Re: Mal...where?

http://pcbutts1.com/downloads/Features.htm


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.




"Troll Buster" <troll@xxxxxxxxxx> wrote in message news:9fKdnRLJ38UKTkbUnZ2dnUVZ_gSdnZ2d@xxxxxxxxxxxxxxx
I would like a list, I want to compare it to what I've already found between the two.


--
Too many Trolls in this NG bashing each other. The
Information I post has been verified by me and is Authentic.



"The Real Truth [MS MVP]" <trt@xxxxxxxx> wrote in message news:YaQCl.16176$D32.11016@xxxxxxxxxxxxxxxxxxxxxxx
That's a very good question, he will probably pretend he did not see the question and not answer when the real reason is he does not know. I will answer it for him. There is a fake stolen knock off of my Remove-it software here http://www.internetinspiration.co.uk/roguefix.htm it was stolen more then a few years back. I have since, as you will see when you compare them, made numerous changes and upgrades to Remove-it that can no longer get pirated by anyone. If you would like a list just let me know.


--
The Real Truth http://pcbutts1-therealtruth.blogspot.com/
*WARNING* Do NOT follow any advice given by the people listed below.
They do NOT have the expertise or knowledge to fix your issue. Do not waste your time.
David H Lipman, Malke, PA Bear, Beauregard T. Shagnasty, Leythos.




"Tim Med***" <timmed***@xxxxxxxxx> wrote in message news:%23FnCuIytJHA.5708@xxxxxxxxxxxxxxxxxxxxxxx
Hi Bear,
Being a curious sort I visited the page. Question: where can I get hold of the original software that I've been told this guy has plagiarized. Some of it looks good but am TERRIFIED of having anything to do with his reversed-engineered versions.
--

Cheers, Tim Med***, Peckham, London.


"PA Bear [MS MVP]" <PABearMVP@xxxxxxxxx> wrote in message news:%23HVcIWwtJHA.3816@xxxxxxxxxxxxxxxxxxxxxxx
Ignore this imposter, Alex! He's stolen just about everything in that
utility from others and Microsoft. And he most certainly is NOT an MS MVP
(cf. www.mvps.org & http://msmvps.com versus the link he posted).

Also see
http://hphosts.blogspot.com/2009/02/pcbutts-now-serving-malware-via-ms.html
--
~Robear Dyer
MS MVP-IE, Mail, Security, Windows Client
https://mvp.support.microsoft.com/default.aspx/profile/robear.dyer


Troll Buster wrote:
Download the Remove-it software from here
http://www.ms-mvp.org/ this file works. I have now used
this fix on several computers and it does work.



"Alex Clark" <quanta@xxxxxxxxxxxxxxx> wrote in message
news:uBN1SRutJHA.1504@xxxxxxxxxxxxxxxxxxxxxxx
I'm planning on a complete reinstall anyway; it's clearly been too badly
infected to recover, but I'm just wondering if anyone knew of anything
that caused these symptoms? It sounds like a rootkit to me but (surprise
surprise) I can't run RootKit Revealer or GMER as the dang thing won't
let
me.

Is there any way, in XP, to get some kind of process autopsy? What I
mean
is, I would like to know the exact details of why a specific process
ended, what sent the kill signal to it, and what its exit code was.

Thanks,
Alex



"PA Bear [MS MVP]" <PABearMVP@xxxxxxxxx> wrote in message
news:OBDMUDutJHA.1240@xxxxxxxxxxxxxxxxxxxxxxx
Assuming no anti-virus application was installed when the machine got
infected and/or when you started working on the machine, backup the
personal data, then do a format & clean install of Windows. Please note
that a Repair Install (AKA in-place upgrade) will NOT fix this!

After the clean install, you'll have the equivalent of a "new computer"
so take care of everything on the following page before otherwise
connecting the machine to the internet or a network and before using a
USB key that isn't brand-new or hasn't been freshly formatted:

5 steps to help protect your new computer before you go online
http://www.microsoft.com/protect/computer/advanced/xppc.mspx

Also see.

Steps To Help Prevent Spyware
http://www.microsoft.com/protect/computer/spyware/prevent.mspx
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Client - since 2002


Alex Clark wrote:
I'm trying in vain to clean up an XP Home (w/ SP3) machine for someone
and
I'm having some curious problems.

I'm fairly sure it's infected with malware. If I try to run the
installer
for MBAM, I get the "Please select language" option, and then as soon
as
I
get to the next screen it instantly vanishes. AVG installer behaves in
a
similar manner, briefly flashes up on screen and then vanishes. I've
checked Task Manager and can confirm that the process exists for a
split
second before vanishing. Oddly enough, exactly the same thing happens
even
with SysInternals Process Explorer tool.

Other apps run fine though, and that can be anything from regedit to
Computer Management to a command prompt. To me, this sounds like
classic
malware behaviour, as something is killing any processes that it
believes
may pose a threat to it. This occurs even if I've started in safe
mode
with a command prompt, and even if I rename the AVG or mbam installers
to
something else. I just cannot get around it.

So with that in mind, I took the hard drive out and hooked it up to my
machine where I then ran a full scan using MBAM. This found about 4
infected files, all of which seemed to be in the \System Restore
folders
which made me think they couldn't be doing much harm from there. That
was
all it found, though naturally it couldn't scan the registry. I
reinstalled
the disc, booted the machine and... exactly the same as before - cannot
install any anti virus apps.

Then I downloaded the latest Avira rescue CD, burned & booted off that
and
did a full scan. Avira scanned the registry and went through every
file.
Number of infections? Zero. Did not find a single thing wrong.

So I've got antivirus apps telling me the disc is clean, but it doesn't
take
a genius to figure out it's still infected. I tried looking through
the
non
PnP devices in Device Manager as I'd read of a few root kits installing
as
TD***.sys, but nothing matched that particular pattern.

Could it be that a virus left behind some kind of software policy
restriction to prevent these apps from running, and the machine is
truly
clean? Or do you guys think it's infected with something that MBAM and
Avira just can't find?

Any ideas?

Thanks in advance,
Alex






.