Worries About Stealing, etc
in [Windows Viruses]
|
From: Stuart Saunders on 13 Apr 2010 08:15 On Apr 13, 1:07 am, Virus Guy <Vi...(a)Guy.com> wrote: > Stuart Saunders wrote: > > My name is Stuart, author and distributor of the script called > > Roguefix. > > The real truth is Patrick Christopher Butts and has, since > > September 2006 copied and re-distributed the bat file initially > > in the same form but then bastardised it and merged with other > > stolen works, repackaged as Remove-it, claiming it to be his > > work. > > Stuart - thank you for responding. > > Let me ask you this: > > To your knowledge, does the PC Butts software (Remove-it, or other) > contain any malicious code or anything that would or could be a security > concern to an end-user? > > Does the PC Butts software (in it's entirety) function as a compentent > malware scanner / removal utility? Virus Guy: Any utility which blocks access to legitimate (mainly security related) websites and disables/interferes/prevents the running of malware scanners is, in my book at least, malware. The words 'function as a competant removal utility' and 'Remove-it' should never be used in the same sentence, its been a while since I last looked so I grabbed the version currently available. You may want to download a copy yourself as no doubt changes will be made to Remove- it shortly in his lame attempts to call me a liar which will undoubtedly follow. Rmit.exe Is the portion of Roguefix which removes files and folders belonging to the infection if they are present, with a few (often bodged) added commands of his own. It is compiled to an exe and when executed runs the batch file with a random number file name from the %user%/Local Settings/Application Data/Temp directory. The compiling also hides the following associated files which are dumped into the %user%/Local Settings/Application Data Directory Beep.sys - A copy of the Microsoft file bgregfix.reg A reg file set the background registry back to the default settings and is part of Roguefix but used by Butts as a stand alone script in an attempt to give the files a different appearance. databasepath.reg A reg file to re-set the Tcpip paramaters, commonly known and available, except later in the script he runs the netsh command, and if Butts knew his stuff he would have known running this command also resets the Tcpip parameters, rendering this script pointless. In addition running the netsh command will also remove any legitimate hooks in the TCP/IP stack from firewalls, ISP's etc. exefix.reg A reg file to reset exe file associations,(which incidentally is the same script published by the No1 answer in google search for exe associations) and is totally useless within this context . . . if the exe file associations were changed, the rmit.exe would not run therefore the script to repair the exe associations would not also . . . just a little insight to his actual level of skills/knowledge. HOSTS a copy of the mvps hosts file written by winhelp2002 with lines added to block access to websites owned by those he steals code from, those who expose him and Malwearebytes Antimalware. Hpregfix.reg A reg file to re-set the homepage taken from the Roguefix script and used as a stand alone script in an attempt to give the file a different appearance. However as Roguefix began its life as a small script to remove the Rogue Spy Falcon, targeted for users of the AOL UK message boards which I frequented, the file (and subsequently Butts utilities) actually set the homepage to MSN.CO.UK - maybe Butts can explain why he does this when he is in the U.S. IEDef.reg A script written by Shadowputerdude to remove registry keys to a Rogue called IEDefender. The script was updated to include other variants, however upon finding out Butts was copying it the author compiled the script to prevent the plagiarising. This Rogue has not been seen for at least 2 years and running the script is totally pointless. Nfig.reg A reg script which removes some system and Explorer registry values (irrespective of whether or not they have been changed) and does not replace them with default values. It also removes some registry keys for 4 variants of the Bagle worm, I dont know where he stole this one from but as it would have been normal for an author to just add keys to their existing reg file as opposed to making a new one using a different coding style, it is clear it has just been lifted from another website/person. Process.exe A program written and available from BeyondLogic, added to the package because it is used by the IEDef script, nothing else in the script uses it and as the outdated version of IEDef is pointless, the inclusion of Process.exe is also a waste of space. Regf.reg - Another pointless reg file which resets several registry values that are reset by other files within your package. Remove-it restorepoint.vbs This one is quite funny, a script to create a restore point but exposes his lack of knowledge as it does not actually run, he cannot even add a simple run command. All that happens is the script opens in notepad. It also shows that no one actually uses Remove-it, otherwise someone would have let you know. Remregfix.reg Is the reg file created by Roguefix to remove keys and values for the files/infections it removes. s.reg A reg file to remove the registry keys and values belonging to Malwarebytes Anitmalware, a legitimate scanner with something Butts will never have, a good reputation. scan.exe A copy of mrt.exe, The Microsoft Windows Malicious Software Removal Tool, renamed as scan.exe. At what point does he let the end user know what is actually running as opposed to fooling them into believing Remove-it is actually doing something useful. TDSS.bat - A batch file which will attempt to delete 6 files associated with the TDSS rootkit , , , , I bet the authors of the rootkit are worried!!! What on this earth makes him think this would have any effect on this infection? another total waste of space. Tskill.exe Microsoft file added by Butts after wrongly thinking it will make the script work with Windows 2000, the script wont work on 2000 but it has nothing to do with tskill, its much more basic than that..... but still beyong Butts understanding, Pointless addition to the bundle. its not rocket science, which is a shame otherwise his work colleagues might have helped him out! Butts . . . as you gave one of your 'If I shout, swear and insult loud enough I can detract from the issue' posts I will repeat it, please provide a marker which you claim to have put in the script that is in the script I distribute Stuart
From: Leythos on 13 Apr 2010 20:30
In article <hq31k1$t3e$1(a)leythos.motzarella.org>, trt(a)void.com says... > If you leave now I promise to not embarrass you so much in the future. > You have only embarrassed yourself - being unable to dispute the markers put in the file you distributed that named you a thief. -- You can't trust your best friends, your five senses, only the little voice inside you that most civilians don't even hear -- Listen to that. Trust yourself. spam999free(a)rrohio.com (remove 999 for proper email address) |