BugHunter Site Update
Dustin Cook
Just a short note to let you know I've finally set the site back up the way
it was on atspace. All documentation concerning Bughunter can be read
online via the site. All links open in a seperate window.. You know the
drill. Enjoy!
--
Dustin
Author of BugHunter - MalWare Removal Tool
http://bughunter.it-mate.co.uk
Mary Snow
news:Xns97FA177AA74...@69.28.186.121:
> Hi All.
>
> Just a short note to let you know I've finally set the site back up
> the way it was on atspace. All documentation concerning Bughunter can
> be read online via the site. All links open in a seperate window.. You
> know the drill. Enjoy!
Ewwwwwwww cor! Why would any one do a web page about nasty little creepy
crawlers? I always hit them with the heel of my shoe when I see one in the
House!
Mary
Dustin Cook
news:Xns97FA1C0F69D...@217.22.228.20:
> Ewwwwwwww cor! Why would any one do a web page about nasty little
> creepy crawlers? I always hit them with the heel of my shoe when I see
> one in the House!
Haha.
SgtMinor
> Hi All.
>
> Just a short note to let you know I've finally set the site back up the way
> it was on atspace. All documentation concerning Bughunter can be read
> online via the site. All links open in a seperate window.. You know the
> drill. Enjoy!
>
>
If readability is important, consider black text on a white
background. I clicked on your site, and was so turned off by the
white on black that I spent less than three seconds looking at it.
Penn...@derrymaine.gov
|>Hi All.
|>
|>Just a short note to let you know I've finally set the site back up the way
|>it was on atspace. All documentation concerning Bughunter can be read
|>online via the site. All links open in a seperate window.. You know the
|>drill. Enjoy!
You might mention this is for Win98 only, yet has paths for a Win2000
this is a work in progress (not Beta).
Only thing keeps this from being a trojan is it doesn't install
itself.
This is a help group and folks should be aware this program could
really screw them up.
bughunte...@gmail.com
SgtMinor wrote:
> If readability is important, consider black text on a white
> background. I clicked on your site, and was so turned off by the
> white on black that I spent less than three seconds looking at it.
Sorry.
I'll look into that for you.
bughunte...@gmail.com
Penn...@DerryMaine.Gov wrote:
> You might mention this is for Win98 only, yet has paths for a Win2000
> this is a work in progress (not Beta).
BugHunter isn't for win98 only, what made you think so? All programs
are a work in progress, hun.
> Only thing keeps this from being a trojan is it doesn't install
> itself.
In what possible way? BugHunter has been evaluated by many antivirus
persons from alt.comp.virus and temerc.com, It's certainly not a
trojan. Would you mind explaining why you seem to think it is?
> This is a help group and folks should be aware this program could
> really screw them up.
This program won't screw them up anymore so then adaware, spybot or
their respected antivirus program/firewall.
I don't mind constructive critism, when it's correct.
Regards,
Dustin Cook
http://bughunter.it-mate.co.uk
bughunte...@gmail.com
SgtMinor wrote:
> If readability is important, consider black text on a white
> background.
Fixed. Sorry about the readability issue. You shouldn't find the site
such an eyesore at this point.
--
Regards,
Dustin
http://bughunter.it-mate.co.uk
Penn...@derrymaine.gov
|>
|>Penn...@DerryMaine.Gov wrote:
|>
|>
|>> You might mention this is for Win98 only, yet has paths for a Win2000
|>> this is a work in progress (not Beta).
|>
|>BugHunter isn't for win98 only, what made you think so? All programs
|>are a work in progress, hun.
You really don't know...
it will only run on C drive as does Win98 (ok you can get to another
partition but it takes work) Your ini paths are Win98
"C:\WINDOWS\COMMAND"
|>> Only thing keeps this from being a trojan is it doesn't install
|>> itself.
|>In what possible way? BugHunter has been evaluated by many antivirus
|>persons from alt.comp.virus and temerc.com, It's certainly not a
|>trojan. Would you mind explaining why you seem to think it is?
Running any of the REG files would screw anybody with their os on
another Partition. The autoexec.bat is assuming too much to the point
of having ADOBEC~1 (whatever that is) installed - none of these are my
directories:
(autoexec.nt)
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\SYSTEM32\COMMAND.COM
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP
SET CLASSPATH=C:\PROGRA~1\PHOTOD~1.1\ADOBEC~1
- even under Win98 my temp dirge was c:\temp
|>> This is a help group and folks should be aware this program could
|>> really screw them up.
|>This program won't screw them up anymore so then adaware, spybot or
|>their respected antivirus program/firewall.
Your config.nt is even wrong - but you started to get a clue
(%SystemRoot%\system32)
dos=high, umb
device=%SystemRoot%\system32\himem.sys
files=40
Himem.sys must be loaded first before dos can be placed high. This
file is harmless as it won't do anything.
|>I don't mind constructive critism, when it's correct.
It needs work
|>Regards,
|>Dustin Cook
|>http://bughunter.it-mate.co.uk
--
Guy did it, started with a paper clip and traded up to a house
http://oneredpaperclip.blogspot.com/
Penn...@derrymaine.gov
|>dirge
drive
Dustin
news:u9rva29d692nt3u1d...@4ax.com:
> You might mention this is for Win98 only, yet has paths for a Win2000
> this is a work in progress (not Beta).
BugHunter works with virtually all versions of Windows, and is not
designed for one over the other, as the documentation clearly states.
Windows98 would have no use for *.NT files, which BugHunter includes for
proper operation under win2k/xp. BugHunter will be updated as new malware
samples are collected, and the engine may be updated as well to deal with
them. BugHunter relies on technology similiar to that of a virus scanner,
so there is a real need for occasionally updating it. It's retro-active.
A work in progress, no, a security related utility with an updatable
database and engine, yes.
> Only thing keeps this from being a trojan is it doesn't install
> itself.
A trojan is a program which claims to do one thing, and does something
else. BugHunter only does what I have said it will do in the
documentation and online. The program has been examined by many in the
antivirus/antispyware fields, and no trojan like activity has been
reported thus far.
> This is a help group and folks should be aware this program could
> really screw them up.
As such, people shouldn't mislead others either. I'm not sure if you did
this intentionally or you just didn't understand the documentation...
Dustin
@4ax.com:
> it will only run on C drive as does Win98 (ok you can get to another
> partition but it takes work) Your ini paths are Win98
> "C:\WINDOWS\COMMAND"
I really think you missed this:
(it's in the documentation, and the .ini file plainly states recursive is
on by default.)
By Default, BugHunter is preset to do a fully recursive scan on any
drives connected or mapped to your computer. This will cause a slight
delay and a notice to appear on your screen, informing you of the data
collection process. BugHunter is having LOCATE.COM map your directories
and store this information into a temporary file for BugHunter's use.
> Running any of the REG files would screw anybody with their os on
> another Partition. The autoexec.bat is assuming too much to the point
> of having ADOBEC~1 (whatever that is) installed - none of these are my
> directories:
The *.nt files are not .reg files, they are rarely required, and you
should only use mine if you don't actually have them. Windows will
complain they are missing when you try to run bughunter if you don't.
FIXSPY.REG won't screw anybody with anything, actually.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\SharedTaskScheduler]
"{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}"=-
"{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}"=-
"{24c60b9b-26b5-4201-9f7a-fb9219356ae9}"=-
"{64ba30a2-811a-4597-b0af-d551128be340}"=-
"{70fbd528-2d3c-4a00-9b8c-bbf441e534be}"=-
[-HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-
13D0AC72D19D}]
[-HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{A2D9D3F0-8C2A-2A1D-A376-
1BECFB10AB72}]
[-HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{24c60b9b-26b5-4201-9f7a-
fb9219356ae9}]
[-HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{64ba30a2-811a-4597-b0af-
d551128be340}]
[-HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{70fbd528-2d3c-4a00-9b8c-
bbf441e534be}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpyFalcon"=-
"SpyAxe"=-
It has no hard coded partition references, it's designed to remove bogus
SpywareFalcon/spaxe/spyware quake bubble error windows found on windows
xp.
The 2klogin.reg and xplogin.reg do assume default partitions and
installations, but they can be edited if this doesn't match the users
needs. The chances of actually having to use them tho are fairly small.
That particular malware program isn't seen much itw anymore.
> (autoexec.nt)
> SET windir=C:\WINDOWS
> SET winbootdir=C:\WINDOWS
> SET COMSPEC=C:\WINDOWS\SYSTEM32\COMMAND.COM
> SET PROMPT=$p$g
> SET TEMP=C:\WINDOWS\TEMP
> SET TMP=C:\WINDOWS\TEMP
> SET CLASSPATH=C:\PROGRA~1\PHOTOD~1.1\ADOBEC~1
>
> - even under Win98 my temp dirge was c:\temp
>
>|>> This is a help group and folks should be aware this program could
>|>> really screw them up.
>
>|>This program won't screw them up anymore so then adaware, spybot or
>|>their respected antivirus program/firewall.
>
> Your config.nt is even wrong - but you started to get a clue
> (%SystemRoot%\system32)
The user can simply create two 0byte files with the names config.nt and
autoexec.nt and place them into the windows system32 folder to allow
bughunter to execute. The files i include are just to allow bughunter to
run, they should not be used for anything else; and this is covered in
the documentation. IE: BugHunter doesn't use high memory.
> It needs work
So far, you've pointed out one problem with one registry file, and two
minor issues with the included .nt files. I'll be happy to consider your
suggestions for the included support files, but I don't think you'll find
that BugHunter is harmful. I do however recommend reading the
documentation before you use the program.
Rectum Burnne
news:u9rva29d692nt3u1d...@4ax.com:
While you're at it, will you shave your ass and paint it red?
Rectum Burrrn
bughunte...@gmail.com
Penn...@DerryMaine.Gov wrote:
> |>> You might mention this is for Win98 only, yet has paths for a Win2000
> |>> this is a work in progress (not Beta).
> |>
> |>BugHunter isn't for win98 only, what made you think so? All programs
> |>are a work in progress, hun.
>
> You really don't know...
>
> it will only run on C drive as does Win98 (ok you can get to another
> partition but it takes work) Your ini paths are Win98
> "C:\WINDOWS\COMMAND"
That's also the default windows XP installation folder, as is windows
ME. I've snipped the rest since I've already responded to it
previously.
The other ini file is preset for c:\winnt, default installation folder
for win2k,nt4.
Penn...@derrymaine.gov
|>> This is a help group and folks should be aware this program could
|>> really screw them up.
|>As such, people shouldn't mislead others either. I'm not sure if you did
|>this intentionally or you just didn't understand the documentation...
Hey I wish you luck on this, but it's not ready for prime time.
Practicing Safe hex one does not run 9k files that look like this:
***** ANSI SECTION *****
000001DB: Lc QH
00000236: Ws
2
0000032E: U7SPr
00000461: RHYi
00000706: 7C d
00000760: 2eD
00000783: yaaO
00000805: lmoJ
00000C61: hOOH
00000D64: LBYC
00001032: OPXQR
00001071: XSQ3
00001119: 3sUc
00001156: WUVo
000011A5: Ccom
000011D4: BUGcH
000011EB: Fg d
000011F1: ahse.
00001210: fYl
00001216: vsjm
00001276: xmN0
000012E7: nsMloMd
00001314: FULb7CR
00001327: done
00001348:
rec2to
0000135A: Bma
00001368: Yuws.
0000137D: hienc#
0000139A: .a0I1
000013AA: O9ly
000013B3:
dI
-
000013BF: F0lw
00001479: #7 T4m
000014C1: [
dLO
000014FD: sult
00001557: tJFC
000015AA: RXFIw
0000167E:
4plNM
0000169A: vbx
00001742: CIkt
0000176A: !dwfr
00001778: VW0M9Mk
000017EA: FtCW
00001809: K yWIN
00001864: D IRrML4
0000187E: NHrm
000018D8: ekJG
000018F9: J
uIl
00001A68: LnEW
00001ACB: 1SQRW
00001B42: OMSPEe
00001BBE: GC
Iu
00001C35: GUws0
00001CEE: 0GVz
00001D05: °LAL4
00001E27: HFB0
00001EC0: KdVP+
00001F73: VW0R
00001FD3: i52Z
00002089: XSQ3
00002167: +0qr4:
00002171: WUQV
***** UNICODE SECTION *****
--
http://www.newscientistspace.com/article.ns?id=mg18524911.600
bughunte...@gmail.com
Penn...@DerryMaine.Gov wrote:
> Hey I wish you luck on this, but it's not ready for prime time.
Hehe, It's not intended to replace the tools already available, it's
designed to accompany them. For users who find console a frightening
place to be, it's not going to go over well with them anyway. For users
who are comfortable repairing computers at slightly more then a novice
skill level, BugHunter shouldn't be any trouble to make use of.
> Practicing Safe hex one does not run 9k files that look like this:
>
> ***** ANSI SECTION *****
[snip]
Both the executable and it's database resist snooping and tampering by
those with a hex editor or debugger. You won't find any value hex
editing either of them. 9kilobytes is efficient programming in DOS,
not Windows. :) BugHunter only contains what it needs to do as it's
designed. In fact, it could be made smaller if I had wrote it entirely
in assembler. The database however will soon be larger than the
executable currently is. I have no issues with your safe hex, if your
untrusting of the program and you have access to vmware, run it under
that environment, you should find it's quiet harmless.
Btw, I have altered the .nt files to be suitable regardless of your
installation path, and i've adjusted the documentation to stress that
the included 2klogin and xplogin.reg files are hardcoded for default
installations and must be edited before use if that is not so with the
users system.
An upcoming change may create the files as needed on the fly with the
installation path already coded for the user. You will be credited in
the documentation for the suggestion, if you'd like?
--
Regards,
Penn...@derrymaine.gov
|>
|>Penn...@DerryMaine.Gov wrote:
|>
|>> Hey I wish you luck on this, but it's not ready for prime time.
|>
|>Hehe, It's not intended to replace the tools already available, it's
|>designed to accompany them. For users who find console a frightening
|>place to be, it's not going to go over well with them anyway. For users
|>who are comfortable repairing computers at slightly more then a novice
|>skill level, BugHunter shouldn't be any trouble to make use of.
|>
|>> Practicing Safe hex one does not run 9k files that look like this:
|>>
|>> ***** ANSI SECTION *****
|>[snip]
|>
|>Both the executable and it's database resist snooping and tampering by
|>those with a hex editor or debugger.
It's been encrypted, I know and why I won't...
|>You won't find any value hex
|>editing either of them. 9kilobytes is efficient programming in DOS,
|>not Windows. :) BugHunter only contains what it needs to do as it's
|>designed. In fact, it could be made smaller if I had wrote it entirely
|>in assembler. The database however will soon be larger than the
|>executable currently is. I have no issues with your safe hex, if your
|>untrusting of the program and you have access to vmware, run it under
|>that environment, you should find it's quiet harmless.
|>
|>Btw, I have altered the .nt files to be suitable regardless of your
|>installation path, and i've adjusted the documentation to stress that
|>the included 2klogin and xplogin.reg files are hardcoded for default
|>installations and must be edited before use if that is not so with the
|>users system.
|>
|>An upcoming change may create the files as needed on the fly with the
|>installation path already coded for the user. You will be credited in
|>the documentation for the suggestion, if you'd like?
SET COMSPEC=%SystemRoot%\SYSTEM32\COMMAND.COM
Doesn't work under XP
(your program is going to have to use CMD)
A DOS way to screw with someone was to type PATH - nothing would work
after that, as it removed all the paths and a reboot was in order.
Specifying a path in your autoexec.nt will do the same; erase the
users paths and use what the autoexec.nt has (the wrong ones)
If a user needs autoexec.nt or config.nt it will already be installed.
The Config.nt wasn't your fault, MS got it wrong - I forgot about
that.
--
Old Lady Pownz Mercedes Guy
http://tinyurl.com/mm9u6
ellis_jay
Well, someone knows what the hell you and the Bughunter guy are
babbling -and it sure the hell ain't me!!--But a good
read..................I will leave the programming stuff to you'zzs-and walk
on the stay on my side of my world.
"Ain't usage great?"
____PimpDaddy
--
Let the unseen day be. Today is more than enough.
___Sador the carpenter to Turin
Tolkien, The Unfinished Tales
Ellis_Jay
bughunte...@gmail.com
Penn...@DerryMaine.Gov wrote:
> SET COMSPEC=%SystemRoot%\SYSTEM32\COMMAND.COM
> Doesn't work under XP
> (your program is going to have to use CMD)
Actually, it does. BugHunter can make use of almost any command
interpreter, cmd.exe or command.com make no difference for it. I've
already tested the .nt files before repackaging them, they work.
> A DOS way to screw with someone was to type PATH - nothing would work
> after that, as it removed all the paths and a reboot was in order.
A reboot was in order for what? Just run autoexec.bat again...
> Specifying a path in your autoexec.nt will do the same; erase the
> users paths and use what the autoexec.nt has (the wrong ones)
The autoexec.nt file is only for that session, it's not a global
effect.
> If a user needs autoexec.nt or config.nt it will already be installed.
Not necessarily true. If the oem/vendor thought ahead of time, yes.
Otherwise, no. If I didn't have to include some mention and default
files for systems that didn't come with it, I wouldn't. That's not the
case however. The .nt files included with bughunter are only to be used
to get bughunter up and running, they shouldn't be relied on to get
your old dos games access to your soundcard under emulation. If a user
has to use my files, he or she isn't missing dos anyway.
> The Config.nt wasn't your fault, MS got it wrong - I forgot about
> that.
I didn't think it was worth making a big deal over. :)