Trojan/Riskware Help
Starman
I went to a website (popdose.com) and it seems the website is infected with
a trojan which now has infected my computer. It has installed the following
components and I run Kaspersky and when i scan it doesn't come up with
anything, yet the results below still remain. Also one of the icons in my
toolbar (bottom right hand corner) has an icon now which keeps asking to
"your computer is now infected and windows will download special
anti-spyware tools to prefent data loss", please help and advise what I need
to do to remove this/
detected: virus Heur.Trojan.Generic (modification) URL:
http://knocklis.com/img/uet.php//uet
detected: riskware Hidden install Running process: C:\Documents and
Settings\Owner\Local Settings\Temporary Internet
Files\Content.IE5\0IY72SH5\installb[1].exe
Beauregard T. Shagnasty
> I went to a website
and multi-posted. Please don't do that. Look for a good answer in
alt.privacy.spyware
--
-bts
-Friends don't let friends drive Windows
The Real Truth MVP
Choose yes for all options when prompted. Download it here
http://www.ms-mvp.org/
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"Starman" <iknowbut...@yahoo.com> wrote in message
news:StQ5m.4115$ze1....@news-server.bigpond.net.au...
Beauregard T. Shagnasty
> Use my Remove-it stolen software,
Not a good answer.
--
-bts
-Friends don't let friends use PCButtface's stolen script
Starman
> Not a good answer.<
Why?
Is it not safe to use?
"Beauregard T. Shagnasty" <a.non...@example.invalid> wrote in message
news:h38v6t$t94$1...@news.eternal-september.org...
Beauregard T. Shagnasty
>> Not a good answer.<
>
> Why?
>
> Is it not safe to use?
Buttface stole the script (it's only a batch file) from a reputable
author, put his own name on it, and claims it is his. He doesn't know
how it works either, as he's never found the hidden markers the real
author puts in it to prove it is stolen.
Google for: pcbutts1 fraud
--
-bts
-Friends don't let friends drive Windows
The Real Truth MVP
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"Starman" <iknowbut...@yahoo.com> wrote in message
news:VeT5m.4151$ze1....@news-server.bigpond.net.au...
Amini
<t...@void.com> wrote:
>Yes it is safe to use. Don't believe the haters the liars and the crybabies.
After all this time, do you still have people falling for this, or has
the word pretty much gotten out about you?
Beauregard T. Shagnasty
> Yes it is safe to use. Don't believe the haters the liars and the
> crybabies.
>
> --
> The Real Truth http://pcbutts1-therealtruth.blogspot.com/
> *WARNING* Do NOT follow any advice given by the people listed below.
> They do NOT have the expertise or knowledge to fix your issue. Do not waste
> your time.
> David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
People who have caught you at thieving are the folks who get added to
your signature. I'm proud to be listed, having caught you stealing the
mvps hosts file; and Andrew Aronoff's SilentRunners VB Script (from
silentrunners.org) which you coyly renamed "RunningNow". Andrew's
markers still show in your purloined script.
Once again, Starman, Google up: pcbutts1 thief fraud
--
-bts
-Friends don't let friends drive Windows
nobody >
> Use my Remove-it software, it will remove that malware from your system.
> Choose yes for all options when prompted. Download it here
> http://www.ms-mvp.org/
>
>
Yup.. it MIGHT remove "that malware", but it will install a buttsload if
other ones in its place.
OMG, I'm going to be called a troll again by Buttsie Chris..
Starman
advise what software I need to remove this?
"Beauregard T. Shagnasty" <a.non...@example.invalid> wrote in message
news:h394v0$9n5$1...@news.eternal-september.org...
Beauregard T. Shagnasty
> OK I have understood, PCButt IS a fraud..., so is anybody going to
> help advise what software I need to remove this?
Did you read the answer to your multi-post in alt.privacy.spyware ?
You're probably using Internet Explorer too, aren't you? Use a better
browser.
http://www.mozilla.com/en-US/firefox/
http://opera.com/
Caesar Romano
<iknowbut...@yahoo.com> wrote Re Re: Trojan/Riskware Help:
>OK I have understood, PCButt IS a fraud..., so is anybody going to help
>advise what software I need to remove this?
>
Not in alt.comp.anti-virus.
--
I filter all messages from google groups.
The Real Truth MVP
you will never get you problem fixed. Ask them to prove that my software is
bad and you will get an answer. Do you see any posts from anyone who used my
software and said it was bad? Use Google. You will not find any. Read this
and tell me if you think it is bad
http://pcbutts1-therealtruth.blogspot.com/2006/12/feedback.html there is
proof from users about my software not lies from trolls here who has never
used it. Look here to see my web stats
http://pcbutts1.com/downloads/http_pcbutts1.com_stats.pdf more people use my
software then there are trolls who are trying to get you to not use it.
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"Starman" <iknowbut...@yahoo.com> wrote in message
news:poV5m.4183$ze1....@news-server.bigpond.net.au...
nobody >
> OK I have understood, PCButt IS a fraud..., so is anybody going to help
> advise what software I need to remove this?
>
From a quick Googly,
http://www.google.com/search?q=installb[1].exe&hl=en&rlz=1B3GGGL_enUS272US273&start=0&sa=N
it appears that this is "WinAntiVirus Pro (2007)" but that's a guess
by Sunbelt Security. If that is truly what it is, it's got tricks up its
sleeve that make it reinstall itself after "cleaning" in Normal Mode of
XP. I seem to remember that it also blocks access to "real" antimalware
sites.
Same Goog found
http://suprbay.org/showthread.php?p=368068
MBAM (MalwareBites AntiMalware) worked for this guy.
http://www.malwarebytes.org/ (free version works, just get the update
definitions as well)
I'd also advise SAS (SuperAntiSpyware)
http://www.superantispyware.com/ (free version works here too, same with
definitions)
Without further info, it's hard to guess how nasty this malware is.
I'm assuming you run XP from this line
X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
For best results, download MBAM and SAS on another (clean) machine and
burn to a CD. Start your computer in Safe Mode (hit F8 repeatedly as
soon as boot sequence starts to get the menu). Go into Administrator
account and install both MBAM and SAS from the CD. Reboot computer again
in Safe Mode and run both SAS and MBAM. Actually, run both again after a
reboot in Safe mode as this nasty piece of crap is known to morph, even
changing it's filename.
Next step is to dump IE6/7 and Outhouse Express. Firefox as a browser
and Thunderbird as a news/email client are a big step up in security and
lack of vulnerability. There's better on both app needs, but this is a
good start.
IE6/7 and Outhouse Express can be tightened up considerably, but it
requires some work. Even then, there's still holes. (my wife won't
change over, so I went thru this exercise)
Google:
"securing internet explorer"
"securing internet explorer 7"
"securing Outlook Express"
For OE, my favorite site is http://www.insideoe.com/
Beauregard T. Shagnasty
> No they cannot help you that's why they did not. You keep believing
> them and you will never get you problem fixed.
Real solutions have already been given to Starman to fix his problem.
> Ask them to prove that my software is bad and you will get an answer.
<lol!> Yes, you will! Even in this thread. Starman, see "JD's"
response in your multi-posted thread in alt.privacy.spyware
> Do you see any posts from anyone who used my software and said it was
> bad? Use Google. You will not find any.
If you googled for: pcbutts1 thief fraud
you will find thousands of hits.
> Read this and tell me if you think it is bad
> http://pcbutts1-therealtruth.blogspot.com/2006/12/feedback.html
There is no point in reading your own "feedback" page, where you only
allow a few (probably self-authored) posts saying it is "good." I know
for a fact you reject any and all posts that say it is stolen, or bad,
or any other negative reply.
Oh, and you use a picture, supposedly of you, that you stole from a
British woman's personal site. Now, that's funny.
> there is proof from users about my software not lies from trolls here
> who has never used it.
Now, that's funny, too.
> Look here to see my web stats http://pcbutts1.com/downloads/http_pcbutts1.com_stats.pdf
> more people use my software then there are trolls who are trying to
> get you to not use it.
Proves nothing other than you get far less hits than you brag about.
The Real Truth MVP
link posted by a newbie.
Nobody openly peddles spyware in any NG especially one with a website like
mine with full contact information. VXer's don't do it, malware writers
don't do it, and definitely no one from the USA will do it. Microsoft will
not allow it. They will not allow me to use my MVP status, use their logos
on my website, link directly to their website or distribute their software
from my website if anything on my site is bad, a virus, malware, or will
damage your computer. It just does not happen. My site has been up and
operating non stop for over five years now. Those are the facts now why do
you sit there and believe the lying trolls.
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"Amini" <am...@afraid.org> wrote in message
news:d55g555qidvj5fn76...@4ax.com...
Amini
<t...@void.com> wrote:
>Nobody gets infected by malware in these NG unless they click on an infected
>link posted by a newbie.
>Nobody openly peddles spyware in any NG especially one with a website like
>mine with full contact information. VXer's don't do it, malware writers
>don't do it, and definitely no one from the USA will do it. Microsoft will
>not allow it. They will not allow me to use my MVP status,
You have MVP status?? Wasn't that debunked long ago? Is this something
new then?
>use their logos
>on my website, link directly to their website or distribute their software
>from my website if anything on my site is bad, a virus, malware, or will
>damage your computer. It just does not happen. My site has been up and
>operating non stop for over five years now. Those are the facts now why do
>you sit there and believe the lying trolls.
I guess because their side of the story is far more believable than
yours.
The Real Truth MVP
by a troll and you believed it again. You think I am lying see it with your
own eyes http://www.ms-mvp.org/ now are you going to believe what see or
what the same trolls have been saying for years?
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"Amini" <am...@afraid.org> wrote in message
news:nuvh5555dhl6jv9tj...@4ax.com...
Beauregard T. Shagnasty
> My MVP status has never been revoked, you read that in some newsgroup
> posted by a troll and you believed it again. You think I am lying see
> it with your own eyes hXXp://www.ms-mvp.org/
..which redirects directly to your same old shite at:
hXXp://209.237.163.173/downloads/tools/tools.htm
..written by you and you alone. Who would believe it?
> now are you going to believe what see or what the same trolls have
> been saying for years?
The proof is overwhelmingly in favor of what those people have been
saying for years. And just because you *can* purchase a domain name with
the letters "mvp" in it, is no proof whatsoever that you are one.
No sane, ethical MVP would ever act like you do.
--
-bts
-Friends don't let friends drive Windows
The Real Truth MVP
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"Beauregard T. Shagnasty" <a.non...@example.invalid> wrote in message
news:h3b10u$fc0$1...@news.eternal-september.org...
Amini
<t...@void.com> wrote:
>My MVP status has never been revoked,
I believe your MVP status was never bestowed in the first place.
That's why it was never revoked.
>you read that in some newsgroup posted
>by a troll and you believed it again. You think I am lying see it with your
>own eyes http://www.ms-mvp.org/ now are you going to believe what see or
>what the same trolls have been saying for years?
The real MVP's don't consider you to be an MVP, and the web site above
is not authoritative. Where does that leave you?
The Real Truth MVP
place through my contributions in these groups and forums. Now because I
post under an alias, trolls cant stand the fact that they don't know who I
am. Why don't you put up a simple web site and use any MS logo, you can do
that for free. Then we will see how authoritative it is and how long it will
last. You want more proof read this
http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.E
it does not get more authoritative than that. You see my website listed in
that list, if I was such a fraud and my remove-it software was junk then why
am I targeted by the Conficker worm?
You would not know the truth if it came up and bit you in the ass.
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"Amini" <am...@afraid.org> wrote in message
news:475i555fjtkjkr3qm...@4ax.com...
Beauregard T. Shagnasty
> "The Fake Truth Not-an-MVP" <t...@void.com> wrote:
>> My MVP status has never been revoked,
>
> I believe your MVP status was never bestowed in the first place.
> That's why it was never revoked.
<lol!>
>> you read that in some newsgroup posted by a troll and you believed it
>> again. You think I am lying see it with your own eyes
>> http://www.ms-not-an-mvp.org/ now are you going to believe what see
>> or what the same trolls have been saying for years?
>
> The real MVP's don't consider you to be an MVP, and the web site
> above is not authoritative. Where does that leave you?
It leaves him being a Crybaby. He's never able to dispute the
overwhelming evidence against him.
--
-bts
-Friends don't let friends drive Windows
Beauregard T. Shagnasty
> It was the "Real" MVP's that nominated me to MS to become one in the
> first place through my contributions in these groups and forums. Now
> because I post under an alias,
Why? Only to conceal your thievery.
> trolls cant stand the fact that they don't know who I am.
Everyone knows who you are.
> Why don't you put up a simple web site and use any MS logo, you can do
> that for free. Then we will see how authoritative it is and how long
> it will last. You want more proof read this
> http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.E
> it does not get more authoritative than that. You see my website
> listed in that list, if I was such a fraud and my remove-it software
> was junk then why am I targeted by the Conficker worm?
You are targeted because your stolen script might remove some versions
of the worm because the real author knows how to do that. No other
reason; and if you think a **worm** is authoritative, I can only laugh
much louder.
> You would not know the truth if it came up and bit you in the ass.
So provide cites about your legitimacy. Like your listing on the MS MVP
list.
--
-bts
-Friends don't let friends drive Windows
David H. Lipman
The proof IS overwhelming.
The liar and thief can't tell 'ya what malware the following line is from...
IF EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe"
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Anonymous
"ASCII" <m...@privacy.net> wrote:
> Caesar Romano wrote:
>>On Sat, 11 Jul 2009 05:26:45 GMT, "Starman"
>><iknowbut...@yahoo.com> wrote Re Re: Trojan/Riskware Help:
>>
>>>advise what software I need to remove this?
>>>
>>
>
> This forum has deteriorated to scarcely more than a day care venue for
> frustrated has been VXers and their wannabe arse licking minions.
> Who cares if Chris stole the code or concocted it, as long as it works.
We all know YOU don't care that Butts stole the code, you
thieving Australian cuntard. You're both tarred with the
same brush.
For your information Starman, this lying ASCII shit exposed
himself as a software thief right here in alt.comp.anti-virus.
He was caught using a MalwareBytes crack and tried to lie
his way out of it, just like PCButts1 does every day of his
life. Birds of a feather.
The Real Truth MVP
you are trying to get me to tell you. Fuck off spammer.
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:h3bb4...@news7.newsguy.com...
FromTheRafters
> I guess because their side of the story is far more believable than
> yours.
:oD
Amini
<t...@void.com> wrote:
>It was the "Real" MVP's that nominated me to MS to become one in the first
>place through my contributions in these groups and forums.
What have you contributed here? All I've ever seen is you pushing that
script, but you don't seem to know anything about its internals. Best
case, you worked with (or paid) someone to create it for you. Worst
case, you simply 'appropriated' it outright. So far, the second option
is looking more likely.
>Now because I
>post under an alias, trolls cant stand the fact that they don't know who I
>am.
I don't care who you are or what alias you post under.
>Why don't you put up a simple web site and use any MS logo, you can do
>that for free. Then we will see how authoritative it is and how long it will
>last.
I don't know what you're getting at.
>You want more proof read this
>http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.E
>it does not get more authoritative than that. You see my website listed in
>that list, if I was such a fraud and my remove-it software was junk then why
>am I targeted by the Conficker worm?
Silly question.
>You would not know the truth if it came up and bit you in the ass.
Perhaps, but the evidence so far (regarding the script you allegedly
stole) is not at all in your favor and you don't seem interested or
perhaps capable of turning that around.
The Real Truth MVP
ass.
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"Amini" <am...@afraid.org> wrote in message
news:t1ii55tveval1hs9a...@4ax.com...
Amini
<t...@void.com> wrote:
>Like I said, you would not know the truth if it came up and bit you in the
>ass.
I think we're done then, and I can go back to lurking. I don't think
there's anything you could say at this point to help yourself.
Rhonda Lea Kirk Fries
The Real Truth MVP <t...@void.com> wrote:
> It was the "Real" MVP's that nominated me to MS to become one in the
> first place through my contributions in these groups and forums. Now
> because I post under an alias, trolls cant stand the fact that they
> don't know who I am. Why don't you put up a simple web site and use
> any MS logo, you can do that for free. Then we will see how
> authoritative it is and how long it will last. You want more proof
> read this
> http://www.microsoft.com/security/portal/Entry.aspx?Name=Worm:Win32/Conficker.E
> it does not get more authoritative than that. You see my website
> listed in that list, if I was such a fraud and my remove-it software
> was junk then why am I targeted by the Conficker worm?
Results 1 - 10 of about 853,000 for "ms-mvp". (0.78 seconds)
> You would not know the truth if it came up and bit you in the ass.
There's no way to prove that statement one way or another, but it has been
proven time and again that you are not what you would like innocent newbies
to believe.
> "Amini" <am...@afraid.org> wrote in message
> news:475i555fjtkjkr3qm...@4ax.com...
>> On Sat, 11 Jul 2009 14:19:53 -0700, "The Real Truth MVP"
>> <t...@void.com> wrote:
>>
>>> My MVP status has never been revoked,
>>
>> I believe your MVP status was never bestowed in the first place.
>> That's why it was never revoked.
>>
>>> you read that in some newsgroup posted
>>> by a troll and you believed it again. You think I am lying see it
>>> with your
>>> own eyes http://www.ms-mvp.org/ now are you going to believe what
>>> see or what the same trolls have been saying for years?
>>
>> The real MVP's don't consider you to be an MVP, and the web site
>> above is not authoritative. Where does that leave you?
--
Rhonda Lea Kirk Fries
Message-ID: gng3nb$j6i$1...@blackhelicopter.databasix.com
"BTW: Lionel was no "kookologist". If you knew what you were talking
about, you'd know that."
Message-ID: glgh70$g12$1...@blackhelicopter.databasix.com
"Lionel laurer will be a real kookologist the day after the Sun
explodes."
Ant
>"David H. Lipman" wrote:
>> The liar and thief can't tell 'ya what malware the following line is from...
>>
>> IF EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe"
> The problem is YOU don't know where it's from
> and you are trying to get me to tell you.
He knows and so do I. All you know is from where you copied it.
Leythos
says...
>
> Wow the spammer speaks. The problem is YOU don't know where it's from and
> you are trying to get me to tell you. Fuck off spammer.
The liar and thief can't tell 'ya what malware the following line is
from...
IF EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe"
Come on Chris, even I was able to google that one, and if I can find it
in google then you should at least be able to explain it - since you
claim you wrote it.
--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam9...@rrohio.com (remove 999 for proper email address)
David H. Lipman
| In article <6IudnWkRhu6v3MTX...@giganews.com>, t...@void.com
| says...
>> Wow the spammer speaks. The problem is YOU don't know where it's from and
>> you are trying to get me to tell you. Fuck off spammer.
| The liar and thief can't tell 'ya what malware the following line is
| from...
| IF EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe"
| Come on Chris, even I was able to google that one, and if I can find it
| in google then you should at least be able to explain it - since you
| claim you wrote it.
You KNOW he'll weasle out of answering it.
The Real Truth MVP
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:h3dec...@news3.newsguy.com...
Starman
few other people have suffered the same thing as myself, which is, it is a
false positive. So what is this and how do i fix the problem concerning this
'false positive"??
"nobody >" <useneth...@aol.com> wrote in message
news:JomdnTySkre5g8XX...@supernews.com...
> The Real Truth MVP wrote:
>> Use my Remove-it software, it will remove that malware from your system.
>> Choose yes for all options when prompted. Download it here
>> http://www.ms-mvp.org/
>>
>>
>
> Yup.. it MIGHT remove "that malware", but it will install a buttsload if
> other ones in its place.
>
> OMG, I'm going to be called a troll again by Buttsie Chris..
>
David H. Lipman
| The site owner has notified me to say that the site is clean and it seems a
| few other people have suffered the same thing as myself, which is, it is a
| false positive. So what is this and how do i fix the problem concerning this
| 'false positive"??
What False Positive ?
There is NO doubt that knocklis.com is serving up malware..
1PW
Can you answer the question that's been put to you Chris?
Is the truth is out there?
Pete
--
1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
David H. Lipman
As I predicted, he'll weasle out of answering. In this case by misdirection.
We ALL know he can't answer that is what malware or malware family is associted with the
file IF EXIST obatssrsghde.exe.
Drop me an email and I'll tell 'ya.
FromTheRafters
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> From: "1PW" <barcrna...@nby.pbz>
>
> | Probably a rehash of the same things you've been writing all along.
>
> | Can you answer the question that's been put to you Chris?
>
> | Is the truth is out there?
>
> | Pete
> | --
> | 1PW @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]
>
> As I predicted, he'll weasle out of answering. In this case by
> misdirection.
> We ALL know he can't answer that is what malware or malware family is
> associted with the
> file IF EXIST obatssrsghde.exe.
> Drop me an email and I'll tell 'ya.
I assume it is rootkit or virus related because otherwise I think I
would have been inundated with search results containing references in
HJT logs.
FromTheRafters
how can it be a false positive?
Why would you take the word of the site owner, if indeed it is serving
up malware? Maybe the site owner is untrustworthy or oblivious to having
been hacked.
...that would be like believing PCButts when it says ... well ...
anything.
"Starman" <iknowbut...@yahoo.com> wrote in message
news:a9t6m.4554$ze1....@news-server.bigpond.net.au...
David H. Lipman
| I assume it is rootkit or virus related because otherwise I think I
| would have been inundated with search results containing references in
| HJT logs.
Nope. Drop me an email and I'll tell you. We /*KNOW*/ Butts can't tell you.
Leythos
says...
>
[removed non-responsive answer]
The liar and thief can't tell 'ya what malware the following line is
from...
IF EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe"
Come on Chris, even I was able to google that one, and if I can find it
in google then you should at least be able to explain it - since you
claim you wrote it.
--
The Real Truth MVP
Your dumbass and the David Lipman Spammer are meticulously going over every
line in my program trying to find one thing wrong about it to try to prove
that it will harm your system but you can't. Now you find a line that is not
listed in Google therefore you dumbasses have no idea what it is so you come
here and try to fool me into telling you. Wait a few weeks for Google to
pick up on it or for SAS or MBAB to update the defs file to detect it then
you will know what it is. It has already been submitted to them. Assholes.
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"Leythos" <spam9...@rrohio.com> wrote in message
news:MPG.24c3f476...@us.news.astraweb.com...
David H. Lipman
| The liar and thief can't tell 'ya what malware the following line is
| from...
| IF EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe"
| Come on Chris, even I was able to google that one, and if I can find it
| in google then you should at least be able to explain it - since you
| claim you wrote it.
Leythos:
If I'm not mistaken in Message ID "Lt2dndtOmuZwIcbX...@giganews.com" Butts
had just posted ...
"I know exactly what that file is and why it is there because I PUT IT THERE.
Your dumbass and the David Lipman Spammer are meticulously going over every
line in my program trying to find one thing wrong about it to try to prove
that it will harm your system but you can't. Now you find a line that is not
listed in Google therefore you dumbasses have no idea what it is so you come
here and try to fool me into telling you. Wait a few weeks for Google to
pick up on it or for SAS or MBAB to update the defs file to detect it then
you will know what it is. It has already been submitted to them. Assholes."
in reference to the following Remove-It BAT file subsection...
:S9596b
IF EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe" echo "%UserProfile%\local
settings\temp\obatssrsghde.exe"
IF EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe" echo "%UserProfile%\local
settings\temp\obatssrsghde.exe">>remove-it.txt
IF NOT EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe" GOTO S9596c
DEL /F /Q "%UserProfile%\local settings\temp\obatssrsghde.exe"
IF NOT EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe" echo successfully
deleted %UserProfile%\local settings\temp\obatssrsghde.exe
IF NOT EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe" echo successfully
deleted %UserProfile%\local settings\temp\obatssrsghde.exe>>remove-it.txt
IF NOT EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe" GOTO S9596c
IF EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe" echo unable to delete
%UserProfile%\local settings\temp\obatssrsghde.exe - will delete on reboot
IF EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe" echo unable to delete
%UserProfile%\local settings\temp\obatssrsghde.exe - will delete on reboot>>remove-it.txt
echo DEL /F /Q "%UserProfile%\local
settings\temp\obatssrsghde.exe">>%SystemDrive%\delrb.txt
echo.>>remove-it.txt
echo.
Yet he refuses to indicate WHAT malware or malware family the file "obatssrsghde.exe" is
associated with.
We know "he" can't state what malware or malware family "obatssrsghde.exe" is associated
with because he ripped the lines from Stuart Saunder's RogueFix like the MAJORITY of
Remove-It was plagiarized from Remove-It. He has NO IDEA what the lines do while stuart
can explain what the lines are quite clearly.
http://www.internetinspiration.co.uk/downloads/roguefix_2.248.bat
The Real Truth MVP
you. If you compare My real program to his stolen script you will find these
differences http://pcbutts1.com/downloads/Features.htm If you run his you
will also notice that certain things do not work. That's because certain
files are deliberately left out if you try to copy the bat file, like you
did, from the program files folder. But all that is mute anyway because I
made more changes to my software so that the bat can't be copied. No Fuck
off you crybaby spammer.
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:EYCdnewgItPnT8bX...@giganews.com...
Leythos
says...
> You post that same crap every year trying to get the new newbie's to believe
> you. If you compare My real program to his stolen script you will find these
> differences http://pcbutts1.com/downloads/Features.htm If you run his you
> will also notice that certain things do not work. That's because certain
> files are deliberately left out if you try to copy the bat file, like you
> did, from the program files folder. But all that is mute anyway because I
> made more changes to my software so that the bat can't be copied. No Fuck
> off you crybaby spammer.
>
And yet you still can't explain the line:
IF EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe"
You claim you wrote it and yet you have no idea what it removes.
Rhonda Lea Kirk Fries
> believe you. If you compare My real program to his stolen script you
> will find these differences
> http://pcbutts1.com/downloads/Features.htm If you run his you will
> also notice that certain things do not work. That's because certain
> files are deliberately left out if you try to copy the bat file, like
> you did, from the program files folder. But all that is mute anyway
> because I made more changes to my software so that the bat can't be
> copied. No Fuck off you crybaby spammer.
Chris, everyone knows who the thief is. Only the terminally stupid would use
one of your stolen tools.
(BTW, "mute" means something entirely different from "moot." Look it up.)
--
"...if there is any principle of the Constitution that more
imperatively calls for attachment than any other it is the principle of
free thought--not free thought for those who agree with us but freedom
for the thought that we hate." Mr. Justice Holmes, 279 U.S. 644 (1929)
Caesar Romano
<DLipman~nospam~@Verizon.Net> wrote Re Re: Trojan/Riskware Help -
PCBUTTS can't prove he's coded anything:
>Yet he refuses to...
Everyone keeps referring to this person as "he". However, at
http://www.blogger.com/profile/16857468123137696406
pcbutts1 is a female. Is pcbutts1 a transvestite???
--
I filter all messages from google groups.
David H. Lipman
>>Yet he refuses to...
No, that's a lie. That picture is not of Butts. Butts is male and black.
Don't fall Butt's lies and misinformation. Just like he rips code from people off the
'net he'll rip content from another's site or in this case, a picture...
http://www.frontpageagency.co.uk/
James Egan
On Tue, 14 Jul 2009 06:00:55 -0400, "David H. Lipman"
<DLipman~nospam~@Verizon.Net> wrote:
>
>http://www.frontpageagency.co.uk/
>
Gulp! She's more of a man hater than Laura.
FromTheRafters
news:5qjo559nt1g3t5l7f...@4ax.com...
> On Mon, 13 Jul 2009 20:33:59 -0400, "David H. Lipman"
> <DLipman~nospam~@Verizon.Net> wrote Re Re: Trojan/Riskware Help -
> PCBUTTS can't prove he's coded anything:
>
>>Yet he refuses to...
>
> Everyone keeps referring to this person as "he". However, at
> http://www.blogger.com/profile/16857468123137696406
> pcbutts1 is a female. Is pcbutts1 a transvestite???
Not everyone. You may notice how I fairly consistantly refer to it as
"it".
...just trying to be PC with regard to PCButts.
Caesar Romano
<DLipman~nospam~@Verizon.Net> wrote Re Re: Trojan/Riskware Help -
PCBUTTS can't prove he's coded anything:
>No, that's a lie. That picture is not of Butts. Butts is male and black.
>Don't fall Butt's lies and misinformation. Just like he rips code from people off the
>'net he'll rip content from another's site or in this case, a picture...
>
>http://www.frontpageagency.co.uk/
Wow! How did you manage to find that photo on it's original site?
Max Wachtel
> From: "Caesar Romano" <Sp...@uce.gov>
>
> | On Mon, 13 Jul 2009 20:33:59 -0400, "David H. Lipman"
> | <DLipman~nospam~@Verizon.Net> wrote Re Re: Trojan/Riskware Help -
> | PCBUTTS can't prove he's coded anything:
>
>>> Yet he refuses to...
>
> | Everyone keeps referring to this person as "he". However, at
> | http://www.blogger.com/profile/16857468123137696406
> | pcbutts1 is a female. Is pcbutts1 a transvestite???
> | --
> | I filter all messages from google groups.
>
> No, that's a lie. That picture is not of Butts. Butts is male and
> black.
> Don't fall Butt's lies and misinformation. Just like he rips code from
> people off the
> 'net he'll rip content from another's site or in this case, a picture...
>
> http://www.frontpageagency.co.uk/
>
>
I wish I would have saved the picture from the JPL van crash that PC
posted in the 24hr newsgroup. He stated "that's me being pulled out" and
it wasn't a blond woman either.
--
Virus Removal http://max.shplink.com/removal.html
Keep Clean http://max.shplink.com/keepingclean.html
Change nomail.afraid.org to gmail.com to reply by email.
nomail.afraid.org is specifically setup for use in USENET
The Real Truth MVP
identity.
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"Caesar Romano" <Sp...@uce.gov> wrote in message
news:5qjo559nt1g3t5l7f...@4ax.com...
The Real Truth MVP
--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste
your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
"Caesar Romano" <Sp...@uce.gov> wrote in message
news:030p55tmp070fgsn3...@4ax.com...
1PW
> They think they know me yet they have never met me so they give me an
> identity.
You left a paper trail. Prove you are not who they say you are.
Prove that you are what you say you wish you were.
Leythos
> you. If you compare My real program to his stolen script you will find these
> differences http://pcbutts1.com/downloads/Features.htm If you run his you
> will also notice that certain things do not work. That's because certain
> files are deliberately left out if you try to copy the bat file, like you
> did, from the program files folder. But all that is mute anyway because I
> made more changes to my software so that the bat can't be copied. No Fuck
> off you crybaby spammer.
>
And yet you still can't explain the line:
IF EXIST "%UserProfile%\local settings\temp\obatssrsghde.exe"
You claim you wrote it and yet you have no idea what it removes.
Dustin Cook
news:2009071201010...@www.ecn.org:
> "ASCII" <m...@privacy.net> wrote:
>> Caesar Romano wrote:
>>>On Sat, 11 Jul 2009 05:26:45 GMT, "Starman"
>>><iknowbut...@yahoo.com> wrote Re Re: Trojan/Riskware Help:
>>>
>>>>OK I have understood, PCButt IS a fraud..., so is anybody going to
>>>>help advise what software I need to remove this?
>>>>
>>>
>>>Not in alt.comp.anti-virus.
>>
>> This forum has deteriorated to scarcely more than a day care venue
>> for frustrated has been VXers and their wannabe arse licking minions.
>> Who cares if Chris stole the code or concocted it, as long as it
>> works.
>
> We all know YOU don't care that Butts stole the code, you
> thieving Australian cuntard. You're both tarred with the
> same brush.
>
> For your information Starman, this lying ASCII shit exposed
> himself as a software thief right here in alt.comp.anti-virus.
> He was caught using a MalwareBytes crack and tried to lie
> his way out of it, just like PCButts1 does every day of his
> life. Birds of a feather.
>
>
>
So that's why he's angry with me. One of my definitions outed him. Oops!
--
Regards,
Dustin Cook
Malware Researcher
MalwareBytes - http://www.malwarebytes.org
Dustin Cook
> Dustin Cook wrote:
>>
>>So that's why he's angry with me.
>
> Not angry,
> just contemptuous of cigarette sucking losers,
> and certainly no sympathy for your sickness
I don't require sympathy, troll. And, my sickness has nothing to do with
my cig smoking.
>
>>One of my definitions outed him. Oops!
>
> Can't out someone for something they didn't do
> believe what you will
You already admitted to using a pirated copy. You outed yourself, truth
be told.
> especially how those cigs make you more manly
> and less of a scrawny little shit
*HAHAHAHA*. Believe whatever suits you.
> that spent all the time most guys were getting girls
> to learn HLLC coding.
HLLC? Ahh, are you going to dazzle us with more of your stupidity?
History lesson: I never wrote any companion viruses. Just a few
prependers, and I never gave the article printed in Rolling Stones
either. Please, by all means, show us more of that stupidity you are
blessed with.
Dustin Cook
> Dustin Cook wrote:
>>
>>I don't require sympathy,
>
> Just the chronic nicotine fix
Me and many others. Your point? I like coffee too, wanna bitch about
that?
>>And, my sickness has nothing to do with
>>my cig smoking.
>
> Yeah right, the cigs are part of the therapy regimen
I didn't say any such thing. See above, and read slowly. Or google it. My
illness has.. nothing to do with cigarettes. And whether I choose to
smoke or not, really isn't your concern.
>>You already admitted to using a pirated copy.
>
> Never said any such thing. only drew attention to the fact that your
> defs now hit on the 'presence' of a keygen, whether it's been used or
> not. If anyone is so routinely careless as to need resident protection
> then they need to seek, find, and use the gen. I've only run the
> program a few times, always within a sandbox, then deleted all traces.
You change words as often as pcbutts. Any relation?
Dustin Cook
>>You already admitted to using a pirated copy.
>
> Never said any such thing. only drew attention to the fact that your
> defs now hit on the 'presence' of a keygen, whether it's been used or
> not. If anyone is so routinely careless as to need resident protection
> then they need to seek, find, and use the gen. I've only run the
> program a few times, always within a sandbox, then deleted all traces.
Just in case you think the x-noarchive flag hides all of your posts...
:)
http://forums.techarena.in/security-systems/1204562.htm
And I quote, "New defs in MBAM hit on commonly available gens for SAS &
MBAM. That suggests that after you register either, if you choose to do
so, that you delete or encrypt the gens. Of course I don't use either
for resident protection, only an occasional novelty scan, so I'm not
really stealing anything. BTW: SAS doesn't hit on any gens.
Another annoyance in MBAM if someone has defeated the notify (nag) keys
for updates it will flag it as malware."
You are, as others have said, and myself have already stated, nothing
more than a disgruntled little wannabe pirate.
Anonymous
In message news:4a75e602.5152656@EBCDIC, "ASCII" <m...@privacy.net> lied...
> Dustin Cook wrote:
>>You already admitted to using a pirated copy.
>
> Never said any such thing. only drew attention to the fact that your
> defs now hit on the 'presence' of a keygen, whether it's been used or
> not. If anyone is so routinely careless as to need resident protection
> then they need to seek, find, and use the gen. I've only run the program
> a few times, always within a sandbox, then deleted all traces.
You keep falling over your lying tongue, you stupid Aussie
ButtsClone. Vanguard caught you with your own words you
witless cuntard, and now everyone in the anti-virus groups
knows you're nothing but a thieving sack of kangaroo shit.