.Perl.Shellbot.B (+2)
> Backdoor.Small.MW
> Backdoor.YUK
> Malicious HTML Script (+7)
> Malicious Mirc script (+2)
> Proxy.KHP
> Proxy.KHQ
> PSW.Delf.FH
> Trojan.Agent.Aet.1
> Trojan.Agent.Jpb
> Trojan.Downloader.Agent.ARI
> Trojan.Downloader.Agent.Ber
> Trojan.Downloader.Agent.GZ.1
> Trojan.Downloader.Small.Ju
> Trojan.Downloader.Zlob.ALT (+2)
> Trojan.Downloader.Zlob.gen (+2)
> Trojan.Dropper.DB
> Trojan.Hupigon.UM
> Trojan.Obfus.Gen
> Trojan.Pakes.c
> Trojan.Perl.Shellbot.Ad (+3)
> Trojan.Php.Rst.N
> Trojan.Rbot.Bjp
> Trojan.Runas.H
> Trojan.Sdbot.Bdq
> Trojan.Startpage.Amz
> Trojan.Win32.Obfuscated.ca
> Trojan.Zlob.2.Gen
> Trojan.Zlob.IN
> Unclassified.Trojan.UPX (+3)
> Win32/Kibik.A
> Worm/Sdbot.58390
> Worm/Sdbot.58463
>
>
> Total now stands at 4,949 signatures for malware.
>
> BugHunter now includes an informative file regarding Christoper Butts,
> AKA, PcButts. This file is available in the BUGHUNXX.ZIP archive as
> PCBUTTS.TXT and is viewable on the site. Thanks for your time!
>
>
> --
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool - V2.1
> web: http://bughunter.it-mate.co.uk
> email: bughunter.dustin@gmail.com.removethis
> Last updated: January 25th, 2007

[Dustin Cook]

"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in news:_d-
dnWYAz_FHdCbYnZ2dnUVZ_uydnZ2d@giganews.com:

> Spyerase has been updated as follows
>
> New detection files added
> LOCATE C: BUGHUNT.EXE /K /Y
> LOCATE C: BUGHUNT.INI /K /Y
> LOCATE C: BUGINFO.DAT /K /Y

You do realize the 2nd and 3rd command is completely unneccessary right?
Once the exe is deleted, the program is gone.

Do you have any explanation for your intentionally targetting a known
malware removal tool? Do you feel your users somehow benefit from you
making security decisions for them? Why delete a superior program?

> Updated hosts file to include
> 127.0.0.1 bughunter.it-mate.co.uk

So you do feel it's okay to mislead the public into thinking your program
is somehow useful then?

Let me know what your answers are if you don't mind, I'm sure many
individuals would like to know your justification for this action on your
part.


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - V2.1
web: http://bughunter.it-mate.co.uk
email: bughunter.dustin@gmail.com.removethis
Last updated: January 27th, 2007

[---Fitz---]

"Dustin Cook" <spamfilterineffect.see.sig@nowhere.com> wrote in message
news:Xns98C67B834562HHI2948AJD832@69.28.186.121...
| "pcbutts1" <pcbutts1@leythosthestalker.com> wrote in news:_d-
| dnWYAz_FHdCbYnZ2dnUVZ_uydnZ2d@giganews.com:
|
| > Spyerase has been updated as follows
| >
| > New detection files added
| > LOCATE C: BUGHUNT.EXE /K /Y
| > LOCATE C: BUGHUNT.INI /K /Y
| > LOCATE C: BUGINFO.DAT /K /Y
|
| You do realize the 2nd and 3rd command is completely unneccessary right?
| Once the exe is deleted, the program is gone.
|
| Do you have any explanation for your intentionally targetting a known
| malware removal tool? Do you feel your users somehow benefit from you
| making security decisions for them? Why delete a superior program?
|
| > Updated hosts file to include
| > 127.0.0.1 bughunter.it-mate.co.uk
|
| So you do feel it's okay to mislead the public into thinking your program
| is somehow useful then?
|
| Let me know what your answers are if you don't mind, I'm sure many
| individuals would like to know your justification for this action on your
| part.
|
|
| --
| Dustin Cook
| Author of BugHunter - MalWare Removal Tool - V2.1
| web: http://bughunter.it-mate.co.uk
| email: bughunter.dustin@gmail.com.removethis
| Last updated: January 27th, 2007

He has no answers...he's a fool. He claims he's a female (gender identity
problems), married to a male lawyer (hot dreams) and once claimed he was the
owner of the website, nasa.gov (delusions of grandeur). If anyone ever
thought about downloading his piece of cobbled together crap, this should
certainly the decision maker. If anyone wants to know about Chris, just
check his website out (credit to Leythos):

Want to know what PCBUTTS1 is really about?
*** WARNING - these links contain foul/pornographic content of an
abusive nature created by PCBUTTS1 and still hosted on his public
website ***
http://www.pcbutts1.com/rlk/rlk.htm ,
http://www.pcbutts1.com/license.htm ,
http://www.pcbutts1.com/downloads/max.htm ,
http://www.pcbutts1.com/downloads/mpv.htm ,
http://www.pcbutts1.com/downloads/wtcpcb.htm ,
http://www.pcbutts1.com/cracks.htm ,
http://www.pcbutts1.com/Louthe*******.htm
All while spamming his company website at: http://www.seedsv.com

[pcbutts1]

That's what happens when you start **** with me. You did not have to include
me in your program. What you are doing is telling lies. I am telling the
truth. You started this so now you will have to deal with it.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Dustin Cook" <spamfilterineffect.see.sig@nowhere.com> wrote in message
news:Xns98C67B834562HHI2948AJD832@69.28.186.121...
> "pcbutts1" <pcbutts1@leythosthestalker.com> wrote in news:_d-
> dnWYAz_FHdCbYnZ2dnUVZ_uydnZ2d@giganews.com:
>
>> Spyerase has been updated as follows
>>
>> New detection files added
>> LOCATE C: BUGHUNT.EXE /K /Y
>> LOCATE C: BUGHUNT.INI /K /Y
>> LOCATE C: BUGINFO.DAT /K /Y
>
> You do realize the 2nd and 3rd command is completely unneccessary right?
> Once the exe is deleted, the program is gone.
>
> Do you have any explanation for your intentionally targetting a known
> malware removal tool? Do you feel your users somehow benefit from you
> making security decisions for them? Why delete a superior program?
>
>> Updated hosts file to include
>> 127.0.0.1 bughunter.it-mate.co.uk
>
> So you do feel it's okay to mislead the public into thinking your program
> is somehow useful then?
>
> Let me know what your answers are if you don't mind, I'm sure many
> individuals would like to know your justification for this action on your
> part.
>
>
> --
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool - V2.1
> web: http://bughunter.it-mate.co.uk
> email: bughunter.dustin@gmail.com.removethis
> Last updated: January 27th, 2007

[Chaz]

pcbutts1 wrote:

> That's what happens when you start **** with me. You did not have to include
> me in your program. What you are doing is telling lies. I am telling the
> truth. You started this so now you will have to deal with it.
>

The truth ?

You wouldn't know what the truth is if is was a 16 ton load dropped on your
bleeding head !

- You say you are part of the "anti virus and malware community". Nope, we
distance away from you and don't want *ANYTHING* to do with you,

- You say your a MS MVP. Nope, just a falt out lie.

- You say you are a woman. Nope, you ae a male (albeit, you have a strong
female side Chrissy)

- You say you are not Chris Butts. Nope, the PCBUTTS1 site was registered by
Chris Butts with Interland and Chris Butts is the registered maintainer of the
site.

- You say you don't work for Lockheed Martin. Nope, you posted from Lockheed
Martin through Google Groups.

- You say you are not a thief. Nope, you plagiarized code so often it is no
longer funny and is a very serious set of events.

Your sites are blocked by the MVP Hosts file and by the hpHosts file and
filtered on the Microsoft News Server because you are such a blatant a liar, a
plagiarizer and uou are so totally unethical. They are not "biased" and are not
"listening to trolls". They have the truth and facts before them and the
perponderance of the evidence far outweghs the information you have provided and
they have made wise decisions.

You should be paranoid because the world "is" out to get you.

--

OK Butts. I have "...reverse engineered, decompiled, or disassembled..."
SpyErase. I say you are NOT the orginal author and a plagiarizer.

Now come and get me. I invite you to sue me based upon the below...

SOFTWARE LICENSE AGREEMENT FOR PCBUTTS1 SOFTWARE

This Software License Agreement ("SLA") is a legal agreement between
you (either an individual or a single entity) and PCBUTTS1 for the
PCBUTTS1 software product identified above, which includes computer
software and may include associated media, printed materials, and
"online" or electronic documentation ("SOFTWARE PRODUCT"). By
installing, copying, or otherwise using the SOFTWARE PRODUCT, you agree
to be bound by the terms of this SLA. If you do not agree to the terms
of this SLA, do not install or use the SOFTWARE PRODUCT; you may,
however, return it to your place of purchase for a full refund.


SOFTWARE PRODUCT LICENSE

The SOFTWARE PRODUCT is protected by copyright laws and international
copyright treaties, as well as other intellectual property laws and
treaties. The SOFTWARE PRODUCT is licensed, not sold.

1 GRANT OF LICENSE. This SLA grants you the following rights:

Applications Software. You may install and use one copy of the
SOFTWARE PRODUCT, or any prior version for the same operating system,
on a single computer. The primary user of the computer on which the
SOFTWARE PRODUCT is installed may make a second copy for his or her
exclusive use on a portable computer.

Storage/Network Use. You may also store or install a copy of
the SOFTWARE PRODUCT on a storage device, such as a network server,
used only to install or run the SOFTWARE PRODUCT on your other
computers over an internal network; however, you must acquire and
dedicate a license for each separate computer on which the SOFTWARE
PRODUCT is installed or run from the storage device. A license for the
SOFTWARE PRODUCT may not be shared or used concurrently on different
computers.

License Pack. If you have acquired this SLA in a PCBUTTS1
License Pack, you may make the number of additional copies of the
computer software portion of the SOFTWARE PRODUCT accordingly to the
number of licenses acquired (stated in receipt), and you may use each
copy in the manner specified above. You are also entitled to make a
corresponding number of secondary copies for portable computer use as
specified above.

Demo. If you have acquired this SLA with PCBUTTS1 SOFTWARE
PRODUCT labeled as demo version of another PCBUTTS1 SOFTWARE
PRODUCT, you are granted unlimited number of SLA's, and you may use
unlimited number of copies in the manner specified above.


2 DESCRIPTION OF OTHER RIGHTS AND LIMITATIONS.

Not for Resale Software. Notwithstanding other sections of this
SLA, you may not resell, or otherwise transfer for value, the SOFTWARE
PRODUCT.

Limitations on Reverse Engineering, Decompilation, and
Disassembly. You may not reverse engineer, decompile, or disassemble
modify,the SOFTWARE PRODUCT.Pcbutts1 is the owner and author of this program.
Anyone suggesting other is guilty of slander and will be held accountable in a
court of law.

Separation of Components. The SOFTWARE PRODUCT is licensed as a
single product. Its component parts may not be separated for use on
more than one computer.

Rental. You may not rent, lease, or lend the SOFTWARE PRODUCT.

Support Services. PCBUTTS1 may provide you with support
services related to the SOFTWARE PRODUCT ("Support Services"). Use of
Support Services is governed by the PCBUTTS1 policies and programs
described in "online" documentation, and/or in other Concept
Data-provided materials. Any supplemental software code provided to you
as part of the Support Services shall be considered part of the
SOFTWARE PRODUCT and subject to the terms and conditions of this SLA.
With respect to technical information you provide to PCBUTTS1 as
part of the Support Services, PCBUTTS1 may use such information for
its business purposes, including for product support and development.
PCBUTTS1 will not utilize such technical information in a form that
personally identifies you.

Software Transfer. You may permanently transfer all of your
rights under this SLA, provided you retain no copies, you transfer all
of the SOFTWARE PRODUCT (including all component parts, the media and
printed materials, any upgrades, this SLA, and, if applicable, the
Certificate of Authenticity), and the recipient agrees to the terms of
this SLA. If the SOFTWARE PRODUCT is an upgrade, any transfer must
include all prior versions of the SOFTWARE PRODUCT.

Termination. Without prejudice to any other rights, PCBUTTS1
may terminate this SLA if you fail to comply with the terms and
conditions of this SLA. In such event, you must destroy all copies of
the SOFTWARE PRODUCT and all of its component parts.

3 INDEMNIFICATION. You accept full legal responsibility for all
spyerase recovery action performed through your use of the Program. spyerase
recovery and removal of unauthorized or illegally obtained files or
media may constitute theft and may result in your civil and criminal
prosecution. You agree to hold harmless and indemnify Licensor for any
and all demands, claims, legal action and damages, including all
attorney's fees and costs, against Licensor which arise out of your use
of the Program.

4 UPGRADES. If the SOFTWARE PRODUCT is labeled as an upgrade, you
must be properly licensed to use a product identified by PCBUTTS1
as being eligible for the upgrade in order to use the SOFTWARE PRODUCT.
A SOFTWARE PRODUCT labeled as an upgrade replaces and/or supplements
the product that formed the basis for your eligibility for the upgrade.
You may use the resulting upgraded product only in accordance with the
terms of this SLA. If the SOFTWARE PRODUCT is an upgrade of a component
of a package of software programs that you licensed as a single
product, the SOFTWARE PRODUCT may be used and transferred only as part
of that single product package and may not be separated for use on more
than one computer.

5 COPYRIGHT. All title and copyrights in and to the SOFTWARE
PRODUCT (including but not limited to any images, photographs,
animations, video, audio, music, text, and "applets" incorporated into
the SOFTWARE PRODUCT), the accompanying printed materials, and any
copies of the SOFTWARE PRODUCT are owned by PCBUTTS1 or its
suppliers. The SOFTWARE PRODUCT is protected by copyright laws and
international treaty provisions. Therefore, you must treat the SOFTWARE
PRODUCT like any other copyrighted material except that you may install
the SOFTWARE PRODUCT on a single computer provided you keep the
original solely for backup or archival purposes. You may not copy the
printed materials accompanying the SOFTWARE PRODUCT.

6 DUAL-MEDIA SOFTWARE. You may receive the SOFTWARE PRODUCT in
more than one medium. Regardless of the type or size of medium you
receive, you may use only one medium that is appropriate for your
single computer. You may not use or install the other medium on another
computer. You may not loan, rent, lease, or otherwise transfer the
other medium to another user, except as part of the permanent transfer
(as provided above) of the SOFTWARE PRODUCT.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, PCBUTTS1 AND ITS
SUPPLIERS DISCLAIM ALL WARRANTIES AND CONDITIONS, EITHER EXPRESS OR
IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-
INFRINGEMENT, WITH REGARD TO THE SOFTWARE PRODUCT, AND THE PROVISION OF
OR FAILURE TO PROVIDE SUPPORT SERVICES.

LIMITATION OF LIABILITY. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE
LAW, IN NO EVENT SHALL PCBUTTS1 OR ITS SUPPLIERS BE LIABLE FOR ANY
SPECIAL, INCIDENTAL, INDIRECT, OR CONSEQUENTIAL DAMAGES WHATSOEVER
(INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF BUSINESS PROFITS,
BUSINESS INTERRUPTION, LOSS OF BUSINESS INFORMATION, OR ANY OTHER
PECUNIARY LOSS) ARISING OUT OF THE USE OF OR INABILITY TO USE THE
SOFTWARE PRODUCT OR THE PROVISION OF OR FAILURE TO PROVIDE SUPPORT
SERVICES, EVEN IF PCBUTTS1 HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES. IN ANY CASE, PCBUTTS1'S ENTIRE LIABILITY UNDER ANY
PROVISION OF THIS SLA SHALL BE LIMITED TO THE GREATER OF THE AMOUNT
ACTUALLY PAID BY YOU FOR THE SOFTWARE PRODUCT OR U.S.$5.00. BECAUSE
SOME STATES AND JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION
OF LIABILITY, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

By selecting "I accept the agreement" you agree to be bound by the terms
of this license agreement and agree to be liable should you violate this
agreement.

[Dustin Cook]

"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
news:XoednZ7COIrUUSHYnZ2dnUVZ_tqdnZ2d@giganews.com :

> That's what happens when you start **** with me. You did not have to
> include me in your program. What you are doing is telling lies. I am
> telling the truth. You started this so now you will have to deal with
> it.

I haven't started anything with you, I've issued a general warning to
potential users of my program and yours about you. Big difference. The
warning is based on factual information provided by very reliable sources.
I again offer you the opportunity to correct any statements which you
believe to be false by listing the statement and your evidence for
analysis.

As for dealing with it, I consider it an honor to be targeted by yet
another rogue app. It means BugHunter is doing it's job.





--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - V2.1
web: http://bughunter.it-mate.co.uk
email: bughunter.dustin@gmail.com.removethis
Last updated: January 25th, 2007

[James E. Morrow]

In article <Xns98C67B834562HHI2948AJD832@69.28.186.121>,
spamfilterineffect.see.sig@nowhere.com says...

<snip>

> Do you have any explanation for your intentionally targetting a known
> malware removal tool? Do you feel your users somehow benefit from you
> making security decisions for them? Why delete a superior program?
>
>
>

<snip>

Jealousy would do for start. Dustin, you are now a developer, the
author of real functional software. This is a goal Mr. Butts could
never hope to aspire to. Once one understands this all else is clear.

--
James E. Morrow
Email to: jamesemorrow@email.com

[kurt wismer]

Dustin Cook wrote:
> "pcbutts1" <pcbutts1@leythosthestalker.com> wrote in news:_d-
> dnWYAz_FHdCbYnZ2dnUVZ_uydnZ2d@giganews.com:
>
>> Spyerase has been updated as follows
>>
>> New detection files added
>> LOCATE C: BUGHUNT.EXE /K /Y
>> LOCATE C: BUGHUNT.INI /K /Y
>> LOCATE C: BUGINFO.DAT /K /Y
>
> You do realize the 2nd and 3rd command is completely unneccessary right?
> Once the exe is deleted, the program is gone.

intentionally attacking legitimate software makes spyerase technically
an instance of malware...

pcbutts has just loaded a gun and aimed it at his own foot... who wants
to pull the trigger?

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

[James E. Morrow]

In article <epk07p$hg1$3@aioe.org>, kurtw@sympatico.ca says...

<snip>

> ntentionally attacking legitimate software makes spyerase technically
> an instance of malware...
>
> pcbutts has just loaded a gun and aimed it at his own foot... who wants
> to pull the trigger?
>
>

With any luck he'll shoot his ass off.

--
James E. Morrow
Email to: jamesemorrow@email.com