How BugHunter Works; for those interested.

[Dustin Cook]

BugHunter uses a proprietary checksum algorithm that I developed over 14
years ago. In an effort to reduce scantime, BugHunter scans files ONLY
if they have a known filelength; IE: Known to BugHunter as potentially
being malicious. Once BugHunter takes a scan of the suspect file, it
gets two 32bit numbers in a specific order. If the numbers match the
record as well as the filelength in the correct order, BugHunter
considers it a valid match and looks the information up to give it a
more descriptive name, of course that depends on the record having a
matching description in one of the buginfo files.


I hope this will help with any questions you may have about what
BugHunter is, and what it is not. If you have any questions, I will
monitor this thread; you may respond here or in email.

Thanks for reading!

--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

[4Q]

Dustbin Cook wrote:
> BugHunter uses a proprietary checksum algorithm that I developed over 14
> years ago.

You developed ey? Something cobbled
together more like.

> In an effort to reduce scantime, BugHunter scans files ONLY
> if they have a known filelength; IE: Known to BugHunter as potentially
> being malicious. Once BugHunter takes a scan of the suspect file, it
> gets two 32bit numbers in a specific order. If the numbers match the
> record as well as the filelength in the correct order, BugHunter
> considers it a valid match and looks the information up to give it a
> more descriptive name, of course that depends on the record having a
> matching description in one of the buginfo files.
>

Hmmm, it's a bit lacking on details of
how this "algorithm" works. Can we see
the mathematical analysis for this
whacked up bit of cobble code? Was is
published in a well known academic
journal for a rigorous critique by
crytographers or computer scientists?



>
> I hope this will help with any qu
estions you may have about what
> BugHunter is, and what it is not. If you have any questions, I will
> monitor this thread; you may respond here or in email.
>
> Thanks for reading!

If you aren't going to provide more
description or code for this "algorithm"
then I'd suggest anyone interested in
how checksummers work could pick up
several undergradute books on data
communication theory or cryptography.
Rather than wasting their time with
homemade crap whacked together in
dead of night by an bASIC wizard in his
Harry Potter themed "dungeon".

Lookup authors like William Stallings,
Andrew Tanenbaum. Read back issues
of Bruce Schneier's "Crypto-Gram"
newsletter for advice to wanna-be
proprietary algorithm developers. )


4Q

[Jack]

> Dustbin Cook wrote:
>> BugHunter uses a proprietary checksum algorithm that I developed over 14
>> years ago.
>
> You developed ey? Something cobbled
> together more like.
>
>> In an effort to reduce scantime, BugHunter scans files ONLY
>> if they have a known filelength; IE: Known to BugHunter as potentially
>> being malicious. Once BugHunter takes a scan of the suspect file, it
>> gets two 32bit numbers in a specific order. If the numbers match the
>> record as well as the filelength in the correct order, BugHunter
>> considers it a valid match and looks the information up to give it a
>> more descriptive name, of course that depends on the record having a
>> matching description in one of the buginfo files.
>>
>
> Hmmm, it's a bit lacking on details of
> how this "algorithm" works. Can we see
> the mathematical analysis for this
> whacked up bit of cobble code? Was is
> published in a well known academic
> journal for a rigorous critique by
> crytographers or computer scientists?
>
>
>
>>
>> I hope this will help with any qu estions you may have about what
>> BugHunter is, and what it is not. If you have any questions, I will
>> monitor this thread; you may respond here or in email.
>>
>> Thanks for reading!
>
> If you aren't going to provide more
> description or code for this "algorithm"
> then I'd suggest anyone interested in
> how checksummers work could pick up
> several undergradute books on data
> communication theory or cryptography.
> Rather than wasting their time with
> homemade crap whacked together in
> dead of night by an bASIC wizard in his
> Harry Potter themed "dungeon".
>
> Lookup authors like William Stallings,
> Andrew Tanenbaum. Read back issues
> of Bruce Schneier's "Crypto-Gram"
> newsletter for advice to wanna-be
> proprietary algorithm developers. )
>
>
> 4Q

thanks Dustin
I just LOVE that prog, as do many others.

[Dustin Cook]

4Q <paul_zest@hushmail.com> wrote in
news:1186178765.339064.121310@19g2000hsx.googlegro ups.com:

> Dustbin Cook wrote:
>> BugHunter uses a proprietary checksum algorithm that I developed over
>> 14 years ago.
>
> You developed ey? Something cobbled
> together more like.
>
>> In an effort to reduce scantime, BugHunter scans files ONLY
>> if they have a known filelength; IE: Known to BugHunter as
>> potentially being malicious. Once BugHunter takes a scan of the
>> suspect file, it gets two 32bit numbers in a specific order. If the
>> numbers match the record as well as the filelength in the correct
>> order, BugHunter considers it a valid match and looks the information
>> up to give it a more descriptive name, of course that depends on the
>> record having a matching description in one of the buginfo files.
>>
>
> Hmmm, it's a bit lacking on details of
> how this "algorithm" works. Can we see
> the mathematical analysis for this
> whacked up bit of cobble code? Was is
> published in a well known academic
> journal for a rigorous critique by
> crytographers or computer scientists?
>
>
>
>>
>> I hope this will help with any qu
> estions you may have about what
>> BugHunter is, and what it is not. If you have any questions, I will
>> monitor this thread; you may respond here or in email.
>>
>> Thanks for reading!
>
> If you aren't going to provide more
> description or code for this "algorithm"
> then I'd suggest anyone interested in
> how checksummers work could pick up
> several undergradute books on data
> communication theory or cryptography.
> Rather than wasting their time with
> homemade crap whacked together in
> dead of night by an bASIC wizard in his
> Harry Potter themed "dungeon".
>
> Lookup authors like William Stallings,
> Andrew Tanenbaum. Read back issues
> of Bruce Schneier's "Crypto-Gram"
> newsletter for advice to wanna-be
> proprietary algorithm developers. )
>
>
> 4Q
>
>

My posting headers have been modified, I will not contribute to your auk
flamebait attempts; and you will not derail this into a tit for tat
flame war as you obviously do with other threads.

You will not recieve any code, period. Not now, not ever. The algorithm
is indeed of my own design, and in the 14 years since it's original use,
I've seen no reports of issues regarding it. I will not go into detail
on how it works any further than I already have. Everyone now has a
general idea, and it debunks your ignorant claim of BugHunter being a
string scanner in the least bit.

Spybot Search and Destroy as well as Lavasoft's Adaware and various
other programs, including most of your antivirus/malware products that
do self checks have naturally similiar technology; and they won't detail
it any further either. Get used to this idea, and 4Q, I don't claim it's
foolproof; You really should read the documentation sometime. In fact,

http://bughunter.it-mate.co.uk/BUGHUNT.TXT

"This program is offered without warranty of any kind. Although
BugHunter has been extensively tested, programs of this nature are not by
definition error proof and can therefore pose a potential risk to
your operating system due to a possible false positive. Always scan
first, and post the logfile to a spyware removal helpsite or
specialist if you're unsure, before taking the scan and kill
option."

Are you actually trying to bs people into thinking BugHunter is less safe
than the programs they already use? LOL! What a loon. Everyone develops
their own technology. And once again, I have to laughingly remind you,
since you don't know lighting either?, I call this place the dungeon due
to the lighting, It's a play on words. I'm not a fan of Harry Potter any
more so than your a welcome person in my home. LoL.

Come back with substance, lamer.

Oh, and you might as well update your page, unless you like being punched
repeatedly in the nose, not to mention how stupid you now appear to be,
what with your claims of string scanning.. HAHAHA. I told you originally
it's not a string scanner. The algorithm is clearly more advanced than
your capable of understanding. Haha.


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

[Dustin Cook]

Jack <gone@gonegone.com> wrote in
news:mn.1ba47d783ac2b8e0.70004@gonegone.com:

>
> thanks Dustin
> I just LOVE that prog, as do many others.

Your welcome, and thanks for your support. If you'd like to be placed on
the mailing list so that you recieve an email when updates are available
feel free to contact me. I do not keep uptodate posts here all the time. I
do it as a convenience to people, but I don't make much effort to keep
usenet informed. Hence the mailing list.


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

[Russg]

"Dustin Cook" <> wrote in message news:
> BugHunter uses a proprietary checksum algorithm that I developed over 14
> years ago. In an effort to reduce scantime, BugHunter scans files ONLY
> if they have a known filelength; IE: Known to BugHunter as potentially
> being malicious. Once BugHunter takes a scan of the suspect file, it
> gets two 32bit numbers in a specific order. If the numbers match the
> record as well as the filelength in the correct order, BugHunter
> considers it a valid match and looks the information up to give it a
> more descriptive name, of course that depends on the record having a
> matching description in one of the buginfo files.
>
>
> I hope this will help with any questions you may have about what
> BugHunter is, and what it is not. If you have any questions, I will
> monitor this thread; you may respond here or in email.
>
> Thanks for reading!
>
Question comes to mind. Where do you get samples to get your ID CRC and
length? Someone at one of the AV vendors?

[Dustin Cook]

"Russg" <russgilb@MUNGEsbcglobal.net> wrote in
news:%DRsi.12542$eY.8974@newssvr13.news.prodigy.ne t:

>
> "Dustin Cook" <> wrote in message news:
>> BugHunter uses a proprietary checksum algorithm that I developed over
>> 14 years ago. In an effort to reduce scantime, BugHunter scans files
>> ONLY if they have a known filelength; IE: Known to BugHunter as
>> potentially being malicious. Once BugHunter takes a scan of the
>> suspect file, it gets two 32bit numbers in a specific order. If the
>> numbers match the record as well as the filelength in the correct
>> order, BugHunter considers it a valid match and looks the information
>> up to give it a more descriptive name, of course that depends on the
>> record having a matching description in one of the buginfo files.
>>
>>
>> I hope this will help with any questions you may have about what
>> BugHunter is, and what it is not. If you have any questions, I will
>> monitor this thread; you may respond here or in email.
>>
>> Thanks for reading!
>>
> Question comes to mind. Where do you get samples to get your ID CRC
> and length? Someone at one of the AV vendors?
>
>
>

Sorry russ old buddy, but you didn't know the difference between a
gopher and a groundhog; you do I'm sure, you were just being a wiseass
about it. Since your trolling then and now, I'm not going to tell you how
the samples arrive, except to say that I can acquire them just as easily
as anybody else; Surf to unsafe sites and allow programs to "install" in
a virtual environment. Various others arrive via different means, but
alas, it's no real big secret. I have access to the same material that I
always have. It's one of those ex-vxer benefits, you might say.

Now, if you have any real questions about the program, I'd be happy to
answer them.


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

[Andy Walker]

Dustin Cook wrote:

> If you have any questions, I will
>monitor this thread; you may respond here or in email.

Ok, say I'm a malware writer and want to evade your program. It seems
to me that all I have to do is pad a few kilobytes of garbage into my
program and randomly modify the size every now an then. I could evade
your program for a very long time under that scenario. Is that
correct?

[Russg]

I googled gopher and ground hog.
It isn't real clear, ground hog is bigger, gopher is smaller.
There are ~100 types of gophers in N. Amer.
Some are called marmots, but some groundhogs are also called marmots. Then
there's woodchucks (ground hogs) and whistlepigs (also ground hogs).
Wikipedia says groundhogs are large squirels, which doesn't make much sense.
This isn't the place for rodent identification, but, no, I didn't know the
difference between gophers and groundhogs.
Both are under ground living pests in people's yards.
I do know a prairy dog when I see one.

[Andy Walker]

Russg wrote:

>I didn't know the
>difference between gophers and groundhogs.
>Both are under ground living pests in people's yards.

Not really. A groundhog spends most of its time above ground
foraging. Gophers live mostly underground, but do come up for a bit
of fresh air from time to time.