Virusburst
in [Spyware]
|
From: pcbutts1 on 4 Jan 2007 20:21 You are forgetting that this is just a tool that targets only a certain kind of spyware. Spyerase does automatically in 2 minutes what could be done manually in a few hours. It only removes known verified spyware files. In case of new variants most are not added until verified by others including virus total. There a very few exceptions like the files you sent me. Any damage done by spyerase can be repaired by us so far there have been none. -- Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads The list grows. Leythos the stalker http://www.leythosthestalker.com, David H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell "Dustin Cook" <spamfilterineffect.see.sig(a)nowhere.com> wrote in message news:Xns98AEC92AE1B68HHI2948AJD832(a)69.28.186.121... > "pcbutts1" <pcbutts1(a)leythosthestalker.com> wrote in > news:5PSdnRSupPG5AADYnZ2dnUVZ_qWvnZ2d(a)giganews.com: > >> Before those files are added to Spyerase they are checked and >> confirmed not to be system files on 4 different systems Win2000, XP, >> server, both laptops and desktops. We are now running tests with >> Vista. There have been zero reports from anyone so far but we do keep >> backups just in case. We even fix the damage caused by the real >> thief's roguefix > > pcbutts, > > The point I made was the fact your script is hard coded to look for > filenames, not content. A malicious program could easily (if one should be > so inclined) rename valid system files as something from your script; if > the user uses your script, his/her system would be at risk of harm. Not > only from whatever malicious software they've acquired, but your script's > attempt to remove it could have dire consequences. > > While this would have to be a targetted attack, the fact remains it could > be done. You really, should not, rely on a filename to tell you what the > file actually is. > > > > -- > Dustin Cook > Author of BugHunter - MalWare Removal Tool -V2.0 > web: http://bughunter.it-mate.co.uk > email: bughunter.dustin(a)gmail.com.removethis > Last updated: January 4th, 2007
From: Chaz P. Klinder on 4 Jan 2007 20:50 pcbutts1 wrote: > You f**king troll, If what you believe is true it would have already > happened. What I say IS true TOLERATE it fool. > Your are suffering from False Logic. Just because you have gotten away with your abuse and crimes does NOT make you innocent. You are guilty on every count including, but not limited to, the fact you are Christopher Butts and you are male and not female. Almost everything you say is either just plain false from a lack of knowledge or a clear lie !
From: Dustin Cook on 4 Jan 2007 20:55 "pcbutts1" <pcbutts1(a)leythosthestalker.com> wrote in news:TeKdnbA-hsK1NQDYnZ2dnUVZ_qGjnZ2d(a)giganews.com: > You are forgetting that this is just a tool that targets only a > certain kind of spyware. Spyerase does automatically in 2 minutes what Pcbutts, It wouldn't matter if your tool targetted mspaint; As long as it did so via content analysis, and not filename alone. That's the point i've tried to make. > could be done manually in a few hours. It only removes known verified > spyware files. In case of new variants most are not added until Verified how? Your script makes no effort to hash them, no comparison of any sort is done. If any file with a matching name is in a folder you specify, you delete it. You don't make backup copies before hand, you don't rename it, you simply delete it. > verified by others including virus total. There a very few exceptions > like the files you sent me. Any damage done by spyerase can be > repaired by us so far there have been none. The files I sent you are malware, but they change their names when they execute. However, the content stays the same. Your script doesn't compensate for something like this because you don't check the file contents. -- Dustin Cook Author of BugHunter - MalWare Removal Tool -V2.0 web: http://bughunter.it-mate.co.uk email: bughunter.dustin(a)gmail.com.removethis Last updated: January 4th, 2007
From: Nick Skrepetos on 4 Jan 2007 21:09 pcbutts1 wrote: > Before those files are added to Spyerase they are checked and confirmed not > to be system files on 4 different systems Win2000, XP, server, both laptops > and desktops. We are now running tests with Vista. There have been zero > reports from anyone so far but we do keep backups just in case. We even fix > the damage caused by the real thief's roguefix file. > > -- > Out of curiosity, on Vista how are you getting around the security restrictions imposed by Vista when trying to delete files out of certain folders? And the fact that certain folders and registry keys are virtualized? Do you require your batch file to be run with administrator privs? What if they have UAC on? Nick Skrepetos SUPERAntiSpyware.com http://www.superantispyware.com
From: pcbutts1 on 4 Jan 2007 22:08
Dustin the files are analyzed and checked and verified here in my office test lab. Our test boxes are infected for weeks at a time and then checked for changes they are constantly monitored and not with just one infection but two and three at a time. We know what these files are and what they do and how they change. I understand what you are saying but you need to understand what we do to prevent from happening what you say can happen. Yes it can happen but we guard against it. For example. a few months ago we found a file that is not a windows file but a legitimate file if it is deleted it will break your system, however only if you have certain software installed. We find these all the time. If the malware can be removed safely without deleting that file then spyerase will not delete that file. If it cannot then it will be deleted and replaced on reboot with a good clean file or the file is replaced before scanning and it will not be included in the detection database. We did however use this method to set traps for the thieves who try to steal spyerase. I will send you one such file, you analyze it and tell me if bug hunter detects it or if you know what the file does and what program uses it. You can post your answer here but don't name the file. -- Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads The list grows. Leythos the stalker http://www.leythosthestalker.com, David H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz, Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell "Dustin Cook" <spamfilterineffect.see.sig(a)nowhere.com> wrote in message news:Xns98AED47D4E8D2HHI2948AJD832(a)69.28.186.121... > "pcbutts1" <pcbutts1(a)leythosthestalker.com> wrote in > news:TeKdnbA-hsK1NQDYnZ2dnUVZ_qGjnZ2d(a)giganews.com: > >> You are forgetting that this is just a tool that targets only a >> certain kind of spyware. Spyerase does automatically in 2 minutes what > > Pcbutts, > > It wouldn't matter if your tool targetted mspaint; As long as it did so > via content analysis, and not filename alone. That's the point i've tried > to make. > >> could be done manually in a few hours. It only removes known verified >> spyware files. In case of new variants most are not added until > > Verified how? Your script makes no effort to hash them, no comparison of > any sort is done. If any file with a matching name is in a folder you > specify, you delete it. You don't make backup copies before hand, you > don't rename it, you simply delete it. > > >> verified by others including virus total. There a very few exceptions >> like the files you sent me. Any damage done by spyerase can be >> repaired by us so far there have been none. > > The files I sent you are malware, but they change their names when they > execute. However, the content stays the same. Your script doesn't > compensate for something like this because you don't check the file > contents. > > > > > -- > Dustin Cook > Author of BugHunter - MalWare Removal Tool -V2.0 > web: http://bughunter.it-mate.co.uk > email: bughunter.dustin(a)gmail.com.removethis > Last updated: January 4th, 2007 |