smitfraud on vista!!!!

[Dustin Cook]

"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
news:f716ge$921$1@blackhelicopter.databasix.com:

> Log file opened: 07:23:42 - 07-08-2007
> BugHunter v2.2c using database date/time 07-02-2007|23:47:28
> Using configuration file: BUGHUNT.INI
>
> => Nfo: Recursive scanning is enabled.
> => Nfo: BugHunter is only logging found malware...
> Action taken, and result.
>
> C:\WINDOWS\META4.EXE
> [3:436] [Unclassified.Trojan] No Action Taken
>
> C:\PROGRA~1\LOGMEIN\LMIINIT.DLL
> [2:3243] [RAT.RemotelyAnywhere] No Action Taken
>
> C:\WINDOWS\SYSTEM32\LMIINIT.DLL
> [2:3243] [RAT.RemotelyAnywhere] No Action Taken
>
> C:\PROGRA~1\NPSOFT~1\WTR-WE~1\ICSHAR~1.DLL
> [1:1261] [Full Match!] No Action Taken
>
> C:\WINDOWS\INSTAL~1\{B510A~1\NEWSHO~1.EXE
> [2:442] [Malicious JavaScript] No Action Taken
>
> C:\DOCUME~1\OWNER~1.NEW\DESKTOP\DE6AFE~1\REMOVE~1. B
> [2:2852] [Exploit.Win32.WMF-PFV] No Action Taken
>
> C:\DOCUME~1\OWNER~1.NEW\DESKTOP\DESKTO~2\SETUPM~1. BUG
> [2:678] [Adware.Yazzle.Uninstaller] No Action Taken
>
> C:\DOCUME~1\OWNER~1.NEW\DESKTOP\DESKTO~2\SETUPM~2. BUG
> [2:712] [Trojan.Spy.Bancos.Zm] No Action Taken
>
> C:\DOCUME~1\OWNER~1.NEW\DESKTOP\DE5203~1\POSSIB~1\ POSSIB~1.SCR
> [3:1514] [Trojan.Ircbot.Aaq] No Action Taken
>
> C:\DOCUME~1\OWNER~1.NEW\LOCALS~1\TEMPOR~1\CONTENT. IE5\09T522ZU\PROFIL~1
> .JS [2:1908] [Malicious Script] No Action Taken
>
> ================================================== =============
> Finished Scanning...202,166 Files
>
> 10 known MalWare files were found.
> BugHunter took approximately 85 minutes and 28 seconds to scan the
> folders.
> ================================================== ============= Log
> file closed.: 08:48:12 - 07-08-2007
>
>

Hmm... I appreciate the information with the files I still need to fix.
I'm unsure these are all false alarms however. If you wouldn't care to
zip them up with a password and send it to my yahoo mail, I'd appreciate
it. I hope those are all false alarms or that your intentionally
downloading those things for analysis.

Looks like I have a bit of anaylsis to do to ensure safety here. So
please do send the samples at your convenience.

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

[pcbutts1]

They are not all false alarms.

--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Dustin Cook" <spamfilterineffect.see.sig@nowhere.com> wrote in message
news:Xns9969D7922360DHHI2948AJD832@69.28.186.121.. .
> "pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
> news:f716ge$921$1@blackhelicopter.databasix.com:
>
>> Log file opened: 07:23:42 - 07-08-2007
>> BugHunter v2.2c using database date/time 07-02-2007|23:47:28
>> Using configuration file: BUGHUNT.INI
>>
>> => Nfo: Recursive scanning is enabled.
>> => Nfo: BugHunter is only logging found malware...
>> Action taken, and result.
>>
>> C:\WINDOWS\META4.EXE
>> [3:436] [Unclassified.Trojan] No Action Taken
>>
>> C:\PROGRA~1\LOGMEIN\LMIINIT.DLL
>> [2:3243] [RAT.RemotelyAnywhere] No Action Taken
>>
>> C:\WINDOWS\SYSTEM32\LMIINIT.DLL
>> [2:3243] [RAT.RemotelyAnywhere] No Action Taken
>>
>> C:\PROGRA~1\NPSOFT~1\WTR-WE~1\ICSHAR~1.DLL
>> [1:1261] [Full Match!] No Action Taken
>>
>> C:\WINDOWS\INSTAL~1\{B510A~1\NEWSHO~1.EXE
>> [2:442] [Malicious JavaScript] No Action Taken
>>
>> C:\DOCUME~1\OWNER~1.NEW\DESKTOP\DE6AFE~1\REMOVE~1. B
>> [2:2852] [Exploit.Win32.WMF-PFV] No Action Taken
>>
>> C:\DOCUME~1\OWNER~1.NEW\DESKTOP\DESKTO~2\SETUPM~1. BUG
>> [2:678] [Adware.Yazzle.Uninstaller] No Action Taken
>>
>> C:\DOCUME~1\OWNER~1.NEW\DESKTOP\DESKTO~2\SETUPM~2. BUG
>> [2:712] [Trojan.Spy.Bancos.Zm] No Action Taken
>>
>> C:\DOCUME~1\OWNER~1.NEW\DESKTOP\DE5203~1\POSSIB~1\ POSSIB~1.SCR
>> [3:1514] [Trojan.Ircbot.Aaq] No Action Taken
>>
>> C:\DOCUME~1\OWNER~1.NEW\LOCALS~1\TEMPOR~1\CONTENT. IE5\09T522ZU\PROFIL~1
>> .JS [2:1908] [Malicious Script] No Action Taken
>>
>> ================================================== =============
>> Finished Scanning...202,166 Files
>>
>> 10 known MalWare files were found.
>> BugHunter took approximately 85 minutes and 28 seconds to scan the
>> folders.
>> ================================================== ============= Log
>> file closed.: 08:48:12 - 07-08-2007
>>
>>
>
> Hmm... I appreciate the information with the files I still need to fix.
> I'm unsure these are all false alarms however. If you wouldn't care to
> zip them up with a password and send it to my yahoo mail, I'd appreciate
> it. I hope those are all false alarms or that your intentionally
> downloading those things for analysis.
>
> Looks like I have a bit of anaylsis to do to ensure safety here. So
> please do send the samples at your convenience.
>
> --
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool - v2.2c
> email: bughunter.dustin@gmail.com.removethis
> web..: http://bughunter.it-mate.co.uk
> Pad..: http://bughunter.it-mate.co.uk/pad.xml
>

[Dustin Cook]

"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in news:f71baa$jrs$1
@blackhelicopter.databasix.com:

> They are not all false alarms.

Ahh. Okay. The ones you've allowed it to rename I'm going to assume for the
time being that you have checked them independently. I'm reviewing my
definition of RAT to see if logmein really should be scanned for by
BugHunter. I'll have the reported false alarms fixed with the next release,
Thanks again for your help.


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

[pcbutts1]

This is real
C:\WINDOWS\META4.EXE
[3:436] [Unclassified.Trojan] No Action Taken

This was missed
C:\WINDOWS\MOTA113.EXE

These are false
C:\PROGRA~1\LOGMEIN\LMIINIT.DLL
[2:3243] [RAT.RemotelyAnywhere] No Action Taken

C:\WINDOWS\SYSTEM32\LMIINIT.DLL
[2:3243] [RAT.RemotelyAnywhere] No Action Taken

C:\PROGRA~1\NPSOFT~1\WTR-WE~1\ICSHAR~1.DLL
[1:1261] [Full Match!] No Action Taken

C:\WINDOWS\INSTAL~1\{B510A~1\NEWSHO~1.EXE
[2:442] [Malicious JavaScript] No Action Taken

This is my Remove-it program renamed as remove-it.b, I have at lease 5 of
these in various locations but it only detected just one in a folder that
does not exsist, never has.
C:\DOCUME~1\OWNER~1.NEW\DESKTOP\DE6AFE~1\REMOVE~1. B
[2:2852] [Exploit.Win32.WMF-PFV] No Action Taken

These files and folders do not exsist never has.
C:\DOCUME~1\OWNER~1.NEW\DESKTOP\DESKTO~2\SETUPM~1. BUG
[2:678] [Adware.Yazzle.Uninstaller] No Action Taken

C:\DOCUME~1\OWNER~1.NEW\DESKTOP\DESKTO~2\SETUPM~2. BUG
[2:712] [Trojan.Spy.Bancos.Zm] No Action Taken

C:\DOCUME~1\OWNER~1.NEW\DESKTOP\DE5203~1\POSSIB~1\ POSSIB~1.SCR
[3:1514] [Trojan.Ircbot.Aaq] No Action Taken


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Dustin Cook" <spamfilterineffect.see.sig@nowhere.com> wrote in message
news:Xns9969DAADAD58DHHI2948AJD832@69.28.186.121.. .
> "pcbutts1" <pcbutts1@leythosthestalker.com> wrote in news:f71baa$jrs$1
> @blackhelicopter.databasix.com:
>
>> They are not all false alarms.
>
> Ahh. Okay. The ones you've allowed it to rename I'm going to assume for
> the
> time being that you have checked them independently. I'm reviewing my
> definition of RAT to see if logmein really should be scanned for by
> BugHunter. I'll have the reported false alarms fixed with the next
> release,
> Thanks again for your help.
>
>
> --
> Dustin Cook
> Author of BugHunter - MalWare Removal Tool - v2.2c
> email: bughunter.dustin@gmail.com.removethis
> web..: http://bughunter.it-mate.co.uk
> Pad..: http://bughunter.it-mate.co.uk/pad.xml
>

[Dustin Cook]

"pcbutts1" <pcbutts1@leythosthestalker.com> wrote in
news:f71dse$pgp$1@blackhelicopter.databasix.com:

> This is real
> C:\WINDOWS\META4.EXE
> [3:436] [Unclassified.Trojan] No Action Taken
>
> This was missed
> C:\WINDOWS\MOTA113.EXE

BugHunter doesn't know it then.

> These are false
> C:\PROGRA~1\LOGMEIN\LMIINIT.DLL
> [2:3243] [RAT.RemotelyAnywhere] No Action Taken
>
> C:\WINDOWS\SYSTEM32\LMIINIT.DLL
> [2:3243] [RAT.RemotelyAnywhere] No Action Taken
>
> C:\PROGRA~1\NPSOFT~1\WTR-WE~1\ICSHAR~1.DLL
> [1:1261] [Full Match!] No Action Taken
>
> C:\WINDOWS\INSTAL~1\{B510A~1\NEWSHO~1.EXE
> [2:442] [Malicious JavaScript] No Action Taken

These have been removed with the last signature update, released July
10th, 2007.

> This is my Remove-it program renamed as remove-it.b, I have at lease 5
> of these in various locations but it only detected just one in a
> folder that does not exsist, never has.
> C:\DOCUME~1\OWNER~1.NEW\DESKTOP\DE6AFE~1\REMOVE~1. B
> [2:2852] [Exploit.Win32.WMF-PFV] No Action Taken

The folder is the short filename, not the long filename. To make sure
your accessing the correct folder, type dir /x from a console prompt.

It's probably one of your older pirated scripts, but BugHunter isn't
properly naming it. This will likely be removed in a future update.

> These files and folders do not exsist never has.
> C:\DOCUME~1\OWNER~1.NEW\DESKTOP\DESKTO~2\SETUPM~1. BUG
> [2:678] [Adware.Yazzle.Uninstaller] No Action Taken
>
> C:\DOCUME~1\OWNER~1.NEW\DESKTOP\DESKTO~2\SETUPM~2. BUG
> [2:712] [Trojan.Spy.Bancos.Zm] No Action Taken
>
> C:\DOCUME~1\OWNER~1.NEW\DESKTOP\DE5203~1\POSSIB~1\ POSSIB~1.SCR
> [3:1514] [Trojan.Ircbot.Aaq] No Action Taken

See above. BugHunter provides 8.3 style filenames for directories as well
as files.

While BugHunter may occasionally screw up the textual layout, it doesn't
usually claim files to exist which don't. That's 4 seperate routines
which would be fooled at that point.


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml