How BugHunter Works; for those interested.

[Dustin Cook]

kurt wismer <kurtw@sympatico.ca> wrote in news:f931pn$r8m$1
@registered.motzarella.org:

> Andy Walker wrote:
> [snip]
>> I understand what your saying, but some scanners take into account
>> other metrics like the existence of certain registry keys, or even the
>> structure of supporting files used as databases for the malware. A
>> complete deconstruction of the offending malware *could* produce
>> enough information to snare all its variants. Heh! but then who's got
>> the time... ;-)
>
> a *complete* deconstruction of the malware (or any program, really)
> falls outside the realm of computability as it is reducible to the
> halting problem...

Again, I want to thank you for stepping in and explaining the obvious.
BugHunter is not the only program which can be defeated using the tricks
Andy specified.


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

[Andy Walker]

Dustin Cook wrote:

>BugHunter is not the only program which can be defeated using the tricks
>Andy specified.

And there are many programs that aren't as easy to defeat. I don't
need a lesson from any of you on how to defeat anti-malware programs.
I was just asking the question because you seemed to want to discuss
your programs capabilities, which are not all that impressive. That
said, I'm sure some people can use your program to help them clean
their system. I just don't see a commercial use for it in its present
state of development.

[Dustin Cook]

Andy Walker <awalker@nspank.invalid> wrote in news:46b61682.17853734
@news.webtv.com:

> Dustin Cook wrote:
>
>>BugHunter is not the only program which can be defeated using the
tricks
>>Andy specified.
>
> And there are many programs that aren't as easy to defeat. I don't
> need a lesson from any of you on how to defeat anti-malware programs.


Well, Andy, I wasn't trying to give you a lesson. So I suppose it's great
that you don't need one. As far as easy to beat is concerned, Any program
can be beaten, and none of them are immune from a targetted attack. I of
all people should know, I used to write such junk.

BugHunter isn't any harder/easier to evade than spybot, adaware and
various other programs are. The fact you think they are somehow magically
immune from what you propose for an attack only shows how ignorant you
actually are on the subject, so maybe you do need a lesson or two after
all.

> I was just asking the question because you seemed to want to discuss
> your programs capabilities, which are not all that impressive. That

My program doesn't have any less/more capabilities than most other file
based removal tools. It targets known files and lets you remove them if
you'd like. That's all I've said it does, and that's exactly what it
does. Whether or not this impresses you really doesn't concern me.

And despite what you might think, it does a reasonably well job of it
too! And you don't have to take my word for it.

> said, I'm sure some people can use your program to help them clean
> their system. I just don't see a commercial use for it in its present
> state of development.

I know for a fact it's used to clean systems. In commercial and non
commercial environments. People more knowledgable than yourself on the
subject don't seem to share your opinions.


Did you think I was trying to advertise it or something? Do you think I
wrote BugHunter to make money? If so, heres a short history lesson for
you. BugHunter was released almost 3 years ago for general use, In that
time, for the last 3 months a donate button has appeared on my site.
Obviously, money isn't the goal and never was. BugHunter doesn't mention
ANY donation options, doesn't beg you for anything, doesn't suggest or
otherwise mention paying for it. It's a completely free program which I
and many others think serves a useful purpose.

I'll take your opinions under consideration.



--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

[Andy Walker]

Dustin Cook wrote:

>I'll take your opinions under consideration.

I doubt very much that your arrogance would allow that.

Back to the bozo bin you go.

[Dustin Cook]

Andy Walker <awalker@nspank.invalid> wrote in news:46b620f0.20523234
@news.webtv.com:

> Dustin Cook wrote:
>
>>I'll take your opinions under consideration.
>
> I doubt very much that your arrogance would allow that.

I didn't think this was really about BugHunter...

> Back to the bozo bin you go.

I'm not insulted in the least Andy. Thanks.




--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

[Franklin]

On 05 Aug 20:01, Dustin Cook
<spamfilterineffect.see.sig@nowhere.com> wrote:

> Did you think I was trying to advertise it or something? Do you
> think I wrote BugHunter to make money? If so, heres a short history
> lesson for you. BugHunter was released almost 3 years ago for
> general use, In that time, for the last 3 months a donate button
> has appeared on my site. Obviously, money isn't the goal and never
> was. BugHunter doesn't mention ANY donation options, doesn't beg
> you for anything, doesn't suggest or otherwise mention paying for
> it. It's a completely free program which I and many others think
> serves a useful purpose.


Thank you for making such a program available. It is this ethos which
helps sustain the availablity of freeware.

Good luck.

F

[Russg]

I haven't dealt with a virus/trojan for a long time.
My question is general. BugHunter and other AV programs identify malicious
files, but don't get rid of them.
At least that's my experience with Klez, which was discovered because
ZoneAlarm caught it trying to phone home, and it was constantly accessing
the hard drive and really slowed the computer down. I had to find a Klez
removal tool.
Question:
After BugHunter finds a malware, what does it do to keep it from coming
back, clear out the registry and startup stuff, un-read only, system the
file, prevent system restore from re-inserting it? Or is it general
procedure, once a malware is found, search for a specific removal tool?

[Dustin Cook]

"Russg" <russgilb@MUNGEsbcglobal.net> wrote in
news:94qti.3614$Yz6.2428@newssvr22.news.prodigy.ne t:

> I haven't dealt with a virus/trojan for a long time.
> My question is general. BugHunter and other AV programs identify
> malicious files, but don't get rid of them.

BugHunter does, and I know others do as well. If they re-infect you,
that's not BugHunter's fault.
Please, Please read the documentation sir:

http://bughunter.it-mate.co.uk/BUGHUNT.TXT



> Question:
> After BugHunter finds a malware, what does it do to keep it from
> coming back, clear out the registry and startup stuff, un-read only,
> system the file, prevent system restore from re-inserting it? Or is
> it general procedure, once a malware is found, search for a specific
> removal tool?

Damn... I'm really surprised nobody reads doc files at all? anymore...
Seriously... Okay then, To answer your question.

Reference url: http://bughunter.it-mate.co.uk/BUGHUNT.TXT

What is BugHunter?

BugHunter is a DOS based malware scanner which has a frequently updated
database of signatures as well as engine updates. The program is
designed to quickly scan for and optionally disable/remove any known
malware found.

BugHunter is able to detect browser hijackers, rogue programs, adware,
keyloggers, spyware (including some commercial ones), rootkits which
are file based, malicious java/html/vb scripts, and various worms.


As BugHunter is DOS based and does not require installation of any sort,
it can easily be copied to various media and used to disinfect other
systems without those systems having potentially harmful code present
in memory. BugHunter gets along fine with most memory resident
programs, and supports being run from a boot diskette/cdrom, such as
BartPE.

The scanning routine is very fast, and requires few resources from your
machine. BugHunter will run well on DOS, Windows 3.x, Windows 9x,
Windows NT, Windows 2k, Windows XP and Windows 2003.

BugHunter does not edit the registry of the system in any way, it
simply identifies and optionally removes found files. As BugHunter
relies on dat file technology similar to that of a virus scanner,
updates to the datafile and the program itself will be released from
time to time on the Website.

For NTFS based operating systems, BugHunter can be run from a BartPE
cdrom. BugHunter will run under NTFSDOS, but odd results have been
reported using it. For example, the date/time stamp of the log file
will be wrong. Scanning does not seem to be affected.


So how do I use it?

BugHunter has a simple and straight forward menu system which normally
requires only one keypress from you. The hot key is normally shown in
brackets [] with a description to the right of the key.

BugHunter supports 4 modes of operation. These are:

[A] - Scan Only
[B] - Scan and rename found files
[C] - Scan and remove (delete) found files
[D] - Scan and ask what to do with found files.
[Q] - Quit the program

Make your selection and BugHunter will display the directories that are
configured for scanning. Press Y (or y) and BugHunter will do what you
selected previously.


--

Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml

[kurt wismer]

Andy Walker wrote:
> Dustin Cook wrote:
>
>> BugHunter is not the only program which can be defeated using the tricks
>> Andy specified.
>
> And there are many programs that aren't as easy to defeat. I don't
> need a lesson from any of you on how to defeat anti-malware programs.

you seem to have an agenda here... the weakness you pointed out is
shared by most anti-malware programs... only behaviour-based detectors
would be resistant to it...

> I was just asking the question because you seemed to want to discuss
> your programs capabilities, which are not all that impressive.

compared to those that have tens or hundreds of thousands of man-hours
worth of development in them, i suppose not...

> That
> said, I'm sure some people can use your program to help them clean
> their system. I just don't see a commercial use for it in its present
> state of development.

then it's a good thing it's free...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

[Russg]

"Dustin Cook" <> wrote in message news:
> "Russg" <> wrote in > news:>
> > I haven't dealt with a virus/trojan for a long time.
> > My question is general. BugHunter and other AV programs identify
> > malicious files, but don't get rid of them.
>
> BugHunter does, and I know others do as well. If they re-infect you,
> that's not BugHunter's fault.
> Please, Please read the documentation sir:
>
> http://bughunter.it-mate.co.uk/BUGHUNT.TXT
>
>
>
> > Question:
> > After BugHunter finds a malware, what does it do to keep it from
> > coming back, clear out the registry and startup stuff, un-read only,
> > system the file, prevent system restore from re-inserting it? Or is
> > it general procedure, once a malware is found, search for a specific
> > removal tool?
>
> Damn... I'm really surprised nobody reads doc files at all? anymore...
> Seriously... Okay then, To answer your question.
>

snip BugHunter documentation

>
> So how do I use it?
>
> BugHunter has a simple and straight forward menu system which normally
> requires only one keypress from you. The hot key is normally shown in
> brackets [] with a description to the right of the key.
>
> BugHunter supports 4 modes of operation. These are:
>
> [A] - Scan Only
> [B] - Scan and rename found files
> [C] - Scan and remove (delete) found files
> [D] - Scan and ask what to do with found files.
> [Q] - Quit the program
>
> Make your selection and BugHunter will display the directories that are
> configured for scanning. Press Y (or y) and BugHunter will do what you
> selected previously.
I admit not reading documentation, or even some of the posts here that
answer my question.
I have read that documentation before, and I can explain myself better.
Viruses/Trojans/malware are not just simple files that can be identified,
the permissions altered and deleted.
They are usually multiple files, in multiple directories, with entries into
the registry and system startup and sometimes
the Master Boot Record. I don't know exactly how they work, probably
varies, but I see the BugHunter documentation
mentioning removing found files, but not removing all the nefarious stuff
that viruses install that allows them to be
persistent and self replicating. I know only Klez from experience, I've
avoided porn sites, opening e-mail files,
not allowing html, I don't disable Java, but keep it up to date. But back
to Klez. It installed a program called
winkxx.exe. That program caught calling out by Zone Alarm. Simple removing
of winkxx didn't work. I had
to run a removal program, this was with a WinME machine, so I guess system
restore restored it.
There are complexities to files, such as many executable file extensions,
other than .com .exe .msi, etch.
that can be such that you don't see the extension with 'hidden' file
extensions.
What I'm getting at, is I don't understand what malware does, but am aware
it isn't just simple files that can
be identified and removed. Just like the extensive procedures that
add/remove in Windows goes thru to
remove a program. Or and un-install on a program. Or even Norton
Uninstall. to get rid of something
unwanted.
I understand a clean boot, even with a universal boot cd (BartPE will trash
a Win98/ME MBR in my experience)
I can boot to command prompt and use a DOS AV like f-prot or BugHunter to
identify offending programs,
but it isn't as simple as just removing a file/files.
I'm repeating myself.