Re: Can you really 100% clean a compromised machine 100% of the time w

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 11/15/05


Date: Mon, 14 Nov 2005 21:20:25 -0500

From: "Mike Hall (MS-MVP)" <mikehalll@mvps.org>

| David
|
| I think that it was you with the suggestion that a Google search on pcbutts1
| would be interesting.. hmmmmm.. he has no friends.. and is he still trying
| to coerce people into downloading anti-spyware from his own site?.. is it to
| make it look like they are his creation, or to deal a few java/byteverify
| exploits to test the downloaded progs?
|

Leythos suggested a Google search.

PCBUTTS1 web site has been password protected since he posted a SmitFraud Removal tool and
the code was edited by him to obfuscate the true creator, hoahdfear. He replace most, but
not all, strings of 'noahdfear' with 'PCBUTTS1' to make it look like he was the author of a
batch script. However, he failed to repalce all strings and the true author left code to
update a log file as...

echo smitRem log file>>%systemdrive%\smitfiles.txt
echo version 2.2>>%systemdrive%\smitfiles.txt
echo.>>%systemdrive%\smitfiles.txt
echo by noahdfear>>%systemdrive%\smitfiles.txt
echo.>>%systemdrive%\smitfiles.txt

He was confronted with the plagiarism of the code and PCBUTTS1 went right back and edited
the file and replaced
the reamaining strings of 'noahdfear' with 'PCBUTTS1'. He then password protected his web
site to prevent further scrutiny.

He's done that sh!t before with VBS code he stole from Kelly's Corner.

http://groups.google.com/group/24hoursupport.helpdesk/browse_frm/thread/68f0e8ce4f460dad/5b72be9f92c39aa8?lnk=st&q=pcbutts1+kelly+vbs&rnum=1&hl=en#5b72be9f92c39aa8

He has also stolen code from Mike Burgess. He denounces the good work of MS MVP's but then
turns around and steals their hard earned work !

He once posted information to create a Registry file. He did not realize that a few lines
were very long and wrapped when posted via a News Client. I challenged to him to look at a
set of instructions he posted to create a .REG file and told him he left out critical
information for the resultant .REG file to work. I gave him a good week to discern the
problem. He couldn't and I followed up and posted that the resultant .REG file needed
certain lines to be unwarapped for the .REG file to work poperly. He insisted that was
nothing wrong. Since I know the Registry and how to create and edit .REG files I knew
otherwise and this discourse proved that he had zero skills in working with the Registry and
proved as well that he has no programming skills. Thus, he has to steal code from others to
make himself look like a hero if he does help somone erradicate and infection. The problem
is he doesn't give credit to the real author and he replaces the text in the code stating
the true author with his own name. Such as...

echo.
echo 浜様様様様様様様様様様様様様様様様様融
echo
echo Trojan-Spy.HTML.smitfraud.c Killer
echo
echo by noahdfear
echo
echo version 2.7
echo
echo 藩様様様様様様様様様様様様様様様様様夕

with...

echo.
echo 浜様様様様様様様様様様様様様様様様様融
echo
echo Trojan-Spy.HTML.smitfraud.c Killer
echo
echo by pcbutts1
echo
echo version 2.2
echo
echo 藩様様様様様様様様様様様様様様様様様夕
echo.

The reason PCBUTTS1 has "version 2.2" in his file was that was the time of his stealing the
code and remained that way when I downloaded the files from his web site ~9:45AM (ET)
Sunday, Oct. 23.

Pond scum is too kind to describe PCBUTTS1 !

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


Relevant Pages

  • Re: Can you really 100% clean a compromised machine 100% of the time w
    ... I think that it was you with the suggestion that a Google search on pcbutts1 ... to coerce people into downloading anti-spyware from his own site?.. ... > respondeer would provide you the information you need in the News Group ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Ping: Lipman
    ... In article, pcbutts1 ... Seems you PIRATED THE AUTHORS CODE and change the ACK to your own pirate ... @echo off ... echo # This removal tool has completed its functions. ...
    (alt.comp.anti-virus)