On Feb 20, 9:17 pm, "4Q" <paul_z...@hushmail.com> wrote:
> Episode 1:
>
> Dustin Cook works in a little PC repair
> shop in Tennessee. He's the odd job guy

Well, it's true we are an under 20 employee outfit.. I suppose that's
little.

> The customers who come to the little
> PC repair shop, drop their personal
> computers off complete with private
> files, banking/credit card details,
> data etc. Handing their precious
> information over to a trusted 3rd party,
> namely the owner of the business. His
> job is to fix up their system and to
> remove virus, trojans, general malware.

Ahh, if that was the only thing I had to do, life would be peachy.
Tell me 4Q, what do you know about solid ink Xerox printers? That's
another thing, this ehh, little place works on. My job title is a
certified computer technician... Soon, I'll be adding full Xerox certs
to my belt. *hehe*. We also do laptop repair work, changing lcd
panels, installing new power/usb connectors when the owners invariably
break them. I'm decent with data recovery on wrecked hard disks too.
Another wonderful skill I have is the ability to recover information
you thought you deleted. So, if you bring your computer to where I
work and ask if we can findout if your wife has been ****ing around
online, yes. We can provide you evidence that'll hold up in a
courtroom. Again, this isn't bad for such a little place...

Say, Do you know anything about HP printers, Core 2 Duo Processors,
the differences between Pci Express, AGP, Sata1, Sata2, Pata, ad
nausem... I have to keep up on that stuff too man.

Oh, one final point for my amusement primarily, The last fiscal year
according to our accounting dept (again, not bad for a little company)
I brought in over 320k (that's for the work I alone billed for/parts
and labor). I'm the primary technician you will speak with if your
having a malware issue, security issue, need to learn how something
works such as your quasy legal right to backup a dvd you purchased
regardless of any ehh, drm, whatever present on the disc. I'm also
responsible for video/audio work we're involved with.

Thanks for giving me the opportunity to brag a little bit.


> Little do they know that the guy in the
> background with sweeping up, mopping
> the floor etc is the very person they
> have come escape from, the ****er that's
> putting the **** into their belongings
> in the first place.

Lets do some simple math. yes, 4q you can use paper if you want.

Irok, which is the last virus I wrote was done in the year 2000. It
started spreading initially in africa and europe, not the usa.
2007-2000= (c'mon, you can do it)... 7 years ago, don't worry if you
missed it 4Q, nobody expects anything from you.

As I explained previously, I rarely see an actual viral infection
anymore, be it at the shop, onsite residential or business, viruses
are getting rare. What we do routinely find is annoying software like
ZangoToolbar, Trojan.Downloader.Zlob variants , various browser
hijackers, and what seems to be getting popular at the moment, trojans
designed to steal your world of warcraft (among others) account
information.

The reason I explained all this above is so that when I say, I don't
write the stuff the customers get on their machines which causes them
to come to us in the first place. I've only seen a machine brought in
that was infected with something I wrote a few times, 3 at the most...

> Over the years Dustin has been
> responsible for getting quiet a number
> of the simple overwriter, prepender

Ouch, 4Q, are you telling us you don't know the difference between an
overwriter and a prepender?

For the rest of you, an overwriting virus destroys the host during the
infection process. No routines are present withen an overwriter to run
the original code, only write itself to the beginning of the file.

A prepender on the other hand, either creates a temp file and copies
the entire original file to it, or restores the original file as it
was prior to being infected, after doing whichever file io method it
employs, the original program runs. If a temp file was used, it's
deleted. If the original file was restored, the virus usually re-
infects it.

The difference between the two, the original program usually runs if
infected by a prepender/appender/cavity infector/companion virus, but
*will never* run if infected with an overwriting virus.

> virus into the wild. Yeah, unlike most
> of the virus in the AV databases that
> have only been created as an academic
> exercise or proof of concept these

Are you high? Is this your way of trying to justify the fact you felt
your proof of concept worm being detected by anyone was something
special, even after I pointed out the fact your program was a proof of
concept which never materialized, never saw the light of day, oh wait,
you know this.

Your worm is very simplistic HLL code 4Q, I think it's important you
be reminded of this funny fact. Why don't you tell the audience the
primary intended audience of Knowdeth's Ezines.... Ahh, heck, I'm
going to tell them. Knowdeth loved macro coders, and scriptors... The
coding skill 4Q apparently possesses. Wasn't it after you had this
published that nobody really cared to see anything else? *laugh
laugh*.

> very basic creations of his are the
> ones that are proactively forced into

very basic creations? You are sore over the HLL worm code your idiot
troll friend suggested I look at... Did you actually expect me to be
impressed by lame ass HLL code that isn't using not one original
routine in it!

> the wild... And he's ****ing proud of
> his acheivement (if you can call it that)

I wasn't the one bringing up the past, You were. I didn't fire at you
with such and such virus/worm code, whatever. You bragged that
antivirus programs scanned for you, I just said they scan for trojans
too and that alone is nothing to be proud of. I think you took this
personally.

You tried taking a cheap shot by labeling me a code ripper without
checking the code you accused me of ripping. Now that the full
dissassembly has been published for the world to see, you don't seem
to have anything more to say on it, instead.. You wish to attack the
BugHunter program.

First, you attacked me because i'm not interested in releasing it as
open source. Big Deal. I don't see Superantispyware, avg, sophos,
trend micro, adaware, spybot, aboutbuster becoming open source anytime
soon. Since I won't release it's source code, you want to disassemble
it, looking for things to complain about. I'm still waiting for that
dissassembly...

BugHunter is using asic and assembler code (incidently those int86
calls you keep going on about are interrupt calls, asics command for
assemblers "int".). The program is dos based for a number of reasons,
which makes sense considering it's intended purpose.

You mistakenly thought/still publish that it's a string scanner when
in fact it isn't. You don't seem to realize what an important
difference that makes. I don't know if your intentionally this stupid
or it's an act. ie: You are critizing a program for using technology
that it simply doesn't make use of.

> You will often hear the mop guy Dustin bragging on Usenet or in IRC

I haven't maintained any Vx contact on IRC in years, aside from
dropping in for a few seconds to see if a few individuals were there.
You won't hear me bragging about my previous deeds, quiet the opposite
infact. On the other hand, it's a well known fact that my past
programs did indeed spread, and yours never did anything besides get
added to a database. 7 years later, this super worm of yours still
hasn't materialized.

> about how successful his prependers and
> overwriters really were. He can even
> point you to articles on news sites
> mentioning his malicious crap as he

That's an interesting twist on my comment towards yourself. What I
actually said was that my work is known, and yours is a dud. Are you
again demonstrating the lack of actual Vx knowledge you have by saying
overwriters? Starbug is indeed an overwriter, but I never released it
outside a few individuals. it, unlike your Pos worm, wasn't added to
many/any databases because it never saw the light of day. And no, you
obviously can't acquire a binary/source of it either, or you wouldn't
be begging here on usenet. *grin*

> It makes you wonder if these customers
> would be impressed if they knew the truth

Your under the mistaken impression that they live in a cave and/or the
dark? I'm quiet honest about my past.

> about spending money on fixing up their
> computers infested with the very stuff
> created by the person supposedly helping

Being as I have never written any Browser Hijacker, Adware, Spyware,
keyboard logger, backdoor utility, I can hardly take any credit for
any of the things I routinely find on customers computers...

> them, whilst laughing behind their backs. Would they think twice about
> handing over such a personal item as a PC with so much
> private information?

Why not? they've likely already provided whatever personal information
the adware/toolbar companies wanted. You really don't know what's
going on these days huh? It's not viruses anymore... As I've disabled/
removed thousands of these things, no, I don't find it amusing when a
customer brings one in. It was fun years ago writing viruses 4Q,
because back then, I didn't see or have to cleanup the mess I caused.
That changes some of us....

> After all they could (resonably expect to) find the "fixed" computer has got even more dangerous backdoor Trojan
> technology on it than when it first went into the shop.

You've completely lost the plot.

> You can follow more of these stories
> over on.

Sadly, that's all your likely going to find on his site.. Stories, the
kind which are as factual as the national enquirer.