BugHunter Signature Update 05.08.2007

4Q · 05-15-2007, 07:49 PM

Dustin Cook wrote:
> 4Q <paul_zest@hushmail.com> wrote in
> news:1179272370.540821.22420@h2g2000hsg.googlegrou ps.com:
>
> > David H. Lipman wrote:
> >> From: "John" <John@eff2ess.com>
> >>
> >>
> >> |
> >> | NOD32
> >> |
> >> | Threat detected
> >> |
> >> | File: C:\Program Files\BugHunter\PROCESS.EXE
> >> | Threat: Win32/PrcView application
> >> |
> >> | On the one hand I've so far accepted Bughunter as a valuable
> >> | addition to the malware fight. On the other hand, no point in
> >> | running a good virus killer like NOD32 if I just ignore warnings.
> >> | Any observations?
> >> |
> >> | Thanks.
> >> |
> >> | John
> >>
> >> This is NOT malware. It is classified as a "Potentially Unwanted
> >> Program" In this case PROCESS.EXE is a Process Application. It is
> >> not that the utility is malicious in itself, it can be used
> >> maliciously. BugHunter is NOT using it maliciosly.
> >>
> >> In the contect of NugHunter, PROCESS.EXE is safe to use.
> >>
> >
> > Notice David's splellnig mistakes!
> > "maliciosly", "NugHunter" is he worried
> > his credibility is heading for
> > a banana slip?
>
> His credibility is not an issue here. Yours was at one point, but I've
> established well that you do not have a clue about the BugHunter program.
> You don't have any credibility left for me to attack, i've pummeled you
> to nothing ness.

*HAHAHA* Yes, dancing the jig everytime
I twang yer strings. C'mon boy do some
more of that troll assisted pummeldance.

>
> Maybe in your future endeavors, you'll troll somebody who you can
> manipulate and convince people that the person is evil. You've failed
> miserably trying it with me; I'm glad to have played this with you tho,
> You helped me prove that I've indeed changed as I said. I am not
> destructive, and you can't wiggle out of that fact. *grin*
>

Sorry you don't like a critique of your cobbled together ASIC 'n BATCH
script
Bug**** (aka BugHunter), but people
should know the truth about you and your
past. Btw comes up #1 on MSN search engine.

)

4Q
http://fourq.host.sk

Dustin Cook · 05-15-2007, 10:08 PM

4Q <paul_zest@hushmail.com> wrote in
news:1179276570.507651.209520@p77g2000hsh.googlegr oups.com:

> Dustin Cook wrote:
>> 4Q <paul_zest@hushmail.com> wrote in
>> news:1179272370.540821.22420@h2g2000hsg.googlegrou ps.com:
>>
>> > David H. Lipman wrote:
>> >> From: "John" <John@eff2ess.com>
>> >>
>> >>
>> >> |
>> >> | NOD32
>> >> |
>> >> | Threat detected
>> >> |
>> >> | File: C:\Program Files\BugHunter\PROCESS.EXE
>> >> | Threat: Win32/PrcView application
>> >> |
>> >> | On the one hand I've so far accepted Bughunter as a valuable
>> >> | addition to the malware fight. On the other hand, no point in
>> >> | running a good virus killer like NOD32 if I just ignore
>> >> | warnings. Any observations?
>> >> |
>> >> | Thanks.
>> >> |
>> >> | John
>> >>
>> >> This is NOT malware. It is classified as a "Potentially Unwanted
>> >> Program" In this case PROCESS.EXE is a Process Application. It is
>> >> not that the utility is malicious in itself, it can be used
>> >> maliciously. BugHunter is NOT using it maliciosly.
>> >>
>> >> In the contect of NugHunter, PROCESS.EXE is safe to use.
>> >>
>> >
>> > Notice David's splellnig mistakes!
>> > "maliciosly", "NugHunter" is he worried
>> > his credibility is heading for
>> > a banana slip?
>>
>> His credibility is not an issue here. Yours was at one point, but
>> I've established well that you do not have a clue about the BugHunter
>> program. You don't have any credibility left for me to attack, i've
>> pummeled you to nothing ness.
>
> *HAHAHA* Yes, dancing the jig everytime
> I twang yer strings. C'mon boy do some
> more of that troll assisted pummeldance.
>
>>
>> Maybe in your future endeavors, you'll troll somebody who you can
>> manipulate and convince people that the person is evil. You've failed
>> miserably trying it with me; I'm glad to have played this with you
>> tho, You helped me prove that I've indeed changed as I said. I am not
>> destructive, and you can't wiggle out of that fact. *grin*
>>
>
> Sorry you don't like a critique of your cobbled together ASIC 'n BATCH
> script
> Bug**** (aka BugHunter), but people
> should know the truth about you and your
> past. Btw comes up #1 on MSN search engine.

)

May want to re-check that #1 spot, as you seem to have lost it. This is
what you can't wiggle around 4Q.

Recently, the BSer 4Q has published what he feels is a clone of
BugHunter.

Let's compare the two.

This is a BugHunter clone, it's basically a cobbled together script
comprising of bASIC.
The program uses industry standard MD5 (128bit checksumming). MD5
information,
code and algorithm is freely available on the net. This clone does not
use Charles Dye's
LOCATE.COM but used the internal DIR command to generate a recursive
list of files.
(Longfile names and DOS 8.3 format are supported with XP's internal DIR)

The program shells to a 3rd party program, md5. BugHunter shells to
locate.com to acquire a recursive list, 4Q requires md5 (not his own) and
shells via command.com to have dir do the work, hardcoded, leaving no
customization room without the source code.

XLIST.TXT (Supplied with the program. This is a file containing the
Malware MD5 checksums)
In the case shown here this is Malware BugHunter 2.2 (by Dustbin Cook)

This would by all accounts be a false alarm, and along the same lines as
tactics used by PCButts. I recommend 4Q's site be added to the mvp deny
list; as it's obviously misleading people.

4Q's program generates an md5 signature for each file on your hard disk,
and then compares the results to a "known" text file containing
supposedly bad md5checksums.

This leaves the high probability of variants of the same stuff getting
by; as his routine doesn't have the ability to determine file a and file
b are both zlob if he doesn't have two md5 checksums.

BugHunter does not scan every file on your computer, as it's database
system is able to provide it more information than a single checksum
value. One such value is the file length.

4Q's program will checksum
every single file on your computer (well, drive c: only, he didn't
consider network shares or read-only media), wasting oodles of your
valuable time; and giving you a very real false sense of security due to
the sheer amounts of variants it will miss.

BugHunter does not rely on 3rd party programs for the engine to run, the
only time 3rd party programs (which is available with source code, as is
md5) are used is for mundane things like, a recursive list and process
suspending/killing.

4Q is using enclosed statements when it's not necessary, clearly
indicating his unfamiliarity with the language. It's no wonder what
should have taken 10 minutes to write took him roughly 2 hours.

For example,
open ("O",2,"B2.DAT"
is not necessary; this is classic newbie textbook asic programming.
open "o",2,"b2.dat" will work just as well.

Various other newbie coding style is present, but it's basically amusing
demonstration of his skills. Remember folks, it took him roughly 2 hours
to come up with this cpu cycle wasting gem. Not to mention the unnessary
wear and tear on your hard disk, md5checksumming all files n all.

"It is effectively the same application "

If anyone thinks his work is the same as mine, then I invite you to re-
read my post.

He's comparing a pinto to a mustang.

Also mentioned on your review is the following bogus information, Would
you mind backing the following statement up?

"It is alleged that the BugHunter crapware is a sleeper Trojan
and will put peoples privacy at risk. " - 4Q showing extreme paranoia on
alt.comp.virus. Next he'll tell us he really was abducted by aliens.

"Dustbin Cook is a well known malware spreader and has
authored (and spread) many virus, worms and trojans." - 4Q outright
lieing in public. I never wrote any trojans, and my collection of malware
was fairly small compared to many other authors.

4Q, feel free to mention to the audience that you are also a malware
author, and you did spread your work. Compare our actions equally for a
change. You host a worthless website and generally do nothing for the
good of anyone. I write/maintain a useful application which is designed
to disable/remove similiar things to what both of us used to write.

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

kurt wismer · 05-15-2007, 10:15 PM

David H. Lipman wrote:
[snip]
> This is NOT malware. It is classified as a "Potentially Unwanted Program"

also known as greyware... probably something dustin should consider
moving away from using in bughunter in future...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

4Q · 05-16-2007, 10:35 AM

Dustin Cook wrote:
> 4Q <paul_zest@hushmail.com> wrote in
> news:1179276570.507651.209520@p77g2000hsh.googlegr oups.com:
>
> > Dustin Cook wrote:
> >> 4Q <paul_zest@hushmail.com> wrote in
> >> news:1179272370.540821.22420@h2g2000hsg.googlegrou ps.com:
> >>
> >> > David H. Lipman wrote:
> >> >> From: "John" <John@eff2ess.com>
> >> >>
> >> >>
> >> >> |
> >> >> | NOD32
> >> >> |
> >> >> | Threat detected
> >> >> |
> >> >> | File: C:\Program Files\BugHunter\PROCESS.EXE
> >> >> | Threat: Win32/PrcView application
> >> >> |
> >> >> | On the one hand I've so far accepted Bughunter as a valuable
> >> >> | addition to the malware fight. On the other hand, no point in
> >> >> | running a good virus killer like NOD32 if I just ignore
> >> >> | warnings. Any observations?
> >> >> |
> >> >> | Thanks.
> >> >> |
> >> >> | John
> >> >>
> >> >> This is NOT malware. It is classified as a "Potentially Unwanted
> >> >> Program" In this case PROCESS.EXE is a Process Application. It is
> >> >> not that the utility is malicious in itself, it can be used
> >> >> maliciously. BugHunter is NOT using it maliciosly.
> >> >>
> >> >> In the contect of NugHunter, PROCESS.EXE is safe to use.
> >> >>
> >> >
> >> > Notice David's splellnig mistakes!
> >> > "maliciosly", "NugHunter" is he worried
> >> > his credibility is heading for
> >> > a banana slip?
> >>
> >> His credibility is not an issue here. Yours was at one point, but
> >> I've established well that you do not have a clue about the BugHunter
> >> program. You don't have any credibility left for me to attack, i've
> >> pummeled you to nothing ness.
> >
> > *HAHAHA* Yes, dancing the jig everytime
> > I twang yer strings. C'mon boy do some
> > more of that troll assisted pummeldance.
> >
> >>
> >> Maybe in your future endeavors, you'll troll somebody who you can
> >> manipulate and convince people that the person is evil. You've failed
> >> miserably trying it with me; I'm glad to have played this with you
> >> tho, You helped me prove that I've indeed changed as I said. I am not
> >> destructive, and you can't wiggle out of that fact. *grin*
> >>
> >
> > Sorry you don't like a critique of your cobbled together ASIC 'n BATCH
> > script
> > Bug**** (aka BugHunter), but people
> > should know the truth about you and your
> > past. Btw comes up #1 on MSN search engine.

)
>
> May want to re-check that #1 spot, as you seem to have lost it. This is
> what you can't wiggle around 4Q.

Maybe you need to learn to read before
you step on your dick again, Lord Bug****

"Bug****" is #1 on www.msn.com
"Bug****" is #1 on search.yahoo.com
"Bug****" is #1 on altavista.com

Now wiggle like a good little worm ;]]

4Q
http://fourq.host.sk <-- See how easy
it is to cobble a Bug**** like program
together using bASIC.

=====================================

*bad analysis* from Dustbin Cook.
He just doesn't like the fact that a
non-ASIC coder can knock up a simple
script that does the same function as
his (worked on for 2-3yrs) masterpiece.

Also he distorts the facts regarding
maliciousness authoring and spreading
of malware. He's trying to compare like
with like.

*Years of spreading virus and malware
with the intention of getting his crap
into the wild. (Dustbin Cook as Raid[SLAM))

against

*Writing an article for a magazine
discussing ideas and taking care not to
cross the line. (me)

He might as well paint Peter Szor and
Kris Kaspersky with the same brush if
discussing and publishing ideas without
malicious intent is his like for like.

>
> Recently, the BSer 4Q has published what he feels is a clone of
> BugHunter.
>
> Let's compare the two.
>
> This is a BugHunter clone, it's basically a cobbled together script
> comprising of bASIC.
> The program uses industry standard MD5 (128bit checksumming). MD5
> information,
> code and algorithm is freely available on the net. This clone does not
> use Charles Dye's
> LOCATE.COM but used the internal DIR command to generate a recursive
> list of files.
> (Longfile names and DOS 8.3 format are supported with XP's internal DIR)
>
> The program shells to a 3rd party program, md5. BugHunter shells to
> locate.com to acquire a recursive list, 4Q requires md5 (not his own) and
> shells via command.com to have dir do the work, hardcoded, leaving no
> customization room without the source code.
>

"(not his own)" you ****in idiot MD5
is(was) the industry standard for
checksumming files and producing a oneway
hash developed by world renowned
crypto-scientist Rov Rivest (Hash clash
discovered by Chinese crypto-researcher
in 2004)

> XLIST.TXT (Supplied with the program. This is a file containing the
> Malware MD5 checksums)
> In the case shown here this is Malware BugHunter 2.2 (by Dustbin Cook)
>
> This would by all accounts be a false alarm, and along the same lines as
> tactics used by PCButts. I recommend 4Q's site be added to the mvp deny
> list; as it's obviously misleading people.
>

Not at all idiot, the site gives a
basic critique of Bug**** and it's
malicious author Dustbin Cook. The
code is a hacked prototype to demonstate
how simple it is to knock up a checksum
checker in a few minutes. (not 2-3yrs).
It's quite clear from the description
that the code isn't meant to be much
more than a showcase of how simple it
is to knock up a cobbled together script.

If I was to code such a program for real
it would be written in 32bit C++ with a
proper user interface with full reporting
facilities.

> 4Q's program generates an md5 signature for each file on your hard disk,
> and then compares the results to a "known" text file containing
> supposedly bad md5checksums.
>
> This leaves the high probability of variants of the same stuff getting
> by; as his routine doesn't have the ability to determine file a and file
> b are both zlob if he doesn't have two md5 checksums.
>

****ing idiot. Add any MD5 checksum of
any malware variants to XLIST.TXT and
they will be detected.

> BugHunter does not scan every file on your computer, as it's database
> system is able to provide it more information than a single checksum
> value. One such value is the file length.

4Q's program will checksum
> every single file on your computer (well, drive c: only, he didn't
> consider network shares or read-only media), wasting oodles of your
> valuable time; and giving you a very real false sense of security due to
> the sheer amounts of variants it will miss.

****ing idiot. You can't read for ****
can you! "drive c:" Where does it
even mention drive C? it's --> H <--
you utter ****stain. Drive H was a
little partition setup for testing.
And it's obvious from the fact it was
a demo that the program doesn't check
anything aside from that demo partition,
otherwise I would have recursively
checked for all drives or used LOCATE
with some params.

That demo checks every file and wastes
CPU time because it was designed as a
simple prototype not a production release
It wasn't a Beta release or even an Alpha
release and no binary was given BECAUSE
my thickheaded friend the intention was
to demo how simple code be knocked up in
a few minutes to do a very basic function
of scanning a set of files against a
checksum list. (see above notes about
C++ and user interface above for more
clues)

>
> BugHunter does not rely on 3rd party programs for the engine to run, the

A simple CRC checker (not recommended
for use in any serious security
applications). [ Tripwire *industry
standard integrity checker* for example
uses Rov Rivest MD5 ]

> only time 3rd party programs (which is available with source code, as is
> md5) are used is for mundane things like, a recursive list and process
> suspending/killing.
>

Read that as Dustbins inability to
write such 3rd party programs. After
all how is he going to read NTFS or FAT32
from his 16bit BASIC application? bASIC
was designed for very old DOS systems
FAT16 (no long filename support).
No wonder he won't release any source
code for his pile of crap, let's see him
handle NTFS with int13 from his 16bit
platform.

> 4Q is using enclosed statements when it's not necessary, clearly
> indicating his unfamiliarity with the language. It's no wonder what
> should have taken 10 minutes to write took him roughly 2 hours.
>

Don't forget I didn't cut and paste
bits and pieces from old virus code
(like you did) and I wrote from scratch
whilst cooking my meal, watching TV,
and coffee moments

> For example,
> open ("O",2,"B2.DAT"
> is not necessary; this is classic newbie textbook asic programming.
> open "o",2,"b2.dat" will work just as well.
>

Very misleading. I wrote the code as
an easy to understand "bASIC" program
uppercase for keywords and parenthesis
around functions for clarity. You need
to re-read what Kadaitcha Man had to
say about your scriddle skrit code
http://fourq.host.sk/chars/Dustin_Cook/
follow the link to the parts with Dustbin
bad bASIC code and anyone can see the
dimbulb has no place to talk about anyone
elses code.

)

> Various other newbie coding style is present, but it's basically amusing
> demonstration of his skills. Remember folks, it took him roughly 2 hours
> to come up with this cpu cycle wasting gem. Not to mention the unnessary
> wear and tear on your hard disk, md5checksumming all files n all.
>

And don't forget I code in C/C++ not bASIC. Perhaps you should ask
Guillermito
if he will send you some of my object
oriented C++ A.L. work, was published on
Coderz.net Then come back and compare
your standard of coding with mine.

> "It is effectively the same application "
>
> If anyone thinks his work is the same as mine, then I invite you to re-
> read my post.

He's comparing a pinto to a mustang.
>

Why don't you release some of your
"pinto" source code. Let's say one of
your 1.9 Bug**** versions complete
with compile instructions so we can
take a look at your mastery of programming.

> Also mentioned on your review is the following bogus information, Would
> you mind backing the following statement up?
>
> "It is alleged that the BugHunter crapware is a sleeper Trojan
> and will put peoples privacy at risk. " - 4Q showing extreme paranoia on
> alt.comp.virus. Next he'll tell us he really was abducted by aliens.
>

*hah* Smokescreen. You with a long long
history of maliciousness and releasing
virus malware into the wild expect people
to believe you can be trusted. It's like
asking a reformed bankrobber to look
after a savings trust.

> "Dustbin Cook is a well known malware spreader and has
> authored (and spread) many virus, worms and trojans." - 4Q outright
> lieing in public. I never wrote any trojans, and my collection of malware
> was fairly small compared to many other authors.
>
> 4Q, feel free to mention to the audience that you are also a malware
> author, and you did spread your work. Compare our actions equally for a
> change. You host a worthless website and generally do nothing for the
> good of anyone. I write/maintain a useful application which is designed
> to disable/remove similiar things to what both of us used to write.
>

See notes above

4Q

4Q · 05-16-2007, 11:14 AM

4Q wrote:

> hash developed by world renowned
> crypto-scientist Rov Rivest (Hash

*Oops* Rov Rivest = Ron Rivest

I don't even know what Rov would be
short for. Rov(er) the dog perhaps?

4Q

Dustin Cook · 05-16-2007, 03:07 PM

4Q <paul_zest@hushmail.com> wrote in
news:1179329750.101349.153500@e65g2000hsc.googlegr oups.com:

> Dustin Cook wrote:
>> 4Q <paul_zest@hushmail.com> wrote in
>> news:1179276570.507651.209520@p77g2000hsh.googlegr oups.com:
>>
>> > Dustin Cook wrote:
>> >> 4Q <paul_zest@hushmail.com> wrote in
>> >> news:1179272370.540821.22420@h2g2000hsg.googlegrou ps.com:
>> >>
>> >> > David H. Lipman wrote:
>> >> >> From: "John" <John@eff2ess.com>
>> >> >>
>> >> >>
>> >> >> |
>> >> >> | NOD32
>> >> >> |
>> >> >> | Threat detected
>> >> >> |
>> >> >> | File: C:\Program Files\BugHunter\PROCESS.EXE
>> >> >> | Threat: Win32/PrcView application
>> >> >> |
>> >> >> | On the one hand I've so far accepted Bughunter as a valuable
>> >> >> | addition to the malware fight. On the other hand, no point
>> >> >> | in running a good virus killer like NOD32 if I just ignore
>> >> >> | warnings. Any observations?
>> >> >> |
>> >> >> | Thanks.
>> >> >> |
>> >> >> | John
>> >> >>
>> >> >> This is NOT malware. It is classified as a "Potentially
>> >> >> Unwanted Program" In this case PROCESS.EXE is a Process
>> >> >> Application. It is not that the utility is malicious in
>> >> >> itself, it can be used maliciously. BugHunter is NOT using it
>> >> >> maliciosly.
>> >> >>
>> >> >> In the contect of NugHunter, PROCESS.EXE is safe to use.
>> >> >>
>> >> >
>> >> > Notice David's splellnig mistakes!
>> >> > "maliciosly", "NugHunter" is he worried
>> >> > his credibility is heading for
>> >> > a banana slip?
>> >>
>> >> His credibility is not an issue here. Yours was at one point, but
>> >> I've established well that you do not have a clue about the
>> >> BugHunter program. You don't have any credibility left for me to
>> >> attack, i've pummeled you to nothing ness.
>> >
>> > *HAHAHA* Yes, dancing the jig everytime
>> > I twang yer strings. C'mon boy do some
>> > more of that troll assisted pummeldance.
>> >
>> >>
>> >> Maybe in your future endeavors, you'll troll somebody who you can
>> >> manipulate and convince people that the person is evil. You've
>> >> failed miserably trying it with me; I'm glad to have played this
>> >> with you tho, You helped me prove that I've indeed changed as I
>> >> said. I am not destructive, and you can't wiggle out of that fact.
>> >> *grin*
>> >>
>> >
>> > Sorry you don't like a critique of your cobbled together ASIC 'n
>> > BATCH script
>> > Bug**** (aka BugHunter), but people
>> > should know the truth about you and your
>> > past. Btw comes up #1 on MSN search engine.

)
>>
>> May want to re-check that #1 spot, as you seem to have lost it. This
>> is what you can't wiggle around 4Q.

>
> Maybe you need to learn to read before
> you step on your dick again, Lord Bug****
>
> "Bug****" is #1 on www.msn.com
> "Bug****" is #1 on search.yahoo.com
> "Bug****" is #1 on altavista.com

"Bug****" isn't "BugHunter", 4Q. Who's dancing?

> http://fourq.host.sk <-- See how easy
> it is to cobble a Bug**** like program
> together using bASIC.

yet it took you 2 hours or so? Hehhe..

>
>
> =====================================
>
> *bad analysis* from Dustbin Cook.
> He just doesn't like the fact that a
> non-ASIC coder can knock up a simple
> script that does the same function as
> his (worked on for 2-3yrs) masterpiece.

Oh, the analysis wasn't as thorough as I could have been. I focused on a
few problems and differences between our work, not all of them.

> Also he distorts the facts regarding
> maliciousness authoring and spreading
> of malware. He's trying to compare like
> with like.

I'm distorting nothing. I haven't authored a destructive program since
2000; And everyone including you knows it. Your trying to use what I've
done in the past to say that I'm the same now. You just don't want to
face the facts I got tired of doing stupid vx things and decided to do
something useful. I believed you originally called me a turncoat for
this. I don't see myself as a traitor 4Q, I do not target viruses, I have
no interest nor desire in viral detection. Worms are a subset (depending
on who you ask) of viruses, but I don't see them as a real viruses, and
therefore, I don't see my detecting them is turncoating. You do. We
differ.

> *Years of spreading virus and malware
> with the intention of getting his crap
> into the wild. (Dustbin Cook as Raid[SLAM))

virus and malware? You make as much sense as the statement "new and
improved."

I already admitted to what I've done, 7+ years ago. Get over it. Big Bad
Raid doesn't owe you a damn thing!

> *Writing an article for a magazine
> discussing ideas and taking care not to
> cross the line. (me)

Nice try. You provided functional source code and an easy to follow flow
chart. you went to the other side of the line, jerk.

When my source code was published, it wasn't functional without some
effort on the persons part trying to compile it.

> He might as well paint Peter Szor and
> Kris Kaspersky with the same brush if
> discussing and publishing ideas without
> malicious intent is his like for like.

Give it up. A totally unfair comparison. Nothing you do is without
malicious intent. You are not in the same league as those individuals,
your nothing compared to them. Please don't insult their intelligence by
thinking anyone should compare you or your actions to that of theirs.

>
>
>
>
>>
>> Recently, the BSer 4Q has published what he feels is a clone of
>> BugHunter.
>>
>> Let's compare the two.
>>
>> This is a BugHunter clone, it's basically a cobbled together script
>> comprising of bASIC.
>> The program uses industry standard MD5 (128bit checksumming). MD5
>> information,
>> code and algorithm is freely available on the net. This clone does
>> not use Charles Dye's
>> LOCATE.COM but used the internal DIR command to generate a recursive
>> list of files.
>> (Longfile names and DOS 8.3 format are supported with XP's internal
>> DIR)
>>
>> The program shells to a 3rd party program, md5. BugHunter shells to
>> locate.com to acquire a recursive list, 4Q requires md5 (not his own)
>> and shells via command.com to have dir do the work, hardcoded,
>> leaving no customization room without the source code.
>>
>
> "(not his own)" you ****in idiot MD5
> is(was) the industry standard for
> checksumming files and producing a oneway
> hash developed by world renowned
> crypto-scientist Rov Rivest (Hash clash
> discovered by Chinese crypto-researcher
> in 2004)

And why don't you tell everyone about a collision hash with md5?
http://it.slashdot.org/article.pl?sid=05/09/23/0618252

Nevermind, they can click the link.

> Not at all idiot, the site gives a
> basic critique of Bug**** and it's
> malicious author Dustbin Cook. The

In what possible way at this point in time is the program known as
BugHunter malicious 4Q? Can you defend the claim and the justification
for md5ing it to your program?

> code is a hacked prototype to demonstate
> how simple it is to knock up a checksum
> checker in a few minutes. (not 2-3yrs).

Considering your shelling to md5 for the actual math work, I'd expect
even you to be able to write something like what you did.

> It's quite clear from the description
> that the code isn't meant to be much
> more than a showcase of how simple it
> is to knock up a cobbled together script.

The code was supposed to demonstrate the basics for what BugHunter is
doing, but it fails to do so. Your script is so generically natured, it's
no better than Dr Sollys perfect scanner.

> If I was to code such a program for real
> it would be written in 32bit C++ with a
> proper user interface with full reporting
> facilities.

And still as inefficient?

>
>
>> 4Q's program generates an md5 signature for each file on your hard
>> disk, and then compares the results to a "known" text file containing
>> supposedly bad md5checksums.
>>
>> This leaves the high probability of variants of the same stuff
>> getting by; as his routine doesn't have the ability to determine file
>> a and file b are both zlob if he doesn't have two md5 checksums.
>>
>
> ****ing idiot. Add any MD5 checksum of
> any malware variants to XLIST.TXT and
> they will be detected.

Re-Read what I said. Nevermind, I'll write it simpler. You will require
two unique md5 signatures to validate the fact file a and file b are the
same minus a couple of random byte changes. IE: As I said, *Your* program
will *miss* anything that's even slightly different than another, even if
they are the same. In the spyware industry, your as useful as pcbutts.

A single md5 database checksummer isn't used in the industry for a reason
4Q, and this is one of them. You do not understand how the BugHunter
program works, and this is painfully obvious.

>
>> BugHunter does not scan every file on your computer, as it's database
>> system is able to provide it more information than a single checksum
>> value. One such value is the file length.

4Q's program will
>> checksum every single file on your computer (well, drive c: only, he
>> didn't consider network shares or read-only media), wasting oodles of
>> your valuable time; and giving you a very real false sense of
>> security due to the sheer amounts of variants it will miss.
>
> ****ing idiot. You can't read for ****

c: typo, sorry. See Above concerning who can't read.
Anything to dispute in the paragraph?

> can you! "drive c:" Where does it
> even mention drive C? it's --> H <--
> you utter ****stain. Drive H was a
> little partition setup for testing.
> And it's obvious from the fact it was
> a demo that the program doesn't check
> anything aside from that demo partition,
> otherwise I would have recursively
> checked for all drives or used LOCATE
> with some params.

Wait.. Aren't you whining because I use LOCATE? Yes, yes you are. Why can
you use it then?

> That demo checks every file and wastes
> CPU time because it was designed as a
> simple prototype not a production release

It was designed as something that was supposed to be similiar to
BugHunter, for a comparison. Your program isn't even close. Your
algorithms (heheheh) aren't even close.

It's very sloppy and extremely generic. Slightly above pcbutts coding
ability I'm sure, but probably not much.

> It wasn't a Beta release or even an Alpha
> release and no binary was given BECAUSE
> my thickheaded friend the intention was
> to demo how simple code be knocked up in
> a few minutes to do a very basic function
> of scanning a set of files against a
> checksum list. (see above notes about

Sure, if I was using a checksum list. But then, I'd waste time like you
and checksum every file... You really don't have a clue how it works..
lol.

Just so you know, Some individuals reading along do know exactly how
BugHunter works, so your only embarrasing yourself now. *grin*

> C++ and user interface above for more
> clues)
>
>
>>
>> BugHunter does not rely on 3rd party programs for the engine to run,
>> the
>
> A simple CRC checker (not recommended
> for use in any serious security
> applications). [ Tripwire *industry
> standard integrity checker* for example
> uses Rov Rivest MD5 ]

BugHunter isn't a simple crc checker. And I wouldn't recommend someone
use a simple crc checker in any security program, either. Tripwire isn't
a malware scanner.

>> only time 3rd party programs (which is available with source code, as
>> is md5) are used is for mundane things like, a recursive list and
>> process suspending/killing.
>>
>
> Read that as Dustbins inability to
> write such 3rd party programs. After
> all how is he going to read NTFS or FAT32
> from his 16bit BASIC application? bASIC

4Q, The file system is transparent to the program.
As a fellow programmer? (heh) you should have known that. I'm not
accessing data on a sector or direct hardware level, so the filesystem
doesn't matter. If you can see the drive in dos/console, BugHunter can
too. It's as simple as that.

> was designed for very old DOS systems
> FAT16 (no long filename support).

Actually, if I really wanted to support long filenames, I could. Extended
interrupts do provide access to them. Just ask Art. He's written a few
things in QuickBasic which display and access long filenames in dos fine.

That's been available since windows95 you know, Long filename support for
dos programs that wanted to bother.

> No wonder he won't release any source
> code for his pile of crap, let's see him
> handle NTFS with int13 from his 16bit
> platform.

As I don't access the hard disk via the bios, why would I need to access
the ntfs file system directly?

You keep calling it a pile of crap, yet it continues to get awards and
nice reviews and support. It's still one of the fastest (if not the
fastest) scanners available, for dos or windows. I've corrected every
issue reported concerning it too. In what way is it a pile of crap?

>> 4Q is using enclosed statements when it's not necessary, clearly
>> indicating his unfamiliarity with the language. It's no wonder what
>> should have taken 10 minutes to write took him roughly 2 hours.
>>
>
> Don't forget I didn't cut and paste
> bits and pieces from old virus code
> (like you did) and I wrote from scratch
> whilst cooking my meal, watching TV,
> and coffee moments

I don't recall any of my virus code having an interface, like BugHunter
does. Are you going to accuse me of stealing my own code now too?

The fact my code is written/commented well enough that it can be adapted
for use in other programs is a good thing, I'm sorry your such a sloppy
programmer that yours is that app specific. If you can't reuse some of
your code, you can't code. Period.

>> For example,
>> open ("O",2,"B2.DAT"
>> is not necessary; this is classic newbie textbook asic programming.
>> open "o",2,"b2.dat" will work just as well.
>>
>
> Very misleading. I wrote the code as
> an easy to understand "bASIC" program
> uppercase for keywords and parenthesis
> around functions for clarity. You need
> to re-read what Kadaitcha Man had to
> say about your scriddle skrit code
> http://fourq.host.sk/chars/Dustin_Cook/

Kadaitchman got his ass handed to him trying to correct my code.
Remember? I posted working code, his corrections resulted in non
functional code. He backpeddled ever since. He did so poorly, his code
wouldn't compile if you tried; And I didn't have to try to know this,
despite his backpeddling claim saying otherwise.

Your going to need more reliable witnesses on your side, He's a chump.

> And don't forget I code in C/C++ not bASIC. Perhaps you should ask
> Guillermito
> if he will send you some of my object
> oriented C++ A.L. work, was published on
> Coderz.net Then come back and compare
> your standard of coding with mine.

The fact asic isn't something your too familiar with isn't a valid excuse
to defend such poor programming. Remember, you invited this by trying to
pass that pos code of yours off as something even remotely close to
BugHunter. If that's the best imitation you can do for me, I'm
disappointed. Your a lousy fan.
>
>
>> "It is effectively the same application "
>>
>> If anyone thinks his work is the same as mine, then I invite you to
>> re- read my post.

He's comparing a pinto to a mustang.
>>
>
> Why don't you release some of your
> "pinto" source code. Let's say one of
> your 1.9 Bug**** versions complete
> with compile instructions so we can
> take a look at your mastery of programming.

Heh, BugHunter is by no means a pinto. Only a moron would think of yours
as the Mustang. Source code isn't available, and as a programmer, you
shouldn't need it to figure out how the program runs. Unless, your just
not as good as your trying to pass yourself off to be.

>> Also mentioned on your review is the following bogus information,
>> Would you mind backing the following statement up?
>>
>> "It is alleged that the BugHunter crapware is a sleeper Trojan
>> and will put peoples privacy at risk. " - 4Q showing extreme paranoia
>> on alt.comp.virus. Next he'll tell us he really was abducted by
>> aliens.
>>
>
> *hah* Smokescreen. You with a long long
> history of maliciousness and releasing
> virus malware into the wild expect people
> to believe you can be trusted. It's like
> asking a reformed bankrobber to look
> after a savings trust.

So you have no way of backing the statement up then? I didn't think so.
You couldn't back up the initial claim that it was already a trojan, so I
didn't really expect a good defense on this claim of yours either. I was
hoping you'd respond in a fashion such as this to show everyone else what
your real intentions are. As if everyone hasn't figured you out by now.

>
>
>> "Dustbin Cook is a well known malware spreader and has
>> authored (and spread) many virus, worms and trojans." - 4Q outright
>> lieing in public. I never wrote any trojans, and my collection of
>> malware was fairly small compared to many other authors.
>>
>> 4Q, feel free to mention to the audience that you are also a malware
>> author, and you did spread your work. Compare our actions equally for
>> a change. You host a worthless website and generally do nothing for
>> the good of anyone. I write/maintain a useful application which is
>> designed to disable/remove similiar things to what both of us used to
>> write.
>>
>
> See notes above

Please do. Also note,

4Q's website: nothing useful to be found.
My website: a program which will remove over 8,500 malicious executables
and scripts.

Does it really take a rocket scientist to see whats useful and whats a
waste of webspace?

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

Dustin Cook · 05-16-2007, 03:13 PM

kurt wismer <kurtw@sympatico.ca> wrote in
news:f2epne$3sv$1@registered.motzarella.org:

> David H. Lipman wrote:
> [snip]
>> This is NOT malware. It is classified as a "Potentially Unwanted
>> Program"
>
> also known as greyware... probably something dustin should consider
> moving away from using in bughunter in future...
>

I wouldn't classify that program specifically as greyware. See here:

http://www.beyondlogic.org/consultin...rocessutil.htm

That's what's being distributed with BugHunter and many other home brew
spyware removal tools. It's very useful for the intended purpose.

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

---Fitz--- · 05-16-2007, 04:14 PM

It's not possible to embarrass some else...just yourself when you try to
correct their "splellnig mistakes". Now, how's that for credibility?

| Notice David's splellnig mistakes!
| "maliciosly", "NugHunter" is he worried his credibility is heading for
| a bananna
| slip?

David H. Lipman · 05-16-2007, 04:17 PM

From: "kurt wismer" <kurtw@sympatico.ca>

| David H. Lipman wrote:
| [snip]
>> This is NOT malware. It is classified as a "Potentially Unwanted Program"
|
| also known as greyware... probably something dustin should consider
| moving away from using in bughunter in future...
|

Yes. He can script it. :-)

I'm sure there is a routine he can use link in as a OBJ file.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Dustin Cook · 05-16-2007, 05:43 PM