Malwarebytes & Antivirus 2009

[Leythos]

In article <29556fd0e7f20614a179de2cc8e2301c@mixmaster.it>,
nobody@mixmaster.it says...
> I'm a bit new to this group, so pardon my ignorance. I see a lot of
> calumny directed towards this pcbutts person. But when I follow the
> links to the "truth" of the matter, all I see are posts by the same
> people claiming the same charges against this person. I ask, where is
> the proof that he was banned from MS servers? Where is the proof he
> steals code from others?
>

If you care to learn, you can follow the links below to get started,
they will show you the real character behind PCBUTTS.

http://www.google.com/search?hl=en&q=pcbutts1+thief
http://www.velocityreviews.com/forum...-removeit.html
http://************/4rruwd

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

[Beauregard T. Shagnasty]

George Orwell wrote:

> .. Where is the proof he steals code from others?

I've caught him twice.

The VBS script he renamed "Runningnow" was stolen from a gent named
Andrew Aronoff, who distributes it here:
http://silentrunners.org/

His hosts file was copied directly from
http://www.mvps.org/winhelp2002/hosts.htm
and he even screwed up and left the original author's sig as the last
line of the file.
"#end of lines added by WinHelp2002"
After I posted that I had caught him, he removed the line about an hour
later.

> As for his site being blocked by some Host files, I have a feeling
> some of the same people in here have strong input to these Host
> files.

The aforementioned winhelp2002's file contains:
127.0.0.1 pcbutts1-therealtruth.blogspot.com
127.0.0.1 pcbutts1.com
127.0.0.1 www.pcbutts1.com

Buttface, on the other hand, removes those lines from his copied
version, and adds the sites of all the reputable authors he has stolen
from.

--
-bts
-Friends don't let friends drive Windows

[David H. Lipman]

From: "George Orwell" <nobody@mixmaster.it>



| I'm a bit new to this group, so pardon my ignorance. I see a lot of
| calumny directed towards this pcbutts person. But when I follow the
| links to the "truth" of the matter, all I see are posts by the same
| people claiming the same charges against this person. I ask, where is
| the proof that he was banned from MS servers? Where is the proof he
| steals code from others? As for his site being blocked by some Host
| files, I have a feeling some of the same people in here have strong
| input to these Host files. If he is a malware writer, it seems to me
| it would be a simple matter to prove it to his Website hosting company
| and have his site pulled - and law enforcement notified as to his
| damaging computers belonging to others.


| Il mittente di questo messaggio|The sender address of this
| non corrisponde ad un utente |message is not related to a real
| reale ma all'indirizzo fittizio|person but to a fake address of an
| di un sistema anonimizzatore |anonymous system
| Per maggiori informazioni |For more info
| https://www.mixmaster.it

It isn't a case of him distributing malicious code. He is acting maliciously in stealing
the works of others and then defaming those who confront him with the facts. His blocking
of legitimate sites in revenge of those who confront him is malicious and tortious.

I caught Butts plagiaring SmitRem by Noahdfear in October 2005.

I examined the code and I new it was too complex for PCBUTTS1. I searched the Internet
and found the SmitRem.EXE file by Dave (Aka, noahdfear --
http://noahdfear.geekstogo.com ). I examined and scrutinized both utilities and while
they were two different revision levels, I had no doubt that the were the same based upon
noahdfear's v2.2 code. Once I searched for the string 'noahdfear' in the RunThis.bat
batch file there was no longer any doubt that this was plagiarised code.


PCBUTTS1 version...


:notice
color 1F
cls
@echo off
echo.
echo.
echo.
echo ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
echo º º
echo º Trojan-Spy.HTML.smitfraud.c Killer º
echo º º
echo º by pcbutts1 º
echo º º
echo º version 2.2 º
echo º º
echo ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
echo.
echo This tool was tailored to kill smitfraud.c and variants
echo.
echo If you do not trust the source, close this window.
echo.
echo pcbutts1 does not assume any liability
echo.
echo for damage or loss from running this tool
echo.
echo Use at your own risk!!
echo.
echo.
echo.
echo.
pause
cls


Noahdfear's version...


:notice
color 1F
cls
@echo off
echo.
echo.
echo.
echo ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
echo º º
echo º Trojan-Spy.HTML.smitfraud.c Killer º
echo º º
echo º by noahdfear º
echo º º
echo º version 2.7 º
echo º º
echo ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
echo.
echo This tool was tailored to kill smitfraud.c and variants
echo.
echo If you do not trust the source, close this window.
echo.
echo noahdfear does not assume any liability
echo.
echo for damage or loss from running this tool
echo.
echo Use at your own risk!!
echo.
echo.
echo.
echo.
pause
cls


Found in PCBUTTS1 version...


echo.>>%systemdrive%\smitfiles.txt
echo smitRem log file>>%systemdrive%\smitfiles.txt
echo version 2.2>>%systemdrive%\smitfiles.txt
echo.>>%systemdrive%\smitfiles.txt
echo by noahdfear>>%systemdrive%\smitfiles.txt
echo.>>%systemdrive%\smitfiles.txt


I downloaded the files from the PCBUTTS1.Com web server on Sunday October 23, '05 at
approx. 9:45am. So basically in the PCBUTTS1 version, PCBUTTS1 he had replaced the string
'noahdfear' in banner notifications but had failed to search for all occurances of the
string 'noahdfear' and replace them.

He subsequently pulled it of his web site. If you load all of this groups headers and
bodies back to Oct. '05 you will see this as well as see him being caught plagiarizing
information from other sources such as information provided by Grinler of
BleepingComputers.Com.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Leythos]

In article <62c2e900ce22694cc4f6685cd02e1329@mixmaster.it>,
nobody@mixmaster.it says...
> In article <MPG.2396813bfc53e055989716@us.news.astraweb.com >
> Leythos <spam999free@rrohio.com> wrote:
> >
> > In article <29556fd0e7f20614a179de2cc8e2301c@mixmaster.it>,
> > nobody@mixmaster.it says...
> > > I'm a bit new to this group, so pardon my ignorance. I see a lot of
> > > calumny directed towards this pcbutts person. But when I follow the
> > > links to the "truth" of the matter, all I see are posts by the same
> > > people claiming the same charges against this person. I ask, where is
> > > the proof that he was banned from MS servers? Where is the proof he
> > > steals code from others?
> > >
> >
> > If you care to learn, you can follow the links below to get started,
> > they will show you the real character behind PCBUTTS.
> >
> > http://www.google.com/search?hl=en&q=pcbutts1+thief
> > http://www.velocityreviews.com/forum...-removeit.html
> > http://************/4rruwd
> >
>
> What I see are the same accusatory posts made over and over by the same
> people. Repeating the same charges ad infinitum does not lend further
> proof of their truth, except in the minds of the gullible who believe
> repetition equals proof.

No, you didn't follow them back. Why would you stop at the first layer
instead of pealing back the layers. I have you the starting point, you
need to actually go back and follow those points to their evidence. This
has been happening for many years and the PROOF has been posted from the
authors as well as others. Butts screws himself by not being technical,
not removing all of the tattletale items, and just being dishonest.
Unless you're a sock for butts or you are a friend of his, you should be
able to find the proof in about 10 minutes.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

[Gaz]

The Real Truth MVP wrote:
> You are a liar. Did you lie on purpose or are you just that stupid to
> believe those things about me. Prove your lies "script designed to
> pharm your DNS." Wow that's a new one when did make that up?
>
>
>

But you do block sites that you have had personal disagreements with in the
hosts file following installation of your software, dont you?

Gaz

[Gaz]

George Orwell wrote:
> In article <MPG.2396813bfc53e055989716@us.news.astraweb.com >
> Leythos <spam999free@rrohio.com> wrote:
>>
>> In article <29556fd0e7f20614a179de2cc8e2301c@mixmaster.it>,
>> nobody@mixmaster.it says...
>>> I'm a bit new to this group, so pardon my ignorance. I see a lot of
>>> calumny directed towards this pcbutts person. But when I follow the
>>> links to the "truth" of the matter, all I see are posts by the same
>>> people claiming the same charges against this person. I ask, where
>>> is the proof that he was banned from MS servers? Where is the proof
>>> he steals code from others?
>>>
>>
>> If you care to learn, you can follow the links below to get started,
>> they will show you the real character behind PCBUTTS.
>>
>> http://www.google.com/search?hl=en&q=pcbutts1+thief
>> http://www.velocityreviews.com/forum...-removeit.html
>> http://************/4rruwd
>>
>
> What I see are the same accusatory posts made over and over by the
> same people. Repeating the same charges ad infinitum does not lend
> further proof of their truth, except in the minds of the gullible who
> believe repetition equals proof.
>

He has admitted before that he puts changes in users hosts sites to block
legitimate anti spyware sites. The only other kind of software that behaves
in such a way, are viruses and spyware.

Gaz

[Rhonda Lea Kirk Fries]

Gaz wrote:
> The Real Truth MVP wrote:
>> You are a liar. Did you lie on purpose or are you just that stupid to
>> believe those things about me. Prove your lies "script designed to
>> pharm your DNS." Wow that's a new one when did make that up?
>>
>>
>>
>
> But you do block sites that you have had personal disagreements with
> in the hosts file following installation of your software, dont you?

He's proud of it.

Here's the most recent example.

Path:
news.eternal-september.org!motzarella.org!news.glorb.com!bigfee d2.bellsouth.net!bigfeed.bellsouth.net!news.bellso uth.net!flpi089.ffdc.sbc.com!prodigy.net!flpi088.f fdc.sbc.com!prodigy.com!flpi107.ffdc.sbc.com!nlpi0 65.nbdc.sbc.com.POSTED!1244ae27!not-for-mail
From: "The Real Truth MVP" <toidi@tpap.com>
Newsgroups: alt.privacy.spyware
References: <XJSdnbLs_obnoWLVnZ2dnUVZ_uWdnZ2d@comcast.com>
<Xns9B3F765ADE37AHHI2948AJD832@69.16.185.247>
<WP-dnTffr_eI02LVnZ2dnUVZ_qHinZ2d@comcast.com>
<bJLLk.3660$D32.2805@flpi146.ffdc.sbc.com> <gdre9f$3c1$1@aioe.org>
<3cudndcsrJ-7PJzUnZ2dnUVZ_vCdnZ2d@giganews.com>
<gdseap$hro$1@blackhelicopter.databasix.com>
In-Reply-To: <gdseap$hro$1@blackhelicopter.databasix.com>
Subject: Re: Ping: Dustin Cook
Lines: 73
Organization: http://pcbutts1-therealtruth.blogspot.com/
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=response
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Windows Mail 6.0.6001.18000
X-MimeOLE: Produced By Microsoft MimeOLE V6.0.6001.18049
X-Antivirus: avast! (VPS 081024-0, 10/24/2008), Outbound message
X-Antivirus-Status: Clean
Message-ID: <UrkMk.4709$c45.2611@nlpi065.nbdc.sbc.com>
NNTP-Posting-Host: 75.54.139.217
X-Complaints-To: abuse@prodigy.net
X-Trace: nlpi065.nbdc.sbc.com 1224856436 ST000 75.54.139.217 (Fri, 24
Oct 2008 09:53:56 EDT)
NNTP-Posting-Date: Fri, 24 Oct 2008 09:53:56 EDT
X-UserInfo1:
TSU[@I_AOPT[BW\[ZBNB^^UDEB\@PD\MNPWZKB]MPXHJUZ]CDVW[AKK[J\]^HVKHG^EWZHBLO^[\NH_AZFWGN^\DHNVMX_DHHX[FSQKBOTS@@BP^]C@RHS_AGDDC[AJM_T[GZNRNZAY]GNCPBDYKOLK^_CZFWPGHZIXW@C[AFKBBQS@E@DAZ]VDFUNTQQ]FN
Date: Fri, 24 Oct 2008 06:53:54 -0700
X-Old-Xref: news.eternal-september.org alt.privacy.spyware:17315

Yes I do. She jumped on the troll bandwagon and I warned her I was going
to
do that. She ignored me.


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/




"Rhonda Lea Kirk Fries" <nimue@databasix.com> wrote in message
news:gdseap$hro$1@blackhelicopter.databasix.com...
> David H. Lipman wrote:
>> From: "---Fitz---" <fitz@invalid.com>
>>
>>> "The Real Truth MVP" <toidi@tpap.com> wrote in message
>>> news:bJLLk.3660$D32.2805@flpi146.ffdc.sbc.com...
>>>> Dustin's assessment of my Remove-it program is flawed. The only
>>>> correct think he said about it was that it is a batch file. The
>>>> only intentional errors/markers placed in it are mine the ones I
>>>> put in it to track who was stealing it. I know which one they are.
>>>> Try asking him which ones he is talking about to try and prove what
>>>> he says. The program is all mine and it is totally different then
>>>> any other tool out there and it does a lot more then most including
>>>> MBAM. There are no false positives in Remove-it. it will clean your
>>>> system of malware in less then 10 minutes, compare that to
>>>> everybody else's that takes hours. Remove-it will set a restore
>>>> point prior to making any changes, it will modify your hosts file
>>>> and protect it from being changed by rogue malware.
>>
>>> Does your hosts file block the MVP sites and other legit malware
>>> tools?
>>
>> From Butts' Hosts file...
>>
>> # [Thieves and trolls]
>> 127.0.0.1 www.pctipp.ch
>> 127.0.0.1 pctipp.ch
>> 127.0.0.1 www.raymond.cc
>> 127.0.0.1 raymond.cc
>> 127.0.0.1 www.claymania.com
>> 127.0.0.1 claymania.com
>> 127.0.0.1 www.elephantboycomputers.com
>> 127.0.0.1 elephantboycomputers.com
>
> He blocks Malke? Oh my sides.
>
>> 127.0.0.1 www.it-mate.co.uk
>> 127.0.0.1 it-mate.co.uk
>> 127.0.0.1 mysteryfcm.co.uk
>> 127.0.0.1 www.mysteryfcm.co.uk
>> 127.0.0.1 www.internetinspiration.co.uk
>> 127.0.0.1 internetinspiration.co.uk
>> 127.0.0.1 www.mvps.org
>> 127.0.0.1 mvps.org
>> 127.0.0.1 bughunter.it-mate.co.uk
>> 127.0.0.1 www.bughunter.it-mate.co.uk
>> 127.0.0.1 www.siri.geekstogo.com
>> 127.0.0.1 siri.geekstogo.com
>> 127.0.0.1 siri.urz.free.fr
>> 127.0.0.1 www.siri.urz.free.fr
>> 127.0.0.1 noahdfear.geekstogo.com
>> 127.0.0.1 www.noahdfear.geekstogo.com
>
> What a pathetic, stupid little man Christopher Butts is.
>
> --
> Rhonda Lea Kirk Fries
>
> "You know you can indict a ham sandwich if you want to."
> William J. Martini, Judge, United States District Court
>
--
Rhonda Lea Kirk Fries

"You know you can indict a ham sandwich if you want to."
William J. Martini, Judge, United States District Court

[Rhonda Lea Kirk Fries]

George Orwell wrote:
> In article <492b6260.1087743828@news.webtv.com>
> Andy Walker <awalker@nspank.invalid> wrote:
>>
>> The Real Truth MVP wrote:
>>
>>> Use my Remove-it software, it will remove that malware from your
>>> system. Choose yes for all options when prompted. Download it here
>>> http://pcbutts1.com/downloads/tools/tools.htm
>>
>> "Lil' Abner", PCButts is hosting a pirated batch file that has been
>> modified to prevent you from seeking help from respected anti-malware
>> web sites. You should never use any software downloaded from the
>> ocbuts1.com domain, or any of its other domains for that matter. The
>> PCButts1 "Remove-It software" is a trojan anti-malware script
>> designed to pharm your DNS.
>>
>> Interesting read here
>>
>> http://************/67ppo4
>> or
>> http://www.microsoft.com/communities...r=us&sloc=&p=1
>>
>> and here
>>
>> http://www.f-secure.com/weblog/archives/00001474.html
>>
>> The F-Secure boot cd is a linux based virus scanner that will scan
>> windows systems without having to load any of the windows OS. I would
>> use this first followed by Malwarebytes to remove the refuse. You
>> can also run other anti-malware products and AV scans - the more you
>> use the more you could potentially catch.
>
> I'm a bit new to this group, so pardon my ignorance. I see a lot of
> calumny directed towards this pcbutts person. But when I follow the
> links to the "truth" of the matter, all I see are posts by the same
> people claiming the same charges against this person. I ask, where is
> the proof that he was banned from MS servers?

There are posts to this effect. You can probably find them in google if
you're willing to take the time to search for them.

> Where is the proof he steals code from others?

Again, the evidence is in google. But you don't need to bother with
that. Feel free to use what Butt**** offers. It's your computer, after
all.

> As for his site being blocked by some Host
> files, I have a feeling some of the same people in here have strong
> input to these Host files. If he is a malware writer,

No one has accused him of writing malware; he's not smart enough to
write malware.

> it seems to me
> it would be a simple matter to prove it to his Website hosting company
> and have his site pulled - and law enforcement notified as to his
> damaging computers belonging to others.

That would only be if he were writing malware.

--
Rhonda Lea Kirk Fries

"You know you can indict a ham sandwich if you want to."
William J. Martini, Judge, United States District Court

[The Real Truth MVP]

You can post that BS all day long that does not make it true. Explain to
everybody how you got caught here
The Troll has gone crazy
http://pcbutts1-therealtruth.blogspot.com/
The truth about the David Lipman Troll
http://www.google.com/search?sourcei...xtraordinaire+


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/




"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:veadnaMr2ugOpbDUnZ2dnUVZ_hmdnZ2d@giganews.com ...
> From: "George Orwell" <nobody@mixmaster.it>
>
>
>
> | I'm a bit new to this group, so pardon my ignorance. I see a lot of
> | calumny directed towards this pcbutts person. But when I follow the
> | links to the "truth" of the matter, all I see are posts by the same
> | people claiming the same charges against this person. I ask, where is
> | the proof that he was banned from MS servers? Where is the proof he
> | steals code from others? As for his site being blocked by some Host
> | files, I have a feeling some of the same people in here have strong
> | input to these Host files. If he is a malware writer, it seems to me
> | it would be a simple matter to prove it to his Website hosting company
> | and have his site pulled - and law enforcement notified as to his
> | damaging computers belonging to others.
>
>
> | Il mittente di questo messaggio|The sender address of this
> | non corrisponde ad un utente |message is not related to a real
> | reale ma all'indirizzo fittizio|person but to a fake address of an
> | di un sistema anonimizzatore |anonymous system
> | Per maggiori informazioni |For more info
> | https://www.mixmaster.it
>
> It isn't a case of him distributing malicious code. He is acting
> maliciously in stealing
> the works of others and then defaming those who confront him with the
> facts. His blocking
> of legitimate sites in revenge of those who confront him is malicious and
> tortious.
>
> I caught Butts plagiaring SmitRem by Noahdfear in October 2005.
>
> I examined the code and I new it was too complex for PCBUTTS1. I searched
> the Internet
> and found the SmitRem.EXE file by Dave (Aka, noahdfear --
> http://noahdfear.geekstogo.com ). I examined and scrutinized both
> utilities and while
> they were two different revision levels, I had no doubt that the were the
> same based upon
> noahdfear's v2.2 code. Once I searched for the string 'noahdfear' in the
> RunThis.bat
> batch file there was no longer any doubt that this was plagiarised code.
>
>
> PCBUTTS1 version...
>
>
> :notice
> color 1F
> cls
> @echo off
> echo.
> echo.
> echo.
> echo ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
> echo º º
> echo º Trojan-Spy.HTML.smitfraud.c Killer º
> echo º º
> echo º by pcbutts1 º
> echo º º
> echo º version 2.2 º
> echo º º
> echo ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
> echo.
> echo This tool was tailored to kill smitfraud.c and variants
> echo.
> echo If you do not trust the source, close this window.
> echo.
> echo pcbutts1 does not assume any liability
> echo.
> echo for damage or loss from running this tool
> echo.
> echo Use at your own risk!!
> echo.
> echo.
> echo.
> echo.
> pause
> cls
>
>
> Noahdfear's version...
>
>
> :notice
> color 1F
> cls
> @echo off
> echo.
> echo.
> echo.
> echo ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ»
> echo º º
> echo º Trojan-Spy.HTML.smitfraud.c Killer º
> echo º º
> echo º by noahdfear º
> echo º º
> echo º version 2.7 º
> echo º º
> echo ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ
> echo.
> echo This tool was tailored to kill smitfraud.c and variants
> echo.
> echo If you do not trust the source, close this window.
> echo.
> echo noahdfear does not assume any liability
> echo.
> echo for damage or loss from running this tool
> echo.
> echo Use at your own risk!!
> echo.
> echo.
> echo.
> echo.
> pause
> cls
>
>
> Found in PCBUTTS1 version...
>
>
> echo.>>%systemdrive%\smitfiles.txt
> echo smitRem log file>>%systemdrive%\smitfiles.txt
> echo version 2.2>>%systemdrive%\smitfiles.txt
> echo.>>%systemdrive%\smitfiles.txt
> echo by noahdfear>>%systemdrive%\smitfiles.txt
> echo.>>%systemdrive%\smitfiles.txt
>
>
> I downloaded the files from the PCBUTTS1.Com web server on Sunday October
> 23, '05 at
> approx. 9:45am. So basically in the PCBUTTS1 version, PCBUTTS1 he had
> replaced the string
> 'noahdfear' in banner notifications but had failed to search for all
> occurances of the
> string 'noahdfear' and replace them.
>
> He subsequently pulled it of his web site. If you load all of this groups
> headers and
> bodies back to Oct. '05 you will see this as well as see him being caught
> plagiarizing
> information from other sources such as information provided by Grinler of
> BleepingComputers.Com.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>

[Leythos]

Why does your batch file contain items that are not related to actual
malware that were included over the years as markers to prove you stole
it?


--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)