Worries About Stealing, etc

Discussion in 'Virus Information' started by David Kaye, Apr 8, 2010.

  1. David Kaye

    Virus Guy Guest

    Stuart - thank you for responding.

    Let me ask you this:

    To your knowledge, does the PC Butts software (Remove-it, or other)
    contain any malicious code or anything that would or could be a security
    concern to an end-user?

    Does the PC Butts software (in it's entirety) function as a compentent
    malware scanner / removal utility?
     
    Virus Guy, Apr 13, 2010
    #61
    1. Advertisements

  2. David Kaye

    Leythos Guest

    You seem to be suffering from a flaw in your thinking, let me help you:

    "Does the CODE PC Butts stole, of your software function as a competent
    malware scanner / removal utility, while at the same time understanding
    that anything PCBUTTS edited/changed/added could be broken or malicious
    and is actually known to block access to reputable anti-malware sites"

    Now that is a proper question, you seem to miss that BUTTS doesn't have
    software, he has code he's cobbled together that he's taken from OTHERS.
     
    Leythos, Apr 13, 2010
    #62
    1. Advertisements

  3. From: "Virus Guy" <>

    | Stuart - thank you for responding.

    | Let me ask you this:

    | To your knowledge, does the PC Butts software (Remove-it, or other)
    | contain any malicious code or anything that would or could be a security
    | concern to an end-user?

    | Does the PC Butts software (in it's entirety) function as a compentent
    | malware scanner / removal utility?

    Are you joking ?

    You are writing just like the Troll BoaterDave (aka; ~BD~).
     
    David H. Lipman, Apr 13, 2010
    #63
  4. Email addresses removed so the trolls won't bother my customers.



    ----- Original Message -----
    From: "zaq" <>
    To: <>
    Sent: Sunday, April 11, 2010 3:46 PM


    ----- Original Message -----
    From: "Frederick Nafsky" <>
    To: <>
    Sent: Wednesday, April 07, 2010 12:05 PM
    Subject: feedback

    ----- Original Message -----
    From: "Tom Ringo" <>
    To: <>
    Sent: Friday, March 26, 2010 11:16 AM
    Subject: userinit fix


    Worked like a charm. I'm most grateful to you.

    Thanks


    ----- Original Message -----
    From: "Chris Chalmers" <>
    To: <>
    Sent: Thursday, March 18, 2010 6:14 AM
    Subject: Your tools



    First i'd like to say thanks for posting your tools on the microsoft
    discussion groups. They have been of great use in helping to fix winsock
    catalog problem on a friends PC.



    I would like to ask regarding remove it. After it has altered the HOSTS file
    i started up spybot S&D and checked there immunize section. I noticed that i
    was unprotected against 13022 possible threats.



    would you recommend running the immunization to change the HOSTS file to
    protect against these threats? Or will you be releasing an update that
    includes the latest threats ??





    Many many thanks for your time


    ----- Original Message -----
    From: "VLADIMIR ALGIN" <>
    To: <>
    Sent: Thursday, March 11, 2010 5:16 AM
    Subject: Roxio Media Manager


    ----- Original Message -----
    From: "Roger" <>
    To: <>
    Sent: Wednesday, February 24, 2010 6:50 AM
    Subject: Great site


    Just visited your site and the tools you created. Great job! Been reading
    your news post for a while and it is great to see a face for the handle.

    Thanks,
    Roger

    ----- Original Message -----
    From: "delarosa09" <>
    To: "pcbutts1" <>
    Sent: Monday, February 22, 2010 6:24 PM
    Subject: Re: help


    ----- Original Message -----
    From: "Walter" <>
    To: <>
    Sent: Tuesday, February 16, 2010 1:33 PM
    Subject: comment by tech


    Technically only...........I love you........thanks for the work.
    wt


    ----- Original Message -----
    From: "EddieK" <>
    To: <>
    Sent: Friday, January 22, 2010 10:41 PM
    Subject: Remove-it


    --
    The Real Truth http://pcbutts1-therealtruth.blogspot.com/
    *WARNING* Do NOT follow any advice given by the people listed below.
    They do NOT have the expertise or knowledge to fix your issue. Do not waste
    your time.
    David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
     
    The Real Truth MVP, Apr 13, 2010
    #64
  5. David Kaye

    JD Guest

    Have you noticed that boaterDave and Virusguy seem to have a newsgroup
    style very similar to PCbutts? These two posters want us to start over
    with the PCbutts BS to convince them of something that everyone else
    agrees on: PCButts is not to be trusted.

    And then we have PCbutts posting his "feedback" of how good his software is.

    Are we being scammed here? I've dealt with PCbutts one to one and his
    logic is flawed. His BS is old. He's actually tried to convince me he's
    a female and a model. See this:

    http://tekrider.net/usenet/pcbutts.php

    This newsgroup has become toast. Nobody comes here for help. PCbutts has
    made his mark. That's too bad. 8-(
     
    JD, Apr 13, 2010
    #65
  6. David Kaye

    Peter Foldes Guest

    He also uses the 98Guy name. Just ask Meb about this Troll
     
    Peter Foldes, Apr 13, 2010
    #66
  7. From: "Peter Foldes" <>

    | He also uses the 98Guy name. Just ask Meb about this Troll

    I know.
     
    David H. Lipman, Apr 13, 2010
    #67
  8. David Kaye

    Leythos Guest

    You don't have "Customers", you have people you've conned into using
    pirated wares that could also block access to reputable anti-malware
    sites by your own admission.
     
    Leythos, Apr 13, 2010
    #68
  9. Don't bother arguing with Virus Guy, ethics is not something he is
    concerned about:

    http://help.lockergnome.com/security/Norton-AV-2002-run-Win98se--ftopict11539.html

    He's trying to show that it isn't ethical to block the PCButts1 website
    because it isn't offering *malware*. He has already been informed about
    why it *should* be blocked - he just wants to argue and be rude to
    others.
     
    FromTheRafters, Apr 13, 2010
    #69
  10. Virus Guy:

    Any utility which blocks access to legitimate (mainly security
    related) websites and disables/interferes/prevents the running of
    malware scanners is, in my book at least, malware.

    The words 'function as a competant removal utility' and 'Remove-it'
    should never be used in the same sentence, its been a while since I
    last looked so I grabbed the version currently available. You may want
    to download a copy yourself as no doubt changes will be made to Remove-
    it shortly in his lame attempts to call me a liar which will
    undoubtedly follow.

    Rmit.exe – Is the portion of Roguefix which removes files and folders
    belonging to the infection if they are present, with a few (often
    bodged) added commands of his own. It is compiled to an exe and when
    executed runs the batch file with a random number file name from the
    %user%/Local Settings/Application Data/Temp directory. The compiling
    also hides the following associated files which are dumped into the
    %user%/Local Settings/Application Data Directory –

    Beep.sys - A copy of the Microsoft file

    bgregfix.reg – A reg file set the background registry back to the
    default settings and is part of Roguefix but used by Butts as a stand
    alone script in an attempt to give the files a different appearance.

    databasepath.reg – A reg file to re-set the Tcpip paramaters, commonly
    known and available, except later in the script he runs the netsh
    command, and if Butts knew his stuff he would have known running this
    command also resets the Tcpip parameters, rendering this script
    pointless. In addition running the netsh command will also remove any
    legitimate hooks in the TCP/IP stack from firewalls, ISP's etc.

    exefix.reg – A reg file to reset exe file associations,(which
    incidentally is the same script published by the No1 answer in google
    search for exe associations) and is totally useless within this
    context . . . if the exe file associations were changed, the rmit.exe
    would not run therefore the script to repair the exe associations
    would not also . . . just a little insight to his actual level of
    skills/knowledge.

    HOSTS – a copy of the mvps hosts file written by winhelp2002 with
    lines added to block access to websites owned by those he steals code
    from, those who expose him and Malwearebytes Antimalware.

    Hpregfix.reg – A reg file to re-set the homepage taken from the
    Roguefix script and used as a stand alone script in an attempt to give
    the file a different appearance. However as Roguefix began its life as
    a small script to remove the Rogue Spy Falcon, targeted for users of
    the AOL UK message boards which I frequented, the file (and
    subsequently Butts utilities) actually set the homepage to MSN.CO.UK -
    maybe Butts can explain why he does this when he is in the U.S.

    IEDef.reg – A script written by Shadowputerdude to remove registry
    keys to a Rogue called IEDefender. The script was updated to include
    other variants, however upon finding out Butts was copying it the
    author compiled the script to prevent the plagiarising.
    This Rogue has not been seen for at least 2 years and running the
    script is totally pointless.

    Nfig.reg – A reg script which removes some system and Explorer
    registry values (irrespective of whether or not they have been
    changed) and does not replace them with default values. It also
    removes some registry keys for 4 variants of the Bagle worm, I don’t
    know where he stole this one from but as it would have been normal for
    an author to just add keys to their existing reg file as opposed to
    making a new one using a different coding style, it is clear it has
    just been lifted from another website/person.

    Process.exe – A program written and available from BeyondLogic, added
    to the package because it is used by the IEDef script, nothing else in
    the script uses it and as the outdated version of IEDef is pointless,
    the inclusion of Process.exe is also a waste of space.

    Regf.reg - Another pointless reg file which resets several registry
    values that are reset by other files within your package.

    Remove-it restorepoint.vbs – This one is quite funny, a script to
    create a restore point but exposes his lack of knowledge as it does
    not actually run, he cannot even add a simple run command. All that
    happens is the script opens in notepad. It also shows that no one
    actually uses Remove-it, otherwise someone would have let you know.

    Remregfix.reg – Is the reg file created by Roguefix to remove keys and
    values for the files/infections it removes.

    s.reg – A reg file to remove the registry keys and values belonging to
    Malwarebytes Anitmalware, a legitimate scanner with something Butts
    will never have, a good reputation.

    scan.exe – A copy of mrt.exe, The Microsoft Windows Malicious Software
    Removal Tool, renamed as scan.exe. At what point does he let the end
    user know what is actually running as opposed to fooling them into
    believing Remove-it is actually doing something useful.

    TDSS.bat - A batch file which will attempt to delete 6 files
    associated with the TDSS rootkit , , , , I bet the authors of the
    rootkit are worried!!! What on this earth makes him think this would
    have any effect on this infection? another total waste of space.

    Tskill.exe – Microsoft file added by Butts after wrongly thinking it
    will make the script work with Windows 2000, the script wont work on
    2000 but it has nothing to do with tskill, its much more basic than
    that..... but still beyong Butts understanding, Pointless addition to
    the bundle.


    its not rocket science, which is a shame otherwise his work colleagues
    might have helped him out!

    Butts . . . as you gave one of your 'If I shout, swear and insult loud
    enough I can detract from the issue' posts I will repeat it, please
    provide a marker which you claim to have put in the script that is in
    the script I distribute

    Stuart
     
    Stuart Saunders, Apr 13, 2010
    #70
  11. Let me correct your mistakes before people actually start believing you.


    You are not smart enough to know why it does that. Let me educate you.
    Because of the success and flawless removal rate my Remove-it software is
    targetted by several different types of malware like the Conficker worm
    which tries to disable it like it does MBAM. with a randomly generated file
    names it is no longer a target. Your stolen batch file does not do this does
    it?
    Used with permission from MS
    Wrong again, any legitamte hooks to the LSP will be put back in after
    reboot. Running it before running the netsh command will ensure that it is
    correct and fixes it right away WITHOUT having to reboot. The netsh command
    requires a reboot. Your stolen batch file does not do this does it?
    Yes it does work it's a reg file you idiot not an exe. Your stolen batch
    file does not do this does it?

    Wrong again. Your stolen batch file does not update the hosts file does it?
    Wrong again it resets it to default. You are in the UK so your default IS
    the UK. Use an american IP and try it dipshit.
    You must have been asleep for ywo years, have you ever heard of the word
    variant? Your stolen batch file does not do this does it?
    Your stolen batch file does not do this does it?
    Used with permission. Your stolen batch file does not do this does it?
    Your stolen batch file does not do this does it?
    Wrong it does work, something is wrong with your computer if it does not,
    are you smart enought to figure it out? Your stolen batch file does not do
    this does it?
    Wrong again.
    Nothing new although it is removed from my new version because they no
    longer detect my software.
    Jealous? It is renamed because the MRT tool it targetted by malware had you
    had any knowledge of malware you would know this, used by permission from
    MS.
    That file is not run in my software had you had any since you would know
    that.
    You sound like Dustbin Kook. This does work with 2000 the reason you think
    it does not is because you never let it install. You are too busy trying to
    analyze my software. If you let it install without fucking with it you will
    see it does work. That file need to be in a certain directory on 2000 in
    order for it to work, my software puts it in the correct location. Your
    stolen batch file does not do this does it?

    My 30mb file scans in half the time it takes your stolen 4mb batch file to
    run, why is that?
    If you leave now I promise to not embarrass you so much in the future.


    --
    The Real Truth http://pcbutts1-therealtruth.blogspot.com/
    *WARNING* Do NOT follow any advice given by the people listed below.
    They do NOT have the expertise or knowledge to fix your issue. Do not waste
    your time.
    David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.
     
    The Real Truth MVP, Apr 14, 2010
    #71
  12. David Kaye

    Leythos Guest

    You have only embarrassed yourself - being unable to dispute the markers
    put in the file you distributed that named you a thief.
     
    Leythos, Apr 14, 2010
    #72
  13. Replies are in line, which unfortunately makes it a very long post -

    You really shouldnt flatter yourself so much. You and anything you
    distribute is not targeted by conficker or anything else, there is a
    variant of conficker which blocks access to any website with ms-mvp in
    its domain name, added at the same time as other generic strings like
    'activescan' and 'adware'. MSVP websites were targeted generally, this
    would of course inadvertantly include the Go-Daddy stealth frame you
    employ to re-direct to your website, claiming it is something specific
    to you in a lame attempt to gain some kind of glory, credibility or
    importance is quite pathetic.
    Roguefix is not stolen and you continue to fail to provide any
    evidence to support your claims..
    Permission is a general grant to everyone, again dont imply it is
    something specific to you or that it requires any kind of approval.
    How and why?
    Maybe you should tell Microsoft they also got it wrong, here is a
    couple of their warnings-

    Warning, Programs that access or monitor the Internet such as
    antivirus, firewall, or proxy clients may be negatively affected when
    you run the netsh winsock reset command.
    Warning, The netsh int ip reset command will reset all IP
    information, default gateway information, and DNS server information.
    Before you restart the computer after you run this command, you must
    configure your TCP/IP settings.
    The reg file runs under a command from within rmit.exe, so how exactly
    will the reg file start when rmit.exe cannot run?
    Which part is wrong?
    Maybe someone from the U.S. could confirm this
    Meaningless garbage, this part of the script (which uses a totally
    different coding style) has not had any additions to it since
    shadowputerdude compiled his script in December 2007. Nothing within
    it has been prevalant for at least 2 years.
    Correct, Roguefix does not remove any System or Explorer registry
    keys or values without replacing their defaults.
    Roguefix does not need or require Process.exe, nor does it use a
    script written by shadowputerdude that does require it.
    Roguefix does not have any added or attached reg files, let alone
    pointless or useless ones.
    Taken from your script -
    :win
    %MYFILES%\Remove-itRestorePoint.vbs

    Where, exactly is any command to run or start it?
    How and why? The files are exactly the same except Roguefix creates,
    executes and deletes the file and Remove-it carries it along as a
    seperate file.
    There is no new version, you are still waiting for me to update!
    Maybe someone from Malwarebytes can confirm they no longer target
    Remove-it.
    Again, dont pretend you have permission in a way that suggests
    specific approval of any kind and you avoided the actual question.
    It was in the copy I got 2 days ago.
    There is no command or instruction anywhere within your files to move
    tskill.exe from %user%/Local Settings/Application Data/Temp to the
    'certain directory' as you claim, it just sits there in a temp folder.
    If you intend pursuing a debate about what the scripts can and cannot
    do, you had better fetch a bigger shovel, and when finished I will
    still be here with the issue you continue to avoid.
    You have been exposed as a thief of intellectual property with markers
    I placed in the script, I have presented you with the opportunity to
    publically show me as the code thief you claim I am by showing one of
    the markers you have put into the file, any reason why you are not
    taking it?

    Stuart
     
    Stuart Saunders, Apr 14, 2010
    #73
  14. Tskill.exe – Microsoft file added by Butts after wrongly thinking it
    There is no command or instruction anywhere within your files to move
    tskill.exe from %user%/Local Settings/Application Data/Temp to the
    'certain directory' as you claim, it just sits there in a temp folder.
    If you intend pursuing a debate about what the scripts can and cannot
    do, you had better fetch a bigger shovel, and when finished I will
    still be here with the issue you continue to avoid.
    You have been exposed as a thief of intellectual property with markers
    I placed in the script, I have presented you with the opportunity to
    publically show me as the code thief you claim I am by showing one of
    the markers you have put into the file, any reason why you are not
    taking it?

    Stuart
     
    Stuart Saunders, Apr 14, 2010
    #74
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.